mirror of https://github.com/docker/docs.git
102 lines
3.1 KiB
Go
102 lines
3.1 KiB
Go
package api
|
|
|
|
import (
|
|
"fmt"
|
|
"log"
|
|
|
|
"github.com/docker/rufus"
|
|
"github.com/docker/rufus/keys"
|
|
"golang.org/x/net/context"
|
|
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/codes"
|
|
|
|
pb "github.com/docker/rufus/proto"
|
|
)
|
|
|
|
//KeyManagementServer implements the KeyManagementServer grpc interface
|
|
type KeyManagementServer struct {
|
|
SigServices rufus.SigningServiceIndex
|
|
}
|
|
|
|
//SignerServer implements the SignerServer grpc interface
|
|
type SignerServer struct {
|
|
SigServices rufus.SigningServiceIndex
|
|
}
|
|
|
|
//CreateKey returns a PublicKey created using KeyManagementServer's SigningService
|
|
func (s *KeyManagementServer) CreateKey(ctx context.Context, algorithm *pb.Algorithm) (*pb.PublicKey, error) {
|
|
service := s.SigServices[algorithm.Algorithm]
|
|
|
|
if service == nil {
|
|
return nil, fmt.Errorf("algorithm %s not supported for create key", algorithm.Algorithm)
|
|
}
|
|
|
|
key, err := service.CreateKey()
|
|
if err != nil {
|
|
return nil, grpc.Errorf(codes.Internal, "Key creation failed")
|
|
}
|
|
log.Println("[Rufus CreateKey] : Created KeyID ", key.KeyInfo.ID)
|
|
return key, nil
|
|
}
|
|
|
|
//DeleteKey deletes they key associated with a KeyID
|
|
func (s *KeyManagementServer) DeleteKey(ctx context.Context, keyInfo *pb.KeyInfo) (*pb.Void, error) {
|
|
service := s.SigServices[keyInfo.Algorithm.Algorithm]
|
|
|
|
if service == nil {
|
|
return nil, fmt.Errorf("algorithm %s not supported for delete key", keyInfo.Algorithm.Algorithm)
|
|
}
|
|
|
|
_, err := service.DeleteKey(keyInfo)
|
|
log.Println("[Rufus DeleteKey] : Deleted KeyID ", keyInfo.ID)
|
|
if err != nil {
|
|
switch err {
|
|
case keys.ErrInvalidKeyID:
|
|
return nil, grpc.Errorf(codes.NotFound, "Invalid keyID: key %s not found", keyInfo.ID)
|
|
default:
|
|
return nil, grpc.Errorf(codes.Internal, "Key deletion for keyID %s failed", keyInfo.ID)
|
|
}
|
|
}
|
|
|
|
return &pb.Void{}, nil
|
|
}
|
|
|
|
//GetKeyInfo returns they PublicKey associated with a KeyID
|
|
func (s *KeyManagementServer) GetKeyInfo(ctx context.Context, keyInfo *pb.KeyInfo) (*pb.PublicKey, error) {
|
|
service := s.SigServices[keyInfo.Algorithm.Algorithm]
|
|
|
|
if service == nil {
|
|
return nil, fmt.Errorf("algorithm %s not supported for get key info", keyInfo.Algorithm.Algorithm)
|
|
}
|
|
|
|
key, err := service.KeyInfo(keyInfo)
|
|
if err != nil {
|
|
return nil, grpc.Errorf(codes.NotFound, "Invalid keyID: key %s not found", keyInfo.ID)
|
|
}
|
|
log.Println("[Rufus GetKeyInfo] : Returning PublicKey for KeyID ", keyInfo.ID)
|
|
return key, nil
|
|
}
|
|
|
|
//Sign signs a message and returns the signature using a private key associate with the KeyID from the SignatureRequest
|
|
func (s *SignerServer) Sign(ctx context.Context, sr *pb.SignatureRequest) (*pb.Signature, error) {
|
|
service := s.SigServices[sr.KeyInfo.Algorithm.Algorithm]
|
|
|
|
if service == nil {
|
|
return nil, fmt.Errorf("algorithm %s not supported for sign", sr.KeyInfo.Algorithm.Algorithm)
|
|
}
|
|
|
|
log.Println("[Rufus Sign] : Signing ", string(sr.Content), " with KeyID ", sr.KeyInfo.ID)
|
|
signer, err := service.Signer(sr.KeyInfo)
|
|
if err == keys.ErrInvalidKeyID {
|
|
return nil, grpc.Errorf(codes.NotFound, "Invalid keyID: key not found")
|
|
}
|
|
|
|
signature, err := signer.Sign(sr)
|
|
if err != nil {
|
|
return nil, grpc.Errorf(codes.Internal, "Signing failed for keyID %s on hash %s", sr.KeyInfo.ID, sr.Content)
|
|
}
|
|
|
|
return signature, nil
|
|
}
|