diff --git a/cmd/notary-signer/main.go b/cmd/notary-signer/main.go
index 2dec793130..a218115d80 100644
--- a/cmd/notary-signer/main.go
+++ b/cmd/notary-signer/main.go
@@ -2,10 +2,13 @@ package main
import (
"crypto/rand"
+ "crypto/sha256"
"crypto/tls"
"database/sql"
+ "errors"
_ "expvar"
"flag"
+ "io/ioutil"
"log"
"net"
"net/http"
@@ -46,9 +49,15 @@ func init() {
}
func passphraseRetriever(keyName, alias string, createNew bool, attempts int) (passphrase string, giveup bool, err error) {
+ privKeyContent, err := ioutil.ReadFile(keyFile)
+ if err != nil {
+ return "", false, errors.New("error while reading the TLS private key")
+ }
- //TODO(mccauley) Read from config once we have locked keys in notary-signer
- return "", false, nil
+ privKeyHash := sha256.Sum256(privKeyContent)
+ passphrase = string(privKeyHash[:])
+
+ return passphrase, false, nil
}
func main() {
diff --git a/notarymysql/initial.sql b/notarymysql/initial.sql
index 4b173885e6..f1512d8e82 100644
--- a/notarymysql/initial.sql
+++ b/notarymysql/initial.sql
@@ -22,7 +22,7 @@ CREATE TABLE `private_keys` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`created_at` datetime NOT NULL,
`updated_at` datetime NOT NULL,
- `deleted_at` datetime NOT NULL,
+ `deleted_at` datetime DEFAULT NULL,
`key_id` varchar(255) NOT NULL,
`encryption` varchar(255) NOT NULL,
`algorithm` varchar(50) NOT NULL,
diff --git a/signer/api/rpc_api.go b/signer/api/rpc_api.go
index 49f31b1953..8d5018d494 100644
--- a/signer/api/rpc_api.go
+++ b/signer/api/rpc_api.go
@@ -32,11 +32,13 @@ func (s *KeyManagementServer) CreateKey(ctx context.Context, algorithm *pb.Algor
service := s.CryptoServices[keyAlgo]
if service == nil {
+ log.Println("[Notary-signer CreateKey] : unsupported algorithm: ", algorithm.Algorithm)
return nil, fmt.Errorf("algorithm %s not supported for create key", algorithm.Algorithm)
}
tufKey, err := service.Create("", keyAlgo)
if err != nil {
+ log.Println("[Notary-signer CreateKey] : failed to create key", err)
return nil, grpc.Errorf(codes.Internal, "Key creation failed")
}
log.Println("[Notary-signer CreateKey] : Created KeyID ", tufKey.ID())
diff --git a/trustmanager/keydbstore.go b/trustmanager/keydbstore.go
index df70967c8d..e53250a9d4 100644
--- a/trustmanager/keydbstore.go
+++ b/trustmanager/keydbstore.go
@@ -23,7 +23,7 @@ type KeyDBStore struct {
// GormPrivateKey represents a PrivateKey in the database
type GormPrivateKey struct {
gorm.Model
- keyID string `gorm:"not null;unique_index"`
+ KeyID string `gorm:"not null;unique_index"`
Encryption string `gorm:"type:varchar(50);not null"`
Algorithm string `gorm:"not null"`
Public []byte `gorm:"not null"`
@@ -72,7 +72,7 @@ func (s *KeyDBStore) AddKey(name, alias string, privKey data.PrivateKey) error {
encryptedPrivKeyStr := encryptedKey.FullSerialize()
gormPrivKey := GormPrivateKey{
- keyID: privKey.ID(),
+ KeyID: privKey.ID(),
Encryption: string(gojose.PBES2_HS512_A256KW),
Algorithm: privKey.Algorithm().String(),
Public: privKey.Public(),
@@ -105,7 +105,7 @@ func (s *KeyDBStore) GetKey(name string) (data.PrivateKey, string, error) {
// Retrieve the GORM private key from the database
dbPrivateKey := GormPrivateKey{}
- if s.db.Where(&GormPrivateKey{keyID: name}).First(&dbPrivateKey).RecordNotFound() {
+ if s.db.Where(&GormPrivateKey{KeyID: name}).First(&dbPrivateKey).RecordNotFound() {
return nil, "", ErrKeyNotFound{}
}
@@ -142,7 +142,7 @@ func (s *KeyDBStore) RemoveKey(name string) error {
// Retrieve the GORM private key from the database
dbPrivateKey := GormPrivateKey{}
- if s.db.Where(&GormPrivateKey{keyID: name}).First(&dbPrivateKey).RecordNotFound() {
+ if s.db.Where(&GormPrivateKey{KeyID: name}).First(&dbPrivateKey).RecordNotFound() {
return ErrKeyNotFound{}
}
diff --git a/trustmanager/keydbstore_test.go b/trustmanager/keydbstore_test.go
index c679c39599..39a8745b3b 100644
--- a/trustmanager/keydbstore_test.go
+++ b/trustmanager/keydbstore_test.go
@@ -3,7 +3,6 @@ package trustmanager
import (
"crypto/rand"
"database/sql"
- "fmt"
"io/ioutil"
"os"
"testing"
@@ -36,7 +35,6 @@ func TestCreateRead(t *testing.T) {
// Test writing new key in database/cache
err = dbStore.AddKey("", "", testKey)
- fmt.Println(err)
assert.NoError(t, err)
// Test retrieval of key from DB
@@ -56,6 +54,36 @@ func TestCreateRead(t *testing.T) {
assert.Equal(t, retrKey, testKey)
}
+func TestDoubleCreate(t *testing.T) {
+ tempBaseDir, err := ioutil.TempDir("", "notary-test-")
+ defer os.RemoveAll(tempBaseDir)
+
+ testKey, err := GenerateECDSAKey(rand.Reader)
+ assert.NoError(t, err)
+
+ anotherTestKey, err := GenerateECDSAKey(rand.Reader)
+ assert.NoError(t, err)
+
+ // We are using SQLite for the tests
+ db, err := sql.Open("sqlite3", tempBaseDir+"test_db")
+ assert.NoError(t, err)
+
+ // Create a new KeyDB store
+ dbStore, err := NewKeyDBStore(retriever, "sqlite3", db)
+ assert.NoError(t, err)
+
+ // Ensure that the private_key table exists
+ dbStore.db.CreateTable(&GormPrivateKey{})
+
+ // Test writing new key in database/cache
+ err = dbStore.AddKey("", "", testKey)
+ assert.NoError(t, err)
+
+ // Test writing new key succeeds
+ err = dbStore.AddKey("", "", anotherTestKey)
+ assert.NoError(t, err)
+}
+
func TestCreateDelete(t *testing.T) {
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
defer os.RemoveAll(tempBaseDir)
@@ -76,7 +104,6 @@ func TestCreateDelete(t *testing.T) {
// Test writing new key in database/cache
err = dbStore.AddKey("", "", testKey)
- fmt.Println(err)
assert.NoError(t, err)
// Test deleting the key from the db