Remove internal info in commit msg

client.go

@@ -5,7 +5,6 @@ import (
 	"crypto/tls"
 	"encoding/base64"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io/ioutil"
 	"log"
@@ -14,6 +13,7 @@ import (
 	"net/url"
 	"os"
 	"os/exec"
+	"path"
 	"sync"
 	"time"
 )
@@ -156,19 +156,19 @@ func GetBackoffDuration(attempt int) time.Duration {
 
 // APIClient is an interface that talks to the knox server for key management.
 type APIClient interface {
-	GetKey(keyID string) (*KeyAccess, error)
+	GetKey(keyID string) (*Key, error)
 	CreateKey(keyID string, data []byte, acl ACL) (uint64, error)
 	GetKeys(keys map[string]string) ([]string, error)
 	DeleteKey(keyID string) error
 	GetACL(keyID string) (*ACL, error)
 	PutAccess(keyID string, acl ...Access) error
 	AddVersion(keyID string, data []byte) (uint64, error)
 	UpdateVersion(keyID, versionID string, status VersionStatus) error
-	CacheGetKey(keyID string) (*KeyAccess, error)
-	NetworkGetKey(keyID string) (*KeyAccess, error)
-	GetKeyWithStatus(keyID string, status VersionStatus) (*KeyAccess, error)
-	CacheGetKeyWithStatus(keyID string, status VersionStatus) (*KeyAccess, error)
-	NetworkGetKeyWithStatus(keyID string, status VersionStatus) (*KeyAccess, error)
+	CacheGetKey(keyID string) (*Key, error)
+	NetworkGetKey(keyID string) (*Key, error)
+	GetKeyWithStatus(keyID string, status VersionStatus) (*Key, error)
+	CacheGetKeyWithStatus(keyID string, status VersionStatus) (*Key, error)
+	NetworkGetKeyWithStatus(keyID string, status VersionStatus) (*Key, error)
 }
 
 type HTTP interface {
@@ -201,37 +201,47 @@ func NewClient(host string, client HTTP, authHandler func() string, keyFolder, v
 }
 
 // CacheGetKey gets the key from file system cache.
-func (c *HTTPClient) CacheGetKey(keyID string) (*KeyAccess, error) {
+func (c *HTTPClient) CacheGetKey(keyID string) (*Key, error) {
 	if c.KeyFolder == "" {
-		return nil, fmt.Errorf("No folder set for cached key.")
+		return nil, fmt.Errorf("no folder set for cached key")
 	}
-	path := c.KeyFolder + keyID
+	path := path.Join(c.KeyFolder, keyID)
 	b, err := ioutil.ReadFile(path)
 	if err != nil {
 		return nil, err
 	}
-	k := KeyAccess{Key: &Key{Path: path}}
+	k := Key{Path: path}
 	err = json.Unmarshal(b, &k)
 	if err != nil {
 		return nil, err
 	}
-	if k.Key.ID != keyID {
-		// if Key ID does not match requested ID incase of JSON format update
-		return nil, errors.New("failed to properly unmarshal cached key")
+
+	// do not return the invalid format cached keys
+	if k.ID == "" || k.ACL == nil || k.VersionList == nil || k.VersionHash == "" {
+		return nil, fmt.Errorf("invalid key content for the cached key")
 	}
 
 	return &k, nil
 }
 
 // NetworkGetKey gets a knox key by keyID and only uses network without the caches.
-func (c *HTTPClient) NetworkGetKey(keyID string) (*KeyAccess, error) {
-	key := &KeyAccess{}
+func (c *HTTPClient) NetworkGetKey(keyID string) (*Key, error) {
+	key := &Key{}
 	err := c.getHTTPData("GET", "/v0/keys/"+keyID+"/", nil, key)
+	if err != nil {
+		return nil, err
+	}
+
+	// do not return the invalid format remote keys
+	if key.ID == "" || key.ACL == nil || key.VersionList == nil || key.VersionHash == "" {
+		return nil, fmt.Errorf("invalid key content for the remote key")
+	}
+
 	return key, err
 }
 
 // GetKey gets a knox key by keyID.
-func (c *HTTPClient) GetKey(keyID string) (*KeyAccess, error) {
+func (c *HTTPClient) GetKey(keyID string) (*Key, error) {
 	key, err := c.CacheGetKey(keyID)
 	if err != nil {
 		return c.NetworkGetKey(keyID)
@@ -240,9 +250,9 @@ func (c *HTTPClient) GetKey(keyID string) (*KeyAccess, error) {
 }
 
