AddKey for cryptoservice

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-10 17:32:19 -08:00 · 2016-02-10 17:32:19 -08:00 · 97e845e295
parent 95af5d4800
commit 97e845e295
7 changed files with 32 additions and 9 deletions
--- a/cryptoservice/crypto_service.go
+++ b/cryptoservice/crypto_service.go
@ -120,7 +120,6 @@ func (cs *CryptoService) RemoveKey(keyID string) (err error) {
 	return // returns whatever the final values were
 }

-
 // AddKey adds a private key to a specified role.
 // The GUN is inferred from the cryptoservice itself for non-root roles
 func (cs *CryptoService) AddKey(role string, key data.PrivateKey) (err error) {
--- a/signer/client/signer_trust.go
+++ b/signer/client/signer_trust.go
@ -137,6 +137,11 @@ func (trust *NotarySigner) Create(role, algorithm string) (data.PublicKey, error
 	return public, nil
 }

+// AddKey adds a key
+func (trust *NotarySigner) AddKey(role string, k data.PrivateKey) error {
+	return errors.New("Adding a key to NotarySigner is not supported")
+}
+
 // RemoveKey deletes a key
 func (trust *NotarySigner) RemoveKey(keyid string) error {
 	_, err := trust.kmClient.DeleteKey(context.Background(), &pb.KeyID{ID: keyid})
--- a/trustmanager/keyfilestore.go
+++ b/trustmanager/keyfilestore.go
@ -131,6 +131,7 @@ func (s *KeyMemoryStore) loadKeyInfo() {
 	s.keyInfoMap = generateKeyInfoMap(s)
 }

+// GetKeyInfo returns the corresponding gun and role key info for a keyID
 func (s *KeyFileStore) GetKeyInfo(keyID string) (KeyInfo, error) {
 	if info, ok := s.keyInfoMap[keyID]; ok {
 		return info, nil
@ -138,6 +139,7 @@ func (s *KeyFileStore) GetKeyInfo(keyID string) (KeyInfo, error) {
 	return KeyInfo{}, fmt.Errorf("Could not find info for keyID %s", keyID)
 }

+// GetKeyInfo returns the corresponding gun and role key info for a keyID
 func (s *KeyMemoryStore) GetKeyInfo(keyID string) (KeyInfo, error) {
 	if info, ok := s.keyInfoMap[keyID]; ok {
 		return info, nil
--- a/trustmanager/yubikey/yubikeystore.go
+++ b/trustmanager/yubikey/yubikeystore.go
@ -617,8 +617,7 @@ func (s *YubiKeyStore) setLibLoader(loader pkcs11LibLoader) {
 	s.libLoader = loader
 }

-// TODO: yubi key store refactor
-func (s *YubiKeyStore) ListKeys() map[string]KeyInfo {
+func (s *YubiKeyStore) ListKeys() map[string]trustmanager.KeyInfo {
 	if len(s.keys) > 0 {
 		return buildKeyMap(s.keys)
 	}
@ -896,10 +895,10 @@ func login(ctx IPKCS11Ctx, session pkcs11.SessionHandle, passRetriever passphras
 	return nil
 }

-func buildKeyMap(keys map[string]yubiSlot) map[string]string {
-	res := make(map[string]string)
+func buildKeyMap(keys map[string]yubiSlot) map[string]trustmanager.KeyInfo {
+	res := make(map[string]trustmanager.KeyInfo)
 	for k, v := range keys {
-		res[k] = v.role
+		res[k] = trustmanager.KeyInfo{Role: v.role, Gun: ""}
 	}
 	return res
 }
--- a/trustmanager/yubikey/yubikeystore_test.go
+++ b/trustmanager/yubikey/yubikeystore_test.go
@ -108,7 +108,7 @@ func TestYubiAddKeysAndRetrieve(t *testing.T) {
 		for _, k := range keys {
 			r, ok := listedKeys[k]
 			assert.True(t, ok)
-			assert.Equal(t, data.CanonicalRootRole, r)
+			assert.Equal(t, data.CanonicalRootRole, r.Role)

 			_, _, err := store.GetKey(k)
 			assert.NoError(t, err)
@ -150,7 +150,7 @@ func TestYubiAddKeyFailureIfNoMoreSlots(t *testing.T) {
 		_, _, err := store.GetKey(badKey.ID())
 		assert.Error(t, err)
 		for k := range store.ListKeys() {
-			assert.NotEqual(t, badKey, k)
+			assert.NotEqual(t, badKey.ID(), k)
 		}
 	}
 }
@ -519,7 +519,7 @@ type pkcs11Stubbable interface {
 var setupErrors = []string{"Initialize", "GetSlotList", "OpenSession"}

 // Create a new store, so that we avoid any cache issues, and list keys
-func cleanListKeys(t *testing.T) map[string]string {
+func cleanListKeys(t *testing.T) map[string]trustmanager.KeyInfo {
 	cleanStore, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	assert.NoError(t, err)
 	return cleanStore.ListKeys()
--- a/tuf/signed/ed25519.go
+++ b/tuf/signed/ed25519.go
@ -29,6 +29,12 @@ func NewEd25519() *Ed25519 {
 	}
 }

+// AddKey allows you to add a private key
+func (e *Ed25519) AddKey(role string, k data.PrivateKey) error {
+	e.addKey(role, k)
+	return nil
+}
+
 // addKey allows you to add a private key
 func (e *Ed25519) addKey(role string, k data.PrivateKey) {
 	e.keys[k.ID()] = edCryptoKey{
--- a/tuf/signed/sign_test.go
+++ b/tuf/signed/sign_test.go
@ -29,6 +29,10 @@ func (mts *FailingCryptoService) ListKeys(role string) []string {
 	return []string{mts.testKey.ID()}
 }

+func (mts *FailingCryptoService) AddKey(role string, key data.PrivateKey) error {
+	return nil
+}
+
 func (mts *FailingCryptoService) ListAllKeys() map[string]string {
 	return map[string]string{
 		mts.testKey.ID(): data.CanonicalRootRole,
@ -68,6 +72,10 @@ func (mts *MockCryptoService) Create(_ string, _ string) (data.PublicKey, error)
 	return mts.testKey, nil
 }

+func (mts *MockCryptoService) AddKey(role string, key data.PrivateKey) error {
+	return nil
+}
+
 func (mts *MockCryptoService) GetKey(keyID string) data.PublicKey {
 	if keyID == "testID" {
 		return data.PublicKeyFromPrivate(mts.testKey)
@ -126,6 +134,10 @@ func (mts *StrictMockCryptoService) ListAllKeys() map[string]string {
 	}
 }

+func (mts *StrictMockCryptoService) AddKey(role string, key data.PrivateKey) error {
+	return nil
+}
+
 func (mts *StrictMockCryptoService) ImportRootKey(r io.Reader) error {
 	return nil
 }