func addKeysToArchive(zipWriter *zip.Writer, newKeyStore *trustmanager.KeyFileStore) error { for _, relKeyPath := range newKeyStore.ListFiles() { fullKeyPath := filepath.Join(newKeyStore.BaseDir(), relKeyPath) fi, err := os.Lstat(fullKeyPath) if err != nil { return err } infoHeader, err := zip.FileInfoHeader(fi) if err != nil { return err } infoHeader.Name = relKeyPath zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader) if err != nil { return err } fileContents, err := ioutil.ReadFile(fullKeyPath) if err != nil { return err } if _, err = zipFileEntryWriter.Write(fileContents); err != nil { return err } } return nil }
func addKeysToArchive(zipWriter *zip.Writer, newKeyStore *trustmanager.KeyFileStore, subDir string) error { // List all files but no symlinks for _, relKeyPath := range newKeyStore.ListFiles(false) { fullKeyPath := filepath.Join(newKeyStore.BaseDir(), relKeyPath) fi, err := os.Stat(fullKeyPath) if err != nil { return err } infoHeader, err := zip.FileInfoHeader(fi) if err != nil { return err } infoHeader.Name = filepath.Join(subDir, relKeyPath) zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader) if err != nil { return err } fileContents, err := ioutil.ReadFile(fullKeyPath) if err != nil { return err } if _, err = zipFileEntryWriter.Write(fileContents); err != nil { return err } } return nil }
func addKeysToArchive(zipWriter *zip.Writer, newKeyStore *trustmanager.KeyFileStore, tempBaseDir string) error { // List all files but no symlinks for _, fullKeyPath := range newKeyStore.ListFiles(false) { relKeyPath := strings.TrimPrefix(fullKeyPath, tempBaseDir) relKeyPath = strings.TrimPrefix(relKeyPath, string(filepath.Separator)) fi, err := os.Stat(fullKeyPath) if err != nil { return err } infoHeader, err := zip.FileInfoHeader(fi) if err != nil { return err } infoHeader.Name = relKeyPath zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader) if err != nil { return err } fileContents, err := ioutil.ReadFile(fullKeyPath) if err != nil { return err } if _, err = zipFileEntryWriter.Write(fileContents); err != nil { return err } } return nil }
func addKeysToArchive(zipWriter *zip.Writer, newKeyStore *trustmanager.KeyFileStore, subDir string) error { for _, relKeyPath := range newKeyStore.ListFiles(true) { fullKeyPath := filepath.Join(newKeyStore.BaseDir(), relKeyPath) fi, err := os.Lstat(fullKeyPath) if err != nil { return err } infoHeader, err := zip.FileInfoHeader(fi) if err != nil { return err } infoHeader.Name = filepath.Join(subDir, relKeyPath) // Is this a symlink? If so, encode properly in the zip file. if (fi.Mode() & os.ModeSymlink) != 0 { infoHeader.CreatorVersion = zipMadeByUNIX infoHeader.ExternalAttrs = zipSymlinkAttr zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader) if err != nil { return err } target, err := os.Readlink(fullKeyPath) if err != nil { return err } // Write relative path if _, err = zipFileEntryWriter.Write([]byte(target)); err != nil { return err } } else { zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader) if err != nil { return err } fileContents, err := ioutil.ReadFile(fullKeyPath) if err != nil { return err } if _, err = zipFileEntryWriter.Write(fileContents); err != nil { return err } } } return nil }
func moveKeysWithNewPassphrase(oldKeyStore, newKeyStore *trustmanager.KeyFileStore, outputPassphrase string) error { // List all files but no symlinks for _, f := range oldKeyStore.ListFiles(false) { fullKeyPath := strings.TrimSpace(strings.TrimSuffix(f, filepath.Ext(f))) relKeyPath := strings.TrimPrefix(fullKeyPath, oldKeyStore.BaseDir()) relKeyPath = strings.TrimPrefix(relKeyPath, string(filepath.Separator)) pemBytes, err := oldKeyStore.Get(relKeyPath) if err != nil { return err } block, _ := pem.Decode(pemBytes) if block == nil { return ErrNoValidPrivateKey } if !x509.IsEncryptedPEMBlock(block) { // Key is not encrypted. Parse it, and add it // to the temporary store as an encrypted key. privKey, err := trustmanager.ParsePEMPrivateKey(pemBytes, "") if err != nil { return err } err = newKeyStore.AddEncryptedKey(relKeyPath, privKey, outputPassphrase) } else { // Encrypted key - pass it through without // decrypting err = newKeyStore.Add(relKeyPath, pemBytes) } if err != nil { return err } } return nil }
