keystore aliasing, take 2

Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-18 18:08:03 -07:00 · 2015-07-18 18:08:03 -07:00 · f239757dfd
parent 5df1eb21f3
commit f239757dfd
6 changed files with 43 additions and 26 deletions
--- a/client/client.go
+++ b/client/client.go
@ -136,7 +136,7 @@ func (r *NotaryRepository) Initialize(uCryptoService *cryptoservice.UnlockedCryp
 	// is associated with. This is used to be able to retrieve the root private key
 	// associated with a particular certificate
 	logrus.Debugf("Linking %s to %s.", rootKey.ID(), uCryptoService.ID())
-	err = r.KeyStoreManager.RootKeyStore().Link(uCryptoService.ID(), rootKey.ID())
+	err = r.KeyStoreManager.RootKeyStore().Link(uCryptoService.ID()+"_root", rootKey.ID()+"_root")
 	if err != nil {
 		return err
 	}
--- a/cmd/notary-server/config.json
+++ b/cmd/notary-server/config.json
@ -3,10 +3,7 @@
 		"addr": ":4443"
 	},
 	"trust_service": {
-		"type": "remote",
-		"hostname": "notarysigner",
-		"port": "7899",
-		"tls_ca_file": "./fixtures/root-ca.crt"
+		"type": "local"
 	},
 	"logging": {
 		"level": 5
--- a/cmd/notary/tuf.go
+++ b/cmd/notary/tuf.go
@ -20,7 +20,7 @@ import (
 )

 // FIXME: This should not be hardcoded
-const hardcodedBaseURL = "https://notary-server:4443"
+const hardcodedBaseURL = "http://notary-server:4443"

 var retriever trustmanager.PassphraseRetriever

@ -277,6 +277,7 @@ func getNotaryPassphraseRetriever() (trustmanager.PassphraseRetriever) {
 	targetsSnapshotsPass := ""

 	return func(keyID string, alias string, createNew bool, numAttempts int) (string, bool, error) {
+		return "yellowness", false, nil
 		fmt.Printf("userEnteredTargetsSnapshotsPass: %s\n", userEnteredTargetsSnapshotsPass)
 		fmt.Printf("targetsSnapshotsPass: %s\n", targetsSnapshotsPass)
 		fmt.Printf("keyID: %s\n", keyID)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -6,7 +6,7 @@ notaryserver:
   - notarysigner
  ports:
   - "8080"
-   - "4443"
+   - "4443:4443"
  environment:
    SERVICE_NAME: notary
 notarysigner:
--- a/keystoremanager/import_export.go
+++ b/keystoremanager/import_export.go
@ -34,10 +34,6 @@ var (
 	ErrNoKeysFoundForGUN = errors.New("no keys found for specified GUN")
 )

-const (
-	aliasSuffix = ".alias"
-)
-
 // ExportRootKey exports the specified root key to an io.Writer in PEM format.
 // The key's existing encryption is preserved.
 func (km *KeyStoreManager) ExportRootKey(dest io.Writer, keyID string) error {
--- a/trustmanager/keyfilestore.go
+++ b/trustmanager/keyfilestore.go
@ -5,6 +5,8 @@ import (
 	"strings"

 	"github.com/endophage/gotuf/data"
+	"errors"
+	"fmt"
 )

 const (
@ -67,7 +69,6 @@ func (s *KeyFileStore) GetKeyAlias(name string) (string, error) {
 	return getKeyAlias(s, name)
 }

-
 // ListKeys returns a list of unique PublicKeys present on the KeyFileStore.
 // There might be symlinks associating Certificate IDs to Public Keys, so this
 // method only returns the IDs that aren't symlinks
@ -144,35 +145,56 @@ func addKey(s LimitedFileStore, passphraseRetriever PassphraseRetriever, name, a
 		}
 	}

-	err = s.Add(name + "." + aliasExtension, []byte(alias))
-	if err != nil {
-		return err
-	}
-	return s.Add(name, pemPrivKey)
+	return s.Add(name + "_" + alias, pemPrivKey)
 }

-
 func getKeyAlias(s LimitedFileStore, name string) (string, error) {
-	keyAlias, err := s.Get(name + "." + aliasExtension)
-	if err != nil {
-		return "", err
+	files := s.ListFiles(true)
+
+	fmt.Println(name)
+	name = name[strings.LastIndexAny(name, "/\\")+1:]
+	//name = strings.TrimSpace(strings.TrimSuffix(filepath.Base(name), filepath.Ext(name)))
+
+	fmt.Println(name)
+
+	for _, file := range files {
+		fmt.Println(file, " ======= ", name)
+		if strings.HasSuffix(file, keyExtension) {
+			lastPathSeparator := strings.LastIndexAny(file, "/\\")
+			filename := file[lastPathSeparator+1:]
+			//filename := strings.TrimSpace(strings.TrimSuffix(filepath.Base(file), filepath.Ext(file)))
+
+			fmt.Println(filename, " : ", name)
+
+			if strings.HasPrefix(filename, name) {
+				fmt.Println("filename:", filename)
+				fmt.Println("name:", name)
+				aliasPlusDotKey := strings.TrimPrefix(filename, name + "_")
+				fmt.Println("aliasPlusDotKey:", aliasPlusDotKey)
+
+				retVal := strings.TrimSuffix(aliasPlusDotKey, "." + keyExtension)
+				fmt.Println("retVal:", retVal)
+
+				return retVal, nil
+			}
+		}
 	}

-	return string(keyAlias), nil
+	return "", errors.New(fmt.Sprintf("keyId %s has no alias", name))
 }

 // GetKey returns the PrivateKey given a KeyID
 func getKey(s LimitedFileStore, passphraseRetriever PassphraseRetriever, name string) (data.PrivateKey, error) {
-	keyBytes, err := s.Get(name)
-	if err != nil {
-		return nil, err
-	}

 	keyAlias, err := getKeyAlias(s, name)
 	if err != nil {
 		return nil, err
 	}

+	keyBytes, err := s.Get(name + "_" + keyAlias)
+	if err != nil {
+		return nil, err
+	}

 	// See if the key is encrypted. If its encrypted we'll fail to parse the private key
 	privKey, err := ParsePEMPrivateKey(keyBytes, "")
@ -205,6 +227,7 @@ func listKeys(s LimitedFileStore) []string {
 	var keyIDList []string
 	for _, f := range s.ListFiles(false) {
 		keyID := strings.TrimSpace(strings.TrimSuffix(filepath.Base(f), filepath.Ext(f)))
+		keyID = keyID[:strings.LastIndex(keyID,"_")]
 		keyIDList = append(keyIDList, keyID)
 	}
 	return keyIDList