Beispiel #1
0
func addKeysToArchive(zipWriter *zip.Writer, newKeyStore *trustmanager.KeyFileStore) error {
	for _, relKeyPath := range newKeyStore.ListFiles() {
		fullKeyPath := filepath.Join(newKeyStore.BaseDir(), relKeyPath)

		fi, err := os.Lstat(fullKeyPath)
		if err != nil {
			return err
		}

		infoHeader, err := zip.FileInfoHeader(fi)
		if err != nil {
			return err
		}

		infoHeader.Name = relKeyPath

		zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader)
		if err != nil {
			return err
		}

		fileContents, err := ioutil.ReadFile(fullKeyPath)
		if err != nil {
			return err
		}

		if _, err = zipFileEntryWriter.Write(fileContents); err != nil {
			return err
		}
	}

	return nil
}
Beispiel #2
0
func addKeysToArchive(zipWriter *zip.Writer, newKeyStore *trustmanager.KeyFileStore, subDir string) error {
	// List all files but no symlinks
	for _, relKeyPath := range newKeyStore.ListFiles(false) {
		fullKeyPath := filepath.Join(newKeyStore.BaseDir(), relKeyPath)

		fi, err := os.Stat(fullKeyPath)
		if err != nil {
			return err
		}

		infoHeader, err := zip.FileInfoHeader(fi)
		if err != nil {
			return err
		}

		infoHeader.Name = filepath.Join(subDir, relKeyPath)
		zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader)
		if err != nil {
			return err
		}

		fileContents, err := ioutil.ReadFile(fullKeyPath)
		if err != nil {
			return err
		}
		if _, err = zipFileEntryWriter.Write(fileContents); err != nil {
			return err
		}
	}

	return nil
}
func addKeysToArchive(zipWriter *zip.Writer, newKeyStore *trustmanager.KeyFileStore, tempBaseDir string) error {
	// List all files but no symlinks
	for _, fullKeyPath := range newKeyStore.ListFiles(false) {
		relKeyPath := strings.TrimPrefix(fullKeyPath, tempBaseDir)
		relKeyPath = strings.TrimPrefix(relKeyPath, string(filepath.Separator))

		fi, err := os.Stat(fullKeyPath)
		if err != nil {
			return err
		}

		infoHeader, err := zip.FileInfoHeader(fi)
		if err != nil {
			return err
		}

		infoHeader.Name = relKeyPath
		zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader)
		if err != nil {
			return err
		}

		fileContents, err := ioutil.ReadFile(fullKeyPath)
		if err != nil {
			return err
		}
		if _, err = zipFileEntryWriter.Write(fileContents); err != nil {
			return err
		}
	}

	return nil
}
func addKeysToArchive(zipWriter *zip.Writer, newKeyStore *trustmanager.KeyFileStore, subDir string) error {
	for _, relKeyPath := range newKeyStore.ListFiles(true) {
		fullKeyPath := filepath.Join(newKeyStore.BaseDir(), relKeyPath)

		fi, err := os.Lstat(fullKeyPath)
		if err != nil {
			return err
		}

		infoHeader, err := zip.FileInfoHeader(fi)
		if err != nil {
			return err
		}

		infoHeader.Name = filepath.Join(subDir, relKeyPath)

		// Is this a symlink? If so, encode properly in the zip file.
		if (fi.Mode() & os.ModeSymlink) != 0 {
			infoHeader.CreatorVersion = zipMadeByUNIX
			infoHeader.ExternalAttrs = zipSymlinkAttr

			zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader)
			if err != nil {
				return err
			}

			target, err := os.Readlink(fullKeyPath)
			if err != nil {
				return err
			}

			// Write relative path
			if _, err = zipFileEntryWriter.Write([]byte(target)); err != nil {
				return err
			}
		} else {
			zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader)
			if err != nil {
				return err
			}

			fileContents, err := ioutil.ReadFile(fullKeyPath)
			if err != nil {
				return err
			}

			if _, err = zipFileEntryWriter.Write(fileContents); err != nil {
				return err
			}
		}
	}

	return nil
}
func moveKeysWithNewPassphrase(oldKeyStore, newKeyStore *trustmanager.KeyFileStore, outputPassphrase string) error {
	// List all files but no symlinks
	for _, f := range oldKeyStore.ListFiles(false) {
		fullKeyPath := strings.TrimSpace(strings.TrimSuffix(f, filepath.Ext(f)))
		relKeyPath := strings.TrimPrefix(fullKeyPath, oldKeyStore.BaseDir())
		relKeyPath = strings.TrimPrefix(relKeyPath, string(filepath.Separator))

		pemBytes, err := oldKeyStore.Get(relKeyPath)
		if err != nil {
			return err
		}

		block, _ := pem.Decode(pemBytes)
		if block == nil {
			return ErrNoValidPrivateKey
		}

		if !x509.IsEncryptedPEMBlock(block) {
			// Key is not encrypted. Parse it, and add it
			// to the temporary store as an encrypted key.
			privKey, err := trustmanager.ParsePEMPrivateKey(pemBytes, "")
			if err != nil {
				return err
			}
			err = newKeyStore.AddEncryptedKey(relKeyPath, privKey, outputPassphrase)
		} else {
			// Encrypted key - pass it through without
			// decrypting
			err = newKeyStore.Add(relKeyPath, pemBytes)
		}

		if err != nil {
			return err
		}
	}

	return nil
}
func moveKeysByGUN(oldKeyStore, newKeyStore *trustmanager.KeyFileStore, gun, outputPassphrase string) error {
	// List all files but no symlinks
	for _, f := range oldKeyStore.ListFiles(false) {
		fullKeyPath := strings.TrimSpace(strings.TrimSuffix(f, filepath.Ext(f)))
		relKeyPath := strings.TrimPrefix(fullKeyPath, oldKeyStore.BaseDir())
		relKeyPath = strings.TrimPrefix(relKeyPath, string(filepath.Separator))

