diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json index 5824aa058f..86c139233c 100644 --- a/Godeps/Godeps.json +++ b/Godeps/Godeps.json @@ -2,8 +2,7 @@ "ImportPath": "github.com/docker/vetinari", "GoVersion": "go1.4.2", "Packages": [ - "github.com/docker/vetinari/cmd/notary", - "github.com/docker/vetinari/cmd/vetinari-server" + "./..." ], "Deps": [ { @@ -11,10 +10,6 @@ "Comment": "null-15", "Rev": "35bc42037350f0078e3c974c6ea690f1926603ab" }, - { - "ImportPath": "github.com/Sirupsen/logrus", - "Rev": "55eb11d21d2a31a3cc93838241d04800f52e823d" - }, { "ImportPath": "github.com/BurntSushi/toml", "Rev": "bd2bdf7f18f849530ef7a1c29a4290217cab32a1" @@ -34,18 +29,13 @@ }, { "ImportPath": "github.com/docker/distribution/context", - "Comment": "v2.0.0-228-gb230183", - "Rev": "b230183b0fe8b8ed3c9ae2898c47c8c8618dc80f" + "Comment": "v2.0.0-rc.3-2-g75919b7", + "Rev": "75919b7dcc5d53894d7e8f1584e91ae148335f3a" }, { "ImportPath": "github.com/docker/distribution/registry/auth", - "Comment": "v2.0.0-228-gb230183", - "Rev": "b230183b0fe8b8ed3c9ae2898c47c8c8618dc80f" - }, - { - "ImportPath": "github.com/docker/distribution/uuid", - "Comment": "v2.0.0-228-gb230183", - "Rev": "b230183b0fe8b8ed3c9ae2898c47c8c8618dc80f" + "Comment": "v2.0.0-rc.3-2-g75919b7", + "Rev": "75919b7dcc5d53894d7e8f1584e91ae148335f3a" }, { "ImportPath": "github.com/docker/libtrust", @@ -56,12 +46,25 @@ "Rev": "61b53384b24bfa83e8e0a5f11f28ae83457fd80c" }, { - "ImportPath": "github.com/endophage/gotuf/data", - "Rev": "930a4e1cc71f866a412aea60c960ee4345f0c76a" + "ImportPath": "github.com/endophage/gotuf", + "Rev": "c7154b63cf6e8485ea4af4c7f299ccbea6731d43" }, { - "ImportPath": "github.com/endophage/gotuf/errors", - "Rev": "930a4e1cc71f866a412aea60c960ee4345f0c76a" + "ImportPath": "github.com/go-sql-driver/mysql", + "Comment": "v1.2-97-g0cc29e9", + "Rev": "0cc29e9fe8e25c2c58cf47bcab566e029bbaa88b" + }, + { + "ImportPath": "github.com/golang/protobuf/proto", + "Rev": "655cdfa588ea190e901bc5590e65d5621688847c" + }, + { + "ImportPath": "github.com/gorilla/context", + "Rev": "14f550f51af52180c2eefed15e5fd18d63c0a64a" + }, + { + "ImportPath": "github.com/gorilla/mux", + "Rev": "e444e69cbd2e2e3e0749a2f3c717cec491552bbf" }, { "ImportPath": "github.com/inconshreveable/mousetrap", @@ -105,31 +108,6 @@ "ImportPath": "github.com/spf13/viper", "Rev": "be5ff3e4840cf692388bde7a057595a474ef379e" }, - { - "ImportPath": "github.com/endophage/gotuf/keys", - "Rev": "930a4e1cc71f866a412aea60c960ee4345f0c76a" - }, - { - "ImportPath": "github.com/endophage/gotuf/signed", - "Rev": "930a4e1cc71f866a412aea60c960ee4345f0c76a" - }, - { - "ImportPath": "github.com/go-sql-driver/mysql", - "Comment": "v1.2-108-g66b7d5c", - "Rev": "66b7d5c4956096efd4c945494d64ad73f1d9ec39" - }, - { - "ImportPath": "github.com/golang/protobuf/proto", - "Rev": "655cdfa588ea190e901bc5590e65d5621688847c" - }, - { - "ImportPath": "github.com/gorilla/context", - "Rev": "14f550f51af52180c2eefed15e5fd18d63c0a64a" - }, - { - "ImportPath": "github.com/gorilla/mux", - "Rev": "e444e69cbd2e2e3e0749a2f3c717cec491552bbf" - }, { "ImportPath": "github.com/tent/canonical-json-go", "Rev": "96e4ba3a7613a1216cbd1badca4efe382adea337" diff --git a/Godeps/_workspace/src/github.com/docker/distribution/context/context.go b/Godeps/_workspace/src/github.com/docker/distribution/context/context.go index 7a3a70e00d..45a35ad176 100644 --- a/Godeps/_workspace/src/github.com/docker/distribution/context/context.go +++ b/Godeps/_workspace/src/github.com/docker/distribution/context/context.go @@ -1,7 +1,7 @@ package context import ( - "github.com/docker/distribution/uuid" + "code.google.com/p/go-uuid/uuid" "golang.org/x/net/context" ) @@ -27,7 +27,7 @@ func (ic *instanceContext) Value(key interface{}) interface{} { var background = &instanceContext{ Context: context.Background(), - id: uuid.Generate().String(), + id: uuid.New(), } // Background returns a non-nil, empty Context. The background context diff --git a/Godeps/_workspace/src/github.com/docker/distribution/context/http.go