func testAddKey(t *testing.T, store trustmanager.KeyStore) (data.PrivateKey, error) {
privKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err)
err = store.AddKey(privKey.ID(), data.CanonicalRootRole, privKey)
return privKey, err
}
func testAddKey(t *testing.T, store trustmanager.KeyStore) (data.PrivateKey, error) {
privKey, err := utils.GenerateECDSAKey(rand.Reader)
require.NoError(t, err)
err = store.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, privKey)
return privKey, err
}
func moveKeys(oldKeyStore, newKeyStore trustmanager.KeyStore) error {
for f := range oldKeyStore.ListKeys() {
privateKey, alias, err := oldKeyStore.GetKey(f)
if err != nil {
return err
}
err = newKeyStore.AddKey(f, alias, privateKey)
if err != nil {
return err
}
}
return nil
}
func moveKeys(oldKeyStore, newKeyStore trustmanager.KeyStore) error {
for keyID, keyInfo := range oldKeyStore.ListKeys() {
privateKey, _, err := oldKeyStore.GetKey(keyID)
if err != nil {
return err
}
err = newKeyStore.AddKey(keyInfo, privateKey)
if err != nil {
return err
}
}
return nil
}
func moveKeysByGUN(oldKeyStore, newKeyStore trustmanager.KeyStore, gun string) error {
for relKeyPath := range oldKeyStore.ListKeys() {
// Skip keys that aren't associated with this GUN
if !strings.HasPrefix(relKeyPath, filepath.FromSlash(gun)) {
continue
}
privKey, alias, err := oldKeyStore.GetKey(relKeyPath)
if err != nil {
return err
}
err = newKeyStore.AddKey(relKeyPath, alias, privKey)
if err != nil {
return err
}
}
return nil
}
func moveKeysByGUN(oldKeyStore, newKeyStore trustmanager.KeyStore, gun string) error {
for keyID, keyInfo := range oldKeyStore.ListKeys() {
// Skip keys that aren't associated with this GUN
if keyInfo.Gun != gun {
continue
}
privKey, _, err := oldKeyStore.GetKey(keyID)
if err != nil {
return err
}
err = newKeyStore.AddKey(keyInfo, privKey)
if err != nil {
return err
}
}
return nil
}
// keyPassphraseChange changes the passphrase for a private key based on ID
func (k *keyCommander) keyPassphraseChange(cmd *cobra.Command, args []string) error {
if len(args) < 1 {
cmd.Usage()
return fmt.Errorf("must specify the key ID of the key to change the passphrase of")
}
config, err := k.configGetter()
if err != nil {
return err
}
ks, err := k.getKeyStores(config, true, false)
if err != nil {
return err
}
keyID := args[0]
// This is an invalid ID
if len(keyID) != notary.SHA256HexSize {
return fmt.Errorf("invalid key ID provided: %s", keyID)
}
// Find which keyStore we should replace the key password in, and replace if we find it
var foundKeyStore trustmanager.KeyStore
var privKey data.PrivateKey
var keyInfo trustmanager.KeyInfo
var cs *cryptoservice.CryptoService
for _, keyStore := range ks {
cs = cryptoservice.NewCryptoService(keyStore)
if privKey, _, err = cs.GetPrivateKey(keyID); err == nil {
foundKeyStore = keyStore
break
}
}
if foundKeyStore == nil {
return fmt.Errorf("could not retrieve local key for key ID provided: %s", keyID)
}
// Must use a different passphrase retriever to avoid caching the
// unlocking passphrase and reusing that.
passChangeRetriever := k.getRetriever()
var addingKeyStore trustmanager.KeyStore
switch foundKeyStore.Name() {
case "yubikey":
addingKeyStore, err = getYubiStore(nil, passChangeRetriever)
keyInfo = trustmanager.KeyInfo{Role: data.CanonicalRootRole}
default:
addingKeyStore, err = trustmanager.NewKeyFileStore(config.GetString("trust_dir"), passChangeRetriever)
if err != nil {
return err
}
keyInfo, err = foundKeyStore.GetKeyInfo(keyID)
}
if err != nil {
return err
}
err = addingKeyStore.AddKey(keyInfo, privKey)
if err != nil {
return err
}
cmd.Printf("\nSuccessfully updated passphrase for key ID: %s\n", keyID)
return nil
}
