package data import ( "fmt" "github.com/docker/go/canonical/json" ) // SignedRoot is a fully unpacked root.json type SignedRoot struct { Signatures []Signature Signed Root Dirty bool } // Root is the Signed component of a root.json type Root struct { SignedCommon Keys Keys `json:"keys"` Roles map[RoleName]*RootRole `json:"roles"` ConsistentSnapshot bool `json:"consistent_snapshot"` } // isValidRootStructure returns an error, or nil, depending on whether the content of the struct // is valid for root metadata. This does not check signatures or expiry, just that // the metadata content is valid. func isValidRootStructure(r Root) error { expectedType := TUFTypes[CanonicalRootRole] if r.Type != expectedType { return ErrInvalidMetadata{ role: CanonicalRootRole, msg: fmt.Sprintf("expected type %s, not %s", expectedType, r.Type)} } if r.Version < 1 { return ErrInvalidMetadata{ role: CanonicalRootRole, msg: "version cannot be less than 1"} } // all the base roles MUST appear in the root.json - other roles are allowed, // but other than the mirror role (not currently supported) are out of spec for _, roleName := range BaseRoles { roleObj, ok := r.Roles[roleName] if !ok || roleObj == nil { return ErrInvalidMetadata{ role: CanonicalRootRole, msg: fmt.Sprintf("missing %s role specification", roleName)} } if err := isValidRootRoleStructure(CanonicalRootRole, roleName, *roleObj, r.Keys); err != nil { return err } } return nil } func isValidRootRoleStructure(metaContainingRole, rootRoleName RoleName, r RootRole, validKeys Keys) error { if r.Threshold < 1 { return ErrInvalidMetadata{ role: metaContainingRole, msg: fmt.Sprintf("invalid threshold specified for %s: %v ", rootRoleName, r.Threshold), } } for _, keyID := range r.KeyIDs { if _, ok := validKeys[keyID]; !ok { return ErrInvalidMetadata{ role: metaContainingRole, msg: fmt.Sprintf("key ID %s specified in %s without corresponding key", keyID, rootRoleName), } } } return nil } // NewRoot initializes a new SignedRoot with a set of keys, roles, and the consistent flag func NewRoot(keys map[string]PublicKey, roles map[RoleName]*RootRole, consistent bool) (*SignedRoot, error) { signedRoot := &SignedRoot{ Signatures: make([]Signature, 0), Signed: Root{ SignedCommon: SignedCommon{ Type: TUFTypes[CanonicalRootRole], Version: 0, Expires: DefaultExpires(CanonicalRootRole), }, Keys: keys, Roles: roles, ConsistentSnapshot: consistent, }, Dirty: true, } return signedRoot, nil } // BuildBaseRole returns a copy of a BaseRole using the information in this SignedRoot for the specified role name. // Will error for invalid role name or key metadata within this SignedRoot func (r SignedRoot) BuildBaseRole(roleName RoleName) (BaseRole, error) { roleData, ok := r.Signed.Roles[roleName] if !ok { return BaseRole{}, ErrInvalidRole{Role: roleName, Reason: "role not found in root file"} } // Get all public keys for the base role from TUF metadata keyIDs := roleData.KeyIDs pubKeys := make(map[string]PublicKey) for _, keyID := range keyIDs { pubKey, ok := r.Signed.Keys[keyID] if !ok { return BaseRole{}, ErrInvalidRole{ Role: roleName, Reason: fmt.Sprintf("key with ID %s was not found in root metadata", keyID), } } pubKeys[keyID] = pubKey } return BaseRole{ Name: roleName, Keys: pubKeys, Threshold: roleData.Threshold, }, nil } // ToSigned partially serializes a SignedRoot for further signing func (r SignedRoot) ToSigned() (*Signed, error) { s, err := defaultSerializer.MarshalCanonical(r.Signed) if err != nil { return nil, err } // cast into a json.RawMessage signed := json.RawMessage{} err = signed.UnmarshalJSON(s) if err != nil { return nil, err } sigs := make([]Signature, len(r.Signatures)) copy(sigs, r.Signatures) return &Signed{ Signatures: sigs, Signed: &signed, }, nil } // MarshalJSON returns the serialized form of SignedRoot as bytes func (r SignedRoot) MarshalJSON() ([]byte, error) { signed, err := r.ToSigned() if err != nil { return nil, err } return defaultSerializer.Marshal(signed) } // RootFromSigned fully unpacks a Signed object into a SignedRoot and ensures // that it is a valid SignedRoot func RootFromSigned(s *Signed) (*SignedRoot, error) { r := Root{} if s.Signed == nil { return nil, ErrInvalidMetadata{ role: CanonicalRootRole, msg: "root file contained an empty payload", } } if err := defaultSerializer.Unmarshal(*s.Signed, &r); err != nil { return nil, err } if err := isValidRootStructure(r); err != nil { return nil, err } sigs := make([]Signature, len(s.Signatures)) copy(sigs, s.Signatures) return &SignedRoot{ Signatures: sigs, Signed: r, }, nil }