diff options
-rw-r--r-- | src/libstore/binary-cache-store.cc | 9 | ||||
-rw-r--r-- | src/libstore/binary-cache-store.hh | 3 | ||||
-rw-r--r-- | src/libstore/crypto.cc | 11 | ||||
-rw-r--r-- | src/libstore/crypto.hh | 12 | ||||
-rw-r--r-- | src/libstore/http-binary-cache-store.cc | 7 | ||||
-rw-r--r-- | src/libstore/local-binary-cache-store.cc | 19 | ||||
-rw-r--r-- | src/libstore/store-api.hh | 3 |
7 files changed, 39 insertions, 25 deletions
diff --git a/src/libstore/binary-cache-store.cc b/src/libstore/binary-cache-store.cc index 01d937f2e..5ded16d02 100644 --- a/src/libstore/binary-cache-store.cc +++ b/src/libstore/binary-cache-store.cc @@ -14,16 +14,13 @@ namespace nix { BinaryCacheStore::BinaryCacheStore(std::shared_ptr<Store> localStore, - const Path & secretKeyFile, const Path & publicKeyFile) + const Path & secretKeyFile) : localStore(localStore) { - if (secretKeyFile != "") + if (secretKeyFile != "") { secretKey = std::unique_ptr<SecretKey>(new SecretKey(readFile(secretKeyFile))); - - if (publicKeyFile != "") { publicKeys = std::unique_ptr<PublicKeys>(new PublicKeys); - auto key = PublicKey(readFile(publicKeyFile)); - publicKeys->emplace(key.name, key); + publicKeys->emplace(secretKey->name, secretKey->toPublicKey()); } StringSink sink; diff --git a/src/libstore/binary-cache-store.hh b/src/libstore/binary-cache-store.hh index 6feb84cd2..c99556f33 100644 --- a/src/libstore/binary-cache-store.hh +++ b/src/libstore/binary-cache-store.hh @@ -31,8 +31,7 @@ private: protected: - BinaryCacheStore(std::shared_ptr<Store> localStore, - const Path & secretKeyFile, const Path & publicKeyFile); + BinaryCacheStore(std::shared_ptr<Store> localStore, const Path & secretKeyFile); [[noreturn]] void notImpl(); diff --git a/src/libstore/crypto.cc b/src/libstore/crypto.cc index c1b57e51d..53e94e1f5 100644 --- a/src/libstore/crypto.cc +++ b/src/libstore/crypto.cc @@ -55,6 +55,17 @@ std::string SecretKey::signDetached(const std::string & data) const #endif } +PublicKey SecretKey::toPublicKey() const +{ +#if HAVE_SODIUM + unsigned char pk[crypto_sign_PUBLICKEYBYTES]; + crypto_sign_ed25519_sk_to_pk(pk, (unsigned char *) key.data()); + return PublicKey(name, std::string((char *) pk, crypto_sign_PUBLICKEYBYTES)); +#else + noSodium(); +#endif +} + PublicKey::PublicKey(const string & s) : Key(s) { diff --git a/src/libstore/crypto.hh b/src/libstore/crypto.hh index a1489e753..33b79cb2e 100644 --- a/src/libstore/crypto.hh +++ b/src/libstore/crypto.hh @@ -15,19 +15,31 @@ struct Key ‘<name>:<key-in-base64>’. */ Key(const std::string & s); +protected: + Key(const std::string & name, const std::string & key) + : name(name), key(key) { } }; +struct PublicKey; + struct SecretKey : Key { SecretKey(const std::string & s); /* Return a detached signature of the given string. */ std::string signDetached(const std::string & s) const; + + PublicKey toPublicKey() const; }; struct PublicKey : Key { PublicKey(const std::string & data); + +private: + PublicKey(const std::string & name, const std::string & key) + : Key(name, key) { } + friend class SecretKey; }; typedef std::map<std::string, PublicKey> PublicKeys; diff --git a/src/libstore/http-binary-cache-store.cc b/src/libstore/http-binary-cache-store.cc