func applyRootChange(repo *tuf.Repo, c changelist.Change) error { var err error switch c.Type() { case changelist.TypeRootRole: err = applyRootRoleChange(repo, c) default: logrus.Debug("type of root change not yet supported: ", c.Type()) } return err // might be nil }
func applyTargetsChange(repo *tuf.Repo, c changelist.Change) error { switch c.Type() { case changelist.TypeTargetsTarget: return changeTargetMeta(repo, c) case changelist.TypeTargetsDelegation: return changeTargetsDelegation(repo, c) default: return fmt.Errorf("only target meta and delegations changes supported") } }
// adds a TUF Change template to the given roles func addChange(cl *changelist.FileChangelist, c changelist.Change, roles ...string) error { if len(roles) == 0 { roles = []string{data.CanonicalTargetsRole} } var changes []changelist.Change for _, role := range roles { role = strings.ToLower(role) // Ensure we can only add targets to the CanonicalTargetsRole, // or a Delegation role (which is <CanonicalTargetsRole>/something else) if role != data.CanonicalTargetsRole && !data.IsDelegation(role) { return data.ErrInvalidRole{ Role: role, Reason: "cannot add targets to this role", } } changes = append(changes, changelist.NewTufChange( c.Action(), role, c.Type(), c.Path(), c.Content(), )) } for _, c := range changes { if err := cl.Add(c); err != nil { return err } } return nil }
func applyTargetsChange(repo *tuf.TufRepo, c changelist.Change) error { var err error meta := &data.FileMeta{} err = json.Unmarshal(c.Content(), meta) if err != nil { return nil } if c.Action() == changelist.ActionCreate { files := data.Files{c.Path(): *meta} _, err = repo.AddTargets("targets", files) } else if c.Action() == changelist.ActionDelete { err = repo.RemoveTargets("targets", c.Path()) } if err != nil { return err } return nil }
func applyTargetsChange(repo *tuf.TufRepo, c changelist.Change) error { var err error meta := &data.FileMeta{} err = json.Unmarshal(c.Content(), meta) if err != nil { return nil } if c.Action() == changelist.ActionCreate { files := data.Files{c.Path(): *meta} _, err = repo.AddTargets("targets", files) } else if c.Action() == changelist.ActionDelete { err = repo.RemoveTargets("targets", c.Path()) } if err != nil { // TODO(endophage): print out rem entries as files that couldn't // be added. return err } return nil }
func applyRootRoleChange(repo *tuf.Repo, c changelist.Change) error { switch c.Action() { case changelist.ActionCreate: // replaces all keys for a role d := &changelist.TufRootData{} err := json.Unmarshal(c.Content(), d) if err != nil { return err } err = repo.ReplaceBaseKeys(d.RoleName, d.Keys...) if err != nil { return err } default: logrus.Debug("action not yet supported for root: ", c.Action()) } return nil }
func applyRootRoleChange(repo *tuf.Repo, c changelist.Change) error { switch c.Action() { case changelist.ActionCreate: // replaces all keys for a role d := &changelist.TufRootData{} err := json.Unmarshal(c.Content(), d) if err != nil { return err } k := []data.PublicKey{} for _, key := range d.Keys { k = append(k, data.NewPublicKey(key.Algorithm(), key.Public())) } err = repo.ReplaceBaseKeys(d.RoleName, k...) if err != nil { return err } default: logrus.Debug("action not yet supported for root: ", c.Action()) } return nil }
func changeTargetsDelegation(repo *tuf.Repo, c changelist.Change) error { switch c.Action() { case changelist.ActionCreate: td := changelist.TufDelegation{} err := json.Unmarshal(c.Content(), &td) if err != nil { return err } r, err := repo.GetDelegation(c.Scope()) if _, ok := err.(data.ErrNoSuchRole); err != nil && !ok { // error that wasn't ErrNoSuchRole return err } if err == nil { // role existed return data.ErrInvalidRole{ Role: c.Scope(), Reason: "cannot create a role that already exists", } } // role doesn't exist, create brand new r, err = td.ToNewRole(c.Scope()) if err != nil { return err } return repo.UpdateDelegations(r, td.AddKeys) case changelist.ActionUpdate: td := changelist.TufDelegation{} err := json.Unmarshal(c.Content(), &td) if err != nil { return err } r, err := repo.GetDelegation(c.Scope()) if err != nil { return err } // role exists, merge if err := r.AddPaths(td.AddPaths); err != nil { return err } if err := r.AddPathHashPrefixes(td.AddPathHashPrefixes); err != nil { return err } r.RemoveKeys(td.RemoveKeys) r.RemovePaths(td.RemovePaths) r.RemovePathHashPrefixes(td.RemovePathHashPrefixes) return repo.UpdateDelegations(r, td.AddKeys) case changelist.ActionDelete: r := data.Role{Name: c.Scope()} return repo.DeleteDelegation(r) default: return fmt.Errorf("unsupported action against delegations: %s", c.Action()) } }
