zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
140 Commits
183 Branches
291 MiB
Tree: 0418d32276
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '0418d32276'
${ noResults }
tendermint/keys/storage/filestorage/main.go

171 lines
4.3 KiB
Raw Normal View History

Import keystore logic from light-client
8 years ago
Moved crypto code to top level again
8 years ago
Import keystore logic from light-client
8 years ago
Create nested directories as needed to store keys
8 years ago
Import keystore logic from light-client
8 years ago
Expose new and list via cli
8 years ago
Import keystore logic from light-client
8 years ago
Expose new and list via cli
8 years ago
Import keystore logic from light-client
8 years ago
Expose new and list via cli
8 years ago
Import keystore logic from light-client
8 years ago
Expose address in keyinfo, add get command
8 years ago
Import keystore logic from light-client
8 years ago
Expose new and list via cli
8 years ago
Import keystore logic from light-client
8 years ago
Expose new and list via cli
8 years ago
Import keystore logic from light-client
8 years ago
Expose address in keyinfo, add get command
8 years ago
Import keystore logic from light-client
8 years ago
Expose new and list via cli
8 years ago
Import keystore logic from light-client
8 years ago
Expose new and list via cli
8 years ago
Import keystore logic from light-client
8 years ago
Fixed all imports in keys
8 years ago
Import keystore logic from light-client
8 years ago
 
  1. /*
  2. package filestorage provides a secure on-disk storage of private keys and
  3. metadata.  Security is enforced by file and directory permissions, much
  4. like standard ssh key storage.
  5. */
  6. package filestorage
  7. 

  8. import (
  9. 	"fmt"
  10. 	"io/ioutil"
  11. 	"os"
  12. 	"path"
  13. 	"strings"
  14. 

  15. 	"github.com/pkg/errors"
  16. 	crypto "github.com/tendermint/go-crypto"
  17. 	keys "github.com/tendermint/go-crypto/keys"
  18. )
  19. 

  20. const (
  21. 	BlockType = "Tendermint Light Client"
  22. 	PrivExt   = "tlc"
  23. 	PubExt    = "pub"
  24. 	keyPerm   = os.FileMode(0600)
  25. 	pubPerm   = os.FileMode(0644)
  26. 	dirPerm   = os.FileMode(0700)
  27. )
  28. 

  29. type FileStore struct {
  30. 	keyDir string
  31. }
  32. 

  33. // New creates an instance of file-based key storage with tight permissions

  34. //

  35. // dir should be an absolute path of a directory owner by this user. It will

  36. // be created if it doesn't exist already.

  37. func New(dir string) FileStore {
  38. 	err := os.MkdirAll(dir, dirPerm)
  39. 	if err != nil {
  40. 		panic(err)
  41. 	}
  42. 	return FileStore{dir}
  43. }
  44. 

  45. // assertStorage just makes sure we implement the proper Storage interface

  46. func (s FileStore) assertStorage() keys.Storage {
  47. 	return s
  48. }
  49. 

  50. // Put creates two files, one with the public info as json, the other

  51. // with the (encoded) private key as gpg ascii-armor style

  52. func (s FileStore) Put(name string, key []byte, info keys.Info) error {
  53. 	pub, priv := s.nameToPaths(name)
  54. 

  55. 	// write public info

  56. 	err := writeInfo(pub, info)
  57. 	if err != nil {
  58. 		return err
  59. 	}
  60. 

  61. 	// write private info

  62. 	return write(priv, name, key)
  63. }
  64. 

  65. // Get loads the info and (encoded) private key from the directory

  66. // It uses `name` to generate the filename, and returns an error if the

  67. // files don't exist or are in the incorrect format

  68. func (s FileStore) Get(name string) ([]byte, keys.Info, error) {
  69. 	pub, priv := s.nameToPaths(name)
  70. 

  71. 	info, err := readInfo(pub)
  72. 	if err != nil {
  73. 		return nil, info, err
  74. 	}
  75. 

