diff options
author | Carl Lundin <108372512+clundin25@users.noreply.github.com> | 2022-09-23 18:31:10 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-09-23 11:31:10 -0700 |
commit | a8482d05254831d2db2b00fc6256e00daeab1495 (patch) | |
tree | f442c8d810881f948fc65dc1f0e7eb3a7722079b | |
parent | f306c17fe6c6821f6102d6cffaf63b37c5766533 (diff) | |
download | googleapis-enterprise-certificate-proxy-a8482d05254831d2db2b00fc6256e00daeab1495.tar.gz |
refactor: ECP Config schema update (#35)
* refactor: EPC Config schema update. Googlers see go/enterpise-cert-config
26 files changed, 131 insertions, 116 deletions
diff --git a/build/scripts/darwin_amd64.sh b/build/scripts/darwin_amd64.sh index 4917f96..eeb1032 100755 --- a/build/scripts/darwin_amd64.sh +++ b/build/scripts/darwin_amd64.sh @@ -1,5 +1,7 @@ #!/bin/bash +set -eu + # Create a folder to hold the binaries rm -rf ./build/bin/darwin_amd64 mkdir -p ./build/bin/darwin_amd64 @@ -7,9 +9,9 @@ mkdir -p ./build/bin/darwin_amd64 # Build the signer binary cd ./internal/signer/darwin go build -mv signer ./../../../build/bin/darwin_amd64 +mv signer ./../../../build/bin/darwin_amd64/ecp cd ./../../.. # Build the signer library -go build -buildmode=c-shared -o build/bin/darwin_amd64/signer.dylib cshared/main.go -rm build/bin/darwin_amd64/signer.h +go build -buildmode=c-shared -o build/bin/darwin_amd64/libecp.dylib cshared/main.go +rm build/bin/darwin_amd64/libecp.h diff --git a/build/scripts/linux_amd64.sh b/build/scripts/linux_amd64.sh index 448f65c..c6045e6 100755 --- a/build/scripts/linux_amd64.sh +++ b/build/scripts/linux_amd64.sh @@ -5,11 +5,11 @@ rm -rf ./build/bin/linux_amd64 mkdir -p ./build/bin/linux_amd64 # Build the signer library -go build -buildmode=c-shared -o build/bin/linux_amd64/signer.so cshared/main.go -rm build/bin/linux_amd64/signer.h +go build -buildmode=c-shared -o build/bin/linux_amd64/libecp.so cshared/main.go +rm build/bin/linux_amd64/libecp.h # Build the signer binary cd ./internal/signer/linux go build -mv signer ./../../../build/bin/linux_amd64 +mv signer ./../../../build/bin/linux_amd64/ecp cd ./../../.. diff --git a/build/scripts/windows_amd64.ps1 b/build/scripts/windows_amd64.ps1 index 58f9923..6b7bc99 100644 --- a/build/scripts/windows_amd64.ps1 +++ b/build/scripts/windows_amd64.ps1 @@ -10,9 +10,9 @@ If (Test-Path $OutputFolder) { # Build the signer binary Set-Location .\internal\signer\windows go build -Move-Item .\signer.exe ..\..\..\build\bin\windows_amd64\ +Move-Item .\signer.exe ..\..\..\build\bin\windows_amd64\ecp.exe Set-Location ..\..\..\ # Build the signer library -go build -buildmode=c-shared -o .\build\bin\windows_amd64\signer.dll .\cshared\main.go -Remove-Item .\build\bin\windows_amd64\signer.h +go build -buildmode=c-shared -o .\build\bin\windows_amd64\libecp.dll .\cshared\main.go +Remove-Item .\build\bin\windows_amd64\libecp.h diff --git a/client/client_test.go b/client/client_test.go index cf83881..e7ba654 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -14,7 +14,7 @@ import ( ) func TestClient_Cred_Success(t *testing.T) { - _, err := Cred("testdata/enterprise_certificate_config.json") + _, err := Cred("testdata/certificate_config.json") if err != nil { t.Errorf("Cred: got %v, want nil err", err) } @@ -28,7 +28,7 @@ func TestClient_Cred_ConfigMissing(t *testing.T) { } func TestClient_Public(t *testing.T) { - key, err := Cred("testdata/enterprise_certificate_config.json") + key, err := Cred("testdata/certificate_config.json") if err != nil { t.Fatal(err) } @@ -38,7 +38,7 @@ func TestClient_Public(t *testing.T) { } func TestClient_CertificateChain(t *testing.T) { - key, err := Cred("testdata/enterprise_certificate_config.json") + key, err := Cred("testdata/certificate_config.json") if err != nil { t.Fatal(err) } @@ -48,7 +48,7 @@ func TestClient_CertificateChain(t *testing.T) { } func TestClient_Sign(t *testing.T) { - key, err := Cred("testdata/enterprise_certificate_config.json") + key, err := Cred("testdata/certificate_config.json") if err != nil { t.Fatal(err) } @@ -62,7 +62,7 @@ func TestClient_Sign(t *testing.T) { } func TestClient_Sign_HashSizeMismatch(t *testing.T) { - key, err := Cred("testdata/enterprise_certificate_config.json") + key, err := Cred("testdata/certificate_config.json") if err != nil { t.Fatal(err) } @@ -73,7 +73,7 @@ func TestClient_Sign_HashSizeMismatch(t *testing.T) { } func TestClient_Close(t *testing.T) { - key, err := Cred("testdata/enterprise_certificate_config.json") + key, err := Cred("testdata/certificate_config.json") if err != nil { t.Fatal(err) } diff --git a/client/testdata/certificate_config.json b/client/testdata/certificate_config.json new file mode 100644 index 0000000..89523d4 --- /dev/null +++ b/client/testdata/certificate_config.json @@ -0,0 +1,10 @@ +{ + "cert_configs": { + "test": { + "issuer": "Test Issuer" + } + }, + "libs": { + "ecp": "./testdata/signer.sh" + } +} diff --git a/client/testdata/enterprise_certificate_config.json b/client/testdata/enterprise_certificate_config.json deleted file mode 100644 index be9f9a3..0000000 --- a/client/testdata/enterprise_certificate_config.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "cert_info": { - "issuer": "Test Issuer" - }, - "libs": { - "signer_binary": "./testdata/signer.sh" - } -} diff --git a/client/util/test_data/certificate_config.json b/client/util/test_data/certificate_config.json new file mode 100644 index 0000000..ed9d485 --- /dev/null +++ b/client/util/test_data/certificate_config.json @@ -0,0 +1,6 @@ +{ + "libs": { + "ecp": "C:/Program Files (x86)/Google/Endpoint Verification/signer.exe" + } +} + diff --git a/client/util/test_data/enterprise_certificate_config.json b/client/util/test_data/enterprise_certificate_config.json deleted file mode 100644 index 4058fff..0000000 --- a/client/util/test_data/enterprise_certificate_config.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "libs": { - "signer_binary": "C:/Program Files (x86)/Google/Endpoint Verification/signer.exe" - } -} - diff --git a/client/util/util.go b/client/util/util.go index 8ac45c7..ccef527 100644 --- a/client/util/util.go +++ b/client/util/util.go @@ -11,7 +11,7 @@ import ( "runtime" ) -const configFileName = "enterprise_certificate_config.json" +const configFileName = "certificate_config.json" // EnterpriseCertificateConfig contains parameters for initializing signer. type EnterpriseCertificateConfig struct { @@ -20,7 +20,7 @@ type EnterpriseCertificateConfig struct { // Libs specifies the locations of helper libraries. type Libs struct { - SignerBinary string `json:"signer_binary"` + ECP string `json:"ecp"` } // LoadSignerBinaryPath retrieves the path of the signer binary from the config file. @@ -39,7 +39,7 @@ func LoadSignerBinaryPath(configFilePath string) (path string, err error) { if err != nil { return "", err } - signerBinaryPath := config.Libs.SignerBinary + signerBinaryPath := config.Libs.ECP if signerBinaryPath == "" { return "", errors.New("signer binary path is missing") } diff --git a/client/util/util_test.go b/client/util/util_test.go index 7ffa744..ad46592 100644 --- a/client/util/util_test.go +++ b/client/util/util_test.go @@ -5,7 +5,7 @@ import ( ) func TestLoadSignerBinaryPath(t *testing.T) { - path, err := LoadSignerBinaryPath("./test_data/enterprise_certificate_config.json") + path, err := LoadSignerBinaryPath("./test_data/certificate_config.json") if