		// Skip keys that aren't associated with this GUN
		if !strings.HasPrefix(relKeyPath, filepath.FromSlash(gun)) {
			continue
		}

		pemBytes, err := oldKeyStore.Get(relKeyPath)
		if err != nil {
			return err
		}

		block, _ := pem.Decode(pemBytes)
		if block == nil {
			return ErrNoValidPrivateKey
		}

		if x509.IsEncryptedPEMBlock(block) {
			return ErrNonRootKeyEncrypted
		}

		// Key is not encrypted. Parse it, and add it
		// to the temporary store as an encrypted key.
		privKey, err := trustmanager.ParsePEMPrivateKey(pemBytes, "")
		if err != nil {
			return err
		}
		err = newKeyStore.AddEncryptedKey(relKeyPath, privKey, outputPassphrase)
		if err != nil {
			return err
		}
	}

	return nil
}
Beispiel #7
0
func moveKeys(oldKeyStore, newKeyStore *trustmanager.KeyFileStore) error {
	for f := range oldKeyStore.ListKeys() {
		privateKey, alias, err := oldKeyStore.GetKey(f)
		if err != nil {
			return err
		}

		err = newKeyStore.AddKey(f, alias, privateKey)

		if err != nil {
			return err
		}
	}

	return nil
}
Beispiel #8
0
func moveKeys(oldKeyStore, newKeyStore *trustmanager.KeyFileStore) error {
	// List all files but no symlinks
	for _, f := range oldKeyStore.ListKeys() {
		pemBytes, alias, err := oldKeyStore.GetKey(f)
		if err != nil {
			return err
		}

		err = newKeyStore.AddKey(f, alias, pemBytes)

		if err != nil {
			return err
		}
	}

	return nil
}
Beispiel #9
0
func moveKeysByGUN(oldKeyStore, newKeyStore *trustmanager.KeyFileStore, gun string) error {
	for relKeyPath := range oldKeyStore.ListKeys() {
		// Skip keys that aren't associated with this GUN
		if !strings.HasPrefix(relKeyPath, filepath.FromSlash(gun)) {
			continue
		}

		privKey, alias, err := oldKeyStore.GetKey(relKeyPath)
		if err != nil {
			return err
		}

		err = newKeyStore.AddKey(relKeyPath, alias, privKey)
		if err != nil {
			return err
		}
	}

	return nil
}
func moveKeys(oldKeyStore, newKeyStore *trustmanager.KeyFileStore) error {
	// List all files but no symlinks
	for f := range oldKeyStore.ListKeys() {
		privateKey, alias, err := oldKeyStore.GetKey(f)
		if err != nil {
			return err
		}

		err = newKeyStore.AddKey(f, alias, privateKey)

		if err != nil {
			return err
		}
	}

	// Recreate symlinks
	for _, relKeyPath := range oldKeyStore.ListFiles(true) {
		fullKeyPath := filepath.Join(oldKeyStore.BaseDir(), relKeyPath)

		fi, err := os.Lstat(fullKeyPath)
		if err != nil {
			return err
		}

		if (fi.Mode() & os.ModeSymlink) != 0 {
			target, err := os.Readlink(fullKeyPath)
			if err != nil {
				return err
			}
			os.Symlink(target, filepath.Join(newKeyStore.BaseDir(), relKeyPath))
		}
	}

	return nil
}
Beispiel #11
0
// keysRemoveKey deletes a private key based on ID
func keysRemoveKey(cmd *cobra.Command, args []string) {
	if len(args) < 1 {
		cmd.Usage()
		fatalf("must specify the key ID of the key to remove")
	}

	parseConfig()

	keyStoreManager, err := keystoremanager.NewKeyStoreManager(trustDir, retriever)
	if err != nil {
		fatalf("failed to create a new truststore manager with directory: %s", trustDir)
	}

	keyID := args[0]

	// This is an invalid ID
	if len(keyID) != idSize {
		fatalf("invalid key ID provided: %s", keyID)
	}

	// List the key about to be removed
	fmt.Println("Are you sure you want to remove the following key?")
	fmt.Printf("%s\n(yes/no)\n", keyID)

	// Ask for confirmation before removing the key, unless -y is passed
	if !keyRemoveYes {
		confirmed := askConfirm()
		if !confirmed {
			fatalf("aborting action.")
		}
	}

	// Choose the correct filestore to remove the key from
	var keyStoreToRemove *trustmanager.KeyFileStore
	var keyMap map[string]string
	if keyRemoveRoot {
		keyStoreToRemove = keyStoreManager.RootKeyStore()
		keyMap = keyStoreManager.RootKeyStore().ListKeys()
	} else {
		keyStoreToRemove = keyStoreManager.NonRootKeyStore()
		keyMap = keyStoreManager.NonRootKeyStore().ListKeys()
	}

	// Attempt to find the full GUN to the key in the map
	// This is irrelevant for removing root keys, but does no harm
	var keyWithGUN string
	for k := range keyMap {
		if filepath.Base(k) == keyID {
			keyWithGUN = k
		}
	}

	// If empty, we didn't find any matches
	if keyWithGUN == "" {
		fatalf("key with key ID: %s not found\n", keyID)
	}

	// Attempt to remove the key
	err = keyStoreToRemove.RemoveKey(keyWithGUN)
	if err != nil {
		fatalf("failed to remove key with key ID: %s, %v", keyID, err)
	}
}