  76. 	key, _, err := read(priv)
  77. 	return key, info.Format(), err
  78. }
  79. 

  80. // List parses the key directory for public info and returns a list of

  81. // Info for all keys located in this directory.

  82. func (s FileStore) List() (keys.Infos, error) {
  83. 	dir, err := os.Open(s.keyDir)
  84. 	if err != nil {
  85. 		return nil, errors.Wrap(err, "List Keys")
  86. 	}
  87. 	names, err := dir.Readdirnames(0)
  88. 	if err != nil {
  89. 		return nil, errors.Wrap(err, "List Keys")
  90. 	}
  91. 

  92. 	// filter names for .pub ending and load them one by one

  93. 	// half the files is a good guess for pre-allocating the slice

  94. 	infos := make([]keys.Info, 0, len(names)/2)
  95. 	for _, name := range names {
  96. 		if strings.HasSuffix(name, PubExt) {
  97. 			p := path.Join(s.keyDir, name)
  98. 			info, err := readInfo(p)
  99. 			if err != nil {
  100. 				return nil, err
  101. 			}
  102. 			infos = append(infos, info.Format())
  103. 		}
  104. 	}
  105. 

  106. 	return infos, nil
  107. }
  108. 

  109. // Delete permanently removes the public and private info for the named key

  110. // The calling function should provide some security checks first.

  111. func (s FileStore) Delete(name string) error {
  112. 	pub, priv := s.nameToPaths(name)
  113. 	err := os.Remove(priv)
  114. 	if err != nil {
  115. 		return errors.Wrap(err, "Deleting Private Key")
  116. 	}
  117. 	err = os.Remove(pub)
  118. 	return errors.Wrap(err, "Deleting Public Key")
  119. }
  120. 

  121. func (s FileStore) nameToPaths(name string) (pub, priv string) {
  122. 	privName := fmt.Sprintf("%s.%s", name, PrivExt)
  123. 	pubName := fmt.Sprintf("%s.%s", name, PubExt)
  124. 	return path.Join(s.keyDir, pubName), path.Join(s.keyDir, privName)
  125. }
  126. 

  127. func writeInfo(path string, info keys.Info) error {
  128. 	return write(path, info.Name, info.PubKey.Bytes())
  129. }
  130. 

  131. func readInfo(path string) (info keys.Info, err error) {
  132. 	var data []byte
  133. 	data, info.Name, err = read(path)
  134. 	if err != nil {
  135. 		return
  136. 	}
  137. 	pk, err := crypto.PubKeyFromBytes(data)
  138. 	info.PubKey = pk
  139. 	return
  140. }
  141. 

  142. func read(path string) ([]byte, string, error) {
  143. 	f, err := os.Open(path)
  144. 	if err != nil {
  145. 		return nil, "", errors.Wrap(err, "Reading data")
  146. 	}
  147. 	d, err := ioutil.ReadAll(f)
  148. 	if err != nil {
  149. 		return nil, "", errors.Wrap(err, "Reading data")
  150. 	}
  151. 	block, headers, key, err := crypto.DecodeArmor(string(d))
  152. 	if err != nil {
  153. 		return nil, "", errors.Wrap(err, "Invalid Armor")
  154. 	}
  155. 	if block != BlockType {
  156. 		return nil, "", errors.Errorf("Unknown key type: %s", block)
  157. 	}
  158. 	return key, headers["name"], nil
  159. }
  160. 

  161. func write(path, name string, key []byte) error {
  162. 	f, err := os.OpenFile(path, os.O_CREATE|os.O_EXCL|os.O_WRONLY, keyPerm)
  163. 	if err != nil {
  164. 		return errors.Wrap(err, "Writing data")
  165. 	}
  166. 	defer f.Close()
  167. 	headers := map[string]string{"name": name}
  168. 	text := crypto.EncodeArmor(BlockType, headers, key)
  169. 	_, err = f.WriteString(text)
  170. 	return errors.Wrap(err, "Writing data")
  171. }