err != nil { t.Errorf("LoadSignerBinaryPath error: %q", err) } diff --git a/cshared/main.go b/cshared/main.go index 1b8bcad..598a7e6 100644 --- a/cshared/main.go +++ b/cshared/main.go @@ -45,14 +45,14 @@ func getCertPem(configFilePath string) []byte { return certChainPem } -//export GetCertPemForPython -// // GetCertPemForPython reads the contents of the certificate specified by configFilePath, // storing the result inside a certHolder byte array of size certHolderLen. // // We must call it twice to get the cert. First time use nil for certHolder to get // the cert length. Second time we pre-create an array in Python of the cert length and // call this function again to load the cert into the array. +// +//export GetCertPemForPython func GetCertPemForPython(configFilePath *C.char, certHolder *byte, certHolderLen int) int { pemBytes := getCertPem(C.GoString(configFilePath)) if certHolder != nil { @@ -62,10 +62,10 @@ func GetCertPemForPython(configFilePath *C.char, certHolder *byte, certHolderLen return len(pemBytes) } -//export SignForPython -// // SignForPython signs a message digest of length digestLen using a certificate private key // specified by configFilePath, storing the result inside a sigHolder byte array of size sigHolderLen. +// +//export SignForPython func SignForPython(configFilePath *C.char, digest *byte, digestLen int, sigHolder *byte, sigHolderLen int) int { // First create a handle around the specified certificate and private key. key, err := client.Cred(C.GoString(configFilePath)) diff --git a/internal/signer/darwin/signer.go b/internal/signer/darwin/signer.go index 60d6621..7ed31df 100644 --- a/internal/signer/darwin/signer.go +++ b/internal/signer/darwin/signer.go @@ -80,10 +80,10 @@ func main() { log.Fatalln("Signer is not meant to be invoked manually, exiting...") } configFilePath := os.Args[1] - certInfo, err := util.LoadCertInfo(configFilePath) + config, err := util.LoadConfig(configFilePath) enterpriseCertSigner := new(EnterpriseCertSigner) - enterpriseCertSigner.key, err = keychain.Cred(certInfo.Issuer) + enterpriseCertSigner.key, err = keychain.Cred(config.CertConfigs.MacOSKeychain.Issuer) if err != nil { log.Fatalf("Failed to initialize enterprise cert signer using keychain: %v", err) } diff --git a/internal/signer/darwin/util/test_data/certificate_config.json b/internal/signer/darwin/util/test_data/certificate_config.json new file mode 100644 index 0000000..a4f0edf --- /dev/null +++ b/internal/signer/darwin/util/test_data/certificate_config.json @@ -0,0 +1,8 @@ +{ + "cert_configs": { + "macos_keychain": { + "issuer": "Google Endpoint Verification" + } + } +} + diff --git a/internal/signer/darwin/util/test_data/enterprise_certificate_config.json b/internal/signer/darwin/util/test_data/enterprise_certificate_config.json deleted file mode 100644 index 1e65f90..0000000 --- a/internal/signer/darwin/util/test_data/enterprise_certificate_config.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "cert_info": { - "issuer": "Google Endpoint Verification" - } -} - diff --git a/internal/signer/darwin/util/util.go b/internal/signer/darwin/util/util.go index 52826e0..19ec3cd 100644 --- a/internal/signer/darwin/util/util.go +++ b/internal/signer/darwin/util/util.go @@ -9,30 +9,34 @@ import ( // EnterpriseCertificateConfig contains parameters for initializing signer. type EnterpriseCertificateConfig struct { - CertInfo CertInfo `json:"cert_info"` + CertConfigs CertConfigs `json:"cert_configs"` } -// CertInfo contains parameters describing the certificate to use. -type CertInfo struct { +// Container for various ECP Configs. +type CertConfigs struct { + MacOSKeychain