// GetOrCreateTimestampKey returns the timestamp key for the gun. It uses the store to
// lookup an existing timestamp key and the crypto to generate a new one if none is
// found. It attempts to handle the race condition that may occur if 2 servers try to
// create the key at the same time by simply querying the store a second time if it
// receives a conflict when writing.
func GetOrCreateTimestampKey(gun string, store storage.MetaStore, crypto signed.CryptoService, createAlgorithm string) (data.PublicKey, error) {
keyAlgorithm, public, err := store.GetKey(gun, data.CanonicalTimestampRole)
if err == nil {
return data.NewPublicKey(keyAlgorithm, public), nil
}
if _, ok := err.(*storage.ErrNoKey); ok {
key, err := crypto.Create("timestamp", createAlgorithm)
if err != nil {
return nil, err
}
logrus.Debug("Creating new timestamp key for ", gun, ". With algo: ", key.Algorithm())
err = store.SetKey(gun, data.CanonicalTimestampRole, key.Algorithm(), key.Public())
if err == nil {
return key, nil
}
if _, ok := err.(*storage.ErrKeyExists); ok {
keyAlgorithm, public, err = store.GetKey(gun, data.CanonicalTimestampRole)
if err != nil {
return nil, err
}
return data.NewPublicKey(keyAlgorithm, public), nil
}
return nil, err
}
return nil, err
}
func copyTimestampKey(t *testing.T, fromRepo *tuf.Repo,
toStore storage.MetaStore, gun string) {
role, err := fromRepo.GetBaseRole(data.CanonicalTimestampRole)
assert.NoError(t, err)
assert.NotNil(t, role, "No timestamp role in the root file")
assert.Len(t, role.ListKeyIDs(), 1, fmt.Sprintf(
"Expected 1 timestamp key in timestamp role, got %d", len(role.ListKeyIDs())))
pubTimestampKey := role.ListKeys()[0]
err = toStore.SetKey(gun, data.CanonicalTimestampRole, pubTimestampKey.Algorithm(),
pubTimestampKey.Public())
assert.NoError(t, err)
}
func copyTimestampKey(t *testing.T, fromKeyDB *keys.KeyDB,
toStore storage.MetaStore, gun string) {
role := fromKeyDB.GetRole(data.CanonicalTimestampRole)
assert.NotNil(t, role, "No timestamp role in the KeyDB")
assert.Len(t, role.KeyIDs, 1, fmt.Sprintf(
"Expected 1 timestamp key in timestamp role, got %d", len(role.KeyIDs)))
pubTimestampKey := fromKeyDB.GetKey(role.KeyIDs[0])
assert.NotNil(t, pubTimestampKey,
"Timestamp key specified by KeyDB role not in KeysDB")
err := toStore.SetKey(gun, data.CanonicalTimestampRole, pubTimestampKey.Algorithm(),
pubTimestampKey.Public())
assert.NoError(t, err)
}
