README
¶
Keystore
A go (golang) implementation of Java KeyStore encoder/decoder
Take into account that JKS assumes that private keys are PKCS8 encoded.
Example
package main
import (
"log"
"os"
"reflect"
"github.com/pavlo-v-chernykh/keystore-go/v4"
)
func readKeyStore(filename string, password []byte) keystore.KeyStore {
f, err := os.Open(filename)
if err != nil {
log.Fatal(err)
}
defer func() {
if err := f.Close(); err != nil {
log.Fatal(err)
}
}()
ks := keystore.New()
if err := ks.Load(f, password); err != nil {
log.Fatal(err) //nolint: gocritic
}
return ks
}
func writeKeyStore(ks keystore.KeyStore, filename string, password []byte) {
f, err := os.Create(filename)
if err != nil {
log.Fatal(err)
}
defer func() {
if err := f.Close(); err != nil {
log.Fatal(err)
}
}()
err = ks.Store(f, password)
if err != nil {
log.Fatal(err) //nolint: gocritic
}
}
func zeroing(buf []byte) {
for i := range buf {
buf[i] = 0
}
}
func main() {
password := []byte{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}
defer zeroing(password)
ks1 := readKeyStore("keystore.jks", password)
writeKeyStore(ks1, "keystore2.jks", password)
ks2 := readKeyStore("keystore2.jks", password)
log.Printf("is equal: %v\n", reflect.DeepEqual(ks1, ks2))
}
For more examples explore examples dir
Development
- Install go
- Install golangci-lint
- Clone the repo
git clone git@github.com:pavlo-v-chernykh/keystore-go.git - Go to the project dir
cd keystore-go - Run
maketo format, test and lint
Documentation
¶
Index ¶
- Variables
- type Certificate
- type KeyStore
- func (ks KeyStore) Aliases() []string
- func (ks KeyStore) DeleteEntry(alias string)
- func (ks KeyStore) GetPrivateKeyEntry(alias string, password []byte) (PrivateKeyEntry, error)
- func (ks KeyStore) GetPrivateKeyEntryCertificateChain(alias string) ([]Certificate, error)
- func (ks KeyStore) GetTrustedCertificateEntry(alias string) (TrustedCertificateEntry, error)
- func (ks KeyStore) IsPrivateKeyEntry(alias string) bool
- func (ks KeyStore) IsTrustedCertificateEntry(alias string) bool
- func (ks KeyStore) Load(r io.Reader, password []byte) error
- func (ks KeyStore) SetPrivateKeyEntry(alias string, entry PrivateKeyEntry, password []byte) error
- func (ks KeyStore) SetTrustedCertificateEntry(alias string, entry TrustedCertificateEntry) error
- func (ks KeyStore) Store(w io.Writer, password []byte) error
- type Option
- type PrivateKeyEntry
- type TrustedCertificateEntry
Constants ¶
This section is empty.
Variables ¶
var ( ErrEntryNotFound = errors.New("entry not found") ErrWrongEntryType = errors.New("wrong entry type") ErrEmptyPrivateKey = errors.New("empty private key") ErrEmptyCertificateType = errors.New("empty certificate type") ErrEmptyCertificateContent = errors.New("empty certificate content") ErrShortPassword = errors.New("short password") )
Functions ¶
This section is empty.
Types ¶
type Certificate ¶
Certificate describes type of certificate.
type KeyStore ¶
type KeyStore struct {
// contains filtered or unexported fields
}
KeyStore is a mapping of alias to pointer to PrivateKeyEntry or TrustedCertificateEntry.
func (KeyStore) Aliases ¶
Aliases returns slice of all aliases from the keystore. Aliases returns slice of all aliases sorted alphabetically if keystore created using WithOrderedAliases option.
func (KeyStore) DeleteEntry ¶
DeleteEntry deletes entry from the keystore.
func (KeyStore) GetPrivateKeyEntry ¶
func (ks KeyStore) GetPrivateKeyEntry(alias string, password []byte) (PrivateKeyEntry, error)
GetPrivateKeyEntry returns PrivateKeyEntry from the keystore by the alias decrypted with the password. It is strongly recommended to fill password slice with zero after usage.
func (KeyStore) GetPrivateKeyEntryCertificateChain ¶ added in v4.5.0
func (ks KeyStore) GetPrivateKeyEntryCertificateChain(alias string) ([]Certificate, error)
GetPrivateKeyEntryCertificateChain returns certificate chain associated with PrivateKeyEntry from the keystore by the alias.
func (KeyStore) GetTrustedCertificateEntry ¶
func (ks KeyStore) GetTrustedCertificateEntry(alias string) (TrustedCertificateEntry, error)
GetTrustedCertificateEntry returns TrustedCertificateEntry from the keystore by the alias.
func (KeyStore) IsPrivateKeyEntry ¶
IsPrivateKeyEntry returns true if the keystore has PrivateKeyEntry by the alias.
func (KeyStore) IsTrustedCertificateEntry ¶
IsTrustedCertificateEntry returns true if the keystore has TrustedCertificateEntry by the alias.
func (KeyStore) Load ¶
Load reads keystore representation from r and checks its signature. It is strongly recommended to fill password slice with zero after usage.
func (KeyStore) SetPrivateKeyEntry ¶
func (ks KeyStore) SetPrivateKeyEntry(alias string, entry PrivateKeyEntry, password []byte) error
SetPrivateKeyEntry adds PrivateKeyEntry into keystore by alias encrypted with password. It is strongly recommended to fill password slice with zero after usage.
func (KeyStore) SetTrustedCertificateEntry ¶
func (ks KeyStore) SetTrustedCertificateEntry(alias string, entry TrustedCertificateEntry) error
SetTrustedCertificateEntry adds TrustedCertificateEntry into keystore by alias.
type Option ¶
type Option func(store *KeyStore)
func WithCaseExactAliases ¶
func WithCaseExactAliases() Option
WithCaseExactAliases sets caseExact option to true. Preserves original case of aliases.
func WithCustomRandomNumberGenerator ¶
WithCustomRandomNumberGenerator sets a random generator used to generate salt when encrypting private keys.
func WithMinPasswordLen ¶
WithMinPasswordLen sets minPasswordLen option to minPasswordLen argument value.
func WithOrderedAliases ¶
func WithOrderedAliases() Option
WithOrderedAliases sets ordered option to true. Order aliases alphabetically.
type PrivateKeyEntry ¶
type PrivateKeyEntry struct {
CreationTime time.Time
PrivateKey []byte
CertificateChain []Certificate
}
PrivateKeyEntry is an entry for private keys and associated certificates.
type TrustedCertificateEntry ¶
type TrustedCertificateEntry struct {
CreationTime time.Time
Certificate Certificate
}
TrustedCertificateEntry is an entry for certificates only.
Source Files