func moveKeysByGUN(oldKeyStore, newKeyStore *trustmanager.KeyFileStore, gun, outputPassphrase string) error { // List all files but no symlinks for _, f := range oldKeyStore.ListFiles(false) { fullKeyPath := strings.TrimSpace(strings.TrimSuffix(f, filepath.Ext(f))) relKeyPath := strings.TrimPrefix(fullKeyPath, oldKeyStore.BaseDir()) relKeyPath = strings.TrimPrefix(relKeyPath, string(filepath.Separator)) // Skip keys that aren't associated with this GUN if !strings.HasPrefix(relKeyPath, filepath.FromSlash(gun)) { continue } pemBytes, err := oldKeyStore.Get(relKeyPath) if err != nil { return err } block, _ := pem.Decode(pemBytes) if block == nil { return ErrNoValidPrivateKey } if x509.IsEncryptedPEMBlock(block) { return ErrNonRootKeyEncrypted } // Key is not encrypted. Parse it, and add it // to the temporary store as an encrypted key. privKey, err := trustmanager.ParsePEMPrivateKey(pemBytes, "") if err != nil { return err } err = newKeyStore.AddEncryptedKey(relKeyPath, privKey, outputPassphrase) if err != nil { return err } } return nil }
func moveKeys(oldKeyStore, newKeyStore *trustmanager.KeyFileStore) error { for f := range oldKeyStore.ListKeys() { privateKey, alias, err := oldKeyStore.GetKey(f) if err != nil { return err } err = newKeyStore.AddKey(f, alias, privateKey) if err != nil { return err } } return nil }
func moveKeys(oldKeyStore, newKeyStore *trustmanager.KeyFileStore) error { // List all files but no symlinks for _, f := range oldKeyStore.ListKeys() { pemBytes, alias, err := oldKeyStore.GetKey(f) if err != nil { return err } err = newKeyStore.AddKey(f, alias, pemBytes) if err != nil { return err } } return nil }
func moveKeysByGUN(oldKeyStore, newKeyStore *trustmanager.KeyFileStore, gun string) error { for relKeyPath := range oldKeyStore.ListKeys() { // Skip keys that aren't associated with this GUN if !strings.HasPrefix(relKeyPath, filepath.FromSlash(gun)) { continue } privKey, alias, err := oldKeyStore.GetKey(relKeyPath) if err != nil { return err } err = newKeyStore.AddKey(relKeyPath, alias, privKey) if err != nil { return err } } return nil }
func moveKeys(oldKeyStore, newKeyStore *trustmanager.KeyFileStore) error { // List all files but no symlinks for f := range oldKeyStore.ListKeys() { privateKey, alias, err := oldKeyStore.GetKey(f) if err != nil { return err } err = newKeyStore.AddKey(f, alias, privateKey) if err != nil { return err } } // Recreate symlinks for _, relKeyPath := range oldKeyStore.ListFiles(true) { fullKeyPath := filepath.Join(oldKeyStore.BaseDir(), relKeyPath) fi, err := os.Lstat(fullKeyPath) if err != nil { return err } if (fi.Mode() & os.ModeSymlink) != 0 { target, err := os.Readlink(fullKeyPath) if err != nil { return err } os.Symlink(target, filepath.Join(newKeyStore.BaseDir(), relKeyPath)) } } return nil }
// keysRemoveKey deletes a private key based on ID func keysRemoveKey(cmd *cobra.Command, args []string) { if len(args) < 1 { cmd.Usage() fatalf("must specify the key ID of the key to remove") } parseConfig() keyStoreManager, err := keystoremanager.NewKeyStoreManager(trustDir, retriever) if err != nil { fatalf("failed to create a new truststore manager with directory: %s", trustDir) } keyID := args[0] // This is an invalid ID if len(keyID) != idSize { fatalf("invalid key ID provided: %s", keyID) } // List the key about to be removed fmt.Println("Are you sure you want to remove the following key?") fmt.Printf("%s\n(yes/no)\n", keyID) // Ask for confirmation before removing the key, unless -y is passed if !keyRemoveYes { confirmed := askConfirm() if !confirmed { fatalf("aborting action.") } } // Choose the correct filestore to remove the key from var keyStoreToRemove *trustmanager.KeyFileStore var keyMap map[string]string if keyRemoveRoot { keyStoreToRemove = keyStoreManager.RootKeyStore() keyMap = keyStoreManager.RootKeyStore().ListKeys() } else { keyStoreToRemove = keyStoreManager.NonRootKeyStore() keyMap = keyStoreManager.NonRootKeyStore().ListKeys() } // Attempt to find the full GUN to the key in the map // This is irrelevant for removing root keys, but does no harm var keyWithGUN string for k := range keyMap { if filepath.Base(k) == keyID { keyWithGUN = k } } // If empty, we didn't find any matches if keyWithGUN == "" { fatalf("key with key ID: %s not found\n", keyID) } // Attempt to remove the key err = keyStoreToRemove.RemoveKey(keyWithGUN) if err != nil { fatalf("failed to remove key with key ID: %s, %v", keyID, err) } }