github.com/jlmucb/cloudproxy@v0.0.0-20170830161738-b5aa0b619bc4/go/support_libraries/rotation_support/rotate.go (about) 1 // Copyright (c) 2014, Google Inc. All rights reserved. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Package protected_objects stores, searches and chains protected objects like keys 16 // and files. 17 18 package rotation_support 19 20 import ( 21 "container/list" 22 "errors" 23 "fmt" 24 "time" 25 26 "github.com/jlmucb/cloudproxy/go/support_libraries/protected_objects" 27 ) 28 29 func ChangeObjectStatus(l *list.List, name_obj string, epoch int, new_status string) error { 30 obj := protected_objects.FindObject(l, name_obj, int32(epoch), nil, nil) 31 if obj == nil { 32 return errors.New("Can't find object") 33 } 34 obj.ObjStatus = &new_status 35 return nil 36 } 37 38 // Revoke indicated object 39 func RevokeObject(l *list.List, name_obj string, epoch int) (error) { 40 return ChangeObjectStatus(l, name_obj, epoch, "revoked") 41 } 42 43 // Retire indicated object 44 func RetireObject(l *list.List, name_obj string, epoch int) (error) { 45 return ChangeObjectStatus(l, name_obj, epoch, "retired") 46 } 47 48 // Activate indicated object 49 func ActivateObject(l *list.List, name_obj string, epoch int) (error) { 50 return ChangeObjectStatus(l, name_obj, epoch, "active") 51 } 52 53 // Inactivate indicated object 54 func InactivateObject(l *list.List, name_obj string, epoch int) (error) { 55 return ChangeObjectStatus(l, name_obj, epoch, "inactive") 56 } 57 58 func ForceInclude() { 59 fmt.Printf("Include forced") 60 } 61 62 // Make object with new epoch and return it 63 func AddNewKeyEpoch(l *list.List, name_obj string, obj_type string, existing_status string, new_status string, 64 notBefore string, notAfter string, 65 value []byte) (*protected_objects.ObjectMessage, *protected_objects.ObjectMessage, error) { 66 new_epoch := 1 67 old_obj := protected_objects.GetLatestEpoch(l, name_obj, []string{existing_status}) 68 if old_obj != nil { 69 new_epoch = int(*old_obj.ObjId.ObjEpoch + 1) 70 } 71 nb, err := time.Parse("2006-01-02 15:04:05.999999999 -0700 MST", notBefore) 72 if err != nil { 73 return nil,nil, errors.New("Can't parse notBefore") 74 } 75 na, err := time.Parse("2006-01-02 15:04:05.999999999 -0700 MST", notAfter) 76 if err != nil { 77 return nil,nil, errors.New("Can't parse notAfter") 78 } 79 new_obj, err := protected_objects.CreateObject(name_obj, int32(new_epoch), &obj_type, 80 &new_status, &nb, &na, value) 81 if err != nil || new_obj == nil { 82 return nil,nil, errors.New("Can't create new object") 83 } 84 err = protected_objects.AddObject(l, *new_obj) 85 if err != nil { 86 return nil,nil, errors.New("Can't add new object") 87 } 88 return old_obj, new_obj, nil 89 } 90 91 // Find all the objects protected by existing object. 92 // For each, make a new protected object with new protector. 93 // Add all resulting nodes to the node list. 94 // Return new epoch. 95 func AddAndRotateNewKeyEpoch(name_obj string, obj_type string, existing_status string, 96 new_status string, notBefore string, notAfter string, value []byte, 97 obj_list *list.List, protected_obj_list *list.List) (*protected_objects.ObjectMessage, error) { 98 old_obj, new_obj, err := AddNewKeyEpoch(obj_list, name_obj, obj_type, existing_status, 99 new_status, notBefore, notAfter, value) 100 if err != nil || new_obj == nil { 101 return nil, errors.New("Can't create new epoch") 102 } 103 err = protected_objects.AddObject(obj_list, *new_obj) 104 if err != nil { 105 return nil, errors.New("Can't add new key") 106 } 107 if old_obj == nil { 108 return new_obj, nil 109 } 110 old_protected := protected_objects.FindProtectedObjects(protected_obj_list, name_obj, *old_obj.ObjId.ObjEpoch) 111 if old_protected == nil || old_protected.Len() <= 0 { 112 fmt.Printf("old protector: %s, %d\n", name_obj, *old_obj.ObjId.ObjEpoch) 113 return nil, errors.New("Can't Find protected nodes") 114 } 115 for e := old_protected.Front(); e != nil; e = e.Next() { 116 old := e.Value.(protected_objects.ProtectedObjectMessage) 117 protected_name := *old.ProtectedObjId.ObjName 118 protected_epoch := *old.ProtectedObjId.ObjEpoch 119 old_protected_obj := protected_objects.FindObject(obj_list, protected_name, protected_epoch, nil, nil) 120 if old_protected_obj == nil { 121 return nil, errors.New("Can't find object") 122 } 123 new_protected_obj, err := protected_objects.MakeProtectedObject(*old_protected_obj, 124 *new_obj.ObjId.ObjName, *new_obj.ObjId.ObjEpoch, new_obj.ObjVal) 125 if new_protected_obj == nil || err != nil { 126 return new_obj, errors.New("Can't make new protected object") 127 } 128 err = protected_objects.AddProtectedObject(protected_obj_list, *new_protected_obj) 129 if err != nil { 130 return new_obj, errors.New("Can't add new protected node") 131 } 132 } 133 return new_obj, nil 134 }