func changeTargetMeta(repo *tuf.Repo, c changelist.Change) error { var err error switch c.Action() { case changelist.ActionCreate: logrus.Debug("changelist add: ", c.Path()) meta := &data.FileMeta{} err = json.Unmarshal(c.Content(), meta) if err != nil { return err } files := data.Files{c.Path(): *meta} err = doWithRoleFallback(c.Scope(), func(role string) error { _, e := repo.AddTargets(role, files) return e }) if err != nil { logrus.Errorf("couldn't add target to %s: %s", c.Scope(), err.Error()) } case changelist.ActionDelete: logrus.Debug("changelist remove: ", c.Path()) err = doWithRoleFallback(c.Scope(), func(role string) error { return repo.RemoveTargets(role, c.Path()) }) if err != nil { logrus.Errorf("couldn't remove target from %s: %s", c.Scope(), err.Error()) } default: logrus.Debug("action not yet supported: ", c.Action()) } return err }
func applyTargetsChange(repo *tuf.TufRepo, c changelist.Change) error { var err error switch c.Action() { case changelist.ActionCreate: logrus.Debug("changelist add: ", c.Path()) meta := &data.FileMeta{} err = json.Unmarshal(c.Content(), meta) if err != nil { return err } files := data.Files{c.Path(): *meta} _, err = repo.AddTargets(c.Scope(), files) case changelist.ActionDelete: logrus.Debug("changelist remove: ", c.Path()) err = repo.RemoveTargets(c.Scope(), c.Path()) default: logrus.Debug("action not yet supported: ", c.Action()) } if err != nil { return err } return nil }
func changeTargetsDelegation(repo *tuf.Repo, c changelist.Change) error { switch c.Action() { case changelist.ActionCreate: td := changelist.TUFDelegation{} err := json.Unmarshal(c.Content(), &td) if err != nil { return err } // Try to create brand new role or update one // First add the keys, then the paths. We can only add keys and paths in this scenario err = repo.UpdateDelegationKeys(c.Scope(), td.AddKeys, []string{}, td.NewThreshold) if err != nil { return err } return repo.UpdateDelegationPaths(c.Scope(), td.AddPaths, []string{}, false) case changelist.ActionUpdate: td := changelist.TUFDelegation{} err := json.Unmarshal(c.Content(), &td) if err != nil { return err } delgRole, err := repo.GetDelegationRole(c.Scope()) if err != nil { return err } // We need to translate the keys from canonical ID to TUF ID for compatibility canonicalToTUFID := make(map[string]string) for tufID, pubKey := range delgRole.Keys { canonicalID, err := utils.CanonicalKeyID(pubKey) if err != nil { return err } canonicalToTUFID[canonicalID] = tufID } removeTUFKeyIDs := []string{} for _, canonID := range td.RemoveKeys { removeTUFKeyIDs = append(removeTUFKeyIDs, canonicalToTUFID[canonID]) } // If we specify the only keys left delete the role, else just delete specified keys if strings.Join(delgRole.ListKeyIDs(), ";") == strings.Join(removeTUFKeyIDs, ";") && len(td.AddKeys) == 0 { return repo.DeleteDelegation(c.Scope()) } err = repo.UpdateDelegationKeys(c.Scope(), td.AddKeys, removeTUFKeyIDs, td.NewThreshold) if err != nil { return err } return repo.UpdateDelegationPaths(c.Scope(), td.AddPaths, td.RemovePaths, td.ClearAllPaths) case changelist.ActionDelete: return repo.DeleteDelegation(c.Scope()) default: return fmt.Errorf("unsupported action against delegations: %s", c.Action()) } }
func changeTargetMeta(repo *tuf.Repo, c changelist.Change) error { var err error switch c.Action() { case changelist.ActionCreate: logrus.Debug("changelist add: ", c.Path()) meta := &data.FileMeta{} err = json.Unmarshal(c.Content(), meta) if err != nil { return err } files := data.Files{c.Path(): *meta} // Attempt to add the target to this role if _, err = repo.AddTargets(c.Scope(), files); err != nil { logrus.Errorf("couldn't add target to %s: %s", c.Scope(), err.Error()) } case changelist.ActionDelete: logrus.Debug("changelist remove: ", c.Path()) // Attempt to remove the target from this role if err = repo.RemoveTargets(c.Scope(), c.Path()); err != nil { logrus.Errorf("couldn't remove target from %s: %s", c.Scope(), err.Error()) } default: logrus.Debug("action not yet supported: ", c.Action()) } return err }
