Пример #1
0
func (s *Store) validateKey(keyID string, kc *fdb.Collection) error {
	f, err := kc.Open("privkey")
	if err != nil {
		return err
	}

	defer f.Close()

	b, err := ioutil.ReadAll(f)
	if err != nil {
		return err
	}

	pk, err := acmeutils.LoadPrivateKey(b)
	if err != nil {
		return err
	}

	actualKeyID, err := determineKeyIDFromKey(pk)
	if err != nil {
		return err
	}

	if actualKeyID != keyID {
		return fmt.Errorf("key ID mismatch: %#v != %#v", keyID, actualKeyID)
	}

	k := &Key{
		ID: actualKeyID,
	}

	s.keys[actualKeyID] = k

	return nil
}
Пример #2
0
func (s *Store) validateAccount(serverName, accountName string, c *fdb.Collection) error {
	f, err := c.Open("privkey")
	if err != nil {
		return err
	}

	defer f.Close()

	b, err := ioutil.ReadAll(f)
	if err != nil {
		return err
	}

	pk, err := acmeutils.LoadPrivateKey(b)
	if err != nil {
		return err
	}

	f.Close()

	baseURL, err := decodeAccountURLPart(serverName)
	if err != nil {
		return err
	}

	account := &Account{
		PrivateKey:     pk,
		BaseURL:        baseURL,
		Authorizations: map[string]*Authorization{},
	}

	accountID := account.ID()
	actualAccountID := serverName + "/" + accountName
	if accountID != actualAccountID {
		return fmt.Errorf("account ID mismatch: %#v != %#v", accountID, actualAccountID)
	}

	s.accounts[accountID] = account

	err = s.validateAuthorizations(account, c)
	if err != nil {
		return err
	}

	return nil
}
Пример #3
0
// Give a PEM-encoded key file, imports the key into the store. If the key is
// already installed, returns nil.
func (s *Store) ImportKey(r io.Reader) error {
	data, err := ioutil.ReadAll(r)
	if err != nil {
		return err
	}

	pk, err := acmeutils.LoadPrivateKey(data)
	if err != nil {
		return err
	}

	keyID, err := determineKeyIDFromKey(pk)
	if err != nil {
		return err
	}

	c := s.db.Collection("keys/" + keyID)

	f, err := c.Open("privkey")
	if err == nil {
		f.Close()
		return nil
	}

	ff, err := c.Create("privkey")
	if err != nil {
		return err
	}
	defer ff.CloseAbort()

	_, err = ff.Write(data)
	if err != nil {
		return err
	}

	ff.Close()
	return nil
}
Пример #4
0
func (s *Store) getPriorKey(publicKey crypto.PublicKey) (crypto.PrivateKey, error) {
	// Returning an error here short circuits. If any errors occur, return (nil,nil).

	keyID, err := determineKeyIDFromPublicKey(publicKey)
	if err != nil {
		log.Errore(err, "failed to get key ID from public key")
		return nil, nil
	}

	if _, ok := s.keys[keyID]; !ok {
		log.Infof("failed to find key ID wanted by proofOfPossession: %s", keyID)
		return nil, nil // unknown key
	}

	c := s.db.Collection("keys/" + keyID)

	f, err := c.Open("privkey")
	if err != nil {
		log.Errore(err, "failed to open privkey for key with ID: ", keyID)
		return nil, nil
	}
	defer f.Close()

	b, err := ioutil.ReadAll(f)
	if err != nil {
		return nil, err
	}

	privateKey, err := acmeutils.LoadPrivateKey(b)
	if err != nil {
		log.Errore(err, "failed to load private key for key with ID: ", keyID)
		return nil, nil
	}

	log.Infof("found key for proofOfPossession: %s", keyID)
	return privateKey, nil
}