func (ks *keyStore) loadPrivateKey(alias string) (interface{}, error) {
path := ks.node.conf.getPathForAlias(alias)
ks.node.Debugf("Loading private key [%s] at [%s]...", alias, path)
raw, err := ioutil.ReadFile(path)
if err != nil {
ks.node.Errorf("Failed loading private key [%s]: [%s].", alias, err.Error())
return nil, err
}
privateKey, err := primitives.PEMtoPrivateKey(raw, ks.pwd)
if err != nil {
ks.node.Errorf("Failed parsing private key [%s]: [%s].", alias, err.Error())
return nil, err
}
return privateKey, nil
}
func (node *nodeImpl) retrieveEnrollmentData(enrollID, enrollPWD string) error {
if !node.ks.certMissing(node.conf.getEnrollmentCertFilename()) {
return nil
}
key, enrollCertRaw, enrollChainKey, err := node.getEnrollmentCertificateFromECA(enrollID, enrollPWD)
if err != nil {
node.Errorf("Failed getting enrollment certificate [id=%s]: [%s]", enrollID, err)
return err
}
node.Debugf("Enrollment certificate [% x].", enrollCertRaw)
node.Debugf("Storing enrollment data for user [%s]...", enrollID)
// Store enrollment id
err = ioutil.WriteFile(node.conf.getEnrollmentIDPath(), []byte(enrollID), 0700)
if err != nil {
node.Errorf("Failed storing enrollment certificate [id=%s]: [%s]", enrollID, err)
return err
}
// Store enrollment key
if err := node.ks.storePrivateKey(node.conf.getEnrollmentKeyFilename(), key); err != nil {
node.Errorf("Failed storing enrollment key [id=%s]: [%s]", enrollID, err)
return err
}
// Store enrollment cert
if err := node.ks.storeCert(node.conf.getEnrollmentCertFilename(), enrollCertRaw); err != nil {
node.Errorf("Failed storing enrollment certificate [id=%s]: [%s]", enrollID, err)
return err
}
// Code for confidentiality 1.2
// Store enrollment chain key
if node.eType == NodeValidator {
node.Debugf("Enrollment chain key for validator [%s]...", enrollID)
// enrollChainKey is a secret key
node.Debugf("key [%s]...", string(enrollChainKey))
key, err := primitives.PEMtoPrivateKey(enrollChainKey, nil)
if err != nil {
node.Errorf("Failed unmarshalling enrollment chain key [id=%s]: [%s]", enrollID, err)
return err
}
if err := node.ks.storePrivateKey(node.conf.getEnrollmentChainKeyFilename(), key); err != nil {
node.Errorf("Failed storing enrollment chain key [id=%s]: [%s]", enrollID, err)
return err
}
} else {
node.Debugf("Enrollment chain key for non-validator [%s]...", enrollID)
// enrollChainKey is a public key
key, err := primitives.PEMtoPublicKey(enrollChainKey, nil)
if err != nil {
node.Errorf("Failed unmarshalling enrollment chain key [id=%s]: [%s]", enrollID, err)
return err
}
node.Debugf("Key decoded from PEM [%s]...", enrollID)
if err := node.ks.storePublicKey(node.conf.getEnrollmentChainKeyFilename(), key); err != nil {
node.Errorf("Failed storing enrollment chain key [id=%s]: [%s]", enrollID, err)
return err
}
}
return nil
}