keystore aliasing, take 2

Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-18 18:08:03 -07:00 · 2015-07-18 18:08:03 -07:00 · f239757dfd
parent 5df1eb21f3
commit f239757dfd
6 changed files with 43 additions and 26 deletions
--- a/client/client.go
+++ b/client/client.go
@ -136,7 +136,7 @@ func (r *NotaryRepository) Initialize(uCryptoService *cryptoservice.UnlockedCryp
 	// is associated with. This is used to be able to retrieve the root private key
 	// associated with a particular certificate
 	logrus.Debugf("Linking %s to %s.", rootKey.ID(), uCryptoService.ID())
-	err = r.KeyStoreManager.RootKeyStore().Link(uCryptoService.ID(), rootKey.ID())
+	err = r.KeyStoreManager.RootKeyStore().Link(uCryptoService.ID()+"_root", rootKey.ID()+"_root")
 	if err != nil {
 		return err
 	}
--- a/cmd/notary-server/config.json
+++ b/cmd/notary-server/config.json
@ -3,10 +3,7 @@
 		"addr": ":4443"
 	},
 	"trust_service": {
-		"type": "remote",
+		"type": "local"
 		"hostname": "notarysigner",
 		"port": "7899",
 		"tls_ca_file": "./fixtures/root-ca.crt"
 	},
 	"logging": {
 		"level": 5
--- a/cmd/notary/tuf.go
+++ b/cmd/notary/tuf.go
@ -20,7 +20,7 @@ import (
 )
 // FIXME: This should not be hardcoded
-const hardcodedBaseURL = "https://notary-server:4443"
+const hardcodedBaseURL = "http://notary-server:4443"
 var retriever trustmanager.PassphraseRetriever
@ -277,6 +277,7 @@ func getNotaryPassphraseRetriever() (trustmanager.PassphraseRetriever) {
 	targetsSnapshotsPass := ""
 	return func(keyID string, alias string, createNew bool, numAttempts int) (string, bool, error) {
 		return "yellowness", false, nil
 		fmt.Printf("userEnteredTargetsSnapshotsPass: %s\n", userEnteredTargetsSnapshotsPass)
 		fmt.Printf("targetsSnapshotsPass: %s\n", targetsSnapshotsPass)
 		fmt.Printf("keyID: %s\n", keyID)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -6,7 +6,7 @@ notaryserver:
   - notarysigner
  ports:
   - "8080"
-   - "4443"
+   - "4443:4443"
  environment:
    SERVICE_NAME: notary
 notarysigner:
--- a/keystoremanager/import_export.go
+++ b/keystoremanager/import_export.go
@ -34,10 +34,6 @@ var (
 	ErrNoKeysFoundForGUN = errors.New("no keys found for specified GUN")
 )
 const (
 	aliasSuffix = ".alias"
 )
 // ExportRootKey exports the specified root key to an io.Writer in PEM format.
 // The key's existing encryption is preserved.
 func (km *KeyStoreManager) ExportRootKey(dest io.Writer, keyID string) error {
--- a/trustmanager/keyfilestore.go
+++ b/trustmanager/keyfilestore.go
@ -5,6 +5,8 @@ import (
 	"strings"
 	"github.com/endophage/gotuf/data"
 	"errors"
 	"fmt"
 )
 const (
@ -67,7 +69,6 @@ func (s *KeyFileStore) GetKeyAlias(name string) (string, error) {
 	return getKeyAlias(s, name)
 }
 // ListKeys returns a list of unique PublicKeys present on the KeyFileStore.
 // There might be symlinks associating Certificate IDs to Public Keys, so this
 // method only returns the IDs that aren't symlinks
@ -144,35 +145,56 @@ func addKey(s LimitedFileStore, passphraseRetriever PassphraseRetriever, name, a
 		}
 	}
-	err = s.Add(name + "." + aliasExtension, []byte(alias))
+	return s.Add(name + "_" + alias, pemPrivKey)
 	if err != nil {
 		return err
 }
 	return s.Add(name, pemPrivKey)
 }
 func getKeyAlias(s LimitedFileStore, name string) (string, error) {
-	keyAlias, err := s.Get(name + "." + aliasExtension)
+	files := s.ListFiles(true)
-	if err != nil {
+
-		return "", err
+	fmt.Println(name)
 	name = name[strings.LastIndexAny(name, "/\\")+1:]
 	//name = strings.TrimSpace(strings.TrimSuffix(filepath.Base(name), filepath.Ext(name)))
 	fmt.Println(name)
 	for _, file := range files {
 		fmt.Println(file, " ======= ", name)
 		if strings.HasSuffix(file, keyExtension) {
 			lastPathSeparator := strings.LastIndexAny(file, "/\\")
 			filename := file[lastPathSeparator+1:]
 			//filename := strings.TrimSpace(strings.TrimSuffix(filepath.Base(file), filepath.Ext(file)))
 			fmt.Println(filename, " : ", name)
 			if strings.HasPrefix(filename, name) {
 				fmt.Println("filename:", filename)
 				fmt.Println("name:", name)
 				aliasPlusDotKey := strings.TrimPrefix(filename, name + "_")
 				fmt.Println("aliasPlusDotKey:", aliasPlusDotKey)
 				retVal := strings.TrimSuffix(aliasPlusDotKey, "." + keyExtension)
 				fmt.Println("retVal:", retVal)
 				return retVal, nil
 			}
 		}
 	}
-	return string(keyAlias), nil
+	return "", errors.New(fmt.Sprintf("keyId %s has no alias", name))
 }
 // GetKey returns the PrivateKey given a KeyID
 func getKey(s LimitedFileStore, passphraseRetriever PassphraseRetriever, name string) (data.PrivateKey, error) {
 	keyBytes, err := s.Get(name)
 	if err != nil {
 		return nil, err
 	}
 	keyAlias, err := getKeyAlias(s, name)
 	if err != nil {
 		return nil, err
 	}
 	keyBytes, err := s.Get(name + "_" + keyAlias)
 	if err != nil {
 		return nil, err
 	}
 	// See if the key is encrypted. If its encrypted we'll fail to parse the private key
 	privKey, err := ParsePEMPrivateKey(keyBytes, "")
@ -205,6 +227,7 @@ func listKeys(s LimitedFileStore) []string {
 	var keyIDList []string
 	for _, f := range s.ListFiles(false) {
 		keyID := strings.TrimSpace(strings.TrimSuffix(filepath.Base(f), filepath.Ext(f)))
 		keyID = keyID[:strings.LastIndex(keyID,"_")]
 		keyIDList = append(keyIDList, keyID)
 	}
 	return keyIDList