Example #1
0
// GetOrCreateTimestampKey returns the timestamp key for the gun. It uses the store to
// lookup an existing timestamp key and the crypto to generate a new one if none is
// found. It attempts to handle the race condition that may occur if 2 servers try to
// create the key at the same time by simply querying the store a second time if it
// receives a conflict when writing.
func GetOrCreateTimestampKey(gun string, store storage.MetaStore, crypto signed.CryptoService, fallBackAlgorithm data.KeyAlgorithm) (*data.TUFKey, error) {
	keyAlgorithm, public, err := store.GetTimestampKey(gun)
	if err == nil {
		return data.NewTUFKey(keyAlgorithm, public, nil), nil
	}

	if _, ok := err.(*storage.ErrNoKey); ok {
		key, err := crypto.Create("timestamp", fallBackAlgorithm)
		if err != nil {
			return nil, err
		}
		err = store.SetTimestampKey(gun, key.Algorithm(), key.Public())
		if err == nil {
			return &key.TUFKey, nil
		}

		if _, ok := err.(*storage.ErrTimestampKeyExists); ok {
			keyAlgorithm, public, err = store.GetTimestampKey(gun)
			if err != nil {
				return nil, err
			}
			return data.NewTUFKey(keyAlgorithm, public, nil), nil
		}
		return nil, err
	}
	return nil, err
}
Example #2
0
// GetOrCreateTimestampKey returns the timestamp key for the gun. It uses the store to
// lookup an existing timestamp key and the crypto to generate a new one if none is
// found. It attempts to handle the race condition that may occur if 2 servers try to
// create the key at the same time by simply querying the store a second time if it
// receives a conflict when writing.
func GetOrCreateTimestampKey(gun string, store storage.MetaStore, crypto signed.CryptoService) (*data.TUFKey, error) {
	cipher, public, err := store.GetTimestampKey(gun)
	if err == nil {
		return data.NewTUFKey(cipher, public, nil), nil
	}

	if _, ok := err.(*storage.ErrNoKey); ok {
		key, err := crypto.Create("timestamp")
		if err != nil {
			return nil, err
		}
		err = store.SetTimestampKey(gun, key.Cipher(), key.Public())
		if err == nil {
			return &key.TUFKey, nil
		}

		if _, ok := err.(*storage.ErrTimestampKeyExists); ok {
			cipher, public, err = store.GetTimestampKey(gun)
			if err != nil {
				return nil, err
			}
			return data.NewTUFKey(cipher, public, nil), nil
		}
		return nil, err
	}
	return nil, err
}
Example #3
0
// ID implements a method of the data.Key interface
func (rsa *HSMRSAKey) ID() string {
	if rsa.id == "" {
		pubK := data.NewTUFKey(rsa.Algorithm(), rsa.Public(), nil)
		rsa.id = pubK.ID()
	}
	return rsa.id
}
Example #4
0
func fingerprintCert(cert *x509.Certificate) CertID {
	block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}
	pemdata := pem.EncodeToMemory(&block)

	// Create new TUF Key so we can compute the TUF-compliant CertID
	tufKey := data.NewTUFKey("RSA", pemdata, nil)

	return CertID(tufKey.ID())
}
Example #5
0
func fingerprintCert(cert *x509.Certificate) (CertID, error) {
	block := pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}
	pemdata := pem.EncodeToMemory(&block)

	var keyType data.KeyAlgorithm
	switch cert.PublicKeyAlgorithm {
	case x509.RSA:
		keyType = data.RSAx509Key
	case x509.ECDSA:
		keyType = data.ECDSAx509Key
	default:
		return "", fmt.Errorf("got Unknown key type while fingerprinting certificate")
	}

	// Create new TUF Key so we can compute the TUF-compliant CertID
	tufKey := data.NewTUFKey(keyType, pemdata, nil)

	logrus.Debugf("certificate fingerprint generated for key type %s: %s", keyType, tufKey.ID())

	return CertID(tufKey.ID()), nil
}