Beispiel #1
0
func (ks *keyStore) loadPublicKey(alias string) (interface{}, error) {
	path := ks.node.conf.getPathForAlias(alias)
	ks.node.Debugf("Loading public key [%s] at [%s]...", alias, path)

	raw, err := ioutil.ReadFile(path)
	if err != nil {
		ks.node.Errorf("Failed loading public key [%s]: [%s].", alias, err.Error())

		return nil, err
	}

	privateKey, err := primitives.PEMtoPublicKey(raw, ks.pwd)
	if err != nil {
		ks.node.Errorf("Failed parsing private key [%s]: [%s].", alias, err.Error())

		return nil, err
	}

	return privateKey, nil
}
Beispiel #2
0
func (node *nodeImpl) retrieveEnrollmentData(enrollID, enrollPWD string) error {
	if !node.ks.certMissing(node.conf.getEnrollmentCertFilename()) {
		return nil
	}

	key, enrollCertRaw, enrollChainKey, err := node.getEnrollmentCertificateFromECA(enrollID, enrollPWD)
	if err != nil {
		node.Errorf("Failed getting enrollment certificate [id=%s]: [%s]", enrollID, err)

		return err
	}
	node.Debugf("Enrollment certificate [% x].", enrollCertRaw)

	node.Debugf("Storing enrollment data for user [%s]...", enrollID)

	// Store enrollment id
	err = ioutil.WriteFile(node.conf.getEnrollmentIDPath(), []byte(enrollID), 0700)
	if err != nil {
		node.Errorf("Failed storing enrollment certificate [id=%s]: [%s]", enrollID, err)
		return err
	}

	// Store enrollment key
	if err := node.ks.storePrivateKey(node.conf.getEnrollmentKeyFilename(), key); err != nil {
		node.Errorf("Failed storing enrollment key [id=%s]: [%s]", enrollID, err)
		return err
	}

	// Store enrollment cert
	if err := node.ks.storeCert(node.conf.getEnrollmentCertFilename(), enrollCertRaw); err != nil {
		node.Errorf("Failed storing enrollment certificate [id=%s]: [%s]", enrollID, err)
		return err
	}

	// Code for confidentiality 1.2
	// Store enrollment chain key
	if node.eType == NodeValidator {
		node.Debugf("Enrollment chain key for validator [%s]...", enrollID)
		// enrollChainKey is a secret key

		node.Debugf("key [%s]...", string(enrollChainKey))

		key, err := primitives.PEMtoPrivateKey(enrollChainKey, nil)
		if err != nil {
			node.Errorf("Failed unmarshalling enrollment chain key [id=%s]: [%s]", enrollID, err)
			return err
		}

		if err := node.ks.storePrivateKey(node.conf.getEnrollmentChainKeyFilename(), key); err != nil {
			node.Errorf("Failed storing enrollment chain key [id=%s]: [%s]", enrollID, err)
			return err
		}
	} else {
		node.Debugf("Enrollment chain key for non-validator [%s]...", enrollID)
		// enrollChainKey is a public key

		key, err := primitives.PEMtoPublicKey(enrollChainKey, nil)
		if err != nil {
			node.Errorf("Failed unmarshalling enrollment chain key [id=%s]: [%s]", enrollID, err)
			return err
		}
		node.Debugf("Key decoded from PEM [%s]...", enrollID)

		if err := node.ks.storePublicKey(node.conf.getEnrollmentChainKeyFilename(), key); err != nil {
			node.Errorf("Failed storing enrollment chain key [id=%s]: [%s]", enrollID, err)
			return err
		}
	}

	return nil
}