// GetOrCreateTimestampKey returns the timestamp key for the gun. It uses the store to
// lookup an existing timestamp key and the crypto to generate a new one if none is
// found. It attempts to handle the race condition that may occur if 2 servers try to
// create the key at the same time by simply querying the store a second time if it
// receives a conflict when writing.
func GetOrCreateTimestampKey(gun string, store storage.MetaStore, crypto signed.CryptoService, createAlgorithm string) (data.PublicKey, error) {
keyAlgorithm, public, err := store.GetKey(gun, data.CanonicalTimestampRole)
if err == nil {
return data.NewPublicKey(keyAlgorithm, public), nil
}
if _, ok := err.(*storage.ErrNoKey); ok {
key, err := crypto.Create("timestamp", createAlgorithm)
if err != nil {
return nil, err
}
logrus.Debug("Creating new timestamp key for ", gun, ". With algo: ", key.Algorithm())
err = store.SetKey(gun, data.CanonicalTimestampRole, key.Algorithm(), key.Public())
if err == nil {
return key, nil
}
if _, ok := err.(*storage.ErrKeyExists); ok {
keyAlgorithm, public, err = store.GetKey(gun, data.CanonicalTimestampRole)
if err != nil {
return nil, err
}
return data.NewPublicKey(keyAlgorithm, public), nil
}
return nil, err
}
return nil, err
}
// CreateTimestamp creates a new timestamp. If a prev timestamp is provided, it
// is assumed this is the immediately previous one, and the new one will have a
// version number one higher than prev. The store is used to lookup the current
// snapshot, this function does not save the newly generated timestamp.
func CreateTimestamp(gun string, prev *data.SignedTimestamp, snapshot []byte, store storage.MetaStore, cryptoService signed.CryptoService) (*data.Signed, int, error) {
algorithm, public, err := store.GetKey(gun, data.CanonicalTimestampRole)
if err != nil {
// owner of gun must have generated a timestamp key otherwise
// we won't proceed with generating everything.
return nil, 0, err
}
key := data.NewPublicKey(algorithm, public)
sn := &data.Signed{}
err = json.Unmarshal(snapshot, sn)
if err != nil {
// couldn't parse snapshot
return nil, 0, err
}
ts, err := data.NewTimestamp(sn)
if err != nil {
return nil, 0, err
}
if prev != nil {
ts.Signed.Version = prev.Signed.Version + 1
}
sgndTs, err := json.MarshalCanonical(ts.Signed)
if err != nil {
return nil, 0, err
}
out := &data.Signed{
Signatures: ts.Signatures,
Signed: sgndTs,
}
err = signed.Sign(cryptoService, out, key)
if err != nil {
return nil, 0, err
}
return out, ts.Signed.Version, nil
}
func validateRoot(gun string, oldRoot, newRoot []byte, store storage.MetaStore) (
*data.SignedRoot, error) {
var parsedOldRoot *data.SignedRoot
parsedNewRoot := &data.SignedRoot{}
if oldRoot != nil {
parsedOldRoot = &data.SignedRoot{}
err := json.Unmarshal(oldRoot, parsedOldRoot)
if err != nil {
// TODO(david): if we can't read the old root should we continue
// here to check new root self referential integrity?
// This would permit recovery of a repo with a corrupted
// root.
logrus.Warn("Old root could not be parsed.")
}
}
err := json.Unmarshal(newRoot, parsedNewRoot)
if err != nil {
return nil, err
}
// Don't update if a timestamp key doesn't exist.
algo, keyBytes, err := store.GetKey(gun, data.CanonicalTimestampRole)
if err != nil || algo == "" || keyBytes == nil {
return nil, fmt.Errorf("no timestamp key for %s", gun)
}
timestampKey := data.NewPublicKey(algo, keyBytes)
if err := checkRoot(parsedOldRoot, parsedNewRoot, timestampKey); err != nil {
// TODO(david): how strict do we want to be here about old signatures
// for rotations? Should the user have to provide a flag
// which gets transmitted to force a root update without
// correct old key signatures.
return nil, err
}
if !data.ValidTUFType(parsedNewRoot.Signed.Type, data.CanonicalRootRole) {
return nil, fmt.Errorf("root has wrong type")
}
return parsedNewRoot, nil
}
// createSnapshot uses an existing snapshot to create a new one.
// Important things to be aware of:
// - It requires that a snapshot already exists. We create snapshots
// on upload so there should always be an existing snapshot if this
// gets called.
// - It doesn't update what roles are present in the snapshot, as those
// were validated during upload.
func createSnapshot(gun string, sn *data.SignedSnapshot, store storage.MetaStore, cryptoService signed.CryptoService) (*data.Signed, int, error) {
algorithm, public, err := store.GetKey(gun, data.CanonicalSnapshotRole)
if err != nil {
// owner of gun must have generated a snapshot key otherwise
// we won't proceed with generating everything.
return nil, 0, err
}
key := data.NewPublicKey(algorithm, public)
// update version and expiry
sn.Signed.Version = sn.Signed.Version + 1
sn.Signed.Expires = data.DefaultExpires(data.CanonicalSnapshotRole)
out, err := sn.ToSigned()
if err != nil {
return nil, 0, err
}
err = signed.Sign(cryptoService, out, key)
if err != nil {
return nil, 0, err
}
return out, sn.Signed.Version, nil
}
func generateSnapshot(gun string, repo *tuf.Repo, store storage.MetaStore) (*storage.MetaUpdate, error) {
role, err := repo.GetBaseRole(data.CanonicalSnapshotRole)
if err != nil {
return nil, validation.ErrBadRoot{Msg: "root did not include snapshot role"}
}
algo, keyBytes, err := store.GetKey(gun, data.CanonicalSnapshotRole)
if err != nil {
return nil, validation.ErrBadHierarchy{Msg: "could not retrieve snapshot key. client must provide snapshot"}
}
foundK := data.NewPublicKey(algo, keyBytes)
validKey := false
for _, id := range role.ListKeyIDs() {
if id == foundK.ID() {
validKey = true
break
}
}
if !validKey {
return nil, validation.ErrBadHierarchy{
Missing: data.CanonicalSnapshotRole,
Msg: "no snapshot was included in update and server does not hold current snapshot key for repository"}
}
currentJSON, err := store.GetCurrent(gun, data.CanonicalSnapshotRole)
if err != nil {
if _, ok := err.(storage.ErrNotFound); !ok {
return nil, validation.ErrValidation{Msg: err.Error()}
}
}
var sn *data.SignedSnapshot
if currentJSON != nil {
sn = new(data.SignedSnapshot)
err := json.Unmarshal(currentJSON, sn)
if err != nil {
return nil, validation.ErrValidation{Msg: err.Error()}
}
err = repo.SetSnapshot(sn)
if err != nil {
return nil, validation.ErrValidation{Msg: err.Error()}
}
} else {
// this will only occurr if no snapshot has ever been created for the repository
err := repo.InitSnapshot()
if err != nil {
return nil, validation.ErrBadSnapshot{Msg: err.Error()}
}
}
sgnd, err := repo.SignSnapshot(data.DefaultExpires(data.CanonicalSnapshotRole))
if err != nil {
return nil, validation.ErrBadSnapshot{Msg: err.Error()}
}
sgndJSON, err := json.Marshal(sgnd)
if err != nil {
return nil, validation.ErrBadSnapshot{Msg: err.Error()}
}
return &storage.MetaUpdate{
Role: data.CanonicalSnapshotRole,
Version: repo.Snapshot.Signed.Version,
Data: sgndJSON,
}, nil
}
