Merge pull request #590 from docker/yubi-import-check

Move yubikey import role check to avoid excessive passphrase prompting
notaryproject · Feb 25, 2016 · 4904c88 · 4904c88
2 parents e692e5d + d69d018
commit 4904c88
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/trustmanager/yubikey/yubikeystore.go b/trustmanager/yubikey/yubikeystore.go
@@ -765,15 +765,15 @@ func (s *YubiKeyStore) ExportKey(keyID string) ([]byte, error) {
 // ImportKey imports a root key into a Yubikey
 func (s *YubiKeyStore) ImportKey(pemBytes []byte, keyPath string) error {
 	logrus.Debugf("Attempting to import: %s key inside of YubiKeyStore", keyPath)
+	if keyPath != data.CanonicalRootRole {
+		return fmt.Errorf("yubikey only supports storing root keys")
+	}
 	privKey, _, err := trustmanager.GetPasswdDecryptBytes(
 		s.passRetriever, pemBytes, "", "imported root")
 	if err != nil {
 		logrus.Debugf("Failed to get and retrieve a key from: %s", keyPath)
 		return err
 	}
-	if keyPath != data.CanonicalRootRole {
-		return fmt.Errorf("yubikey only supports storing root keys")
-	}
 	_, err = s.addKey(privKey.ID(), "root", privKey)
 	return err
 }