Files

 master

/

snapshot.go

Blame

Blame

Latest commit

 

History

History

114 lines (92 loc) · 2.39 KB

 master

/

snapshot.go

Top

File metadata and controls

• Code
• Blame

114 lines (92 loc) · 2.39 KB

Raw

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

package otlog

import (

"crypto/rsa"

"crypto/x509"

"encoding/base64"

"encoding/json"

"time"

encrypt "github.com/tcfw/go-otlog/encrypt"

)

//Snapshot provides a struct to create snapshots or a record set

type Snapshot struct {

PubCert string `json:"pk"`

Signature string `json:"s"`

Time time.Time `json:"t"`

Records string `json:"records"`

}

//GetRecords returns the records stored within the snapshot

func (s *Snapshot) GetRecords(creds CredStore, recordSet interface{}) error {

// encrypt.ValidatePub(snapshot.PubKey, root)

rawBytes, err := base64.StdEncoding.DecodeString(s.Records)

if err != nil {

return err

}

unencRaw, err := encrypt.Dec(&rawBytes, s.Time, creds.getPass())

if err != nil {

return err

}

valid, err := s.ValidateSignature(unencRaw)

if err != nil || valid == false {

return err

}

err = json.Unmarshal(*unencRaw, recordSet)

if err != nil {

return err

}

return nil

}

//ValidateSignature uses the pub cert attached to the

func (s *Snapshot) ValidateSignature(data *[]byte) (bool, error) {

decoded, err := base64.StdEncoding.DecodeString(s.PubCert)

if err != nil {

return false, err

}

pubCert, err := x509.ParseCertificate(decoded)

if err != nil {

return false, err

}

//TODO validate public cert against CA

pubKey := pubCert.PublicKey.(*rsa.PublicKey)

err = encrypt.Verify(s.Signature, *data, *pubKey)

if err != nil {

return false, err

}

return true, nil

}

//NewSnapshot takes in records and saves to storage

func NewSnapshot(creds CredStore, records interface{}, storage StorageEngine) (*Link, error) {

//TODO Split records into shards

recordBytes, err := json.Marshal(records)

if err != nil {

return nil, err

}

t := time.Now().Round(0)

encBytes, err := encrypt.Enc(&recordBytes, t, creds.getPass())

if err != nil {

return nil, err

}

pubCert, err := creds.getPubcert()

if err != nil {

return nil, err

}

sign, err := encrypt.Sign(recordBytes, *creds.getPrivKey())

if err != nil {

return nil, err

}

snapshot := &Snapshot{

PubCert: pubCert,

Time: t,

Signature: *sign,

Records: base64.StdEncoding.EncodeToString(*encBytes),

}

ref, err := storage.Save(snapshot)

if err != nil {

return nil, err

}

return &Link{ref}, nil

}

//RecoverSnapshot gets the snapshot from storage

func RecoverSnapshot(ref string, storage StorageEngine) (*Snapshot, error) {

//TODO recover shards

return storage.GetSnapshot(ref)

}