PR comments

Author: connorwstein

keystore/admin.go

@@ -92,6 +92,8 @@ type Admin interface {
 	ImportKeys(ctx context.Context, req ImportKeysRequest) (ImportKeysResponse, error)
 	ExportKeys(ctx context.Context, req ExportKeysRequest) (ExportKeysResponse, error)
 	SetMetadata(ctx context.Context, req SetMetadataRequest) (SetMetadataResponse, error)
+
+	mustEmbedUnimplemented()
 }
 
 func ValidKeyName(name string) error {
@@ -162,7 +164,7 @@ func (ks *keystore) CreateKeys(ctx context.Context, req CreateKeysRequest) (Crea
 	}
 
 	// Persist it to storage.
-	if err := save(ctx, ks.storage, ks.enc, ksCopy); err != nil {
+	if err := ks.save(ctx, ksCopy); err != nil {
 		return CreateKeysResponse{}, fmt.Errorf("failed to save keystore: %w", err)
 	}
 	// If we succeed to save, update the in memory keystore.
@@ -181,7 +183,7 @@ func (k *keystore) DeleteKeys(ctx context.Context, req DeleteKeysRequest) (Delet
 		}
 		delete(ksCopy, name)
 	}
-	if err := save(ctx, k.storage, k.enc, ksCopy); err != nil {
+	if err := k.save(ctx, ksCopy); err != nil {
 		return DeleteKeysResponse{}, fmt.Errorf("failed to save keystore: %w", err)
 	}
 	k.keystore = ksCopy

keystore/keystore_test.go keystore/admin_test.gokeystore/keystore_test.go renamed to keystore/admin_test.go

@@ -35,6 +35,8 @@ type Encryptor interface {
 	Encrypt(ctx context.Context, req EncryptRequest) (EncryptResponse, error)
 	Decrypt(ctx context.Context, req DecryptRequest) (DecryptResponse, error)
 	DeriveSharedSecret(ctx context.Context, req DeriveSharedSecretRequest) (DeriveSharedSecretResponse, error)
+
+	mustEmbedUnimplemented()
 }
 
 // TODO: Encryptor implementation.

keystore/encryptor.go

@@ -74,6 +74,10 @@ type Keystore interface {
 	Encryptor
 }
 
+type Unimplemented struct{}
+
+func (Unimplemented) mustEmbedUnimplementedKey() {}
+
 type key struct {
 	keyType    KeyType
 	privateKey internal.Raw
@@ -139,57 +143,60 @@ type keystore struct {
 }
 
 func NewKeystore(ctx context.Context, storage storage.Storage, enc EncryptionParams) (Keystore, error) {
-	ks, err := load(ctx, storage, enc)
+	ks := &keystore{
+		storage: storage,
+		enc:     enc,
+	}
+	err := ks.load(ctx)
 	if err != nil {
 		return nil, fmt.Errorf("failed to load keystore: %w", err)
 	}
-	return &keystore{
-		mu:       sync.RWMutex{},
-		keystore: ks,
-		storage:  storage,
-		enc:      enc,
-	}, nil
+	return ks, nil
 }
 
-func load(ctx context.Context, storage storage.Storage, enc EncryptionParams) (map[string]key, error) {
-	encryptedKeystore, err := storage.GetEncryptedKeystore(ctx)
+func (k *keystore) mustEmbedUnimplemented() {}
+
+func (k *keystore) load(ctx context.Context) error {
+	encryptedKeystore, err := k.storage.GetEncryptedKeystore(ctx)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get encrypted keystore: %w", err)
+		return fmt.Errorf("failed to get encrypted keystore: %w", err)
 	}
 
 	// If no data exists, return empty keystore
 	if encryptedKeystore == nil || len(encryptedKeystore) == 0 {
-		return make(map[string]key), nil
+		k.keystore = make(map[string]key)
+		return nil
 	}
 
 	encryptedSecrets := gethkeystore.CryptoJSON{}
 	err = json.Unmarshal(encryptedKeystore, &encryptedSecrets)
 	if err != nil {
-		return nil, fmt.Errorf("failed to unmarshal encrypted keystore: %w", err)
+		return fmt.Errorf("failed to unmarshal encrypted keystore: %w", err)
 	}
-	decryptedKeystore, err := gethkeystore.DecryptDataV3(encryptedSecrets, enc.Password)
+	decryptedKeystore, err := gethkeystore.DecryptDataV3(encryptedSecrets, k.enc.Password)
 	if err != nil {
-		return nil, fmt.Errorf("failed to decrypt keystore: %w", err)
+		return fmt.Errorf("failed to decrypt keystore: %w", err)
 	}
 	keystorepb := &serialization.Keystore{}
 	err = proto.Unmarshal(decryptedKeystore, keystorepb)
 	if err != nil {
-		return nil, fmt.Errorf("failed to unmarshal keystore: %w", err)
+		return fmt.Errorf("failed to unmarshal keystore: %w", err)
 	}
 	keystore := make(map[string]key)
 	for _, k := range keystorepb.Keys {
 		pkRaw := internal.NewRaw(k.PrivateKey)
 		keyType := KeyType(k.KeyType)
 		publicKey, err := publicKeyFromPrivateKey(pkRaw, keyType)
 		if err != nil {
-			return nil, fmt.Errorf("failed to get public key from private key: %w", err)
+			return fmt.Errorf("failed to get public key from private key: %w", err)
 		}
 		keystore[k.Name] = newKey(keyType, pkRaw, publicKey, time.Unix(k.CreatedAt, 0), k.Metadata)
 	}
-	return keystore, nil
+	k.keystore = keystore
+	return nil
 }
 
-func save(ctx context.Context, storage storage.Storage, enc EncryptionParams, keystore map[string]key) error {
+func (k *keystore) save(ctx context.Context, keystore map[string]key) error {
 	keystorepb := serialization.Keystore{
 		Keys: make([]*serialization.Key, 0),
 	}
@@ -206,15 +213,15 @@ func save(ctx context.Context, storage storage.Storage, enc EncryptionParams, ke
 	if err != nil {
 		return fmt.Errorf("failed to marshal keystore: %w", err)
 	}
-	encryptedSecrets, err := gethkeystore.EncryptDataV3(rawKeystore, []byte(enc.Password), enc.ScryptParams.N, enc.ScryptParams.P)
+	encryptedSecrets, err := gethkeystore.EncryptDataV3(rawKeystore, []byte(k.enc.Password), k.enc.ScryptParams.N, k.enc.ScryptParams.P)
 	if err != nil {
 		return fmt.Errorf("failed to encrypt keystore: %w", err)
 	}
 	encryptedSecretsBytes, err := json.Marshal(encryptedSecrets)
 	if err != nil {
 		return fmt.Errorf("failed to marshal encrypted keystore: %w", err)
 	}
-	err = storage.PutEncryptedKeystore(ctx, encryptedSecretsBytes)
+	err = k.storage.PutEncryptedKeystore(ctx, encryptedSecretsBytes)
 	if err != nil {
 		return fmt.Errorf("failed to put encrypted keystore: %w", err)
 	}

keystore/keystore.go

@@ -26,6 +26,8 @@ type VerifyResponse struct {
 type Signer interface {
 	Sign(ctx context.Context, req SignRequest) (SignResponse, error)
 	Verify(ctx context.Context, req VerifyRequest) (VerifyResponse, error)
+
+	mustEmbedUnimplemented()
 }
 
 // TODO: Signer implementation.