b/Godeps/_workspace/src/github.com/docker/distribution/context/http.go index 8413a14622..1808c6b446 100644 --- a/Godeps/_workspace/src/github.com/docker/distribution/context/http.go +++ b/Godeps/_workspace/src/github.com/docker/distribution/context/http.go @@ -8,15 +8,14 @@ import ( "sync" "time" + "code.google.com/p/go-uuid/uuid" log "github.com/Sirupsen/logrus" - "github.com/docker/distribution/uuid" "github.com/gorilla/mux" ) // Common errors used with this package. var ( - ErrNoRequestContext = errors.New("no http request in context") - ErrNoResponseWriterContext = errors.New("no http response in context") + ErrNoRequestContext = errors.New("no http request in context") ) func parseIP(ipStr string) net.IP { @@ -79,7 +78,7 @@ func WithRequest(ctx Context, r *http.Request) Context { return &httpRequestContext{ Context: ctx, startedAt: time.Now(), - id: uuid.Generate().String(), + id: uuid.New(), // assign the request a unique. r: r, } } @@ -111,20 +110,6 @@ func WithResponseWriter(ctx Context, w http.ResponseWriter) (Context, http.Respo return irw, irw } -// GetResponseWriter returns the http.ResponseWriter from the provided -// context. If not present, ErrNoResponseWriterContext is returned. The -// returned instance provides instrumentation in the context. -func GetResponseWriter(ctx Context) (http.ResponseWriter, error) { - v := ctx.Value("http.response") - - rw, ok := v.(http.ResponseWriter) - if !ok || rw == nil { - return nil, ErrNoResponseWriterContext - } - - return rw, nil -} - // getVarsFromRequest let's us change request vars implementation for testing // and maybe future changes. var getVarsFromRequest = mux.Vars @@ -302,7 +287,7 @@ func (irw *instrumentedResponseWriter) Flush() { func (irw *instrumentedResponseWriter) Value(key interface{}) interface{} { if keyStr, ok := key.(string); ok { if keyStr == "http.response" { - return irw + return irw.ResponseWriter } if !strings.HasPrefix(keyStr, "http.response.") { @@ -322,7 +307,9 @@ func (irw *instrumentedResponseWriter) Value(key interface{}) interface{} { case "written": return irw.written case "status": - return irw.status + if irw.status != 0 { + return irw.status + } case "contenttype": contentType := irw.Header().Get("Content-Type") if contentType != "" { diff --git a/Godeps/_workspace/src/github.com/docker/distribution/context/http_test.go b/Godeps/_workspace/src/github.com/docker/distribution/context/http_test.go index 3d4b3c8eb1..42c78b7506 100644 --- a/Godeps/_workspace/src/github.com/docker/distribution/context/http_test.go +++ b/Godeps/_workspace/src/github.com/docker/distribution/context/http_test.go @@ -132,21 +132,8 @@ func TestWithResponseWriter(t *testing.T) { trw := testResponseWriter{} ctx, rw := WithResponseWriter(Background(), &trw) - if ctx.Value("http.response") != rw { - t.Fatalf("response not available in context: %v != %v", ctx.Value("http.response"), rw) - } - - grw, err := GetResponseWriter(ctx) - if err != nil { - t.Fatalf("error getting response writer: %v", err) - } - - if grw != rw { - t.Fatalf("unexpected response writer returned: %#v != %#v", grw, rw) - } - - if ctx.Value("http.response.status") != 0 { - t.Fatalf("response status should always be a number and should be zero here: %v != 0", ctx.Value("http.response.status")) + if ctx.Value("http.response") != &trw { + t.Fatalf("response not available in context: %v != %v", ctx.Value("http.response"), &trw) } if n, err := rw.Write(make([]byte, 1024)); err != nil { diff --git a/Godeps/_workspace/src/github.com/docker/distribution/context/logger.go b/Godeps/_workspace/src/github.com/docker/distribution/context/logger.go index b0f0c50845..78e4212a0b 100644 --- a/Godeps/_workspace/src/github.com/docker/distribution/context/logger.go +++ b/Godeps/_workspace/src/github.com/docker/distribution/context/logger.go @@ -3,8 +3,6 @@ package context import ( "fmt" - "github.com/docker/distribution/uuid" - "github.com/Sirupsen/logrus" ) @@ -101,8 +99,3 @@ func getLogrusLogger(ctx