// Add adds a new key to the server's internal repertoire.
// Stores in maps by SKI and (if possible) Digest, SNI, Server IP, and Client IP.
func (keys *defaultKeystore) Add(op *gokeyless.Operation, priv crypto.Signer) error {
ski, err := gokeyless.GetSKI(priv.Public())
if err != nil {
return err
}
keys.Lock()
defer keys.Unlock()
if digest, err := gokeyless.GetDigest(priv.Public()); err == nil {
keys.digests[digest] = ski
}
if op != nil {
if op.SNI != "" {
keys.snis[op.SNI] = ski
}
if op.ServerIP != nil {
keys.serverIPs[op.ServerIP.String()] = ski
}
if op.ClientIP != nil {
keys.clientIPs[op.ClientIP.String()] = ski
}
keys.validAKIs[ski] = keys.validAKIs[ski].Add(op.AKI)
}
keys.skis[ski] = priv
log.Debugf("Adding key with SKI: %02x", ski)
return nil
}
// RegisterPublicKey SKIs and registers a public key as being held by a server.
func (c *Client) RegisterPublicKey(server string, pub crypto.PublicKey) (*PrivateKey, error) {
ski, err := gokeyless.GetSKI(pub)
if err != nil {
return nil, err
}
c.registerSKI(server, ski)
digest, _ := gokeyless.GetDigest(pub)
return &PrivateKey{
public: pub,
ski: ski,
digest: digest,
client: c,
}, nil
}
// RegisterKey adds a new key to the server's internal repertoire.
func (s *Server) RegisterKey(key crypto.Signer) error {
ski, err := gokeyless.GetSKI(key.Public())
if err != nil {
return err
}
s.Lock()
defer s.Unlock()
if digest, ok := gokeyless.GetDigest(key.Public()); ok {
s.digests[digest] = ski
}
s.keys[ski] = key
s.Log.Printf("Registering key with SKI: %X", ski)
return nil
}
// RegisterPublicKeyTemplate registers a public key with additional operation template information.
func (c *Client) RegisterPublicKeyTemplate(server string, pub crypto.PublicKey, sni string, serverIP net.IP) (*PrivateKey, error) {
ski, err := gokeyless.GetSKI(pub)
if err != nil {
return nil, err
}
if err := c.registerSKI(server, ski); err != nil {
return nil, err
}
digest, _ := gokeyless.GetDigest(pub)
return &PrivateKey{
public: pub,
client: c,
ski: ski,
digest: digest,
sni: sni,
serverIP: serverIP,
}, nil
}