feat: Introduce windows-specific client (#83)

Also consolidates 3 config utils into a single common util.

build/scripts/windows_amd64.ps1

@@ -23,7 +23,7 @@ If (Test-Path $OutputFolder) {
 # Build the signer binary
 Set-Location .\internal\signer\windows
 go build
-Move-Item .\signer.exe ..\..\..\build\bin\windows_amd64\ecp.exe
+Move-Item .\windows.exe ..\..\..\build\bin\windows_amd64\ecp.exe
 Set-Location ..\..\..\
 
 # Build the signer library

go.mod

@@ -2,4 +2,8 @@ module github.com/googleapis/enterprise-certificate-proxy
 
 go 1.19
 
-require github.com/google/go-pkcs11 v0.2.0
+require (
+	github.com/google/go-pkcs11 v0.2.0
+	golang.org/x/crypto v0.10.0
+	golang.org/x/sys v0.9.0
+)

go.sum

@@ -1,2 +1,6 @@
 github.com/google/go-pkcs11 v0.2.0 h1:5meDPB26aJ98f+K9G21f0AqZwo/S5BJMJh8nuhMbdsI=
 github.com/google/go-pkcs11 v0.2.0/go.mod h1:6eQoGcuNJpa7jnd5pMGdkSaQpNDYvPlXWMcjXXThLlY=
+golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM=
+golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I=
+golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s=
+golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

internal/signer/darwin/signer.go

@@ -29,7 +29,7 @@ import (
 	"time"
 
 	"github.com/googleapis/enterprise-certificate-proxy/internal/signer/darwin/keychain"
-	"github.com/googleapis/enterprise-certificate-proxy/internal/signer/darwin/util"
+	"github.com/googleapis/enterprise-certificate-proxy/internal/signer/util"
 )
 
 // If ECP Logging is enabled return true

internal/signer/linux/signer.go

@@ -30,7 +30,7 @@ import (
 	"time"
 
 	"github.com/googleapis/enterprise-certificate-proxy/internal/signer/linux/pkcs11"
-	"github.com/googleapis/enterprise-certificate-proxy/internal/signer/linux/util"
+	"github.com/googleapis/enterprise-certificate-proxy/internal/signer/util"
 )
 
 // If ECP Logging is enabled return true

internal/signer/util/test_data/certificate_config.json

@@ -0,0 +1,19 @@
+{
+  "cert_configs": {
+    "macos_keychain": {
+      "issuer": "Google Endpoint Verification"
+    },
+    "windows_store": {
+      "issuer": "enterprise_v1_corp_client",
+      "store": "MY",
+      "provider": "current_user"
+    },
+    "pkcs11": {
+      "slot": "0x1739427",
+      "label": "gecc",
+      "user_pin": "0000",
+      "module": "pkcs11_module.so"
+    }
+  }
+}
+

internal/signer/linux/util/util.go → internal/signer/util/util.go

@@ -25,12 +25,26 @@ type EnterpriseCertificateConfig struct {
 	CertConfigs CertConfigs `json:"cert_configs"`
 }
 
-// CertConfigs is a container for various ECP Configs.
+// CertConfigs is a container for various OS-specific ECP Configs.
 type CertConfigs struct {
-	PKCS11 PKCS11 `json:"pkcs11"`
+	MacOSKeychain MacOSKeychain `json:"macos_keychain"`
+	WindowsStore  WindowsStore  `json:"windows_store"`
+	PKCS11        PKCS11        `json:"pkcs11"`
 }
 
-// PKCS11 contains parameters describing the certificate to use.
+// MacOSKeychain contains keychain parameters describing the certificate to use.
+type MacOSKeychain struct {
+	Issuer string `json:"issuer"`
+}
+
+// WindowsStore contains Windows key store parameters describing the certificate to use.
+type WindowsStore struct {
+	Issuer   string `json:"issuer"`
+	Store    string `json:"store"`
+	Provider string `json:"provider"`
+}
+
+// PKCS11 contains PKCS#11 parameters describing the certificate to use.
 type PKCS11 struct {
 	Slot         string `json:"slot"`     // The hexadecimal representation of the uint36 slot ID. (ex:0x1739427)
 	Label        string `json:"label"`    // The token label (ex: gecc)
@@ -54,5 +68,4 @@ func LoadConfig(configFilePath string) (config EnterpriseCertificateConfig, err
 		return EnterpriseCertificateConfig{}, err
 	}
 	return config, nil
-
 }

internal/signer/linux/util/util_test.go → internal/signer/util/util_test.go

@@ -19,10 +19,31 @@ import (
 
 func TestLoadConfig(t *testing.T) {
 	config, err := LoadConfig("./test_data/certificate_config.json")
+	// darwin
 	if err != nil {
-		t.Fatalf("LoadConfig error: %v", err)
+		t.Fatalf("LoadConfig error: %q", err)
 	}
-	want := "0x1739427"
+	want := "Google Endpoint Verification"
+	if config.CertConfigs.MacOSKeychain.Issuer != want {
+		t.Errorf("Expected issuer is %q, got: %q", want, config.CertConfigs.MacOSKeychain.Issuer)
+	}
+
+	// windows
+	want = "enterprise_v1_corp_client"
+	if config.CertConfigs.WindowsStore.Issuer != want {
+		t.Errorf("Expected issuer is %q, got: %q", want, config.CertConfigs.WindowsStore.Issuer)
+	}
+	want = "MY"
+	if config.CertConfigs.WindowsStore.Store != want {
+		t.Errorf("Expected store is %q, got: %q", want, config.CertConfigs.WindowsStore.Store)
+	}
+	want = "current_user"
+	if config.CertConfigs.WindowsStore.Provider != want {
+		t.Errorf("Expected provider is %q, got: %q", want, config.CertConfigs.WindowsStore.Provider)
+	}
+
+	// pkcs11
+	want = "0x1739427"
 	if config.CertConfigs.PKCS11.Slot != want {
 		t.Errorf("Expected slot is %v, got: %v", want, config.CertConfigs.PKCS11.Slot)
 	}

internal/signer/windows/signer.go

@@ -26,8 +26,9 @@ import (
 	"log"
 	"net/rpc"
 	"os"
-	"signer/ncrypt"
-	"signer/util"
+
+	"github.com/googleapis/enterprise-certificate-proxy/internal/signer/util"
+	"github.com/googleapis/enterprise-certificate-proxy/internal/signer/windows/ncrypt"
 )
 
 // If ECP Logging is enabled return true

linux/client.go

@@ -12,7 +12,7 @@
 // limitations under the License.
 
 // Package linux contains a linux-specific client for accessing the PKCS#11 APIs directly,
-// bypassing the RPC-mechanims of the universal client.
+// bypassing the RPC-mechanism of the universal client.
 package linux
 
 import (