func addKeysToArchive(zipWriter *zip.Writer, newKeyStore *trustmanager.KeyFileStore) error {
for _, relKeyPath := range newKeyStore.ListFiles() {
fullKeyPath := filepath.Join(newKeyStore.BaseDir(), relKeyPath)
fi, err := os.Lstat(fullKeyPath)
if err != nil {
return err
}
infoHeader, err := zip.FileInfoHeader(fi)
if err != nil {
return err
}
infoHeader.Name = relKeyPath
zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader)
if err != nil {
return err
}
fileContents, err := ioutil.ReadFile(fullKeyPath)
if err != nil {
return err
}
if _, err = zipFileEntryWriter.Write(fileContents); err != nil {
return err
}
}
return nil
}
func addKeysToArchive(zipWriter *zip.Writer, newKeyStore *trustmanager.KeyFileStore, subDir string) error {
// List all files but no symlinks
for _, relKeyPath := range newKeyStore.ListFiles(false) {
fullKeyPath := filepath.Join(newKeyStore.BaseDir(), relKeyPath)
fi, err := os.Stat(fullKeyPath)
if err != nil {
return err
}
infoHeader, err := zip.FileInfoHeader(fi)
if err != nil {
return err
}
infoHeader.Name = filepath.Join(subDir, relKeyPath)
zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader)
if err != nil {
return err
}
fileContents, err := ioutil.ReadFile(fullKeyPath)
if err != nil {
return err
}
if _, err = zipFileEntryWriter.Write(fileContents); err != nil {
return err
}
}
return nil
}
func addKeysToArchive(zipWriter *zip.Writer, newKeyStore *trustmanager.KeyFileStore, tempBaseDir string) error {
// List all files but no symlinks
for _, fullKeyPath := range newKeyStore.ListFiles(false) {
relKeyPath := strings.TrimPrefix(fullKeyPath, tempBaseDir)
relKeyPath = strings.TrimPrefix(relKeyPath, string(filepath.Separator))
fi, err := os.Stat(fullKeyPath)
if err != nil {
return err
}
infoHeader, err := zip.FileInfoHeader(fi)
if err != nil {
return err
}
infoHeader.Name = relKeyPath
zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader)
if err != nil {
return err
}
fileContents, err := ioutil.ReadFile(fullKeyPath)
if err != nil {
return err
}
if _, err = zipFileEntryWriter.Write(fileContents); err != nil {
return err
}
}
return nil
}
func addKeysToArchive(zipWriter *zip.Writer, newKeyStore *trustmanager.KeyFileStore, subDir string) error {
for _, relKeyPath := range newKeyStore.ListFiles(true) {
fullKeyPath := filepath.Join(newKeyStore.BaseDir(), relKeyPath)
fi, err := os.Lstat(fullKeyPath)
if err != nil {
return err
}
infoHeader, err := zip.FileInfoHeader(fi)
if err != nil {
return err
}
infoHeader.Name = filepath.Join(subDir, relKeyPath)
// Is this a symlink? If so, encode properly in the zip file.
if (fi.Mode() & os.ModeSymlink) != 0 {
infoHeader.CreatorVersion = zipMadeByUNIX
infoHeader.ExternalAttrs = zipSymlinkAttr
zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader)
if err != nil {
return err
}
target, err := os.Readlink(fullKeyPath)
if err != nil {
return err
}
// Write relative path
if _, err = zipFileEntryWriter.Write([]byte(target)); err != nil {
return err
}
} else {
zipFileEntryWriter, err := zipWriter.CreateHeader(infoHeader)
if err != nil {
return err
}
fileContents, err := ioutil.ReadFile(fullKeyPath)
if err != nil {
return err
}
if _, err = zipFileEntryWriter.Write(fileContents); err != nil {
return err
}
}
}
return nil
}
func moveKeysWithNewPassphrase(oldKeyStore, newKeyStore *trustmanager.KeyFileStore, outputPassphrase string) error {
// List all files but no symlinks
for _, f := range oldKeyStore.ListFiles(false) {
fullKeyPath := strings.TrimSpace(strings.TrimSuffix(f, filepath.Ext(f)))
relKeyPath := strings.TrimPrefix(fullKeyPath, oldKeyStore.BaseDir())
relKeyPath = strings.TrimPrefix(relKeyPath, string(filepath.Separator))
pemBytes, err := oldKeyStore.Get(relKeyPath)
if err != nil {
return err
}
block, _ := pem.Decode(pemBytes)
if block == nil {
return ErrNoValidPrivateKey
}
if !x509.IsEncryptedPEMBlock(block) {
// Key is not encrypted. Parse it, and add it
// to the temporary store as an encrypted key.
