From e568babc0aaa1d1132a72d7ab8db7446a06d74d7 Mon Sep 17 00:00:00 2001 From: Diogo Monica Date: Fri, 24 Jul 2015 06:46:26 -0700 Subject: [PATCH] Added one more test, and fixed delete bug Signed-off-by: Diogo Monica --- cmd/notary-signer/main.go | 13 +++++++++++-- notarymysql/initial.sql | 2 +- signer/api/rpc_api.go | 2 ++ trustmanager/keydbstore.go | 8 ++++---- trustmanager/keydbstore_test.go | 33 ++++++++++++++++++++++++++++++--- 5 files changed, 48 insertions(+), 10 deletions(-) diff --git a/cmd/notary-signer/main.go b/cmd/notary-signer/main.go index 2dec793130..a218115d80 100644 --- a/cmd/notary-signer/main.go +++ b/cmd/notary-signer/main.go @@ -2,10 +2,13 @@ package main import ( "crypto/rand" + "crypto/sha256" "crypto/tls" "database/sql" + "errors" _ "expvar" "flag" + "io/ioutil" "log" "net" "net/http" @@ -46,9 +49,15 @@ func init() { } func passphraseRetriever(keyName, alias string, createNew bool, attempts int) (passphrase string, giveup bool, err error) { + privKeyContent, err := ioutil.ReadFile(keyFile) + if err != nil { + return "", false, errors.New("error while reading the TLS private key") + } - //TODO(mccauley) Read from config once we have locked keys in notary-signer - return "", false, nil + privKeyHash := sha256.Sum256(privKeyContent) + passphrase = string(privKeyHash[:]) + + return passphrase, false, nil } func main() { diff --git a/notarymysql/initial.sql b/notarymysql/initial.sql index 4b173885e6..f1512d8e82 100644 --- a/notarymysql/initial.sql +++ b/notarymysql/initial.sql @@ -22,7 +22,7 @@ CREATE TABLE `private_keys` ( `id` int(11) NOT NULL AUTO_INCREMENT, `created_at` datetime NOT NULL, `updated_at` datetime NOT NULL, - `deleted_at` datetime NOT NULL, + `deleted_at` datetime DEFAULT NULL, `key_id` varchar(255) NOT NULL, `encryption` varchar(255) NOT NULL, `algorithm` varchar(50) NOT NULL, diff --git a/signer/api/rpc_api.go b/signer/api/rpc_api.go index 49f31b1953..8d5018d494 100644 --- a/signer/api/rpc_api.go +++ b/signer/api/rpc_api.go @@ -32,11 +32,13 @@ func (s *KeyManagementServer) CreateKey(ctx context.Context, algorithm *pb.Algor service := s.CryptoServices[keyAlgo] if service == nil { + log.Println("[Notary-signer CreateKey] : unsupported algorithm: ", algorithm.Algorithm) return nil, fmt.Errorf("algorithm %s not supported for create key", algorithm.Algorithm) } tufKey, err := service.Create("", keyAlgo) if err != nil { + log.Println("[Notary-signer CreateKey] : failed to create key", err) return nil, grpc.Errorf(codes.Internal, "Key creation failed") } log.Println("[Notary-signer CreateKey] : Created KeyID ", tufKey.ID()) diff --git a/trustmanager/keydbstore.go b/trustmanager/keydbstore.go index df70967c8d..e53250a9d4 100644 --- a/trustmanager/keydbstore.go +++ b/trustmanager/keydbstore.go @@ -23,7 +23,7 @@ type KeyDBStore struct { // GormPrivateKey represents a PrivateKey in the database type GormPrivateKey struct { gorm.Model - keyID string `gorm:"not null;unique_index"` + KeyID string `gorm:"not null;unique_index"` Encryption string `gorm:"type:varchar(50);not null"` Algorithm string `gorm:"not null"` Public []byte `gorm:"not null"` @@ -72,7 +72,7 @@ func (s *KeyDBStore) AddKey(name, alias string, privKey data.PrivateKey) error { encryptedPrivKeyStr := encryptedKey.FullSerialize() gormPrivKey := GormPrivateKey{ - keyID: privKey.ID(), + KeyID: privKey.ID(), Encryption: string(gojose.PBES2_HS512_A256KW), Algorithm: privKey.Algorithm().String(), Public: privKey.Public(), @@ -105,7 +105,7 @@ func (s *KeyDBStore) GetKey(name string) (data.PrivateKey, string, error) { // Retrieve the GORM private key from the database dbPrivateKey := GormPrivateKey{} - if s.db.Where(&GormPrivateKey{keyID: name}).First(&dbPrivateKey).RecordNotFound() { + if s.db.Where(&GormPrivateKey{KeyID: name}).First(&dbPrivateKey).RecordNotFound() { return nil, "", ErrKeyNotFound{} } @@ -142,7 +142,7 @@ func (s *KeyDBStore) RemoveKey(name string) error { // Retrieve the GORM private key from the database dbPrivateKey := GormPrivateKey{} - if s.db.Where(&GormPrivateKey{keyID: name}).First(&dbPrivateKey).RecordNotFound() { + if s.db.Where(&GormPrivateKey{KeyID: name}).First(&dbPrivateKey).RecordNotFound() { return ErrKeyNotFound{} } diff --git a/trustmanager/keydbstore_test.go b/trustmanager/keydbstore_test.go index c679c39599..39a8745b3b 100644 --- a/trustmanager/keydbstore_test.go +++ b/trustmanager/keydbstore_test.go @@ -3,7 +3,6 @@ package trustmanager import ( "crypto/rand" "database/sql" - "fmt" "io/ioutil" "os" "testing" @@ -36,7 +35,6 @@ func TestCreateRead(t *testing.T) { // Test writing new key in database/cache err = dbStore.AddKey("", "", testKey) - fmt.Println(err) assert.NoError(t, err) // Test retrieval of key from DB @@ -56,6 +54,36 @@ func TestCreateRead(t *testing.T) { assert.Equal(t, retrKey, testKey) } +func TestDoubleCreate(t *testing.T) { + tempBaseDir, err := ioutil.TempDir("", "notary-test-") + defer os.RemoveAll(tempBaseDir) + + testKey, err := GenerateECDSAKey(rand.Reader) + assert.NoError(t, err) + + anotherTestKey, err := GenerateECDSAKey(rand.Reader) + assert.NoError(t, err) + + // We are using SQLite for the tests + db, err := sql.Open("sqlite3", tempBaseDir+"test_db") + assert.NoError(t, err) + + // Create a new KeyDB store + dbStore, err := NewKeyDBStore(retriever, "sqlite3", db) + assert.NoError(t, err) + + // Ensure that the private_key table exists + dbStore.db.CreateTable(&GormPrivateKey{}) + + // Test writing new key in database/cache + err = dbStore.AddKey("", "", testKey) + assert.NoError(t, err) + + // Test writing new key succeeds + err = dbStore.AddKey("", "", anotherTestKey) + assert.NoError(t, err) +} + func TestCreateDelete(t *testing.T) { tempBaseDir, err := ioutil.TempDir("", "notary-test-") defer os.RemoveAll(tempBaseDir) @@ -76,7 +104,6 @@ func TestCreateDelete(t *testing.T) { // Test writing new key in database/cache err = dbStore.AddKey("", "", testKey) - fmt.Println(err) assert.NoError(t, err) // Test deleting the key from the db