diff --git a/cmd/notary/keys.go b/cmd/notary/keys.go index 5c48f3e636..b2b255c895 100644 --- a/cmd/notary/keys.go +++ b/cmd/notary/keys.go @@ -560,11 +560,14 @@ func (k *keyCommander) keyPassphraseChange(cmd *cobra.Command, args []string) er // unlocking passphrase and reusing that. passChangeRetriever := k.getRetriever() keyStore, err := trustmanager.NewKeyFileStore(config.GetString("trust_dir"), passChangeRetriever) + if err != nil { + return err + } keyInfo, err := cs.GetKeyInfo(keyID) if err != nil { return err } - err = keyStore.AddKey(privKey, keyInfo) + err = keyStore.AddKey(keyInfo, privKey) if err != nil { return err } diff --git a/cmd/notary/keys_test.go b/cmd/notary/keys_test.go index 0578ecc3f2..58ac9ce832 100644 --- a/cmd/notary/keys_test.go +++ b/cmd/notary/keys_test.go @@ -51,7 +51,7 @@ func TestRemoveOneKeyAbort(t *testing.T) { key, err := trustmanager.GenerateED25519Key(rand.Reader) assert.NoError(t, err) - err = store.AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}) + err = store.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, key) assert.NoError(t, err) stores := []trustmanager.KeyStore{store} @@ -83,7 +83,7 @@ func TestRemoveOneKeyConfirm(t *testing.T) { key, err := trustmanager.GenerateED25519Key(rand.Reader) assert.NoError(t, err) - err = store.AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}) + err = store.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, key) assert.NoError(t, err) var out bytes.Buffer @@ -117,10 +117,10 @@ func TestRemoveMultikeysInvalidInput(t *testing.T) { trustmanager.NewKeyMemoryStore(ret), } - err = stores[0].AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}) + err = stores[0].AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, key) assert.NoError(t, err) - err = stores[1].AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalTargetsRole, Gun: "gun"}) + err = stores[1].AddKey(trustmanager.KeyInfo{Role: data.CanonicalTargetsRole, Gun: "gun"}, key) assert.NoError(t, err) var out bytes.Buffer @@ -166,10 +166,10 @@ func TestRemoveMultikeysAbortChoice(t *testing.T) { trustmanager.NewKeyMemoryStore(ret), } - err = stores[0].AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}) + err = stores[0].AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, key) assert.NoError(t, err) - err = stores[1].AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalTargetsRole, Gun: "gun"}) + err = stores[1].AddKey(trustmanager.KeyInfo{Role: data.CanonicalTargetsRole, Gun: "gun"}, key) assert.NoError(t, err) var out bytes.Buffer @@ -205,10 +205,10 @@ func TestRemoveMultikeysRemoveOnlyChosenKey(t *testing.T) { trustmanager.NewKeyMemoryStore(ret), } - err = stores[0].AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}) + err = stores[0].AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, key) assert.NoError(t, err) - err = stores[1].AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalTargetsRole, Gun: "gun"}) + err = stores[1].AddKey(trustmanager.KeyInfo{Role: data.CanonicalTargetsRole, Gun: "gun"}, key) assert.NoError(t, err) var out bytes.Buffer diff --git a/cmd/notary/prettyprint_test.go b/cmd/notary/prettyprint_test.go index 951ee3a77b..2b55f2075e 100644 --- a/cmd/notary/prettyprint_test.go +++ b/cmd/notary/prettyprint_test.go @@ -103,12 +103,12 @@ func TestPrettyPrintRootAndSigningKeys(t *testing.T) { root := data.CanonicalRootRole // add keys to the key stores - assert.NoError(t, keyStores[0].AddKey(keys[0], trustmanager.KeyInfo{Role: root, Gun: ""})) - assert.NoError(t, keyStores[1].AddKey(keys[0], trustmanager.KeyInfo{Role: root, Gun: ""})) - assert.NoError(t, keyStores[0].AddKey(keys[1], trustmanager.KeyInfo{Role: "targets", Gun: strings.Repeat("/a", 