Example #1
0
func (ks *keyStore) loadPrivateKey(alias string) (interface{}, error) {
	path := ks.conf.getPathForAlias(alias)
	ks.log.Debug("Loading private key [%s] at [%s]...", alias, path)

	raw, err := ioutil.ReadFile(path)
	if err != nil {
		ks.log.Error("Failed loading private key [%s]: [%s].", alias, err.Error())

		return nil, err
	}

	privateKey, err := utils.PEMtoPrivateKey(raw, ks.pwd)
	if err != nil {
		ks.log.Error("Failed parsing private key [%s]: [%s].", alias, err.Error())

		return nil, err
	}

	return privateKey, nil
}
Example #2
0
func (node *nodeImpl) loadEnrollmentKey(pwd []byte) error {
	node.log.Debug("Loading enrollment key at [%s]...", node.conf.getEnrollmentKeyPath())

	rawEnrollPrivKey, err := ioutil.ReadFile(node.conf.getEnrollmentKeyPath())
	if err != nil {
		node.log.Error("Failed loading enrollment private key [%s].", err.Error())

		return err
	}

	enrollPrivKey, err := utils.PEMtoPrivateKey(rawEnrollPrivKey, pwd)
	if err != nil {
		node.log.Error("Failed parsing enrollment private key [%s].", err.Error())

		return err
	}
	node.enrollPrivKey = enrollPrivKey.(*ecdsa.PrivateKey)

	return nil
}
Example #3
0
func (node *nodeImpl) retrieveEnrollmentData(enrollID, enrollPWD string) error {
	key, enrollCertRaw, enrollChainKey, err := node.getEnrollmentCertificateFromECA(enrollID, enrollPWD)
	if err != nil {
		node.error("Failed getting enrollment certificate [id=%s]: [%s]", enrollID, err)

		return err
	}
	node.debug("Enrollment certificate [% x].", enrollCertRaw)

	node.debug("Storing enrollment data for user [%s]...", enrollID)

	// Store enrollment id
	err = ioutil.WriteFile(node.conf.getEnrollmentIDPath(), []byte(enrollID), 0700)
	if err != nil {
		node.error("Failed storing enrollment certificate [id=%s]: [%s]", enrollID, err)
		return err
	}

	// Store enrollment key
	if err := node.ks.storePrivateKey(node.conf.getEnrollmentKeyFilename(), key); err != nil {
		node.error("Failed storing enrollment key [id=%s]: [%s]", enrollID, err)
		return err
	}

	// Store enrollment cert
	if err := node.ks.storeCert(node.conf.getEnrollmentCertFilename(), enrollCertRaw); err != nil {
		node.error("Failed storing enrollment certificate [id=%s]: [%s]", enrollID, err)
		return err
	}

	// Code for confidentiality 1.1
	//if err := node.ks.storeKey(node.conf.getEnrollmentChainKeyFilename(), enrollChainKey); err != nil {
	//	node.error("Failed storing enrollment chain key [id=%s]: [%s]", enrollID, err)
	//	return err

	// Code for confidentiality 1.2
	// Store enrollment chain key
	if node.eType == NodeValidator {
		node.debug("Enrollment chain key for validator [%s]...", enrollID)
		// enrollChainKey is a secret key

		node.debug("key [%s]...", string(enrollChainKey))

		key, err := utils.PEMtoPrivateKey(enrollChainKey, nil)
		if err != nil {
			node.error("Failed unmarshalling enrollment chain key [id=%s]: [%s]", enrollID, err)
			return err
		}

		if err := node.ks.storePrivateKey(node.conf.getEnrollmentChainKeyFilename(), key); err != nil {
			node.error("Failed storing enrollment chain key [id=%s]: [%s]", enrollID, err)
			return err
		}
	} else {
		node.debug("Enrollment chain key for non-validator [%s]...", enrollID)
		// enrollChainKey is a public key

		key, err := utils.PEMtoPublicKey(enrollChainKey, nil)
		if err != nil {
			node.error("Failed unmarshalling enrollment chain key [id=%s]: [%s]", enrollID, err)
			return err
		}
		node.debug("Key decoded from PEM [%s]...", enrollID)

		if err := node.ks.storePublicKey(node.conf.getEnrollmentChainKeyFilename(), key); err != nil {
			node.error("Failed storing enrollment chain key [id=%s]: [%s]", enrollID, err)
			return err
		}
	}

	return nil
}