From 97e845e295dbb8cb43f4df70c460920cdc41286d Mon Sep 17 00:00:00 2001
From: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
Date: Wed, 10 Feb 2016 17:32:19 -0800
Subject: [PATCH] AddKey for cryptoservice

Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
---
 cryptoservice/crypto_service.go           |  1 -
 signer/client/signer_trust.go             |  5 +++++
 trustmanager/keyfilestore.go              |  2 ++
 trustmanager/yubikey/yubikeystore.go      |  9 ++++-----
 trustmanager/yubikey/yubikeystore_test.go |  6 +++---
 tuf/signed/ed25519.go                     |  6 ++++++
 tuf/signed/sign_test.go                   | 12 ++++++++++++
 7 files changed, 32 insertions(+), 9 deletions(-)

diff --git a/cryptoservice/crypto_service.go b/cryptoservice/crypto_service.go
index 914cec1ee2..8e7b66e867 100644
--- a/cryptoservice/crypto_service.go
+++ b/cryptoservice/crypto_service.go
@@ -120,7 +120,6 @@ func (cs *CryptoService) RemoveKey(keyID string) (err error) {
 	return // returns whatever the final values were
 }
 
-
 // AddKey adds a private key to a specified role.
 // The GUN is inferred from the cryptoservice itself for non-root roles
 func (cs *CryptoService) AddKey(role string, key data.PrivateKey) (err error) {
diff --git a/signer/client/signer_trust.go b/signer/client/signer_trust.go
index a7d8e54880..c4331253d3 100644
--- a/signer/client/signer_trust.go
+++ b/signer/client/signer_trust.go
@@ -137,6 +137,11 @@ func (trust *NotarySigner) Create(role, algorithm string) (data.PublicKey, error
 	return public, nil
 }
 
+// AddKey adds a key
+func (trust *NotarySigner) AddKey(role string, k data.PrivateKey) error {
+	return errors.New("Adding a key to NotarySigner is not supported")
+}
+
 // RemoveKey deletes a key
 func (trust *NotarySigner) RemoveKey(keyid string) error {
 	_, err := trust.kmClient.DeleteKey(context.Background(), &pb.KeyID{ID: keyid})
diff --git a/trustmanager/keyfilestore.go b/trustmanager/keyfilestore.go
index 836ceaec83..c87a2f86a0 100644
--- a/trustmanager/keyfilestore.go
+++ b/trustmanager/keyfilestore.go
@@ -131,6 +131,7 @@ func (s *KeyMemoryStore) loadKeyInfo() {
 	s.keyInfoMap = generateKeyInfoMap(s)
 }
 
+// GetKeyInfo returns the corresponding gun and role key info for a keyID
 func (s *KeyFileStore) GetKeyInfo(keyID string) (KeyInfo, error) {
 	if info, ok := s.keyInfoMap[keyID]; ok {
 		return info, nil
@@ -138,6 +139,7 @@ func (s *KeyFileStore) GetKeyInfo(keyID string) (KeyInfo, error) {
 	return KeyInfo{}, fmt.Errorf("Could not find info for keyID %s", keyID)
 }
 
+// GetKeyInfo returns the corresponding gun and role key info for a keyID
 func (s *KeyMemoryStore) GetKeyInfo(keyID string) (KeyInfo, error) {
 	if info, ok := s.keyInfoMap[keyID]; ok {
 		return info, nil
diff --git a/trustmanager/yubikey/yubikeystore.go b/trustmanager/yubikey/yubikeystore.go
index 61644302ef..2840b8b1c1 100644
--- a/trustmanager/yubikey/yubikeystore.go
+++ b/trustmanager/yubikey/yubikeystore.go
@@ -617,8 +617,7 @@ func (s *YubiKeyStore) setLibLoader(loader pkcs11LibLoader) {
 	s.libLoader = loader
 }
 
-// TODO: yubi key store refactor
-func (s *YubiKeyStore) ListKeys() map[string]KeyInfo {
+func (s *YubiKeyStore) ListKeys() map[string]trustmanager.KeyInfo {
 	if len(s.keys) > 0 {
 		return buildKeyMap(s.keys)
 	}
@@ -896,10 +895,10 @@ func login(ctx IPKCS11Ctx, session pkcs11.SessionHandle, passRetriever passphras
 	return nil
 }
 