30)})) - assert.NoError(t, keyStores[1].AddKey(keys[1], trustmanager.KeyInfo{Role: "snapshot", Gun: "short/gun"})) - assert.NoError(t, keyStores[0].AddKey(keys[3], trustmanager.KeyInfo{Role: "targets/a", Gun: ""})) - assert.NoError(t, keyStores[0].AddKey(keys[2], trustmanager.KeyInfo{Role: "invalidRole", Gun: ""})) + assert.NoError(t, keyStores[0].AddKey(trustmanager.KeyInfo{Role: root, Gun: ""}, keys[0])) + assert.NoError(t, keyStores[1].AddKey(trustmanager.KeyInfo{Role: root, Gun: ""}, keys[0])) + assert.NoError(t, keyStores[0].AddKey(trustmanager.KeyInfo{Role: "targets", Gun: strings.Repeat("/a", 30)}, keys[1])) + assert.NoError(t, keyStores[1].AddKey(trustmanager.KeyInfo{Role: "snapshot", Gun: "short/gun"}, keys[1])) + assert.NoError(t, keyStores[0].AddKey(trustmanager.KeyInfo{Role: "targets/a", Gun: ""}, keys[3])) + assert.NoError(t, keyStores[0].AddKey(trustmanager.KeyInfo{Role: "invalidRole", Gun: ""}, keys[2])) expected := [][]string{ // root always comes first diff --git a/cryptoservice/certificate_test.go b/cryptoservice/certificate_test.go index 559c12afa8..2d54b933be 100644 --- a/cryptoservice/certificate_test.go +++ b/cryptoservice/certificate_test.go @@ -17,7 +17,7 @@ func TestGenerateCertificate(t *testing.T) { keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever) - err = keyStore.AddKey(privKey, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}) + err = keyStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, privKey) assert.NoError(t, err, "could not add key to store") // Check GenerateCertificate method diff --git a/cryptoservice/crypto_service.go b/cryptoservice/crypto_service.go index 0597541653..7c32ba7201 100644 --- a/cryptoservice/crypto_service.go +++ b/cryptoservice/crypto_service.go @@ -52,7 +52,7 @@ func (cs *CryptoService) Create(role, gun, algorithm string) (data.PublicKey, er // Store the private key into our keystore for _, ks := range cs.keyStores { - err = ks.AddKey(privKey, trustmanager.KeyInfo{Role: role, Gun: gun}) + err = ks.AddKey(trustmanager.KeyInfo{Role: role, Gun: gun}, privKey) if err == nil { return data.PublicKeyFromPrivate(privKey), nil } @@ -67,8 +67,7 @@ func (cs *CryptoService) Create(role, gun, algorithm string) (data.PublicKey, er // GetPrivateKey returns a private key and role if present by ID. func (cs *CryptoService) GetPrivateKey(keyID string) (k data.PrivateKey, role string, err error) { for _, ks := range cs.keyStores { - k, role, err = ks.GetKey(keyID) - if err == nil { + if k, role, err = ks.GetKey(keyID); err == nil { return } switch err.(type) { @@ -124,7 +123,7 @@ func (cs *CryptoService) AddKey(role, gun string, key data.PrivateKey) (err erro // If the key didn't exist in any of our keystores, add and return on the first successful keystore for _, ks := range cs.keyStores { // Try to add to this keystore, return if successful - if err = ks.AddKey(key, trustmanager.KeyInfo{Role: role, Gun: gun}); err == nil { + if err = ks.AddKey(trustmanager.KeyInfo{Role: role, Gun: gun}, key); err == nil { return nil } } diff --git a/cryptoservice/crypto_service_test.go b/cryptoservice/crypto_service_test.go index 39e8dccc73..b15390e4a1 100644 --- a/cryptoservice/crypto_service_test.go +++ b/cryptoservice/crypto_service_test.go @@ -147,7 +147,7 @@ func (c CryptoServiceTester) TestGetPrivateKeyMultipleKeystores(t *testing.T) { assert.NoError(t, err, c.errorMsg("error creating key")) for _, store := range cryptoService.keyStores { - err := store.AddKey(privKey, trustmanager.KeyInfo{Role: c.role, Gun: c.gun}) + err := store.AddKey(trustmanager.KeyInfo{Role: c.role, Gun: c.gun}, privKey) assert.NoError(t, err) } @@ -237,7 +237,7 @@ func (c CryptoServiceTester) TestRemoveFromMultipleKeystores(t *testing.T) { assert.NoError(t, err, c.errorMsg("error creating key")) for _, store := range cryptoService.keyStores { - err := store.AddKey(privKey, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}) + err := store.