-
Notifications
You must be signed in to change notification settings - Fork 3
/
operator_signingkeys.go
69 lines (61 loc) · 1.54 KB
/
operator_signingkeys.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
package authb
import "github.com/nats-io/nkeys"
type operatorSigningKeys struct {
data *OperatorData
}
func (os *operatorSigningKeys) Add() (string, error) {
k, err := os.add()
if err != nil {
return "", err
}
return k.Public, nil
}
func (os *operatorSigningKeys) add() (*Key, error) {
key, err := KeyFor(nkeys.PrefixByteOperator)
if err != nil {
return nil, err
}
os.data.Claim.SigningKeys.Add(key.Public)
err = os.data.update()
if err != nil {
return nil, err
}
os.data.AddedKeys = append(os.data.AddedKeys, key)
os.data.OperatorSigningKeys = append(os.data.OperatorSigningKeys, key)
return key, nil
}
func (os *operatorSigningKeys) Delete(key string) (bool, error) {
for idx, k := range os.data.Claim.SigningKeys {
if k == key {
os.data.DeletedKeys = append(os.data.DeletedKeys, key)
os.data.Claim.SigningKeys = append(os.data.Claim.SigningKeys[:idx], os.data.Claim.SigningKeys[idx+1:]...)
return true, os.data.update()
}
}
return false, nil
}
func (os *operatorSigningKeys) Rotate(key string) (string, error) {
k, err := os.add()
if err != nil {
return "", err
}
ok, err := os.Delete(key)
if !ok || err != nil {
return "", err
}
// reissue all the accounts that were issued with the rotated signing key
for _, a := range os.data.AccountDatas {
if a.Claim.Issuer == key {
err := a.issue(k)
if err != nil {
return "", err
}
}
}
return k.Public, err
}
func (os *operatorSigningKeys) List() []string {
v := make([]string, len(os.data.Claim.SigningKeys))
copy(v, os.data.Claim.SigningKeys)
return v
}