Context, keys ...interface{}) *logrus.Entry { return logger.WithFields(fields) } - -func init() { - // inject a logger into the uuid library. - uuid.Loggerf = GetLogger(Background()).Warnf -} diff --git a/Godeps/_workspace/src/github.com/docker/distribution/context/trace.go b/Godeps/_workspace/src/github.com/docker/distribution/context/trace.go index af4f1351e9..1115fc1f65 100644 --- a/Godeps/_workspace/src/github.com/docker/distribution/context/trace.go +++ b/Godeps/_workspace/src/github.com/docker/distribution/context/trace.go @@ -4,7 +4,7 @@ import ( "runtime" "time" - "github.com/docker/distribution/uuid" + "code.google.com/p/go-uuid/uuid" ) // WithTrace allocates a traced timing span in a new context. This allows a @@ -45,7 +45,7 @@ func WithTrace(ctx Context) (Context, func(format string, a ...interface{})) { f := runtime.FuncForPC(pc) ctx = &traced{ Context: ctx, - id: uuid.Generate().String(), + id: uuid.New(), start: time.Now(), parent: GetStringValue(ctx, "trace.id"), fnname: f.Name(), @@ -54,14 +54,9 @@ func WithTrace(ctx Context) (Context, func(format string, a ...interface{})) { } return ctx, func(format string, a ...interface{}) { - GetLogger(ctx, - "trace.duration", - "trace.id", - "trace.parent.id", - "trace.func", - "trace.file", - "trace.line"). - Debugf(format, a...) + GetLogger(ctx, "trace.duration", "trace.id", "trace.parent.id", + "trace.func", "trace.file", "trace.line"). + Infof(format, a...) // info may be too chatty. } } diff --git a/Godeps/_workspace/src/github.com/docker/distribution/registry/auth/auth.go b/Godeps/_workspace/src/github.com/docker/distribution/registry/auth/auth.go index ec82b46977..a8499342d2 100644 --- a/Godeps/_workspace/src/github.com/docker/distribution/registry/auth/auth.go +++ b/Godeps/_workspace/src/github.com/docker/distribution/registry/auth/auth.go @@ -3,7 +3,7 @@ // An access controller has a simple interface with a single `Authorized` // method which checks that a given request is authorized to perform one or // more actions on one or more resources. This method should return a non-nil -// error if the request is not authorized. +// error if the requset is not authorized. // // An implementation registers its access controller by name with a constructor // which accepts an options map for configuring the access controller. @@ -50,7 +50,7 @@ type Resource struct { } // Access describes a specific action that is -// requested or allowed for a given resource. +// requested or allowed for a given recource. type Access struct { Resource Action string diff --git a/Godeps/_workspace/src/github.com/docker/distribution/registry/auth/silly/access.go b/Godeps/_workspace/src/github.com/docker/distribution/registry/auth/silly/access.go index 39318d1a39..134b0ae55c 100644 --- a/Godeps/_workspace/src/github.com/docker/distribution/registry/auth/silly/access.go +++ b/Godeps/_workspace/src/github.com/docker/distribution/registry/auth/silly/access.go @@ -66,7 +66,7 @@ func (ac *accessController) Authorized(ctx context.Context, accessRecords ...aut return nil, &challenge } - return auth.WithUser(ctx, auth.UserInfo{Name: "silly"}), nil + return context.WithValue(ctx, "auth.user", auth.UserInfo{Name: "silly"}), nil } type challenge struct { diff --git a/Godeps/_workspace/src/github.com/docker/distribution/registry/auth/token/util.go b/Godeps/_workspace/src/github.com/docker/distribution/registry/auth/token/util.go index d7f95be421..bf3e01e838 100644 --- a/Godeps/_workspace/src/github.com/docker/distribution/registry/auth/token/util.go +++ b/Godeps/_workspace/src/github.com/docker/distribution/registry/auth/token/util.go @@ -7,7 +7,7 @@ import ( ) // joseBase64UrlEncode encodes the given data using the standard base64 url -// encoding format but with all trailing '=' characters omitted in accordance +// encoding format but with all trailing '=' characters ommitted in accordance // with the jose specification. // http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-2 func joseBase64UrlEncode(b []byte) string { diff --git a/Godeps/_workspace/src/github.com/docker/distribution/uuid/uuid.go b/Godeps/_workspace/src/github.com/docker/distribution/uuid/uuid.go deleted file mode 100644 index af1913cd0a..0000000000 --- a/Godeps/_workspace/src/github.com/docker/distribution/uuid/uuid.go +++ /dev/null @@ -1,112 +0,0 @@ -// Package uuid provides simple UUID generation. Only version 4 style UUIDs -// can be generated. -// -// Please see http://tools.ietf.org/html/rfc4122 for details on UUIDs. -package uuid - -import ( - "crypto/rand" - "fmt" - "io" - "log" - "syscall" - "time" -) - -const ( - // Bits is the number of bits in a UUID - Bits = 128 - - // Size is the number of bytes in a UUID - Size = Bits / 8 - - format = "%08x-%04x-%04x-%04x-%012x" -) - -var ( - // ErrUUIDInvalid indicates a parsed string is not a valid uuid. - ErrUUIDInvalid = fmt.Errorf("invalid uuid") - - // Loggerf can be used to override the default logging destination. Such - // log messages in this library should be logged at warning or higher. - Loggerf = log.Printf -) - -// UUID represents a UUID value. UUIDs can be compared and set to other values -// and accessed by byte. -type UUID [Size]byte - -// Generate creates a new, version 4 uuid. -func Generate() (u UUID) { - const ( - // ensures we backoff for less than 450ms total. Use the following to - // select new value, in units of 10ms: - // n*(n+1)/2 = d -> n^2 + n - 2d -> n = (sqrt(8d + 1) - 1)/2 - maxretries = 9 - backoff = time.Millisecond * 10 - ) - - var ( - totalBackoff time.Duration - retries int - ) - - for { - // This should never block but the read may fail. Because of this, - // we just try to read the random number generator until we get - // something. This is a very rare condition but may happen. - b := time.Duration(retries) * backoff - time.Sleep(b) - totalBackoff += b - - _, err := io.ReadFull(rand.Reader, u[:]) - if err != nil { - if err == syscall.EPERM { - // EPERM represents an entropy pool exhaustion, a condition under - // which we backoff and retry. - if retries < maxretries { - retries++ - Loggerf("error generating version 4 uuid, retrying: %v", err) - continue - } - } - - // Any other errors represent a system problem. What did someone - // do to /dev/urandom? - panic(fmt.Errorf("error reading random number generator, retried for %v: %v", totalBackoff, err)) - } - - break - } - - u[6] = (u[6] & 0x0f) | 0x40 // set version byte - u[8] = (u[8] & 0x3f) | 0x80 // set high order byte 0b10{8,9,a,b} - - return u -} - -// Parse attempts to extract a uuid from the string or returns an error. -func Parse(s string) (u UUID, err error) { - if len(s) != 36 { - return UUID{}, ErrUUIDInvalid - } - - // create stack addresses for each section of the uuid. - p := make([][]byte, 5) - - if _, err := fmt.Sscanf(s, format, &p[0], &p[1], &p[2], &p[3], &p[4]); err != nil { - return u, err - } - - copy(u[0:4], p[0]) - copy(u[4:6], p[1]) - copy(u[6:8], p[2]) - copy(u[8:10], p[3]) - copy(u[10:16], p[4]) - - return -} - -func (u UUID) String() string { - return fmt.Sprintf(format, u[:4], u[4:6], u[6:8], u[8:10], u[10:]) -} diff --git a/Godeps/_workspace/src/github.com/docker/distribution/uuid/uuid_test.go b/Godeps/_workspace/src/github.com/docker/distribution/uuid/uuid_test.go deleted file mode 100644 index 09c3a7bb4d..0000000000 --- a/Godeps/_workspace/src/github.com/docker/distribution/uuid/uuid_test.go +++ /dev/null @@ -1,48 +0,0 @@ -package uuid - -import ( - "testing" -) - -const iterations = 1000 - -func TestUUID4Generation(t *testing.T) { - for i := 0; i < iterations; i++ { - u := Generate() - - if u[6]&0xf0 != 0x40 { - t.Fatalf("version byte not correctly set: %v, %08b %08b", u, u[6], u[6]&0xf0) - } - - if u[8]&0xc0 != 0x80 { - t.Fatalf("top order 8th byte not correctly set: %v, %b", u, u[8]) - } - } -} - -func TestParseAndEquality(t *testing.T) { - for i := 0; i < iterations; i++ { - u := Generate() - - parsed, err := Parse(u.String()) - if err != nil { - t.Fatalf("error parsing uuid %v: %v", u, err) - } - - if