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, privKey) assert.NoError(t, err) } @@ -271,7 +271,7 @@ func (c CryptoServiceTester) TestListFromMultipleKeystores(t *testing.T) { // both keystores for j, store := range cryptoService.keyStores { if i == j || i == 2 { - store.AddKey(privKey, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}) + store.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, privKey) } } } diff --git a/cryptoservice/import_export.go b/cryptoservice/import_export.go index 1c51170f06..9adcbcdba6 100644 --- a/cryptoservice/import_export.go +++ b/cryptoservice/import_export.go @@ -81,7 +81,7 @@ func (cs *CryptoService) ExportKeyReencrypt(dest io.Writer, keyID string, newPas return err } - err = tempKeyStore.AddKey(privateKey, keyInfo) + err = tempKeyStore.AddKey(keyInfo, privateKey) if err != nil { return err } @@ -227,7 +227,7 @@ func moveKeysByGUN(oldKeyStore, newKeyStore trustmanager.KeyStore, gun string) e return err } - err = newKeyStore.AddKey(privKey, keyInfo) + err = newKeyStore.AddKey(keyInfo, privKey) if err != nil { return err } @@ -243,7 +243,7 @@ func moveKeys(oldKeyStore, newKeyStore trustmanager.KeyStore) error { return err } - err = newKeyStore.AddKey(privateKey, keyInfo) + err = newKeyStore.AddKey(keyInfo, privateKey) if err != nil { return err diff --git a/signer/client/signer_trust_test.go b/signer/client/signer_trust_test.go index 9505407a21..e492b189ec 100644 --- a/signer/client/signer_trust_test.go +++ b/signer/client/signer_trust_test.go @@ -120,7 +120,7 @@ func TestGetPrivateKeyAndSignWithExistingKey(t *testing.T) { store := trustmanager.NewKeyMemoryStore(ret) - err = store.AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun"}) + err = store.AddKey(trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun"}, key) assert.NoError(t, err, "could not add key to store") signer := setUpSigner(t, store) diff --git a/signer/keydbstore/keydbstore.go b/signer/keydbstore/keydbstore.go index 913229f319..bbc3b3686a 100644 --- a/signer/keydbstore/keydbstore.go +++ b/signer/keydbstore/keydbstore.go @@ -68,7 +68,7 @@ func (s *KeyDBStore) Name() string { // AddKey stores the contents of a private key. Both role and gun are ignored, // we always use Key IDs as name, and don't support aliases -func (s *KeyDBStore) AddKey(privKey data.PrivateKey, keyInfo trustmanager.KeyInfo) error { +func (s *KeyDBStore) AddKey(keyInfo trustmanager.KeyInfo, privKey data.PrivateKey) error { passphrase, _, err := s.retriever(privKey.ID(), s.defaultPassAlias, false, 1) if err != nil { diff --git a/signer/keydbstore/keydbstore_test.go b/signer/keydbstore/keydbstore_test.go index c58bb039c1..9126590907 100644 --- a/signer/keydbstore/keydbstore_test.go +++ b/signer/keydbstore/keydbstore_test.go @@ -84,7 +84,7 @@ func TestCreateSuccessPopulatesCache(t *testing.T) { assert.NoError(t, err) // Test writing new key in database - err = dbStore.AddKey(testKey, trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}) + err = dbStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}, testKey) assert.NoError(t, err) testGetSuccessFromCache(t, dbStore, testKey) @@ -101,7 +101,7 @@ func TestGetSuccessPopulatesCache(t *testing.T) { // Create a new KeyDB store and add a key dbStore, err := NewKeyDBStore(retriever, "ignoredalias", "sqlite3", tmpFilename) assert.NoError(t, err) - err = dbStore.AddKey(testKey, trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}) + err = dbStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}, testKey) assert.NoError(t, err) // delete