privKey, err := trustmanager.ParsePEMPrivateKey(pemBytes, "")
if err != nil {
return err
}
err = newKeyStore.AddEncryptedKey(relKeyPath, privKey, outputPassphrase)
} else {
// Encrypted key - pass it through without
// decrypting
err = newKeyStore.Add(relKeyPath, pemBytes)
}
if err != nil {
return err
}
}
return nil
}
func moveKeysByGUN(oldKeyStore, newKeyStore *trustmanager.KeyFileStore, gun, outputPassphrase string) error {
// List all files but no symlinks
for _, f := range oldKeyStore.ListFiles(false) {
fullKeyPath := strings.TrimSpace(strings.TrimSuffix(f, filepath.Ext(f)))
relKeyPath := strings.TrimPrefix(fullKeyPath, oldKeyStore.BaseDir())
relKeyPath = strings.TrimPrefix(relKeyPath, string(filepath.Separator))
// Skip keys that aren't associated with this GUN
if !strings.HasPrefix(relKeyPath, filepath.FromSlash(gun)) {
continue
}
pemBytes, err := oldKeyStore.Get(relKeyPath)
if err != nil {
return err
}
block, _ := pem.Decode(pemBytes)
if block == nil {
return ErrNoValidPrivateKey
}
if x509.IsEncryptedPEMBlock(block) {
return ErrNonRootKeyEncrypted
}
// Key is not encrypted. Parse it, and add it
// to the temporary store as an encrypted key.
privKey, err := trustmanager.ParsePEMPrivateKey(pemBytes, "")
if err != nil {
return err
}
err = newKeyStore.AddEncryptedKey(relKeyPath, privKey, outputPassphrase)
if err != nil {
return err
}
}
return nil
}
func moveKeys(oldKeyStore, newKeyStore *trustmanager.KeyFileStore) error {
for f := range oldKeyStore.ListKeys() {
privateKey, alias, err := oldKeyStore.GetKey(f)
if err != nil {
return err
}
err = newKeyStore.AddKey(f, alias, privateKey)
if err != nil {
return err
}
}
return nil
}
func moveKeys(oldKeyStore, newKeyStore *trustmanager.KeyFileStore) error {
// List all files but no symlinks
for _, f := range oldKeyStore.ListKeys() {
pemBytes, alias, err := oldKeyStore.GetKey(f)
if err != nil {
return err
}
err = newKeyStore.AddKey(f, alias, pemBytes)
if err != nil {
return err
}
}
return nil
}
func moveKeysByGUN(oldKeyStore, newKeyStore *trustmanager.KeyFileStore, gun string) error {
for relKeyPath := range oldKeyStore.ListKeys() {
// Skip keys that aren't associated with this GUN
if !strings.HasPrefix(relKeyPath, filepath.FromSlash(gun)) {
continue
}
privKey, alias, err := oldKeyStore.GetKey(relKeyPath)
if err != nil {
return err
}
err = newKeyStore.AddKey(relKeyPath, alias, privKey)
if err != nil {
return err
}
}
return nil
}
func moveKeys(oldKeyStore, newKeyStore *trustmanager.KeyFileStore) error {
// List all files but no symlinks
for f := range oldKeyStore.ListKeys() {
privateKey, alias, err := oldKeyStore.GetKey(f)
if err != nil {
return err
}
err = newKeyStore.AddKey(f, alias, privateKey)
if err != nil {
return err
}
}
// Recreate symlinks
for _, relKeyPath := range oldKeyStore.ListFiles(true) {
fullKeyPath := filepath.Join(oldKeyStore.BaseDir(), relKeyPath)
fi, err := os.Lstat(fullKeyPath)
if err != nil {
return err
}
if (fi.Mode() & os.ModeSymlink) != 0 {
target, err := os.Readlink(fullKeyPath)
if err != nil {
return err
}
os.Symlink(target, filepath.Join(newKeyStore.BaseDir(), relKeyPath))
}
}
return nil
}
// keysRemoveKey deletes a private key based on ID
func keysRemoveKey(cmd *cobra.Command, args []string) {
if len(args) < 1 {
cmd.Usage()
fatalf("must specify the key ID of the key to remove")
}
parseConfig()
keyStoreManager, err := keystoremanager.NewKeyStoreManager(trustDir, retriever)
if err != nil {
fatalf("failed to create a new truststore manager with directory: %s", trustDir)
}
keyID := args[0]
// This is an invalid ID
if len(keyID) != idSize {
fatalf("invalid key ID provided: %s", keyID)
}
// List the key about to be removed
fmt.Println("Are you sure you want to remove the following key?")
fmt.Printf("%s\n(yes/no)\n", keyID)
// Ask for confirmation before removing the key, unless -y is passed
if !keyRemoveYes {
confirmed := askConfirm()
if !confirmed {
fatalf("aborting action.")
}
}
// Choose the correct filestore to remove the key from
var keyStoreToRemove *trustmanager.KeyFileStore
var keyMap map[string]string
if keyRemoveRoot {
keyStoreToRemove = keyStoreManager.RootKeyStore()
keyMap = keyStoreManager.RootKeyStore().ListKeys()
} else {
keyStoreToRemove = keyStoreManager.NonRootKeyStore()
keyMap = keyStoreManager.NonRootKeyStore().ListKeys()
}
// Attempt to find the full GUN to the key in the map
// This is irrelevant for removing root keys, but does no harm
var keyWithGUN string
for k := range keyMap {
if filepath.Base(k) == keyID {
keyWithGUN = k
}
}
// If empty, we didn't find any matches
if keyWithGUN == "" {
fatalf("key with key ID: %s not found\n", keyID)
}
// Attempt to remove the key
err = keyStoreToRemove.RemoveKey(keyWithGUN)
if err != nil {
fatalf("failed to remove key with key ID: %s, %v", keyID, err)
}
}