storj/satellite/satellitedb/certdb.go

// Copyright (C) 2018 Storj Labs, Inc.
// See LICENSE for copying information.

package satellitedb

import (
	"context"
	"crypto"
	"database/sql"

	"storj.io/storj/internal/dbutil/pgutil"
	"storj.io/storj/internal/dbutil/sqliteutil"
	"storj.io/storj/pkg/pkcrypto"
	"storj.io/storj/pkg/storj"
	dbx "storj.io/storj/satellite/satellitedb/dbx"
)

type certDB struct {
	db *dbx.DB
}

func (certs *certDB) SavePublicKey(ctx context.Context, nodeID storj.NodeID, publicKey crypto.PublicKey) (err error) {
	defer mon.Task()(&ctx)(&err)
	_, err = certs.db.Get_CertRecord_By_Id(ctx, dbx.CertRecord_Id(nodeID.Bytes()))
	if err == sql.ErrNoRows {
		return certs.tryAddPublicKey(ctx, nodeID, publicKey)
	}
	if err != nil {
		return Error.Wrap(err)
	}

	// nodeID entry already exists, just return
	return nil
}

func (certs *certDB) tryAddPublicKey(ctx context.Context, nodeID storj.NodeID, publicKey crypto.PublicKey) (err error) {
	defer mon.Task()(&ctx)(&err)
	// no rows err, so create/insert an entry
	pubbytes, err := pkcrypto.PublicKeyToPKIX(publicKey)
	if err != nil {
		return Error.Wrap(err)
	}

	// TODO: use upsert here instead of create
	_, err = certs.db.Create_CertRecord(ctx,
		dbx.CertRecord_Publickey(pubbytes),
		dbx.CertRecord_Id(nodeID.Bytes()),
	)
	// another goroutine might race to create the cert record, let's ignore that error
	if pgutil.IsConstraintError(err) || sqliteutil.IsConstraintError(err) {
		return nil
	} else if err != nil {
		return Error.Wrap(err)
	}

	return nil
}

func (certs *certDB) GetPublicKey(ctx context.Context, nodeID storj.NodeID) (_ crypto.PublicKey, err error) {
	defer mon.Task()(&ctx)(&err)
	dbxInfo, err := certs.db.Get_CertRecord_By_Id(ctx, dbx.CertRecord_Id(nodeID.Bytes()))
	if err != nil {
		return nil, err
	}

	pubkey, err := pkcrypto.PublicKeyFromPKIX(dbxInfo.Publickey)
	if err != nil {
		return nil, Error.New("Failed to extract Public Key from Order: %+v", err)
	}
	return pubkey, nil
}
Store the uplinks public key on the satellite so that it can verify bandwidth requests in the future (#1042) * integrated with bwagreement & psserver * integrated with pointerdb * code review updates * refactor after code review * uplinkdb rename to certdb * Code review changes 2019-02-07 19:22:49 +00:00			`// Copyright (C) 2018 Storj Labs, Inc.`
			`// See LICENSE for copying information.`

			`package satellitedb`

			`import (`
			`"context"`
			`"crypto"`
fix saving uplink public key on satellite (#1797) * fix save into cert records * fix transaction logic * test shouldn't be flaky anymore * add missing cause method * restart jenkins 2019-04-23 20:48:57 +01:00			`"database/sql"`
Store the uplinks public key on the satellite so that it can verify bandwidth requests in the future (#1042) * integrated with bwagreement & psserver * integrated with pointerdb * code review updates * refactor after code review * uplinkdb rename to certdb * Code review changes 2019-02-07 19:22:49 +00:00
fix saving uplink public key on satellite (#1797) * fix save into cert records * fix transaction logic * test shouldn't be flaky anymore * add missing cause method * restart jenkins 2019-04-23 20:48:57 +01:00			`"storj.io/storj/internal/dbutil/pgutil"`
			`"storj.io/storj/internal/dbutil/sqliteutil"`
Unite all cryptographic signing and verifying (#1244) this change removes the cryptopasta dependency. a couple possible sources of problem with this change: * the encoding used for ECDSA signatures on SignedMessage has changed. the encoding employed by cryptopasta was workable, but not the same as the encoding used for such signatures in the rest of the world (most particularly, on ECDSA signatures in X.509 certificates). I think we'll be best served by using one ECDSA signature encoding from here on, but if we need to use the old encoding for backwards compatibility with existing nodes, that can be arranged. * since there's already a breaking change in SignedMessage, I changed it to send and receive public keys in raw PKIX format, instead of PEM. PEM just adds unhelpful overhead for this case. 2019-02-07 20:39:20 +00:00			`"storj.io/storj/pkg/pkcrypto"`
Store the uplinks public key on the satellite so that it can verify bandwidth requests in the future (#1042) * integrated with bwagreement & psserver * integrated with pointerdb * code review updates * refactor after code review * uplinkdb rename to certdb * Code review changes 2019-02-07 19:22:49 +00:00			`"storj.io/storj/pkg/storj"`
			`dbx "storj.io/storj/satellite/satellitedb/dbx"`
			`)`

