github
diff --git a/‎certstore/LICENSE.md‎
Lines changed: 21 additions & 0 deletions b/‎certstore/LICENSE.md‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎certstore/README.md‎
Lines changed: 85 additions & 0 deletions b/‎certstore/README.md‎
Lines changed: 85 additions & 0 deletions
diff --git a/‎certstore/certstore.go‎
Lines changed: 49 additions & 0 deletions b/‎certstore/certstore.go‎
Lines changed: 49 additions & 0 deletions
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Ben Toews.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -0,0 +1,85 @@
+# certstore [![PkgGoDev](https://pkg.go.dev/badge/github.com/github/certstore?tab=doc)](https://pkg.go.dev/github.com/github/certstore?tab=doc) [![Report card](https://goreportcard.com/badge/github.com/github/certstore)](https://goreportcard.com/report/github.com/github/certstore)
+
+[![Test macOS (recent Go versions)](<https://github.com/github/certstore/workflows/Test%20macOS%20(recent%20Go%20versions)/badge.svg>)](https://github.com/github/certstore/actions?query=workflow%3A%22Test+macOS+%28recent+Go+versions%29%22)  
+[![Test Windows (recent Go versions)](<https://github.com/github/certstore/workflows/Test%20Windows%20(recent%20Go%20versions)/badge.svg>)](https://github.com/github/certstore/actions?query=workflow%3A%22Test+Windows+%28recent+Go+versions%29%22)  
+
+Certstore is a Go library for accessing user identities stored in platform certificate stores. On Windows and macOS, certstore can enumerate user identities and sign messages with their private keys.
+
+## Example
+
+```go
+package main
+
+import (
+	"crypto"
+	"encoding/hex"
+	"errors"
+	"fmt"
+
+	"crypto/rand"
+	"crypto/sha256"
+
+	"github.com/github/certstore"
+)
+
+func main() {
+	sig, err := signWithMyIdentity("Ben Toews", "hello, world!")
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Println(hex.EncodeToString(sig))
+}
+
+func signWithMyIdentity(cn, msg string) ([]byte, error) {
+	// Open the certificate store for use. This must be Close()'ed once you're
+	// finished with the store and any identities it contains.
+	store, err := certstore.Open()
+	if err != nil {
+		return nil, err
+	}
+	defer store.Close()
+
+	// Get an Identity slice, containing every identity in the store. Each of
+	// these must be Close()'ed when you're done with them.
+	idents, err := store.Identities()
+	if err != nil {
+		return nil, err
+	}
+
+	// Iterate through the identities, looking for the one we want.
+	var me certstore.Identity
+	for _, ident := range idents {
+		defer ident.Close()
+
+		crt, errr := ident.Certificate()
+		if errr != nil {
+			return nil, errr
+		}
+
+		if crt.Subject.CommonName == "Ben Toews" {
+			me = ident
+		}
+	}
+
+	if me == nil {
+		return nil, errors.New("Couldn't find my identity")
+	}
+
+	// Get a crypto.Signer for the identity.
+	signer, err := me.Signer()
+	if err != nil {
+		return nil, err
+	}
+
+	// Digest and sign our message.
+	digest := sha256.Sum256([]byte(msg))
+	signature, err := signer.Sign(rand.Reader, digest[:], crypto.SHA256)
+	if err != nil {
+		return nil, err
+	}
+
+	return signature, nil
+}
+
+```
@@ -0,0 +1,49 @@
+package certstore
+
+import (
+	"crypto"
+	"crypto/x509"
+	"errors"
+)
+
+var (
+	// ErrUnsupportedHash is returned by Signer.Sign() when the provided hash
+	// algorithm isn't supported.
+	ErrUnsupportedHash = errors.New("unsupported hash algorithm")
+)
+
+// Open opens the system's certificate store.
+func Open() (Store, error) {
+	return openStore()
+}
+
+// Store represents the system's certificate store.
+type Store interface {
+	// Identities gets a list of identities from the store.
+	Identities() ([]Identity, error)
+
+	// Import imports a PKCS#12 (PFX) blob containing a certificate and private
+	// key.
+	Import(data []byte, password string) error
+
+	// Close closes the store.
+	Close()
+}
+
+// Identity is a X.509 certificate and its corresponding private key.
+type Identity interface {
+	// Certificate gets the identity's certificate.
+	Certificate() (*x509.Certificate, error)
+
+	// CertificateChain attempts to get the identity's full certificate chain.
+	CertificateChain() ([]*x509.Certificate, error)
+
+	// Signer gets a crypto.Signer that uses the identity's private key.
+	Signer() (crypto.Signer, error)
+
+	// Delete deletes this identity from the system.
+	Delete() error
+
+	// Close any manually managed memory held by the Identity.
+	Close()
+}