func (s *Store) validateKey(keyID string, kc *fdb.Collection) error {
f, err := kc.Open("privkey")
if err != nil {
return err
}
defer f.Close()
b, err := ioutil.ReadAll(f)
if err != nil {
return err
}
pk, err := acmeutils.LoadPrivateKey(b)
if err != nil {
return err
}
actualKeyID, err := determineKeyIDFromKey(pk)
if err != nil {
return err
}
if actualKeyID != keyID {
return fmt.Errorf("key ID mismatch: %#v != %#v", keyID, actualKeyID)
}
k := &Key{
ID: actualKeyID,
}
s.keys[actualKeyID] = k
return nil
}
func (s *Store) validateAccount(serverName, accountName string, c *fdb.Collection) error {
f, err := c.Open("privkey")
if err != nil {
return err
}
defer f.Close()
b, err := ioutil.ReadAll(f)
if err != nil {
return err
}
pk, err := acmeutils.LoadPrivateKey(b)
if err != nil {
return err
}
f.Close()
baseURL, err := decodeAccountURLPart(serverName)
if err != nil {
return err
}
account := &Account{
PrivateKey: pk,
BaseURL: baseURL,
Authorizations: map[string]*Authorization{},
}
accountID := account.ID()
actualAccountID := serverName + "/" + accountName
if accountID != actualAccountID {
return fmt.Errorf("account ID mismatch: %#v != %#v", accountID, actualAccountID)
}
s.accounts[accountID] = account
err = s.validateAuthorizations(account, c)
if err != nil {
return err
}
return nil
}
// Give a PEM-encoded key file, imports the key into the store. If the key is
// already installed, returns nil.
func (s *Store) ImportKey(r io.Reader) error {
data, err := ioutil.ReadAll(r)
if err != nil {
return err
}
pk, err := acmeutils.LoadPrivateKey(data)
if err != nil {
return err
}
keyID, err := determineKeyIDFromKey(pk)
if err != nil {
return err
}
c := s.db.Collection("keys/" + keyID)
f, err := c.Open("privkey")
if err == nil {
f.Close()
return nil
}
ff, err := c.Create("privkey")
if err != nil {
return err
}
defer ff.CloseAbort()
_, err = ff.Write(data)
if err != nil {
return err
}
ff.Close()
return nil
}
func (s *Store) getPriorKey(publicKey crypto.PublicKey) (crypto.PrivateKey, error) {
// Returning an error here short circuits. If any errors occur, return (nil,nil).
keyID, err := determineKeyIDFromPublicKey(publicKey)
if err != nil {
log.Errore(err, "failed to get key ID from public key")
return nil, nil
}
if _, ok := s.keys[keyID]; !ok {
log.Infof("failed to find key ID wanted by proofOfPossession: %s", keyID)
return nil, nil // unknown key
}
c := s.db.Collection("keys/" + keyID)
f, err := c.Open("privkey")
if err != nil {
log.Errore(err, "failed to open privkey for key with ID: ", keyID)
return nil, nil
}
defer f.Close()
b, err := ioutil.ReadAll(f)
if err != nil {
return nil, err
}
privateKey, err := acmeutils.LoadPrivateKey(b)
if err != nil {
log.Errore(err, "failed to load private key for key with ID: ", keyID)
return nil, nil
}
log.Infof("found key for proofOfPossession: %s", keyID)
return privateKey, nil
}