parsed != u { - t.Fatalf("parsing round trip failed: %v != %v", parsed, u) - } - } - - for _, c := range []string{ - "bad", - "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", // correct length, incorrect format - " 20cc7775-2671-43c7-8742-51d1cfa23258", // leading space - "20cc7775-2671-43c7-8742-51d1cfa23258 ", // trailing space - "00000000-0000-0000-0000-x00000000000", // out of range character - } { - if _, err := Parse(c); err == nil { - t.Fatalf("parsing %q should have failed", c) - } - } -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/agent/PROTOCOL.agent b/Godeps/_workspace/src/github.com/docker/libtrust/agent/PROTOCOL.agent deleted file mode 100644 index 3fcaa14d41..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/agent/PROTOCOL.agent +++ /dev/null @@ -1,560 +0,0 @@ -This describes the protocol used by OpenSSH's ssh-agent. - -OpenSSH's agent supports managing keys for the standard SSH protocol -2 as well as the legacy SSH protocol 1. Support for these key types -is almost completely disjoint - in all but a few cases, operations on -protocol 2 keys cannot see or affect protocol 1 keys and vice-versa. - -Protocol 1 and protocol 2 keys are separated because of the differing -cryptographic usage: protocol 1 private RSA keys are used to decrypt -challenges that were encrypted with the corresponding public key, -whereas protocol 2 RSA private keys are used to sign challenges with -a private key for verification with the corresponding public key. It -is considered unsound practice to use the same key for signing and -encryption. - -With a couple of exceptions, the protocol message names used in this -document indicate which type of key the message relates to. SSH_* -messages refer to protocol 1 keys only. SSH2_* messages refer to -protocol 2 keys. Furthermore, the names also indicate whether the -message is a request to the agent (*_AGENTC_*) or a reply from the -agent (*_AGENT_*). Section 3 below contains the mapping of the -protocol message names to their integer values. - -1. Data types - -Because of support for legacy SSH protocol 1 keys, OpenSSH's agent -protocol makes use of some data types not defined in RFC 4251. - -1.1 uint16 - -The "uint16" data type is a simple MSB-first 16 bit unsigned integer -encoded in two bytes. - -1.2 mpint1 - -The "mpint1" type represents an arbitrary precision integer (bignum). -Its format is as follows: - - uint16 bits - byte[(bits + 7) / 8] bignum - -"bignum" contains an unsigned arbitrary precision integer encoded as -eight bits per byte in big-endian (MSB first) format. - -Note the difference between the "mpint1" encoding and the "mpint" -encoding defined in RFC 4251. Also note that the length of the encoded -integer is specified in bits, not bytes and that the byte length of -the integer must be calculated by rounding up the number of bits to the -nearest eight. - -2. Protocol Messages - -All protocol messages are prefixed with their length in bytes, encoded -as a 32 bit unsigned integer. Specifically: - - uint32 message_length - byte[message_length] message - -The following message descriptions refer only to the content the -"message" field. - -2.1 Generic server responses - -The following generic messages may be sent by the server in response to -requests from the client. On success the agent may reply either with: - - byte SSH_AGENT_SUCCESS - -or a request-specific success message. - -On failure, the agent may reply with: - - byte SSH_AGENT_FAILURE - -SSH_AGENT_FAILURE messages are also sent in reply to unknown request -types. - -2.2 Adding keys to the agent - -Keys are added to the agent using the SSH_AGENTC_ADD_RSA_IDENTITY and -SSH2_AGENTC_ADD_IDENTITY requests for protocol 1 and protocol 2 keys -respectively. - -Two variants of these requests are SSH_AGENTC_ADD_RSA_ID_CONSTRAINED -and SSH2_AGENTC_ADD_ID_CONSTRAINED - these add keys with optional -"constraints" on their usage. - -OpenSSH may be built with support for keys hosted on a smartcard -or other hardware