From 21d45a0f8da56f0d5f45cfd25ab968a43339af11 Mon Sep 17 00:00:00 2001 From: David Lawrence Date: Tue, 7 Jul 2015 17:49:28 -0700 Subject: [PATCH] IDs for root are now correct Signed-off-by: David Lawrence (github: endophage) --- client/client.go | 19 ++++++++++--------- trustmanager/x509filestore.go | 3 ++- 2 files changed, 12 insertions(+), 10 deletions(-) diff --git a/client/client.go b/client/client.go index e0a08bae45..d7b0cd4397 100644 --- a/client/client.go +++ b/client/client.go @@ -138,7 +138,14 @@ func (r *NotaryRepository) Initialize(uRootKey UnlockedRootKey) error { } timestampKey := data.NewPublicKey(parsedKey.Cipher(), parsedKey.Public()) - rootKey := data.NewPublicKey(uRootKey.cipher, uRootKey.pemBytes) + //rootKey := data.NewPublicKey(uRootKey.cipher, uRootKey.pemBytes) + // Creates and saves a trusted certificate for this store, with this root key + rootCert, err := uRootKey.GenerateCertificate(r.Gun) + if err != nil { + return err + } + r.certificateStore.AddCert(rootCert) + rootKey := data.NewPublicKey("RSA", trustmanager.CertToPEM(rootCert)) targetsKey, err := r.signer.Create("targets") if err != nil { @@ -211,13 +218,6 @@ func (r *NotaryRepository) Initialize(uRootKey UnlockedRootKey) error { return err } - // Creates and saves a trusted certificate for this store, with this root key - rootCert, err := uRootKey.GenerateCertificate(r.Gun) - if err != nil { - return err - } - r.certificateStore.AddCert(rootCert) - // Creates an empty snapshot return r.snapshot() } @@ -441,7 +441,8 @@ func (r *NotaryRepository) ValidateRoot(root *data.Signed) error { // TODO(dlaw): currently assuming only one cert contained in // public key entry. Need to fix when we want to pass in chains. k, _ := pem.Decode([]byte(rootSigned.Keys[fingerprint].Public())) - + logrus.Debug("Root PEM: ", k) + logrus.Debug("Root ID: ", fingerprint) decodedCerts, err := x509.ParseCertificates(k.Bytes) if err != nil { continue diff --git a/trustmanager/x509filestore.go b/trustmanager/x509filestore.go index a9128b0cf1..2f41606164 100644 --- a/trustmanager/x509filestore.go +++ b/trustmanager/x509filestore.go @@ -3,6 +3,7 @@ package trustmanager import ( "crypto/x509" "errors" + "github.com/Sirupsen/logrus" "os" "path" ) @@ -69,7 +70,7 @@ func (s X509FileStore) AddCert(cert *x509.Certificate) error { // stored under. If the file does not exist on disk, saves it. func (s X509FileStore) addNamedCert(cert *x509.Certificate) error { fingerprint := fingerprintCert(cert) - + logrus.Debug("Adding cert with fingerprint: ", fingerprint) // Validate if we already loaded this certificate before if _, ok := s.fingerprintMap[fingerprint]; ok { return errors.New("certificate already in the store")