-func buildKeyMap(keys map[string]yubiSlot) map[string]string {
-	res := make(map[string]string)
+func buildKeyMap(keys map[string]yubiSlot) map[string]trustmanager.KeyInfo {
+	res := make(map[string]trustmanager.KeyInfo)
 	for k, v := range keys {
-		res[k] = v.role
+		res[k] = trustmanager.KeyInfo{Role: v.role, Gun: ""}
 	}
 	return res
 }
diff --git a/trustmanager/yubikey/yubikeystore_test.go b/trustmanager/yubikey/yubikeystore_test.go
index 95d45af8bd..0f9accf53f 100644
--- a/trustmanager/yubikey/yubikeystore_test.go
+++ b/trustmanager/yubikey/yubikeystore_test.go
@@ -108,7 +108,7 @@ func TestYubiAddKeysAndRetrieve(t *testing.T) {
 		for _, k := range keys {
 			r, ok := listedKeys[k]
 			assert.True(t, ok)
-			assert.Equal(t, data.CanonicalRootRole, r)
+			assert.Equal(t, data.CanonicalRootRole, r.Role)
 
 			_, _, err := store.GetKey(k)
 			assert.NoError(t, err)
@@ -150,7 +150,7 @@ func TestYubiAddKeyFailureIfNoMoreSlots(t *testing.T) {
 		_, _, err := store.GetKey(badKey.ID())
 		assert.Error(t, err)
 		for k := range store.ListKeys() {
-			assert.NotEqual(t, badKey, k)
+			assert.NotEqual(t, badKey.ID(), k)
 		}
 	}
 }
@@ -519,7 +519,7 @@ type pkcs11Stubbable interface {
 var setupErrors = []string{"Initialize", "GetSlotList", "OpenSession"}
 
 // Create a new store, so that we avoid any cache issues, and list keys
-func cleanListKeys(t *testing.T) map[string]string {
+func cleanListKeys(t *testing.T) map[string]trustmanager.KeyInfo {
 	cleanStore, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
 	assert.NoError(t, err)
 	return cleanStore.ListKeys()
diff --git a/tuf/signed/ed25519.go b/tuf/signed/ed25519.go
index e09b550501..0a2c372bce 100644
--- a/tuf/signed/ed25519.go
+++ b/tuf/signed/ed25519.go
@@ -29,6 +29,12 @@ func NewEd25519() *Ed25519 {
 	}
 }
 
+// AddKey allows you to add a private key
+func (e *Ed25519) AddKey(role string, k data.PrivateKey) error {
+	e.addKey(role, k)
+	return nil
+}
+
 // addKey allows you to add a private key
 func (e *Ed25519) addKey(role string, k data.PrivateKey) {
 	e.keys[k.ID()] = edCryptoKey{
diff --git a/tuf/signed/sign_test.go b/tuf/signed/sign_test.go
index 99d8b57c4a..a143c47fc4 100644
--- a/tuf/signed/sign_test.go
+++ b/tuf/signed/sign_test.go
@@ -29,6 +29,10 @@ func (mts *FailingCryptoService) ListKeys(role string) []string {
 	return []string{mts.testKey.ID()}
 }
 
+func (mts *FailingCryptoService) AddKey(role string, key data.PrivateKey) error {
+	return nil
+}
+
 func (mts *FailingCryptoService) ListAllKeys() map[string]string {
 	return map[string]string{
 		mts.testKey.ID(): data.CanonicalRootRole,
@@ -68,6 +72,10 @@ func (mts *MockCryptoService) Create(_ string, _ string) (data.PublicKey, error)
 	return mts.testKey, nil
 }
 
+func (mts *MockCryptoService) AddKey(role string, key data.PrivateKey) error {
+	return nil
+}
+
 func (mts *MockCryptoService) GetKey(keyID string) data.PublicKey {
 	if keyID == "testID" {
 		return data.PublicKeyFromPrivate(mts.testKey)
@@ -126,6 +134,10 @@ func (mts *StrictMockCryptoService) ListAllKeys() map[string]string {
 	}
 }
 
+func (mts *StrictMockCryptoService) AddKey(role string, key data.PrivateKey) error {
+	return nil
+}
+
 func (mts *StrictMockCryptoService) ImportRootKey(r io.Reader) error {
 	return nil
 }