예제 #1
0
func readObjRec(l *list.List, encKey *tao.Keys, id *protected_objects.ObjectIdMessage) (*string,
	[]byte, error) {

	elem := protected_objects.FindElementById(l, *id.ObjName, *id.ObjEpoch)
	if elem == nil {
		return nil, nil, errors.New("object not found")
	}
	pObj := elem.Value.(protected_objects.ProtectedObjectMessage)
	if pObj.ProtectorObjId == nil {
		// Decrypt root using encKeys.
		rootKey, err := encKey.CryptingKey.Decrypt(pObj.GetBlob())
		if err != nil {
			return nil, nil, err
		}
		str := "key"
		return &str, rootKey, nil
	}
	parentType, parentKey, err := readObjRec(l, encKey, pObj.ProtectorObjId)
	if err != nil {
		return nil, nil, err
	}
	if *parentType != "key" {
		return nil, nil, errors.New("internal node with type not key")
	}
	obj, err := protected_objects.RecoverProtectedObject(&pObj, parentKey)
	if err != nil {
		return nil, nil, err
	}
	return obj.ObjType, obj.ObjVal, nil
}
예제 #2
0
func DeleteObject(l *list.List, id *protected_objects.ObjectIdMessage, program *auth.Prin,
	domain *tao.Domain) error {

	if !domain.Guard.IsAuthorized(*program, "DELETE", []string{id.String()}) {
		return errors.New("program not authorized to delete requested secret")
	}

	element := protected_objects.FindElementById(l, *id.ObjName, *id.ObjEpoch)
	if element == nil {
		return errors.New("object to be deleted not found")
	}
	l.Remove(element)
	return nil
}
예제 #3
0
func WriteObject(l *list.List, encKey *tao.Keys, id *protected_objects.ObjectIdMessage,
	program *auth.Prin, domain *tao.Domain, newType string,
	newVal []byte) error {

	if !domain.Guard.IsAuthorized(*program, "WRITE", []string{id.String()}) {
		return errors.New("program not authorized to write requested secret")
	}

	element := protected_objects.FindElementById(l, *id.ObjName, *id.ObjEpoch)
	if element == nil {
		return errors.New("attemtping to write non-existant object")
	}
	pOld := element.Value.(protected_objects.ProtectedObjectMessage)
	parentId := pOld.ProtectorObjId
	if parentId == nil {
		return errors.New("attempting to write root key")
	}
	parentType, parentKey, err := readObjRec(l, encKey, parentId)
	if err != nil {
		return err
	}
	if *parentType != "key" {
		return errors.New("parent of object to be written is not a key")
	}
	new := protected_objects.ObjectMessage{
		ObjId:   id,
		ObjVal:  newVal,
		ObjType: &newType}
	pNew, err := protected_objects.MakeProtectedObject(new, *parentId.ObjName,
		*parentId.ObjEpoch, parentKey)
	if err != nil {
		return errors.New("can not make protected object")
	}
	element.Value = *pNew
	return nil
}