the cache @@ -126,15 +126,15 @@ func TestDoubleCreate(t *testing.T) { assert.NoError(t, err) // Test writing new key in database/cache - err = dbStore.AddKey(testKey, trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}) + err = dbStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}, testKey) assert.NoError(t, err) // Test writing the same key in the database. Should fail. - err = dbStore.AddKey(testKey, trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}) + err = dbStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}, testKey) assert.Error(t, err, "failed to add private key to database:") // Test writing new key succeeds - err = dbStore.AddKey(anotherTestKey, trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}) + err = dbStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}, anotherTestKey) assert.NoError(t, err) } @@ -150,7 +150,7 @@ func TestCreateDelete(t *testing.T) { assert.NoError(t, err) // Test writing new key in database/cache - err = dbStore.AddKey(testKey, trustmanager.KeyInfo{Role: "", Gun: ""}) + err = dbStore.AddKey(trustmanager.KeyInfo{Role: "", Gun: ""}, testKey) assert.NoError(t, err) // Test deleting the key from the db @@ -174,7 +174,7 @@ func TestKeyRotation(t *testing.T) { assert.NoError(t, err) // Test writing new key in database/cache - err = dbStore.AddKey(testKey, trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}) + err = dbStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}, testKey) assert.NoError(t, err) // Try rotating the key to alias-2 diff --git a/trustmanager/keyfilestore.go b/trustmanager/keyfilestore.go index 949183d199..c5da331ece 100644 --- a/trustmanager/keyfilestore.go +++ b/trustmanager/keyfilestore.go @@ -141,7 +141,7 @@ func (s *KeyFileStore) Name() string { } // AddKey stores the contents of a PEM-encoded private key as a PEM block -func (s *KeyFileStore) AddKey(privKey data.PrivateKey, keyInfo KeyInfo) error { +func (s *KeyFileStore) AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error { s.Lock() defer s.Unlock() if keyInfo.Role == data.CanonicalRootRole || data.IsDelegation(keyInfo.Role) || !data.ValidRole(keyInfo.Role) { @@ -231,7 +231,7 @@ func (s *KeyMemoryStore) Name() string { } // AddKey stores the contents of a PEM-encoded private key as a PEM block -func (s *KeyMemoryStore) AddKey(privKey data.PrivateKey, keyInfo KeyInfo) error { +func (s *KeyMemoryStore) AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error { s.Lock() defer s.Unlock() if keyInfo.Role == data.CanonicalRootRole || data.IsDelegation(keyInfo.Role) || !data.ValidRole(keyInfo.Role) { diff --git a/trustmanager/keyfilestore_test.go b/trustmanager/keyfilestore_test.go index f7b25e83ed..e030b49a10 100644 --- a/trustmanager/keyfilestore_test.go +++ b/trustmanager/keyfilestore_test.go @@ -53,7 +53,7 @@ func testAddKeyWithRole(t *testing.T, role, expectedSubdir string) { expectedFilePath := filepath.Join(tempBaseDir, notary.PrivDir, expectedSubdir, privKey.ID()+"."+testExt) // Call the AddKey function - err = store.AddKey(privKey, KeyInfo{Role: role, Gun: gun}) + err = store.AddKey(KeyInfo{Role: role, Gun: gun}, privKey) assert.NoError(t, err, "failed to add key to store") // Check to see if file exists @@ -152,7 +152,7 @@ func TestKeyStoreInternalState(t *testing.T) { // Generate a new targets key and add it with its gun, check that the map gets updated back privKey, err := GenerateECDSAKey(rand.Reader) assert.NoError(t, err, "could not generate private key") - assert.NoError(t, store.AddKey(privKey, KeyInfo{Role: data.CanonicalTargetsRole, Gun: gun})) + assert.NoError(t, store.AddKey(KeyInfo{Role: data.CanonicalTargetsRole, Gun: gun}, privKey)) assert.Equal(t, gun, store.keyInfoMap[privKey.ID()].Gun) assert.Equal(t, data.CanonicalTargetsRole, store.keyInfoMap[privKey.ID()].Role) } @@ -342,7 +342,7 @@ func TestListKeys(t *testing.T) { // Call the AddKey function gun := filepath.Dir(testName) - err = store.AddKey(privKey, KeyInfo{Role: role, Gun: gun}) + err = store.AddKey(KeyInfo{Role: role, Gun: gun}, privKey) assert.NoError(t, err, "failed to add key to store") // Check to see if the keystore lists this key @@ -384,7 +384,7 @@ func TestAddGetKeyMemStore(t *testing.T) { assert.NoError(t, err, "could not generate private key") // Call the AddKey function - err = store.AddKey(privKey, KeyInfo{Role: testAlias, Gun: ""}) + err = store.AddKey(KeyInfo{Role: testAlias, Gun: ""}, privKey) assert.NoError(t, err, "failed to add key to store") // Check to see if file exists @@ -406,7 +406,7 @@ func TestAddGetKeyInfoMemStore(t *testing.T) { assert.NoError(t, err, "could not generate private key") // Call the AddKey function - err = store.AddKey(rootKey, KeyInfo{Role: data.CanonicalRootRole, Gun: ""}) + err = store.AddKey(KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, rootKey) assert.NoError(t, err, "failed to add key to store") // Get and validate key info @@ -419,7 +419,7 @@ func TestAddGetKeyInfoMemStore(t *testing.T) { assert.NoError(t, err, "could not generate private key") // Call the AddKey function - err = store.AddKey(targetsKey, KeyInfo{Role: data.CanonicalTargetsRole, Gun: gun}) + err = store.AddKey(KeyInfo{Role: data.CanonicalTargetsRole, Gun: gun}, targetsKey) assert.NoError(t, err, "failed to add key to store") // Get and validate key info @@ -432,7 +432,7 @@ func TestAddGetKeyInfoMemStore(t *testing.T) { assert.NoError(t, err, "could not generate private key") // Call the AddKey function - err = store.AddKey(delgKey, KeyInfo{Role: "targets/delegation", Gun: gun}) + err = store.AddKey(KeyInfo{Role: "targets/delegation", Gun: gun}, delgKey) assert.NoError(t, err, "failed to add key to store") // Get and validate key info @@ -460,7 +460,7 @@ func TestGetDecryptedWithTamperedCipherText(t *testing.T) { assert.NoError(t, err, "could not generate private key") // Call the AddEncryptedKey function - err = store.AddKey(privKey, KeyInfo{Role: testAlias, Gun: ""}) + err = store.AddKey(KeyInfo{Role: testAlias, Gun: ""}, privKey) assert.NoError(t, err, "failed to add key to store") // Since we're generating this manually we need to add the extension '.' @@ -551,7 +551,7 @@ func testGetDecryptedWithInvalidPassphrase(t *testing.T, store KeyStore, newStor assert.NoError(t, err, "could not generate private key") // Call the AddKey function - err = store.AddKey(privKey, KeyInfo{Role: testAlias, Gun: ""}) + err = store.AddKey(KeyInfo{Role: testAlias, Gun: ""}, privKey) assert.NoError(t, err, "failed to add key to store") // Try to decrypt the file with an invalid passphrase @@ -588,7 +588,7 @@ func testRemoveKeyWithRole(t *testing.T, role, expectedSubdir string) { // Since we're generating this manually we need to add the extension '.' expectedFilePath := filepath.Join(tempBaseDir, notary.PrivDir, expectedSubdir, privKey.ID()+"."+testExt) - err = store.AddKey(privKey, KeyInfo{Role: role, Gun: gun}) + err = store.AddKey(KeyInfo{Role: role, Gun: gun}, privKey) assert.NoError(t, err, "failed to add key to store") // Check to see if file exists @@ -629,7 +629,7 @@ func TestKeysAreCached(t *testing.T) { assert.NoError(t, err, "could not generate private key") // Call the AddKey function - err = store.AddKey(privKey, KeyInfo{Role: testAlias, Gun: gun}) + err = store.AddKey(KeyInfo{Role: testAlias, Gun: gun}, privKey) assert.NoError(t, err, "failed to add key to store") assert.Equal(t, 1, numTimesCalled, "numTimesCalled should have been 1") @@ -676,7 +676,7 @@ func TestKeyFileStoreExportSuccess(t *testing.T) { // Create our FileStore and add the key store, err := NewKeyFileStore(tempBaseDir, passphraseRetriever) assert.NoError(t, err) - err = store.AddKey(privKey, KeyInfo{Role: data.CanonicalRootRole, Gun: ""}) + err = store.AddKey(KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, privKey) assert.NoError(t, err) assertExportKeySuccess(t, store, privKey) @@ -706,7 +706,7 @@ func TestKeyMemoryStoreExportSuccess(t *testing.T) { // Create our MemoryStore and add key to it store := NewKeyMemoryStore(passphraseRetriever) assert.NoError(t, err) - err = store.AddKey(privKey, KeyInfo{Role: data.CanonicalRootRole, Gun: ""}) + err = store.AddKey(KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, privKey) assert.NoError(t, err) assertExportKeySuccess(t, store, privKey) diff --git a/trustmanager/keystore.go b/trustmanager/keystore.go index 8764643191..5db0470c10 100644 --- a/trustmanager/keystore.go +++ b/trustmanager/keystore.go @@ -40,9 +40,9 @@ const ( // KeyStore is a generic interface for private key storage type KeyStore interface { - // Add Key adds a key to the KeyStore, and if the key already exists, + // AddKey adds a key to the KeyStore, and if the key already exists, // succeeds. Otherwise, returns an error if it cannot add. - AddKey(privKey data.PrivateKey, keyInfo KeyInfo) error + AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error GetKey(name string) (data.PrivateKey, string, error) GetKeyInfo(keyID string) (KeyInfo, error) ListKeys() map[string]KeyInfo diff --git a/trustmanager/yubikey/yubikeystore.go b/trustmanager/yubikey/yubikeystore.go index db41e60037..8f11b9d6b8 100644 --- a/trustmanager/yubikey/yubikeystore.go +++ b/trustmanager/yubikey/yubikeystore.go @@ -639,13 +639,13 @@ func (s *YubiKeyStore) ListKeys() map[string]trustmanager.KeyInfo { } // AddKey puts a key inside the Yubikey, as well as writing it to the backup store -func (s *YubiKeyStore) AddKey(privKey data.PrivateKey, keyInfo trustmanager.KeyInfo) error { +func (s *YubiKeyStore) AddKey(keyInfo trustmanager.KeyInfo, privKey data.PrivateKey) error { added, err := s.addKey(privKey.ID(), keyInfo.Role, privKey) if err != nil { return err } if added { - err = s.backupStore.AddKey(privKey, keyInfo) + err = s.backupStore.AddKey(keyInfo, privKey) if err != nil { defer s.RemoveKey(privKey.ID()) return ErrBackupFailed{err: err.Error()} diff --git a/trustmanager/yubikey/yubikeystore_test.go b/trustmanager/yubikey/yubikeystore_test.go index a4ab4d129f..8df9254d0e 100644 --- a/trustmanager/yubikey/yubikeystore_test.go +++ b/trustmanager/yubikey/yubikeystore_test.go @@ -60,7 +60,7 @@ func testAddKey(t *testing.T, store trustmanager.KeyStore) (data.PrivateKey, err privKey, err := trustmanager.GenerateECDSAKey(rand.Reader) assert.NoError(t, err) - err = store.AddKey(privKey, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}) + err = store.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, privKey) return privKey, err } @@ -215,7 +215,7 @@ type nonworkingBackup struct { } // AddKey stores the contents of a PEM-encoded private key as a PEM block -func (s *nonworkingBackup) AddKey(privKey data.PrivateKey, keyInfo trustmanager.KeyInfo) error { +func (s *nonworkingBackup) AddKey(keyInfo trustmanager.KeyInfo, privKey data.PrivateKey) error { return errors.New("Nope!") } @@ -271,7 +271,7 @@ func TestYubiAddDuplicateKeySucceedsButDoesNotBackup(t *testing.T) { assert.NoError(t, err) assert.Len(t, cleanStore.ListKeys(), 1) - err = cleanStore.AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}) + err = cleanStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, key) assert.NoError(t, err) // there should be just 1 key on the yubikey