MacOSKeychain `json:"macos_keychain"` +} + +// MacOSKeychain contains parameters describing the certificate to use. +type MacOSKeychain struct { Issuer string `json:"issuer"` } -// LoadCertInfo retrieves the certificate info from the config file. -func LoadCertInfo(configFilePath string) (certInfo CertInfo, err error) { +// LoadConfig retrieves the ECP config file. +func LoadConfig(configFilePath string) (config EnterpriseCertificateConfig, err error) { jsonFile, err := os.Open(configFilePath) if err != nil { - return CertInfo{}, err + return EnterpriseCertificateConfig{}, err } byteValue, err := ioutil.ReadAll(jsonFile) if err != nil { - return CertInfo{}, err + return EnterpriseCertificateConfig{}, err } - var config EnterpriseCertificateConfig err = json.Unmarshal(byteValue, &config) if err != nil { - return CertInfo{}, err + return EnterpriseCertificateConfig{}, err } - return config.CertInfo, nil + return config, nil } diff --git a/internal/signer/darwin/util/util_test.go b/internal/signer/darwin/util/util_test.go index 912f45c..622a179 100644 --- a/internal/signer/darwin/util/util_test.go +++ b/internal/signer/darwin/util/util_test.go @@ -4,13 +4,13 @@ import ( "testing" ) -func TestLoadCertInfo(t *testing.T) { - certInfo, err := LoadCertInfo("./test_data/enterprise_certificate_config.json") +func TestLoadConfig(t *testing.T) { + config, err := LoadConfig("./test_data/certificate_config.json") if err != nil { - t.Errorf("LoadCertInfo error: %q", err) + t.Errorf("LoadConfig error: %q", err) } want := "Google Endpoint Verification" - if certInfo.Issuer != want { - t.Errorf("Expected issuer is %q, got: %q", want, certInfo.Issuer) + if config.CertConfigs.MacOSKeychain.Issuer != want { + t.Errorf("Expected issuer is %q, got: %q", want, config.CertConfigs.MacOSKeychain.Issuer) } } diff --git a/internal/signer/linux/signer.go b/internal/signer/linux/signer.go index a6de378..e115da8 100644 --- a/internal/signer/linux/signer.go +++ b/internal/signer/linux/signer.go @@ -82,7 +82,7 @@ func main() { configFilePath := os.Args[1] config, err := util.LoadConfig(configFilePath) enterpriseCertSigner := new(EnterpriseCertSigner) - enterpriseCertSigner.key, err = util.Cred(config.Libs.PKCS11Module, config.CertInfo.Slot, config.CertInfo.Label) + enterpriseCertSigner.key, err = util.Cred(config.CertConfigs.PKCS11.PKCS11Module, config.CertConfigs.PKCS11.Slot, config.CertConfigs.PKCS11.Label) if err != nil { log.Fatalf("Failed to initialize enterprise cert signer using pkcs11: %v", err) } diff --git a/internal/signer/linux/util/test_data/certificate_config.json b/internal/signer/linux/util/test_data/certificate_config.json new file mode 100644 index 0000000..efafc20 --- /dev/null +++ b/internal/signer/linux/util/test_data/certificate_config.json @@ -0,0 +1,9 @@ +{ + "cert_configs": { + "pkcs11": { + "slot": "0x1739427", + "label": "gecc", + "module": "pkcs11_module.so" + } + } +} diff --git a/internal/signer/linux/util/test_data/enterprise_certificate_config.json b/internal/signer/linux/util/test_data/enterprise_certificate_config.json deleted file mode 100644 index af09f87..0000000 --- a/internal/signer/linux/util/test_data/enterprise_certificate_config.