security module. These keys may be added -to the agent using the SSH_AGENTC_ADD_SMARTCARD_KEY and -SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED requests. - -2.2.1 Key constraints - -The OpenSSH agent supports some basic optional constraints on key usage. -At present there are two constraints defined. - -The first constraint limits the validity duration of a key. It is -encoded as: - - byte SSH_AGENT_CONSTRAIN_LIFETIME - uint32 seconds - -Where "seconds" contains the number of seconds that the key shall remain -valid measured from the moment that the agent receives it. After the -validity period has expired, OpenSSH's agent will erase these keys from -memory. - -The second constraint requires the agent to seek explicit user -confirmation before performing private key operations with the loaded -key. This constraint is encoded as: - - byte SSH_AGENT_CONSTRAIN_CONFIRM - -Zero or more constraints may be specified when adding a key with one -of the *_CONSTRAINED requests. Multiple constraints are appended -consecutively to the end of the request: - - byte constraint1_type - .... constraint1_data - byte constraint2_type - .... constraint2_data - .... - byte constraintN_type - .... constraintN_data - -Such a sequence of zero or more constraints will be referred to below -as "constraint[]". Agents may determine whether there are constraints -by checking whether additional data exists in the "add key" request -after the key data itself. OpenSSH will refuse to add a key if it -contains unknown constraints. - -2.2.2 Add protocol 1 key - -A client may add a protocol 1 key to an agent with the following -request: - - byte SSH_AGENTC_ADD_RSA_IDENTITY or - SSH_AGENTC_ADD_RSA_ID_CONSTRAINED - uint32 ignored - mpint1 rsa_n - mpint1 rsa_e - mpint1 rsa_d - mpint1 rsa_iqmp - mpint1 rsa_q - mpint1 rsa_p - string key_comment - constraint[] key_constraints - -Note that there is some redundancy in the key parameters; a key could be -fully specified using just rsa_q, rsa_p and rsa_e at the cost of extra -computation. - -"key_constraints" may only be present if the request type is -SSH_AGENTC_ADD_RSA_ID_CONSTRAINED. - -The agent will reply with a SSH_AGENT_SUCCESS if the key has been -successfully added or a SSH_AGENT_FAILURE if an error occurred. - -2.2.3 Add protocol 2 key - -The OpenSSH agent supports DSA, ECDSA and RSA keys for protocol 2. DSA -keys may be added using the following request - - byte SSH2_AGENTC_ADD_IDENTITY or - SSH2_AGENTC_ADD_ID_CONSTRAINED - string "ssh-dss" - mpint dsa_p - mpint dsa_q - mpint dsa_g - mpint dsa_public_key - mpint dsa_private_key - string key_comment - constraint[] key_constraints - -DSA certificates may be added with: - byte SSH2_AGENTC_ADD_IDENTITY or - SSH2_AGENTC_ADD_ID_CONSTRAINED - string "ssh-dss-cert-v00@openssh.com" - string certificate - mpint dsa_private_key - string key_comment - constraint[] key_constraints - -ECDSA keys may be added using the following request - - byte SSH2_AGENTC_ADD_IDENTITY or - SSH2_AGENTC_ADD_ID_CONSTRAINED - string "ecdsa-sha2-nistp256" | - "ecdsa-sha2-nistp384" | - "ecdsa-sha2-nistp521" - string ecdsa_curve_name - string ecdsa_public_key - mpint ecdsa_private - string key_comment - constraint[] key_constraints - -ECDSA certificates may be added with: - byte SSH2_AGENTC_ADD_IDENTITY or - SSH2_AGENTC_ADD_ID_CONSTRAINED - string "ecdsa-sha2-nistp256-cert-v01@openssh.com" | - "ecdsa-sha2-nistp384-cert-v01@openssh.com" | - "ecdsa-sha2-nistp521-cert-v01@openssh.com" - string certificate - mpint ecdsa_private_key - string key_comment - constraint[] key_constraints - -RSA keys may be added with this request: - - byte SSH2_AGENTC_ADD_IDENTITY or - SSH2_AGENTC_ADD_ID_CONSTRAINED - string "ssh-rsa" - mpint rsa_n - mpint rsa_e - mpint rsa_d - mpint rsa_iqmp - mpint rsa_p - mpint rsa_q - string key_comment - constraint[] key_constraints - -RSA certificates may be added with this request: - - byte SSH2_AGENTC_ADD_IDENTITY or - SSH2_AGENTC_ADD_ID_CONSTRAINED - string "ssh-rsa-cert-v00@openssh.com" - string