// AddKey stores the contents of a private key. Both role and gun are ignored, // we always use Key IDs as name, and don't support aliases func (s *SQLKeyDBStore) AddKey(role, gun string, privKey data.PrivateKey) error { passphrase, _, err := s.retriever(privKey.ID(), s.defaultPassAlias, false, 1) if err != nil { return err } encryptedKey, err := jose.Encrypt(string(privKey.Private()), KeywrapAlg, EncryptionAlg, passphrase) if err != nil { return err } gormPrivKey := GormPrivateKey{ KeyID: privKey.ID(), EncryptionAlg: EncryptionAlg, KeywrapAlg: KeywrapAlg, PassphraseAlias: s.defaultPassAlias, Algorithm: privKey.Algorithm(), Gun: gun, Role: role, Public: string(privKey.Public()), Private: encryptedKey, } // Add encrypted private key to the database s.db.Create(&gormPrivKey) // Value will be false if Create succeeds failure := s.db.NewRecord(gormPrivKey) if failure { return fmt.Errorf("failed to add private key to database: %s", privKey.ID()) } return nil }
// Given a keystore and expected key that is in the store, export the key // and assert that the exported key is the same and encrypted with the right // password. func assertExportKeySuccess( t *testing.T, s KeyStore, expectedKey data.PrivateKey) { pemBytes, err := s.ExportKey(expectedKey.ID()) require.NoError(t, err) reparsedKey, err := ParsePEMPrivateKey(pemBytes, cannedPassphrase) require.NoError(t, err) require.Equal(t, expectedKey.Private(), reparsedKey.Private()) require.Equal(t, expectedKey.Public(), reparsedKey.Public()) }
// Given a keystore and expected key, generate an encrypted PEM of the key // and assert that the then imported key is the same and encrypted with the // right password. func assertImportKeySuccess( t *testing.T, s KeyStore, expectedKey data.PrivateKey) { pemBytes, err := EncryptPrivateKey(expectedKey, cannedPassphrase) assert.NoError(t, err) err = s.ImportKey(pemBytes, "root") assert.NoError(t, err) reimportedKey, reimportedAlias, err := s.GetKey(expectedKey.ID()) assert.NoError(t, err) assert.Equal(t, "root", reimportedAlias) assert.Equal(t, expectedKey.Private(), reimportedKey.Private()) assert.Equal(t, expectedKey.Public(), reimportedKey.Public()) }
// AddKey stores the contents of a private key. Both role and gun are ignored, // we always use Key IDs as name, and don't support aliases func (rdb *RethinkDBKeyStore) AddKey(keyInfo trustmanager.KeyInfo, privKey data.PrivateKey) error { passphrase, _, err := rdb.retriever(privKey.ID(), rdb.defaultPassAlias, false, 1) if err != nil { return err } encryptedKey, err := jose.Encrypt(string(privKey.Private()), KeywrapAlg, EncryptionAlg, passphrase) if err != nil { return err } now := time.Now() rethinkPrivKey := RDBPrivateKey{ Timing: rethinkdb.Timing{ CreatedAt: now, UpdatedAt: now, }, KeyID: privKey.ID(), EncryptionAlg: EncryptionAlg, KeywrapAlg: KeywrapAlg, PassphraseAlias: rdb.defaultPassAlias, Algorithm: privKey.Algorithm(), Public: string(privKey.Public()), Private: encryptedKey} // Add encrypted private key to the database _, err = gorethink.DB(rdb.dbName).Table(rethinkPrivKey.TableName()).Insert(rethinkPrivKey).RunWrite(rdb.sess) if err != nil { return fmt.Errorf("failed to add private key to database: %s", privKey.ID()) } // Add the private key to our cache rdb.lock.Lock() defer rdb.lock.Unlock() rdb.cachedKeys[privKey.ID()] = privKey return nil }
// AddKey stores the contents of a private key. Both name and alias are ignored, // we always use Key IDs as name, and don't support aliases func (s *KeyDBStore) AddKey(name, alias string, privKey data.PrivateKey) error { passphrase, _, err := s.retriever(privKey.ID(), s.defaultPassAlias, false, 1) if err != nil { return err } encryptedKey, err := jose.Encrypt(string(privKey.Private()), KeywrapAlg, EncryptionAlg, passphrase) if err != nil { return err } gormPrivKey := GormPrivateKey{ KeyID: privKey.ID(), EncryptionAlg: EncryptionAlg, KeywrapAlg: KeywrapAlg, PassphraseAlias: s.defaultPassAlias, Algorithm: privKey.Algorithm(), Public: string(privKey.Public()), Private: encryptedKey} // Add encrypted private key to the database s.db.Create(&gormPrivKey) // Value will be false if Create succeeds failure := s.db.NewRecord(gormPrivKey) if failure { return fmt.Errorf("failed to add private key to database: %s", privKey.ID()) } // Add the private key to our cache s.Lock() defer s.Unlock() s.cachedKeys[privKey.ID()] = privKey return nil }
// AddKey stores the contents of a private key. Both role and gun are ignored, // we always use Key IDs as name, and don't support aliases func (rdb *RethinkDBKeyStore) AddKey(role, gun string, privKey data.PrivateKey) error { passphrase, _, err := rdb.retriever(privKey.ID(), rdb.defaultPassAlias, false, 1) if err != nil { return err } encryptedKey, err := jose.Encrypt(string(privKey.Private()), KeywrapAlg, EncryptionAlg, passphrase) if err != nil { return err } now := rdb.nowFunc() rethinkPrivKey := RDBPrivateKey{ Timing: rethinkdb.Timing{ CreatedAt: now, UpdatedAt: now, }, KeyID: privKey.ID(), EncryptionAlg: EncryptionAlg, KeywrapAlg: KeywrapAlg, PassphraseAlias: rdb.defaultPassAlias, Algorithm: privKey.Algorithm(), Gun: gun, Role: role, Public: privKey.Public(), Private: []byte(encryptedKey), } // Add encrypted private key to the database _, err = gorethink.DB(rdb.dbName).Table(rethinkPrivKey.TableName()).Insert(rethinkPrivKey).RunWrite(rdb.sess) if err != nil { return fmt.Errorf("failed to add private key %s to database: %s", privKey.ID(), err.Error()) } return nil }