Initial go client interface for signing keys

client/client.go

@@ -0,0 +1,35 @@
+package client
+
+import (
+ "github.com/docker/parsec/types"
+)
+
+// Client is a Parsec client representing a connection and set of API implementations
+type Client struct {
+ *conn
+ SystemClient
+ KeyManagerClient
+}
+
+// KeyManagerClient is an interface to the key management facilities of Parsec
+type KeyManagerClient interface {
+ KeyGet(keyid types.KeyID) (Key, error)
+ KeyImport(k Key) error
+ KeyDelete(keyid types.KeyID) error
+ KeyList() ([]Key, error)
+}
+
+// SystemClient is an interface to the system calls of Parsec
+type SystemClient interface {
+ Version() string
+ Info() (types.Info, error)
+}
+
+// InitClient initializes a Parsec client
+func InitClient() (*Client, error) {
+ return nil, nil
+}
+
+func (c Client) KeyGet(keyid types.KeyID) (Key, error) {
+ return &key{}, nil
+}

client/conn.go

@@ -0,0 +1,34 @@
+package client
+
+import (
+ "io"
+ "sync"
+)
+
+type conn struct {
+ sync.Mutex
+ rwc *io.ReadWriteCloser
+ path string
+}
+
+func (conn *conn) close() error {
+ conn.Lock()
+ defer conn.Unlock()
+ if conn.rwc != nil {
+ rwc := *conn.rwc
+ rwc.Close()
+ }
+ conn.rwc = nil
+ return nil
+}
+
+func (conn *conn) open() error {
+ conn.Lock()
+ defer conn.Unlock()
+ // rwc, err := OpenParsec(conn.path)
+ // if err != nil {
+ // return err
+ // }
+ // conn.rwc = &rwc
+ return nil
+}

client/key.go

@@ -0,0 +1,39 @@
+package client
+
+import (
+ "io"
+ "crypto"
+ "github.com/docker/parsec/types"
+)
+
+// Key defines an interface for any cryptographic key
+type Key interface {
+}
+
+// VerifyingKey defines an interface for a public key used to verify digital signatures
+type VerifyingKey interface {
+ Key
+ crypto.PublicKey
+ Verify(digest []byte, signature []byte) error
+}
+
+// SigningKey defines an interface for a private key used to generate digital signatures
+type SigningKey interface {
+ Key
+ crypto.Signer
+}
+
+// DecryptingKey defines an interface for a private key used to decrypt data
+type DecryptingKey interface {
+ Key
+ crypto.Decrypter
+}
+
+type key struct {
+ conn *conn
+ attributes types.KeyAttributes
+}
+
+func (key key) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error) {
+ return nil, nil
+}

client/tls.go

@@ -0,0 +1,21 @@
+package client
+
+import (
+ "errors"
+ "crypto/tls"
+ "encoding/pem"
+)
+
+// X509KeyPair returns a TLS certificate based on a PEM-encoded certificate and a parsec defined private key
+func X509KeyPair(certPEMBlock []byte, k Key) (*tls.Certificate, error) {
+ cert := &tls.Certificate{}
+ cert.PrivateKey = k
+ certDERBlock, _ := pem.Decode(certPEMBlock)
+ if certDERBlock == nil {
+ return nil, errors.New("Failed to read certificate")
+ }
+ if certDERBlock.Type == "CERTIFICATE" {
+ cert.Certificate = append(cert.Certificate, certDERBlock.Bytes)
+ }
+ return cert, nil
+}

main.go

@@ -0,0 +1,28 @@
+package main
+
+import (
+ "log"
+ "crypto/tls"
+ "github.com/docker/parsec/client"
+)
+
+func main(){
+ c, err := client.InitClient()
+ if err != nil {
+ log.Println(err)
+ return
+ }
+
+ k, err := c.KeyGet("keyid1")
+ if err != nil {
+ log.Println(err)
+ return
+ }
+ cert, err := client.X509KeyPair([]byte{}, k)
+ if err != nil {
+ log.Println(err)
+ return
+ }
+ config := &tls.Config{Certificates: []tls.Certificate{*cert}}
+ log.Println(config)
+}

types/types.go

@@ -0,0 +1,15 @@
+package types
+
+import (
+)
+
+// Info defines all information related to Parsec server
+type Info struct {
+}
+
+// KeyAttributes defines all attributes that define a Key implementation
+type KeyAttributes struct {
+}
+
+// KeyID represents a key identifier
+type KeyID string