enterprise_cert.go 1.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354
  1. // Copyright 2022 Google LLC.
  2. // Use of this source code is governed by a BSD-style
  3. // license that can be found in the LICENSE file.
  4. // Package cert contains certificate tools for Google API clients.
  5. // This package is intended to be used with crypto/tls.Config.GetClientCertificate.
  6. //
  7. // The certificates can be used to satisfy Google's Endpoint Validation.
  8. // See https://cloud.google.com/endpoint-verification/docs/overview
  9. //
  10. // This package is not intended for use by end developers. Use the
  11. // google.golang.org/api/option package to configure API clients.
  12. package cert
  13. import (
  14. "crypto/tls"
  15. "errors"
  16. "github.com/googleapis/enterprise-certificate-proxy/client"
  17. )
  18. type ecpSource struct {
  19. key *client.Key
  20. }
  21. // NewEnterpriseCertificateProxySource creates a certificate source
  22. // using the Enterprise Certificate Proxy client, which delegates
  23. // certifcate related operations to an OS-specific "signer binary"
  24. // that communicates with the native keystore (ex. keychain on MacOS).
  25. //
  26. // The configFilePath points to a config file containing relevant parameters
  27. // such as the certificate issuer and the location of the signer binary.
  28. // If configFilePath is empty, the client will attempt to load the config from
  29. // a well-known gcloud location.
  30. func NewEnterpriseCertificateProxySource(configFilePath string) (Source, error) {
  31. key, err := client.Cred(configFilePath)
  32. if err != nil {
  33. if errors.Is(err, client.ErrCredUnavailable) {
  34. return nil, errSourceUnavailable
  35. }
  36. return nil, err
  37. }
  38. return (&ecpSource{
  39. key: key,
  40. }).getClientCertificate, nil
  41. }
  42. func (s *ecpSource) getClientCertificate(info *tls.CertificateRequestInfo) (*tls.Certificate, error) {
  43. var cert tls.Certificate
  44. cert.PrivateKey = s.key
  45. cert.Certificate = s.key.CertificateChain()
  46. return &cert, nil
  47. }