			`type certDB struct {`
			`db *dbx.DB`
			`}`

satellite: add monkit task to missing places (#2108) 2019-06-04 12:55:38 +01:00			`func (certs *certDB) SavePublicKey(ctx context.Context, nodeID storj.NodeID, publicKey crypto.PublicKey) (err error) {`
			`defer mon.Task()(&ctx)(&err)`
			`_, err = certs.db.Get_CertRecord_By_Id(ctx, dbx.CertRecord_Id(nodeID.Bytes()))`
fix saving uplink public key on satellite (#1797) * fix save into cert records * fix transaction logic * test shouldn't be flaky anymore * add missing cause method * restart jenkins 2019-04-23 20:48:57 +01:00			`if err == sql.ErrNoRows {`
			`return certs.tryAddPublicKey(ctx, nodeID, publicKey)`
			`}`
Store the uplinks public key on the satellite so that it can verify bandwidth requests in the future (#1042) * integrated with bwagreement & psserver * integrated with pointerdb * code review updates * refactor after code review * uplinkdb rename to certdb * Code review changes 2019-02-07 19:22:49 +00:00			`if err != nil {`
			`return Error.Wrap(err)`
			`}`

fix saving uplink public key on satellite (#1797) * fix save into cert records * fix transaction logic * test shouldn't be flaky anymore * add missing cause method * restart jenkins 2019-04-23 20:48:57 +01:00			`// nodeID entry already exists, just return`
			`return nil`
			`}`

satellite: add monkit task to missing places (#2108) 2019-06-04 12:55:38 +01:00			`func (certs *certDB) tryAddPublicKey(ctx context.Context, nodeID storj.NodeID, publicKey crypto.PublicKey) (err error) {`
			`defer mon.Task()(&ctx)(&err)`
fix saving uplink public key on satellite (#1797) * fix save into cert records * fix transaction logic * test shouldn't be flaky anymore * add missing cause method * restart jenkins 2019-04-23 20:48:57 +01:00			`// no rows err, so create/insert an entry`
			`pubbytes, err := pkcrypto.PublicKeyToPKIX(publicKey)`
Store the uplinks public key on the satellite so that it can verify bandwidth requests in the future (#1042) * integrated with bwagreement & psserver * integrated with pointerdb * code review updates * refactor after code review * uplinkdb rename to certdb * Code review changes 2019-02-07 19:22:49 +00:00			`if err != nil {`
fix saving uplink public key on satellite (#1797) * fix save into cert records * fix transaction logic * test shouldn't be flaky anymore * add missing cause method * restart jenkins 2019-04-23 20:48:57 +01:00			`return Error.Wrap(err)`
Store the uplinks public key on the satellite so that it can verify bandwidth requests in the future (#1042) * integrated with bwagreement & psserver * integrated with pointerdb * code review updates * refactor after code review * uplinkdb rename to certdb * Code review changes 2019-02-07 19:22:49 +00:00			`}`

fix saving uplink public key on satellite (#1797) * fix save into cert records * fix transaction logic * test shouldn't be flaky anymore * add missing cause method * restart jenkins 2019-04-23 20:48:57 +01:00			`// TODO: use upsert here instead of create`
			`_, err = certs.db.Create_CertRecord(ctx,`
			`dbx.CertRecord_Publickey(pubbytes),`
			`dbx.CertRecord_Id(nodeID.Bytes()),`
			`)`
			`// another goroutine might race to create the cert record, let's ignore that error`
			`if pgutil.IsConstraintError(err) \|\| sqliteutil.IsConstraintError(err) {`
			`return nil`
			`} else if err != nil {`
			`return Error.Wrap(err)`
			`}`

