// GetOrCreateTimestampKey returns the timestamp key for the gun. It uses the store to // lookup an existing timestamp key and the crypto to generate a new one if none is // found. It attempts to handle the race condition that may occur if 2 servers try to // create the key at the same time by simply querying the store a second time if it // receives a conflict when writing. func GetOrCreateTimestampKey(gun string, store storage.MetaStore, crypto signed.CryptoService, fallBackAlgorithm data.KeyAlgorithm) (*data.TUFKey, error) { keyAlgorithm, public, err := store.GetTimestampKey(gun) if err == nil { return data.NewTUFKey(keyAlgorithm, public, nil), nil } if _, ok := err.(*storage.ErrNoKey); ok { key, err := crypto.Create("timestamp", fallBackAlgorithm) if err != nil { return nil, err } err = store.SetTimestampKey(gun, key.Algorithm(), key.Public()) if err == nil { return &key.TUFKey, nil } if _, ok := err.(*storage.ErrTimestampKeyExists); ok { keyAlgorithm, public, err = store.GetTimestampKey(gun) if err != nil { return nil, err } return data.NewTUFKey(keyAlgorithm, public, nil), nil } return nil, err } return nil, err }
// GetOrCreateTimestampKey returns the timestamp key for the gun. It uses the store to // lookup an existing timestamp key and the crypto to generate a new one if none is // found. It attempts to handle the race condition that may occur if 2 servers try to // create the key at the same time by simply querying the store a second time if it // receives a conflict when writing. func GetOrCreateTimestampKey(gun string, store storage.MetaStore, crypto signed.CryptoService) (*data.TUFKey, error) { cipher, public, err := store.GetTimestampKey(gun) if err == nil { return data.NewTUFKey(cipher, public, nil), nil } if _, ok := err.(*storage.ErrNoKey); ok { key, err := crypto.Create("timestamp") if err != nil { return nil, err } err = store.SetTimestampKey(gun, key.Cipher(), key.Public()) if err == nil { return &key.TUFKey, nil } if _, ok := err.(*storage.ErrTimestampKeyExists); ok { cipher, public, err = store.GetTimestampKey(gun) if err != nil { return nil, err } return data.NewTUFKey(cipher, public, nil), nil } return nil, err } return nil, err }
// ID implements a method of the data.Key interface func (rsa *HSMRSAKey) ID() string { if rsa.id == "" { pubK := data.NewTUFKey(rsa.Algorithm(), rsa.Public(), nil) rsa.id = pubK.ID() } return rsa.id }
func fingerprintCert(cert *x509.Certificate) CertID { block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw} pemdata := pem.EncodeToMemory(&block) // Create new TUF Key so we can compute the TUF-compliant CertID tufKey := data.NewTUFKey("RSA", pemdata, nil) return CertID(tufKey.ID()) }
func fingerprintCert(cert *x509.Certificate) (CertID, error) { block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw} pemdata := pem.EncodeToMemory(&block) var keyType data.KeyAlgorithm switch cert.PublicKeyAlgorithm { case x509.RSA: keyType = data.RSAx509Key case x509.ECDSA: keyType = data.ECDSAx509Key default: return "", fmt.Errorf("got Unknown key type while fingerprinting certificate") } // Create new TUF Key so we can compute the TUF-compliant CertID tufKey := data.NewTUFKey(keyType, pemdata, nil) logrus.Debugf("certificate fingerprint generated for key type %s: %s", keyType, tufKey.ID()) return CertID(tufKey.ID()), nil }