// Returns key, cert and cert chain
func InitializeSealedProgramKey(filePath string, t tao.Tao, domain tao.Domain) (
*tao.Keys, []byte, [][]byte, error) {
k, derCert, err := CreateSigningKey(t)
if err != nil || derCert == nil {
log.Printf("InitializeSealedProgramKey: CreateSigningKey failed with error %s\n", err)
return nil, nil, nil, err
}
// Get program cert.
domain_response, err := RequestDomainServiceCert("tcp", *caAddr, k,
domain.Keys.VerifyingKey)
if err != nil || domain_response == nil {
log.Printf("InitializeSealedProgramKey: error from RequestDomainServiceCert\n")
return nil, nil, nil, err
}
programCert := domain_response.SignedCert
certChain := domain_response.CertChain
k.Cert, err = x509.ParseCertificate(programCert)
if err != nil {
log.Printf("InitializeSealedProgramKey: Can't parse certificate\n")
return nil, nil, nil, err
}
k.Cert.Raw = programCert
// Serialize and save key blob
programKeyBlob, err := tao.MarshalSignerDER(k.SigningKey)
if err != nil {
return nil, nil, nil, errors.New("InitializeSealedProgramKey: Can't produce signing key blob")
}
sealedProgramKey, err := t.Seal(programKeyBlob, tao.SealPolicyDefault)
if err != nil {
return nil, nil, nil, errors.New("InitializeSealedProgramKey: Can't seal signing key")
}
err = ioutil.WriteFile(path.Join(filePath, "sealedsigningKey"), sealedProgramKey, os.ModePerm)
if err != nil {
return nil, nil, nil, err
}
err = ioutil.WriteFile(path.Join(filePath, "signerCert"), programCert, os.ModePerm)
if err != nil {
return nil, nil, nil, err
}
/*
FIX
if certChain.size() > 0 {
// Save cert chain
FIX
err = ioutil.WriteFile(path.Join(filePath, "certChain"), certChain, os.ModePerm)
if err != nil {
return nil, nil, nil, err
}
}
*/
return k, programCert, certChain, nil
}