			`return nil`
Store the uplinks public key on the satellite so that it can verify bandwidth requests in the future (#1042) * integrated with bwagreement & psserver * integrated with pointerdb * code review updates * refactor after code review * uplinkdb rename to certdb * Code review changes 2019-02-07 19:22:49 +00:00			`}`

satellite: add monkit task to missing places (#2108) 2019-06-04 12:55:38 +01:00			`func (certs *certDB) GetPublicKey(ctx context.Context, nodeID storj.NodeID) (_ crypto.PublicKey, err error) {`
			`defer mon.Task()(&ctx)(&err)`
fix saving uplink public key on satellite (#1797) * fix save into cert records * fix transaction logic * test shouldn't be flaky anymore * add missing cause method * restart jenkins 2019-04-23 20:48:57 +01:00			`dbxInfo, err := certs.db.Get_CertRecord_By_Id(ctx, dbx.CertRecord_Id(nodeID.Bytes()))`
Store the uplinks public key on the satellite so that it can verify bandwidth requests in the future (#1042) * integrated with bwagreement & psserver * integrated with pointerdb * code review updates * refactor after code review * uplinkdb rename to certdb * Code review changes 2019-02-07 19:22:49 +00:00			`if err != nil {`
			`return nil, err`
			`}`
fix saving uplink public key on satellite (#1797) * fix save into cert records * fix transaction logic * test shouldn't be flaky anymore * add missing cause method * restart jenkins 2019-04-23 20:48:57 +01:00
Unite all cryptographic signing and verifying (#1244) this change removes the cryptopasta dependency. a couple possible sources of problem with this change: * the encoding used for ECDSA signatures on SignedMessage has changed. the encoding employed by cryptopasta was workable, but not the same as the encoding used for such signatures in the rest of the world (most particularly, on ECDSA signatures in X.509 certificates). I think we'll be best served by using one ECDSA signature encoding from here on, but if we need to use the old encoding for backwards compatibility with existing nodes, that can be arranged. * since there's already a breaking change in SignedMessage, I changed it to send and receive public keys in raw PKIX format, instead of PEM. PEM just adds unhelpful overhead for this case. 2019-02-07 20:39:20 +00:00			`pubkey, err := pkcrypto.PublicKeyFromPKIX(dbxInfo.Publickey)`
Store the uplinks public key on the satellite so that it can verify bandwidth requests in the future (#1042) * integrated with bwagreement & psserver * integrated with pointerdb * code review updates * refactor after code review * uplinkdb rename to certdb * Code review changes 2019-02-07 19:22:49 +00:00			`if err != nil {`
BWA aliases (#1333) aliased RBAs and PBAs 2019-02-22 21:17:35 +00:00			`return nil, Error.New("Failed to extract Public Key from Order: %+v", err)`
Store the uplinks public key on the satellite so that it can verify bandwidth requests in the future (#1042) * integrated with bwagreement & psserver * integrated with pointerdb * code review updates * refactor after code review * uplinkdb rename to certdb * Code review changes 2019-02-07 19:22:49 +00:00			`}`
Unite all cryptographic signing and verifying (#1244) this change removes the cryptopasta dependency. a couple possible sources of problem with this change: * the encoding used for ECDSA signatures on SignedMessage has changed. the encoding employed by cryptopasta was workable, but not the same as the encoding used for such signatures in the rest of the world (most particularly, on ECDSA signatures in X.509 certificates). I think we'll be best served by using one ECDSA signature encoding from here on, but if we need to use the old encoding for backwards compatibility with existing nodes, that can be arranged. * since there's already a breaking change in SignedMessage, I changed it to send and receive public keys in raw PKIX format, instead of PEM. PEM just adds unhelpful overhead for this case. 2019-02-07 20:39:20 +00:00			`return pubkey, nil`
Store the uplinks public key on the satellite so that it can verify bandwidth requests in the future (#1042) * integrated with bwagreement & psserver * integrated with pointerdb * code review updates * refactor after code review * uplinkdb rename to certdb * Code review changes 2019-02-07 19:22:49 +00:00			`}`