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "cert_info": { - "slot": "0x1739427", - "label": "gecc" - }, - "libs": { - "pkcs11_module": "pkcs11_module.so" - } -} diff --git a/internal/signer/linux/util/util.go b/internal/signer/linux/util/util.go index 8387151..5288ee7 100644 --- a/internal/signer/linux/util/util.go +++ b/internal/signer/linux/util/util.go @@ -21,19 +21,19 @@ func ParseHexString(str string) (i uint32, err error) { // EnterpriseCertificateConfig contains parameters for initializing signer. type EnterpriseCertificateConfig struct { - CertInfo CertInfo `json:"cert_info"` - Libs Libs `json:"libs"` + CertConfigs CertConfigs `json:"cert_configs"` } -// CertInfo contains parameters describing the certificate to use. -type CertInfo struct { - Slot string `json:"slot"` // The hexadecimal representation of the uint36 slot ID. (ex:0x1739427) - Label string `json:"label"` // The token label (ex: gecc) +// Container for various ECP Configs. +type CertConfigs struct { + PKCS11 PKCS11 `json:"pkcs11"` } -// Libs contains the path to helper libs -type Libs struct { - PKCS11Module string `json:"pkcs11_module"` // The path to the pkcs11 module (shared lib) +// PKCS11 contains parameters describing the certificate to use. +type PKCS11 struct { + Slot string `json:"slot"` // The hexadecimal representation of the uint36 slot ID. (ex:0x1739427) + Label string `json:"label"` // The token label (ex: gecc) + PKCS11Module string `json:"module"` // The path to the pkcs11 module (shared lib) } // LoadConfig retrieves the ECP config file. diff --git a/internal/signer/linux/util/util_test.go b/internal/signer/linux/util/util_test.go index cc30a34..5907fbd 100644 --- a/internal/signer/linux/util/util_test.go +++ b/internal/signer/linux/util/util_test.go @@ -5,26 +5,26 @@ import ( ) func TestLoadConfig(t *testing.T) { - config, err := LoadConfig("./test_data/enterprise_certificate_config.json") + config, err := LoadConfig("./test_data/certificate_config.json") if err != nil { t.Fatalf("LoadConfig error: %v", err) } want := "0x1739427" - if config.CertInfo.Slot != want { - t.Errorf("Expected slot is %v, got: %v", want, config.CertInfo.Slot) + if config.CertConfigs.PKCS11.Slot != want { + t.Errorf("Expected slot is %v, got: %v", want, config.CertConfigs.PKCS11.Slot) } want = "gecc" - if config.CertInfo.Label != want { - t.Errorf("Expected label is %v, got: %v", want, config.CertInfo.Label) + if config.CertConfigs.PKCS11.Label != want { + t.Errorf("Expected label is %v, got: %v", want, config.CertConfigs.PKCS11.Label) } want = "pkcs11_module.so" - if config.Libs.PKCS11Module != want { - t.Errorf("Expected pkcs11_module is %v, got: %v", want, config.Libs.PKCS11Module) + if config.CertConfigs.PKCS11.PKCS11Module != want { + t.Errorf("Expected pkcs11_module is %v, got: %v", want, config.CertConfigs.PKCS11.PKCS11Module) } } func TestLoadConfigMissing(t *testing.T) { - _, err := LoadConfig("./test_data/enterprise_certificate_config_missing.json") + _, err := LoadConfig("./test_data/certificate_config_missing.json") if err == nil { t.Error("Expected error but got nil") } diff --git a/internal/signer/windows/signer.go b/internal/signer/windows/signer.go index 403d3fa..ffa1977 100644 --- a/internal/signer/windows/signer.go +++ b/internal/signer/windows/signer.go @@ -80,10 +80,10 @@ func main() { log.Fatalln("Signer is not meant to be invoked manually, exiting...") } configFilePath := os.Args[1] - certInfo, err := util.LoadCertInfo(configFilePath) + config, err := util.LoadConfig(configFilePath) enterpriseCertSigner := new(EnterpriseCertSigner) - enterpriseCertSigner.key, err = ncrypt.Cred(certInfo.Issuer, certInfo.Store, certInfo.Provider) + enterpriseCertSigner.key, err = ncrypt.Cred(config.CertConfigs.WindowsStore.Issuer, config.CertConfigs.WindowsStore.Store, config.CertConfigs.WindowsStore.Provider) if err != nil { log.Fatalf("Failed to initialize enterprise cert signer using ncrypt: %v", err) } diff --git a/internal/signer/windows/util/test_data/certificate_config.json b/internal/signer/windows/util/test_data/certificate_config.json new file mode 100644 index 0000000..567f719 --- /dev/null +++ b/internal/signer/windows/util/test_data/certificate_config.json @@ -0,0 +1,9 @@ +{ + "cert_configs": { + "windows_store": { + "issuer": "enterprise_v1_corp_client", + "store": "MY", + "provider": "current_user" + } + } +} diff --git a/internal/signer/windows/util/test_data/enterprise_certificate_config.json b/internal/signer/windows/util/test_data/enterprise_certificate_config.json deleted file mode 100644 index 48baa84..0000000 --- a/internal/signer/windows/util/test_data/enterprise_certificate_config.