// GetOrCreateTimestampKey returns the timestamp key for the gun. It uses the store to
// lookup an existing timestamp key and the crypto to generate a new one if none is
// found. It attempts to handle the race condition that may occur if 2 servers try to
// create the key at the same time by simply querying the store a second time if it
// receives a conflict when writing.
func GetOrCreateTimestampKey(gun string, store storage.MetaStore, crypto signed.CryptoService, fallBackAlgorithm data.KeyAlgorithm) (*data.TUFKey, error) {
keyAlgorithm, public, err := store.GetTimestampKey(gun)
if err == nil {
return data.NewTUFKey(keyAlgorithm, public, nil), nil
}
if _, ok := err.(*storage.ErrNoKey); ok {
key, err := crypto.Create("timestamp", fallBackAlgorithm)
if err != nil {
return nil, err
}
err = store.SetTimestampKey(gun, key.Algorithm(), key.Public())
if err == nil {
return &key.TUFKey, nil
}
if _, ok := err.(*storage.ErrTimestampKeyExists); ok {
keyAlgorithm, public, err = store.GetTimestampKey(gun)
if err != nil {
return nil, err
}
return data.NewTUFKey(keyAlgorithm, public, nil), nil
}
return nil, err
}
return nil, err
}
// GetOrCreateTimestampKey returns the timestamp key for the gun. It uses the store to
// lookup an existing timestamp key and the crypto to generate a new one if none is
// found. It attempts to handle the race condition that may occur if 2 servers try to
// create the key at the same time by simply querying the store a second time if it
// receives a conflict when writing.
func GetOrCreateTimestampKey(gun string, store storage.MetaStore, crypto signed.CryptoService) (*data.TUFKey, error) {
cipher, public, err := store.GetTimestampKey(gun)
if err == nil {
return data.NewTUFKey(cipher, public, nil), nil
}
if _, ok := err.(*storage.ErrNoKey); ok {
key, err := crypto.Create("timestamp")
if err != nil {
return nil, err
}
err = store.SetTimestampKey(gun, key.Cipher(), key.Public())
if err == nil {
return &key.TUFKey, nil
}
if _, ok := err.(*storage.ErrTimestampKeyExists); ok {
cipher, public, err = store.GetTimestampKey(gun)
if err != nil {
return nil, err
}
return data.NewTUFKey(cipher, public, nil), nil
}
return nil, err
}
return nil, err
}
// ID implements a method of the data.Key interface
func (rsa *HSMRSAKey) ID() string {
if rsa.id == "" {
pubK := data.NewTUFKey(rsa.Algorithm(), rsa.Public(), nil)
rsa.id = pubK.ID()
}
return rsa.id
}
func fingerprintCert(cert *x509.Certificate) CertID {
block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}
pemdata := pem.EncodeToMemory(&block)
// Create new TUF Key so we can compute the TUF-compliant CertID
tufKey := data.NewTUFKey("RSA", pemdata, nil)
return CertID(tufKey.ID())
}
func fingerprintCert(cert *x509.Certificate) (CertID, error) {
block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}
pemdata := pem.EncodeToMemory(&block)
var keyType data.KeyAlgorithm
switch cert.PublicKeyAlgorithm {
case x509.RSA:
keyType = data.RSAx509Key
case x509.ECDSA:
keyType = data.ECDSAx509Key
default:
return "", fmt.Errorf("got Unknown key type while fingerprinting certificate")
}
// Create new TUF Key so we can compute the TUF-compliant CertID
tufKey := data.NewTUFKey(keyType, pemdata, nil)
logrus.Debugf("certificate fingerprint generated for key type %s: %s", keyType, tufKey.ID())
return CertID(tufKey.ID()), nil
}