index 78f4497e7..861e13c7f 100644 --- a/src/libstore/http-binary-cache-store.cc +++ b/src/libstore/http-binary-cache-store.cc @@ -14,9 +14,8 @@ private: public: HttpBinaryCacheStore(std::shared_ptr<Store> localStore, - const Path & secretKeyFile, const Path & publicKeyFile, - const Path & _cacheUri) - : BinaryCacheStore(localStore, secretKeyFile, publicKeyFile) + const Path & secretKeyFile, const Path & _cacheUri) + : BinaryCacheStore(localStore, secretKeyFile) , cacheUri(_cacheUri) , downloader(makeDownloader()) { @@ -66,7 +65,7 @@ static RegisterStoreImplementation regStore([](const std::string & uri) -> std:: if (std::string(uri, 0, 7) != "http://" && std::string(uri, 0, 8) != "https://") return 0; auto store = std::make_shared<HttpBinaryCacheStore>(std::shared_ptr<Store>(0), - "", "", // FIXME: allow the signing key to be set + "", // FIXME: allow the signing key to be set uri); store->init(); return store; diff --git a/src/libstore/local-binary-cache-store.cc b/src/libstore/local-binary-cache-store.cc index 8590aea18..6adabaf9f 100644 --- a/src/libstore/local-binary-cache-store.cc +++ b/src/libstore/local-binary-cache-store.cc @@ -11,8 +11,7 @@ private: public: LocalBinaryCacheStore(std::shared_ptr<Store> localStore, - const Path & secretKeyFile, const Path & publicKeyFile, - const Path & binaryCacheDir); + const Path & secretKeyFile, const Path & binaryCacheDir); void init() override; @@ -27,9 +26,8 @@ protected: }; LocalBinaryCacheStore::LocalBinaryCacheStore(std::shared_ptr<Store> localStore, - const Path & secretKeyFile, const Path & publicKeyFile, - const Path & binaryCacheDir) - : BinaryCacheStore(localStore, secretKeyFile, publicKeyFile) + const Path & secretKeyFile, const Path & binaryCacheDir) + : BinaryCacheStore(localStore, secretKeyFile) , binaryCacheDir(binaryCacheDir) { } @@ -66,19 +64,18 @@ std::string LocalBinaryCacheStore::getFile(const std::string & path) } ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore, - const Path & secretKeyFile, const Path & publicKeyFile, - const Path & binaryCacheDir) + const Path & secretKeyFile, const Path & binaryCacheDir) { - auto store = std::make_shared<LocalBinaryCacheStore>( - localStore, secretKeyFile, publicKeyFile, binaryCacheDir); + auto store = make_ref<LocalBinaryCacheStore>( + localStore, secretKeyFile, binaryCacheDir); store->init(); - return ref<Store>(std::shared_ptr<Store>(store)); + return store; } static RegisterStoreImplementation regStore([](const std::string & uri) -> std::shared_ptr<Store> { if (std::string(uri, 0, 7) != "file://") return 0; return openLocalBinaryCacheStore(std::shared_ptr<Store>(0), - "", "", // FIXME: allow the signing key to be set + "", // FIXME: allow the signing key to be set std::string(uri, 7)); }); diff --git a/src/libstore/store-api.hh b/src/libstore/store-api.hh index 9825d45db..adec0fb78 100644 --- a/src/libstore/store-api.hh +++ b/src/libstore/store-api.hh @@ -454,8 +454,7 @@ ref<Store> openStore(); ref<Store> openLocalBinaryCacheStore(std::shared_ptr<Store> localStore, - const Path & secretKeyFile, const Path & publicKeyFile, - const Path & binaryCacheDir); + const Path & secretKeyFile, const Path & binaryCacheDir); /* Store implementation registration. */ |