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "cert_info": { - "issuer": "enterprise_v1_corp_client", - "store": "MY", - "provider": "current_user" - } -} - diff --git a/internal/signer/windows/util/util.go b/internal/signer/windows/util/util.go index 99e6c98..de4429e 100644 --- a/internal/signer/windows/util/util.go +++ b/internal/signer/windows/util/util.go @@ -9,32 +9,36 @@ import ( // EnterpriseCertificateConfig contains parameters for initializing signer. type EnterpriseCertificateConfig struct { - CertInfo CertInfo `json:"cert_info"` + CertConfigs CertConfigs `json:"cert_configs"` } -// CertInfo contains parameters describing the certificate to use. -type CertInfo struct { +// Container for various ECP Configs. +type CertConfigs struct { + WindowsStore WindowsStore `json:"windows_store"` +} + +// WindowsStore contains parameters describing the certificate to use. +type WindowsStore struct { Issuer string `json:"issuer"` Store string `json:"store"` Provider string `json:"provider"` } -// LoadCertInfo retrieves the certificate info from the config file. -func LoadCertInfo(configFilePath string) (certInfo CertInfo, err error) { +// LoadConfig retrieves the ECP config file. +func LoadConfig(configFilePath string) (config EnterpriseCertificateConfig, err error) { jsonFile, err := os.Open(configFilePath) if err != nil { - return CertInfo{}, err + return EnterpriseCertificateConfig{}, err } byteValue, err := ioutil.ReadAll(jsonFile) if err != nil { - return CertInfo{}, err + return EnterpriseCertificateConfig{}, err } - var config EnterpriseCertificateConfig err = json.Unmarshal(byteValue, &config) if err != nil { - return CertInfo{}, err + return EnterpriseCertificateConfig{}, err } - return config.CertInfo, nil + return config, nil } diff --git a/internal/signer/windows/util/util_test.go b/internal/signer/windows/util/util_test.go index bb40a92..97b0e42 100644 --- a/internal/signer/windows/util/util_test.go +++ b/internal/signer/windows/util/util_test.go @@ -4,21 +4,21 @@ import ( "testing" ) -func TestLoadCertInfo(t *testing.T) { - certInfo, err := LoadCertInfo("./test_data/enterprise_certificate_config.json") +func TestLoadConfig(t *testing.T) { + config, err := LoadConfig("./test_data/certificate_config.json") if err != nil { - t.Errorf("LoadCertInfo error: %q", err) + t.Errorf("LoadConfig error: %q", err) } want := "enterprise_v1_corp_client" - if certInfo.Issuer != want { - t.Errorf("Expected issuer is %q, got: %q", want, certInfo.Issuer) + if config.CertConfigs.WindowsStore.Issuer != want { + t.Errorf("Expected issuer is %q, got: %q", want, config.CertConfigs.WindowsStore.Issuer) } want = "MY" - if certInfo.Store != want { - t.Errorf("Expected store is %q, got: %q", want, certInfo.Store) + if config.CertConfigs.WindowsStore.Store != want { + t.Errorf("Expected store is %q, got: %q", want, config.CertConfigs.WindowsStore.Store) } want = "current_user" - if certInfo.Provider != want { - t.Errorf("Expected provider is %q, got: %q", want, certInfo.Provider) + if config.CertConfigs.WindowsStore.Provider != want { + t.Errorf("Expected provider is %q, got: %q", want, config.CertConfigs.WindowsStore.Provider) } } |