Skip to content
Snippets Groups Projects

refator error handling

Merged refator error handling
14-refactor-ksa-error-handling into master
Merged Damyan Mitev requested to merge 14-refactor-ksa-error-handling into master
Compare
and
5 files
+ 130
187
Compare changes
  • Side-by-side
  • Inline
Files
5
handler/generate_keypair.go
+ 36
50
@@ -18,6 +18,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
package handler
import (
"code.vereign.com/code/viam-apis/errors"
"crypto/aes"
"crypto/cipher"
"crypto/rand"
@@ -29,7 +30,6 @@ import (
keyutils "code.vereign.com/code/key-storage-agent/utils"
"code.vereign.com/code/viam-apis/key-storage-agent/api"
"code.vereign.com/code/viam-apis/utils"
"golang.org/x/net/context"
)
@@ -41,89 +41,75 @@ func (s *KeyStorageServerImpl) GenerateKeyPair(ctx context.Context,
client := keyutils.CreateDataStorageClient(auth)
defer client.CloseClient()
generateKeyPairResponse := &api.GenerateKeyPairResponse{}
uuid, err := keyutils.GenerateUnusedUUID(client)
if err != nil {
log.Printf("Error: %v", err)
generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
"500", api.StatusType_ERROR, err.Error())
return nil, err
}
privateKeyBytes, publicKeyBytes, err := generateKeyPair(int(in.KeySize))
if err != nil {
log.Printf("Error: %v", err)
generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
"500", api.StatusType_ERROR, err.Error())
return nil, err
}
aesKeyBytes, err := generateRandomSequence(256)
if err != nil {
log.Printf("Error: %v", err)
generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
"500", api.StatusType_ERROR, err.Error())
return nil, err
}
encryptedPrivateKeyBytes, privateKeyNonce, err := aesEncrypt(aesKeyBytes, privateKeyBytes)
if err != nil {
log.Printf("Error: %v", err)
generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
"500", api.StatusType_ERROR, err.Error())
return generateKeyPairResponse, nil
return nil, err
}
encryptedPrivateKey := &api.Key{Content: encryptedPrivateKeyBytes}
result, errors, err := client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_PRIVATE), encryptedPrivateKey)
generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
if generateKeyPairResponse.StatusList == nil || len(generateKeyPairResponse.StatusList) == 0 {
publicKey := &api.Key{Content: publicKeyBytes}
result, errors, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_PUBLIC), publicKey)
generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_PRIVATE), encryptedPrivateKey)
if err != nil {
return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_PRIVATE))
}
//duplicate logic of ReserveKeyUUID
if generateKeyPairResponse.StatusList == nil || len(generateKeyPairResponse.StatusList) == 0 {
emptyKey := &api.Key{Content: []byte{}}
result, errors, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_CERTIFICATE), emptyKey)
generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
publicKey := &api.Key{Content: publicKeyBytes}
_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_PUBLIC), publicKey)
if err != nil {
return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_PUBLIC))
}
if generateKeyPairResponse.StatusList == nil || len(generateKeyPairResponse.StatusList) == 0 {
encryptedAesKeyBytes, err := rsaEncryptWithServerKey(s.VereignCertPEM, aesKeyBytes, []byte("aeskeys"))
if err != nil {
log.Printf("Error: %v", err)
generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
"500", api.StatusType_ERROR, err.Error())
return generateKeyPairResponse, nil
}
//duplicate logic of ReserveKeyUUID
encryptedAesKey := &api.Key{Content: encryptedAesKeyBytes}
emptyKey := &api.Key{Content: []byte{}}
_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_CERTIFICATE), emptyKey)
if err != nil {
return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_CERTIFICATE))
}
result, errors, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_AES), encryptedAesKey)
generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
encryptedAesKeyBytes, err := rsaEncryptWithServerKey(s.VereignCertPEM, aesKeyBytes, []byte("aeskeys"))
if err != nil {
return nil, errors.WrapInternal(err, "Could not encrypt")
}
if generateKeyPairResponse.StatusList == nil || len(generateKeyPairResponse.StatusList) == 0 {
encryptedPrivateKeyNonceBytes, err := rsaEncryptWithServerKey(s.VereignCertPEM, privateKeyNonce, []byte("nonce"))
if err != nil {
log.Printf("Error: %v", err)
generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
"500", api.StatusType_ERROR, err.Error())
return generateKeyPairResponse, nil
}
encryptedAesKey := &api.Key{Content: encryptedAesKeyBytes}
encryptedNonce := &api.Key{Content: encryptedPrivateKeyNonceBytes}
_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_AES), encryptedAesKey)
if err != nil {
return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_AES))
}
result, errors, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_NONCE), encryptedNonce)
generateKeyPairResponse.StatusList = keyutils.HandlePutDataErrors(generateKeyPairResponse.StatusList, errors, err)
encryptedPrivateKeyNonceBytes, err := rsaEncryptWithServerKey(s.VereignCertPEM, privateKeyNonce, []byte("nonce"))
if err != nil {
return nil, errors.WrapInternal(err, "Could not encrypt private key")
}
if generateKeyPairResponse.StatusList == nil || len(generateKeyPairResponse.StatusList) == 0 {
generateKeyPairResponse.Uuid = uuid
generateKeyPairResponse.StatusList = utils.AddStatus(generateKeyPairResponse.StatusList,
"200", api.StatusType_INFO, result)
encryptedNonce := &api.Key{Content: encryptedPrivateKeyNonceBytes}
_, _, err = client.PutData("keys", uuid+"/"+api.KeyType.String(api.KeyType_NONCE), encryptedNonce)
if err != nil {
return nil, errors.WrapInternalFormat(err, "Could not store key %s", uuid+"/"+api.KeyType.String(api.KeyType_NONCE))
}
generateKeyPairResponse := &api.GenerateKeyPairResponse{Uuid:uuid}
return generateKeyPairResponse, nil
}