2017-08-18 03:50:15 +02:00
|
|
|
package macaroons
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/rand"
|
|
|
|
"fmt"
|
|
|
|
"io"
|
|
|
|
|
|
|
|
"github.com/boltdb/bolt"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
// RootKeyLen is the length of a root key.
|
|
|
|
RootKeyLen = 32
|
|
|
|
)
|
|
|
|
|
|
|
|
var (
|
|
|
|
// rootKeyBucketName is the name of the root key store bucket.
|
|
|
|
rootKeyBucketName = []byte("macrootkeys")
|
|
|
|
|
|
|
|
// defaultRootKeyID is the ID of the default root key. The first is
|
|
|
|
// just 0, to emulate the memory storage that comes with bakery.
|
2017-08-22 08:18:19 +02:00
|
|
|
//
|
2017-08-18 03:50:15 +02:00
|
|
|
// TODO(aakselrod): Add support for key rotation.
|
|
|
|
defaultRootKeyID = "0"
|
|
|
|
|
|
|
|
// macaroonBucketName is the name of the macaroon store bucket.
|
|
|
|
macaroonBucketName = []byte("macaroons")
|
|
|
|
)
|
|
|
|
|
|
|
|
// RootKeyStorage implements the bakery.RootKeyStorage interface.
|
|
|
|
type RootKeyStorage struct {
|
|
|
|
*bolt.DB
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewRootKeyStorage creates a RootKeyStorage instance.
|
|
|
|
// TODO(aakselrod): Add support for encryption of data with passphrase.
|
|
|
|
func NewRootKeyStorage(db *bolt.DB) (*RootKeyStorage, error) {
|
|
|
|
// If the store's bucket doesn't exist, create it.
|
|
|
|
err := db.Update(func(tx *bolt.Tx) error {
|
|
|
|
_, err := tx.CreateBucketIfNotExists(rootKeyBucketName)
|
|
|
|
return err
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2017-08-22 08:18:19 +02:00
|
|
|
|
2017-08-18 03:50:15 +02:00
|
|
|
// Return the DB wrapped in a RootKeyStorage object.
|
|
|
|
return &RootKeyStorage{db}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get implements the Get method for the bakery.RootKeyStorage interface.
|
|
|
|
func (r *RootKeyStorage) Get(id string) ([]byte, error) {
|
|
|
|
var rootKey []byte
|
|
|
|
err := r.View(func(tx *bolt.Tx) error {
|
2017-08-23 20:30:09 +02:00
|
|
|
dbKey := tx.Bucket(rootKeyBucketName).Get([]byte(id))
|
|
|
|
if len(dbKey) == 0 {
|
2017-08-18 03:50:15 +02:00
|
|
|
return fmt.Errorf("root key with id %s doesn't exist",
|
|
|
|
id)
|
|
|
|
}
|
2017-08-23 20:30:09 +02:00
|
|
|
|
|
|
|
rootKey = make([]byte, len(dbKey))
|
|
|
|
copy(rootKey[:], dbKey)
|
2017-08-18 03:50:15 +02:00
|
|
|
return nil
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2017-08-22 08:18:19 +02:00
|
|
|
|
2017-08-18 03:50:15 +02:00
|
|
|
return rootKey, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// RootKey implements the RootKey method for the bakery.RootKeyStorage
|
|
|
|
// interface.
|
|
|
|
// TODO(aakselrod): Add support for key rotation.
|
|
|
|
func (r *RootKeyStorage) RootKey() ([]byte, string, error) {
|
|
|
|
var rootKey []byte
|
|
|
|
id := defaultRootKeyID
|
|
|
|
err := r.Update(func(tx *bolt.Tx) error {
|
|
|
|
ns := tx.Bucket(rootKeyBucketName)
|
|
|
|
rootKey = ns.Get([]byte(id))
|
|
|
|
|
|
|
|
// If there's no root key stored in the bucket yet, create one.
|
|
|
|
if len(rootKey) != 0 {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create a RootKeyLen-byte root key.
|
|
|
|
rootKey = make([]byte, RootKeyLen)
|
|
|
|
if _, err := io.ReadFull(rand.Reader, rootKey[:]); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return ns.Put([]byte(id), rootKey)
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, "", err
|
|
|
|
}
|
2017-08-22 08:18:19 +02:00
|
|
|
|
2017-08-18 03:50:15 +02:00
|
|
|
return rootKey, id, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Storage implements the bakery.Storage interface.
|
|
|
|
type Storage struct {
|
|
|
|
*bolt.DB
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewStorage creates a Storage instance.
|
2017-08-22 08:18:19 +02:00
|
|
|
//
|
2017-08-18 03:50:15 +02:00
|
|
|
// TODO(aakselrod): Add support for encryption of data with passphrase.
|
|
|
|
func NewStorage(db *bolt.DB) (*Storage, error) {
|
|
|
|
// If the store's bucket doesn't exist, create it.
|
|
|
|
err := db.Update(func(tx *bolt.Tx) error {
|
|
|
|
_, err := tx.CreateBucketIfNotExists(macaroonBucketName)
|
|
|
|
return err
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2017-08-22 08:18:19 +02:00
|
|
|
|
2017-08-18 03:50:15 +02:00
|
|
|
// Return the DB wrapped in a Storage object.
|
|
|
|
return &Storage{db}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Put implements the Put method for the bakery.Storage interface.
|
|
|
|
func (s *Storage) Put(location string, item string) error {
|
|
|
|
return s.Update(func(tx *bolt.Tx) error {
|
|
|
|
return tx.Bucket(macaroonBucketName).Put([]byte(location),
|
|
|
|
[]byte(item))
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get implements the Get method for the bakery.Storage interface.
|
|
|
|
func (s *Storage) Get(location string) (string, error) {
|
2017-08-23 20:30:09 +02:00
|
|
|
var item []byte
|
2017-08-18 03:50:15 +02:00
|
|
|
err := s.View(func(tx *bolt.Tx) error {
|
|
|
|
itemBytes := tx.Bucket(macaroonBucketName).Get([]byte(location))
|
|
|
|
if len(itemBytes) == 0 {
|
|
|
|
return fmt.Errorf("couldn't get item for location %s",
|
|
|
|
location)
|
|
|
|
}
|
2017-08-23 20:30:09 +02:00
|
|
|
|
|
|
|
item = make([]byte, len(itemBytes))
|
|
|
|
copy(item, itemBytes)
|
2017-08-18 03:50:15 +02:00
|
|
|
return nil
|
|
|
|
})
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
2017-08-22 08:18:19 +02:00
|
|
|
|
2017-08-23 20:30:09 +02:00
|
|
|
return string(item), nil
|
2017-08-18 03:50:15 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Del implements the Del method for the bakery.Storage interface.
|
|
|
|
func (s *Storage) Del(location string) error {
|
|
|
|
return s.Update(func(tx *bolt.Tx) error {
|
|
|
|
return tx.Bucket(macaroonBucketName).Delete([]byte(location))
|
|
|
|
})
|
|
|
|
}
|