func readObjRec(l *list.List, encKey *tao.Keys, id *protected_objects.ObjectIdMessage) (*string, []byte, error) { elem := protected_objects.FindElementById(l, *id.ObjName, *id.ObjEpoch) if elem == nil { return nil, nil, errors.New("object not found") } pObj := elem.Value.(protected_objects.ProtectedObjectMessage) if pObj.ProtectorObjId == nil { // Decrypt root using encKeys. rootKey, err := encKey.CryptingKey.Decrypt(pObj.GetBlob()) if err != nil { return nil, nil, err } str := "key" return &str, rootKey, nil } parentType, parentKey, err := readObjRec(l, encKey, pObj.ProtectorObjId) if err != nil { return nil, nil, err } if *parentType != "key" { return nil, nil, errors.New("internal node with type not key") } obj, err := protected_objects.RecoverProtectedObject(&pObj, parentKey) if err != nil { return nil, nil, err } return obj.ObjType, obj.ObjVal, nil }
func DeleteObject(l *list.List, id *protected_objects.ObjectIdMessage, program *auth.Prin, domain *tao.Domain) error { if !domain.Guard.IsAuthorized(*program, "DELETE", []string{id.String()}) { return errors.New("program not authorized to delete requested secret") } element := protected_objects.FindElementById(l, *id.ObjName, *id.ObjEpoch) if element == nil { return errors.New("object to be deleted not found") } l.Remove(element) return nil }
func WriteObject(l *list.List, encKey *tao.Keys, id *protected_objects.ObjectIdMessage, program *auth.Prin, domain *tao.Domain, newType string, newVal []byte) error { if !domain.Guard.IsAuthorized(*program, "WRITE", []string{id.String()}) { return errors.New("program not authorized to write requested secret") } element := protected_objects.FindElementById(l, *id.ObjName, *id.ObjEpoch) if element == nil { return errors.New("attemtping to write non-existant object") } pOld := element.Value.(protected_objects.ProtectedObjectMessage) parentId := pOld.ProtectorObjId if parentId == nil { return errors.New("attempting to write root key") } parentType, parentKey, err := readObjRec(l, encKey, parentId) if err != nil { return err } if *parentType != "key" { return errors.New("parent of object to be written is not a key") } new := protected_objects.ObjectMessage{ ObjId: id, ObjVal: newVal, ObjType: &newType} pNew, err := protected_objects.MakeProtectedObject(new, *parentId.ObjName, *parentId.ObjEpoch, parentKey) if err != nil { return errors.New("can not make protected object") } element.Value = *pNew return nil }