vault: add support for RSA keysvault/v0.2.6

author: Mike Crute <mike@crute.us> 2022-11-15 21:29:24 -0800
committer: Mike Crute <mike@crute.us> 2022-11-15 21:29:24 -0800
commit: 52c9284f03a1731d163ee8dd68fdbc31a7253cb4 (patch)
tree: 41e057861802a7b34819ff9314841f8332691b0d
parent: 6e4a03e9cac2e774208a9189a4af646e69a658a8 (diff)
download: golib-52c9284f03a1731d163ee8dd68fdbc31a7253cb4.tar.bz2
golib-52c9284f03a1731d163ee8dd68fdbc31a7253cb4.tar.xz
golib-52c9284f03a1731d163ee8dd68fdbc31a7253cb4.zip
1 files changed, 34 insertions, 0 deletions
diff --git a/vault/client.go b/vault/client.go
index afc1868..bef65d4 100644
--- a/vault/client.go
+++ b/vault/client.go
@@ -2,6 +2,9 @@ package vault
 import (
        "context"
+        "crypto/rsa"
+        "crypto/x509"
+        "encoding/base64"
        "encoding/json"
        "fmt"
        "os"
@@ -48,6 +51,37 @@ func (s *VaultSecret) VaultSecret() *VaultSecret {
        return s
 }
+// VaultRSAKey holds a base64 encoded RSA private key in PKCS8 format
+// (effectively PEM encoding without the headers and line-breaks). It
+// can decode this into a private key.
+type VaultRSAKey struct {
+        Key string `json:"key"`
+        s   *VaultSecret
+}
+func (k *VaultRSAKey) RSAPrivateKey() (*rsa.PrivateKey, error) {
+        der, err := base64.StdEncoding.DecodeString(k.Key)
+        if err != nil {
+                return nil, err
+        }
+        pr, err := x509.ParsePKCS8PrivateKey(der)
+        if err != nil {
+                return nil, err
+        }
+        pk, ok := pr.(*rsa.PrivateKey)
+        if !ok {
+                return nil, fmt.Errorf("RSAPrivateKey: parsed key is not an rsa.PrivateKey")
+        }
+        return pk, nil
+}
+func (k *VaultRSAKey) VaultSecret() *VaultSecret {
+        return k.s
+}
 type VaultApiKey struct {
        Key string `json:"key"`
        s   *VaultSecret
author	Mike Crute <mike@crute.us>	2022-11-15 21:29:24 -0800
committer	Mike Crute <mike@crute.us>	2022-11-15 21:29:24 -0800
commit	52c9284f03a1731d163ee8dd68fdbc31a7253cb4 (patch)
tree	41e057861802a7b34819ff9314841f8332691b0d
parent	6e4a03e9cac2e774208a9189a4af646e69a658a8 (diff)
download	golib-52c9284f03a1731d163ee8dd68fdbc31a7253cb4.tar.bz2 golib-52c9284f03a1731d163ee8dd68fdbc31a7253cb4.tar.xz golib-52c9284f03a1731d163ee8dd68fdbc31a7253cb4.zip

diff --git a/vault/client.go b/vault/client.go index afc1868..bef65d4 100644 --- a/vault/client.go +++ b/vault/client.go
@@ -2,6 +2,9 @@ package vault
2		2
3	import (	3	import (
4	"context"	4	"context"
		5	"crypto/rsa"
		6	"crypto/x509"
		7	"encoding/base64"
5	"encoding/json"	8	"encoding/json"
6	"fmt"	9	"fmt"
7	"os"	10	"os"
@@ -48,6 +51,37 @@ func (s VaultSecret) VaultSecret() VaultSecret {
48	return s	51	return s
49	}	52	}
50		53
		54	// VaultRSAKey holds a base64 encoded RSA private key in PKCS8 format
		55	// (effectively PEM encoding without the headers and line-breaks). It
		56	// can decode this into a private key.
		57	type VaultRSAKey struct {
		58	Key string `json:"key"`
		59	s *VaultSecret
		60	}
		61
		62	func (k VaultRSAKey) RSAPrivateKey() (rsa.PrivateKey, error) {
		63	der, err := base64.StdEncoding.DecodeString(k.Key)
		64	if err != nil {
		65	return nil, err
		66	}
		67
		68	pr, err := x509.ParsePKCS8PrivateKey(der)
		69	if err != nil {
		70	return nil, err
		71	}
		72
		73	pk, ok := pr.(*rsa.PrivateKey)
		74	if !ok {
		75	return nil, fmt.Errorf("RSAPrivateKey: parsed key is not an rsa.PrivateKey")
		76	}
		77
		78	return pk, nil
		79	}
		80
		81	func (k VaultRSAKey) VaultSecret() VaultSecret {
		82	return k.s
		83	}
		84
51	type VaultApiKey struct {	85	type VaultApiKey struct {
52	Key string `json:"key"`	86	Key string `json:"key"`
53	s *VaultSecret	87	s *VaultSecret