 // CacheGetKeyWithStatus gets the key with status from file system cache.
-func (c *HTTPClient) CacheGetKeyWithStatus(keyID string, status VersionStatus) (*KeyAccess, error) {
+func (c *HTTPClient) CacheGetKeyWithStatus(keyID string, status VersionStatus) (*Key, error) {
 	if c.KeyFolder == "" {
-		return nil, fmt.Errorf("No folder set for cached key.")
+		return nil, fmt.Errorf("no folder set for cached key")
 	}
 	st, err := status.MarshalJSON()
 	if err != nil {
@@ -253,33 +263,29 @@ func (c *HTTPClient) CacheGetKeyWithStatus(keyID string, status VersionStatus) (
 	if err != nil {
 		return nil, err
 	}
-	k := KeyAccess{Key: &Key{Path: path}}
+	k := Key{Path: path}
 	err = json.Unmarshal(b, &k)
 	if err != nil {
 		return nil, err
 	}
-	if k.Key.ID != keyID {
-		// if Key ID does not match requested ID incase of JSON format update
-		return nil, errors.New("failed to properly unmarshal cached key")
-	}
 	return &k, nil
 }
 
 // NetworkGetKeyWithStatus gets a knox key by keyID and given version status (always calls network).
-func (c *HTTPClient) NetworkGetKeyWithStatus(keyID string, status VersionStatus) (*KeyAccess, error) {
+func (c *HTTPClient) NetworkGetKeyWithStatus(keyID string, status VersionStatus) (*Key, error) {
 	// If clients need to know
 	s, err := status.MarshalJSON()
 	if err != nil {
 		return nil, err
 	}
 
-	key := &KeyAccess{}
+	key := &Key{}
 	err = c.getHTTPData("GET", "/v0/keys/"+keyID+"/?status="+string(s), nil, key)
 	return key, err
 }
 
 // GetKeyWithStatus gets a knox key by keyID and status (leverages cache).
-func (c *HTTPClient) GetKeyWithStatus(keyID string, status VersionStatus) (*KeyAccess, error) {
+func (c *HTTPClient) GetKeyWithStatus(keyID string, status VersionStatus) (*Key, error) {
 	key, err := c.CacheGetKeyWithStatus(keyID, status)
 	if err != nil {
 		return c.NetworkGetKeyWithStatus(keyID, status)
@@ -426,13 +432,13 @@ func getHTTPResp(cli HTTP, r *http.Request, resp *Response) error {
 }
 
 // MockClient builds a client that ignores certs and talks to the given host.
-func MockClient(host string) *HTTPClient {
+func MockClient(host, keyFolder string) *HTTPClient {
 	return &HTTPClient{
 		Host: host,
 		AuthHandler: func() string {
 			return "TESTAUTH"
 		},
-		KeyFolder: "",
+		KeyFolder: keyFolder,
 		Client:    &http.Client{Transport: &http.Transport{TLSClientConfig: &tls.Config{InsecureSkipVerify: true}}},
 		Version:   "mock",
 	}

client/add.go

@@ -67,5 +67,5 @@ func getDataWithTemplate(templateName string, keyID string) ([]byte, error) {
 	if err != nil {
 		return nil, fmt.Errorf("error getting key: %s", err.Error())
 	}
-	return addNewTinkKeyset(tinkKeyTemplates[templateName].templateFunc, allVersions.Key.VersionList)
+	return addNewTinkKeyset(tinkKeyTemplates[templateName].templateFunc, allVersions.VersionList)
 }

client/daemon.go

@@ -191,12 +191,16 @@ func (d *daemon) update() error {
 		existingKeys[keyID] = true
 
 		if _, present := keyMap[keyID]; present {
-			keyAccess, err := d.cli.CacheGetKey(keyID)
+			key, err := d.cli.CacheGetKey(keyID)
 			if err != nil {
 				// Keep going in spite of failure
 				logf("error getting cache key: %s", err)
+				// Remove existing cached key with invalid format (saved with previous version clients)
+				if _, err = os.Stat(d.keyFilename(keyID)); err == nil {
+					d.deleteKey(keyID)
+				}
 			} else {
-				keyMap[keyID] = keyAccess.Key.VersionHash
+				keyMap[keyID] = key.VersionHash
 			}
 		} else {
 			d.deleteKey(keyID)
@@ -270,6 +274,11 @@ func (d daemon) processKey(keyID string) error {
 		}
 		return fmt.Errorf("Error getting key %s: %s", keyID, err.Error())
 	}
+	// Do not cache any new keys if they have invalid content
+	if key.ID == "" || key.ACL == nil || key.VersionList == nil || key.VersionHash == "" {
+		return fmt.Errorf("invalid key content returned")
+	}
+
 	b, err := json.Marshal(key)
 	if err != nil {
 		return fmt.Errorf("Error marshalling key %s: %s", keyID, err.Error())