From f239757dfd781e05156a0fecec576aee447c65cd Mon Sep 17 00:00:00 2001 From: Nathan McCauley Date: Sat, 18 Jul 2015 18:08:03 -0700 Subject: [PATCH] keystore aliasing, take 2 Signed-off-by: Nathan McCauley --- client/client.go | 2 +- cmd/notary-server/config.json | 5 +-- cmd/notary/tuf.go | 3 +- docker-compose.yml | 2 +- keystoremanager/import_export.go | 4 --- trustmanager/keyfilestore.go | 53 +++++++++++++++++++++++--------- 6 files changed, 43 insertions(+), 26 deletions(-) diff --git a/client/client.go b/client/client.go index 7d4dc7929b..5b2ba44512 100644 --- a/client/client.go +++ b/client/client.go @@ -136,7 +136,7 @@ func (r *NotaryRepository) Initialize(uCryptoService *cryptoservice.UnlockedCryp // is associated with. This is used to be able to retrieve the root private key // associated with a particular certificate logrus.Debugf("Linking %s to %s.", rootKey.ID(), uCryptoService.ID()) - err = r.KeyStoreManager.RootKeyStore().Link(uCryptoService.ID(), rootKey.ID()) + err = r.KeyStoreManager.RootKeyStore().Link(uCryptoService.ID()+"_root", rootKey.ID()+"_root") if err != nil { return err } diff --git a/cmd/notary-server/config.json b/cmd/notary-server/config.json index 3a33df247b..046cf19194 100644 --- a/cmd/notary-server/config.json +++ b/cmd/notary-server/config.json @@ -3,10 +3,7 @@ "addr": ":4443" }, "trust_service": { - "type": "remote", - "hostname": "notarysigner", - "port": "7899", - "tls_ca_file": "./fixtures/root-ca.crt" + "type": "local" }, "logging": { "level": 5 diff --git a/cmd/notary/tuf.go b/cmd/notary/tuf.go index fd65cb73e0..65d47da543 100644 --- a/cmd/notary/tuf.go +++ b/cmd/notary/tuf.go @@ -20,7 +20,7 @@ import ( ) // FIXME: This should not be hardcoded -const hardcodedBaseURL = "https://notary-server:4443" +const hardcodedBaseURL = "http://notary-server:4443" var retriever trustmanager.PassphraseRetriever @@ -277,6 +277,7 @@ func getNotaryPassphraseRetriever() (trustmanager.PassphraseRetriever) { targetsSnapshotsPass := "" return func(keyID string, alias string, createNew bool, numAttempts int) (string, bool, error) { + return "yellowness", false, nil fmt.Printf("userEnteredTargetsSnapshotsPass: %s\n", userEnteredTargetsSnapshotsPass) fmt.Printf("targetsSnapshotsPass: %s\n", targetsSnapshotsPass) fmt.Printf("keyID: %s\n", keyID) diff --git a/docker-compose.yml b/docker-compose.yml index 3d5f288bc2..be90b9c533 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,7 +6,7 @@ notaryserver: - notarysigner ports: - "8080" - - "4443" + - "4443:4443" environment: SERVICE_NAME: notary notarysigner: diff --git a/keystoremanager/import_export.go b/keystoremanager/import_export.go index 6a056cc47d..68eca320b3 100644 --- a/keystoremanager/import_export.go +++ b/keystoremanager/import_export.go @@ -34,10 +34,6 @@ var ( ErrNoKeysFoundForGUN = errors.New("no keys found for specified GUN") ) -const ( - aliasSuffix = ".alias" -) - // ExportRootKey exports the specified root key to an io.Writer in PEM format. // The key's existing encryption is preserved. func (km *KeyStoreManager) ExportRootKey(dest io.Writer, keyID string) error { diff --git a/trustmanager/keyfilestore.go b/trustmanager/keyfilestore.go index f376d6d271..8ac142df0b 100644 --- a/trustmanager/keyfilestore.go +++ b/trustmanager/keyfilestore.go @@ -5,6 +5,8 @@ import ( "strings" "github.com/endophage/gotuf/data" + "errors" + "fmt" ) const ( @@ -67,7 +69,6 @@ func (s *KeyFileStore) GetKeyAlias(name string) (string, error) { return getKeyAlias(s, name) } - // ListKeys returns a list of unique PublicKeys present on the KeyFileStore. // There might be symlinks associating Certificate IDs to Public Keys, so this // method only returns the IDs that aren't symlinks @@ -144,35 +145,56 @@ func addKey(s LimitedFileStore, passphraseRetriever PassphraseRetriever, name, a } } - err = s.Add(name + "." + aliasExtension, []byte(alias)) - if err != nil { - return err - } - return s.Add(name, pemPrivKey) + return s.Add(name + "_" + alias, pemPrivKey) } - func getKeyAlias(s LimitedFileStore, name string) (string, error) { - keyAlias, err := s.Get(name + "." + aliasExtension) - if err != nil { - return "", err + files := s.ListFiles(true) + + fmt.Println(name) + name = name[strings.LastIndexAny(name, "/\\")+1:] + //name = strings.TrimSpace(strings.TrimSuffix(filepath.Base(name), filepath.Ext(name))) + + fmt.Println(name) + + for _, file := range files { + fmt.Println(file, " ======= ", name) + if strings.HasSuffix(file, keyExtension) { + lastPathSeparator := strings.LastIndexAny(file, "/\\") + filename := file[lastPathSeparator+1:] + //filename := strings.TrimSpace(strings.TrimSuffix(filepath.Base(file), filepath.Ext(file))) + + fmt.Println(filename, " : ", name) + + if strings.HasPrefix(filename, name) { + fmt.Println("filename:", filename) + fmt.Println("name:", name) + aliasPlusDotKey := strings.TrimPrefix(filename, name + "_") + fmt.Println("aliasPlusDotKey:", aliasPlusDotKey) + + retVal := strings.TrimSuffix(aliasPlusDotKey, "." + keyExtension) + fmt.Println("retVal:", retVal) + + return retVal, nil + } + } } - return string(keyAlias), nil + return "", errors.New(fmt.Sprintf("keyId %s has no alias", name)) } // GetKey returns the PrivateKey given a KeyID func getKey(s LimitedFileStore, passphraseRetriever PassphraseRetriever, name string) (data.PrivateKey, error) { - keyBytes, err := s.Get(name) - if err != nil { - return nil, err - } keyAlias, err := getKeyAlias(s, name) if err != nil { return nil, err } + keyBytes, err := s.Get(name + "_" + keyAlias) + if err != nil { + return nil, err + } // See if the key is encrypted. If its encrypted we'll fail to parse the private key privKey, err := ParsePEMPrivateKey(keyBytes, "") @@ -205,6 +227,7 @@ func listKeys(s LimitedFileStore) []string { var keyIDList []string for _, f := range s.ListFiles(false) { keyID := strings.TrimSpace(strings.TrimSuffix(filepath.Base(f), filepath.Ext(f))) + keyID = keyID[:strings.LastIndex(keyID,"_")] keyIDList = append(keyIDList, keyID) } return keyIDList