Skip to content

Commit

Permalink
fixup! go/common/crypto/signature/signers/remote: Initial import
Browse files Browse the repository at this point in the history
  • Loading branch information
@Yawning
Yawning committed Feb 26, 2020
1 parent 49bbf38 commit 540fe9b
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 5 deletions.
4 changes: 2 additions & 2 deletions go/common/crypto/signature/signers/remote/grpc.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ type remoteFactory struct {
}

func (rf *remoteFactory) EnsureRole(role signature.SignerRole) error {
if rf.signers[role] != nil {
if rf.signers[role] == nil {
return signature.ErrNotExist
}
return nil
Expand Down Expand Up @@ -246,7 +246,7 @@ func NewFactory(config interface{}, roles ...signature.SignerRole) (signature.Si
*cfg.ClientCertificate,
},
RootCAs: certPool,
ServerName: "remote-signer-client",
ServerName: "remote-signer-server",
})

conn, err := cmnGrpc.Dial(cfg.Address, grpc.WithTransportCredentials(creds))
Expand Down
19 changes: 16 additions & 3 deletions go/oasis-remote-signer/cmd/root.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
package cmd

import (
"crypto/rand"
goTls "crypto/tls"
"crypto/x509"
"fmt"
Expand Down Expand Up @@ -69,15 +70,15 @@ func ensureDataDir() (string, error) {
}

func doServerInit(cmd *cobra.Command, args []string) {
if _, _, err := serverInit(); err != nil {
if _, _, err := serverInit(true); err != nil {
logger.Error("failed to initialize server keys",
"err", err,
)
os.Exit(1)
}
}

func serverInit() (signature.SignerFactory, *goTls.Certificate, error) {
func serverInit(provisionKeys bool) (signature.SignerFactory, *goTls.Certificate, error) {
dataDir, err := ensureDataDir()
if err != nil {
return nil, nil, err
Expand All @@ -90,6 +91,18 @@ func serverInit() (signature.SignerFactory, *goTls.Certificate, error) {
)
return nil, nil, fmt.Errorf("remote-signer: failed to create signer: %w", err)
}
for _, v := range signature.SignerRoles {
switch provisionKeys {
case true:
if _, err = sf.Generate(v, rand.Reader); err != nil {
return nil, nil, fmt.Errorf("remote-signer: failed to provision key (%v): %w", v, err)
}
case false:
if _, err = sf.Load(v); err != nil {
return nil, nil, fmt.Errorf("remote-signer: failed to load key (%v): %w", v, err)
}
}
}

// Load the server certificate, provisioning if required.
cert, err := tls.LoadOrGenerate(
Expand Down Expand Up @@ -130,7 +143,7 @@ func doClientInit(cmd *cobra.Command, args []string) {

func runRoot(cmd *cobra.Command, args []string) error {
// Initialize all of the server keys.
sf, cert, err := serverInit()
sf, cert, err := serverInit(false)
if err != nil {
logger.Error("failed to initialize server keys",
"err", err,
Expand Down

0 comments on commit 540fe9b

Please sign in to comment.