func changeTargetsDelegation(repo *tuf.Repo, c changelist.Change) error { switch c.Action() { case changelist.ActionCreate: td := changelist.TufDelegation{} err := json.Unmarshal(c.Content(), &td) if err != nil { return err } r, _, err := repo.GetDelegation(c.Scope()) if _, ok := err.(data.ErrNoSuchRole); err != nil && !ok { // error that wasn't ErrNoSuchRole return err } if err == nil { // role existed, attempt to merge paths and keys if err := r.AddPaths(td.AddPaths); err != nil { return err } return repo.UpdateDelegations(r, td.AddKeys) } // create brand new role r, err = td.ToNewRole(c.Scope()) if err != nil { return err } return repo.UpdateDelegations(r, td.AddKeys) case changelist.ActionUpdate: td := changelist.TufDelegation{} err := json.Unmarshal(c.Content(), &td) if err != nil { return err } r, keys, err := repo.GetDelegation(c.Scope()) if err != nil { return err } // We need to translate the keys from canonical ID to TUF ID for compatibility canonicalToTUFID := make(map[string]string) for tufID, pubKey := range keys { canonicalID, err := utils.CanonicalKeyID(pubKey) if err != nil { return err } canonicalToTUFID[canonicalID] = tufID } removeTUFKeyIDs := []string{} for _, canonID := range td.RemoveKeys { removeTUFKeyIDs = append(removeTUFKeyIDs, canonicalToTUFID[canonID]) } // If we specify the only keys left delete the role, else just delete specified keys if strings.Join(r.KeyIDs, ";") == strings.Join(removeTUFKeyIDs, ";") && len(td.AddKeys) == 0 { r := data.Role{Name: c.Scope()} return repo.DeleteDelegation(r) } // if we aren't deleting and the role exists, merge if err := r.AddPaths(td.AddPaths); err != nil { return err } // Clear all paths if we're given the flag, else remove specified paths if td.ClearAllPaths { r.RemovePaths(r.Paths) } else { r.RemovePaths(td.RemovePaths) } r.RemoveKeys(removeTUFKeyIDs) return repo.UpdateDelegations(r, td.AddKeys) case changelist.ActionDelete: r := data.Role{Name: c.Scope()} return repo.DeleteDelegation(r) default: return fmt.Errorf("unsupported action against delegations: %s", c.Action()) } }
func changeTargetsDelegation(repo *tuf.Repo, c changelist.Change) error { switch c.Action() { case changelist.ActionCreate: td := changelist.TufDelegation{} err := json.Unmarshal(c.Content(), &td) if err != nil { return err } r, err := repo.GetDelegation(c.Scope()) if _, ok := err.(data.ErrNoSuchRole); err != nil && !ok { // error that wasn't ErrNoSuchRole return err } if err == nil { // role existed, attempt to merge paths and keys if err := r.AddPaths(td.AddPaths); err != nil { return err } return repo.UpdateDelegations(r, td.AddKeys) } // create brand new role r, err = td.ToNewRole(c.Scope()) if err != nil { return err } return repo.UpdateDelegations(r, td.AddKeys) case changelist.ActionUpdate: td := changelist.TufDelegation{} err := json.Unmarshal(c.Content(), &td) if err != nil { return err } r, err := repo.GetDelegation(c.Scope()) if err != nil { return err } // If we specify the only keys left delete the role, else just delete specified keys if strings.Join(r.KeyIDs, ";") == strings.Join(td.RemoveKeys, ";") && len(td.AddKeys) == 0 { r := data.Role{Name: c.Scope()} return repo.DeleteDelegation(r) } // if we aren't deleting and the role exists, merge if err := r.AddPaths(td.AddPaths); err != nil { return err } if err := r.AddPathHashPrefixes(td.AddPathHashPrefixes); err != nil { return err } r.RemoveKeys(td.RemoveKeys) r.RemovePaths(td.RemovePaths) r.RemovePathHashPrefixes(td.RemovePathHashPrefixes) return repo.UpdateDelegations(r, td.AddKeys) case changelist.ActionDelete: r := data.Role{Name: c.Scope()} return repo.DeleteDelegation(r) default: return fmt.Errorf("unsupported action against delegations: %s", c.Action()) } }