certificate - mpint rsa_d - mpint rsa_iqmp - mpint rsa_p - mpint rsa_q - string key_comment - constraint[] key_constraints - -Note that the 'rsa_p' and 'rsa_q' parameters are sent in the reverse -order to the protocol 1 add keys message. As with the corresponding -protocol 1 "add key" request, the private key is overspecified to avoid -redundant processing. - -For DSA, ECDSA and RSA key add requests, "key_constraints" may only be -present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED. - -The agent will reply with a SSH_AGENT_SUCCESS if the key has been -successfully added or a SSH_AGENT_FAILURE if an error occurred. - -2.2.4 Loading keys from a smartcard - -The OpenSSH agent may have optional smartcard support built in to it. If -so, it supports an operation to load keys from a smartcard. Technically, -only the public components of the keys are loaded into the agent so -this operation really arranges for future private key operations to be -delegated to the smartcard. - - byte SSH_AGENTC_ADD_SMARTCARD_KEY or - SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED - string reader_id - string pin - constraint[] key_constraints - -"reader_id" is an identifier to a smartcard reader and "pin" -is a PIN or passphrase used to unlock the private key(s) on the -device. "key_constraints" may only be present if the request type is -SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED. - -This operation may load all SSH keys that are unlocked using the -"pin" on the specified reader. The type of key loaded (protocol 1 -or protocol 2) will be specified by the smartcard itself, it is not -client-specified. - -The agent will reply with a SSH_AGENT_SUCCESS if one or more keys have -been successfully loaded or a SSH_AGENT_FAILURE if an error occurred. -The agent will also return SSH_AGENT_FAILURE if it does not support -smartcards. - -2.3 Removing multiple keys - -A client may request that an agent delete all protocol 1 keys using the -following request: - - byte SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES - -This message requests the deletion of all protocol 2 keys: - - byte SSH2_AGENTC_REMOVE_ALL_IDENTITIES - -On success, the agent will delete all keys of the requested type and -reply with a SSH_AGENT_SUCCESS message. If an error occurred, the agent -will reply with SSH_AGENT_FAILURE. - -Note that, to delete all keys (both protocol 1 and 2), a client -must send both a SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES and a -SSH2_AGENTC_REMOVE_ALL_IDENTITIES request. - -2.4 Removing specific keys - -2.4.1 Removing a protocol 1 key - -Removal of a protocol 1 key may be requested with the following message: - - byte SSH_AGENTC_REMOVE_RSA_IDENTITY - uint32 key_bits - mpint1 rsa_e - mpint1 rsa_n - -Note that key_bits is strictly redundant, as it may be inferred by the -length of rsa_n. - -The agent will delete any private key matching the specified public key -and return SSH_AGENT_SUCCESS. If no such key was found, the agent will -return SSH_AGENT_FAILURE. - -2.4.2 Removing a protocol 2 key - -Protocol 2 keys may be removed with the following request: - - byte SSH2_AGENTC_REMOVE_IDENTITY - string key_blob - -Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key -Algorithms" for any of the supported protocol 2 key types. - -The agent will delete any private key matching the specified public key -and return SSH_AGENT_SUCCESS. If no such key was found, the agent will -return SSH_AGENT_FAILURE. - -2.4.3 Removing keys loaded from a smartcard - -A client may request that a server remove one or more smartcard-hosted -keys using this message: - - byte SSH_AGENTC_REMOVE_SMARTCARD_KEY - string reader_id - string pin - -"reader_id" the an identifier to a smartcard reader and "pin" is a PIN -or passphrase used to unlock the private key(s) on the device. - -When this message is received, and if the agent supports -smartcard-hosted keys, it will delete all keys that are hosted on the -specified smartcard that may be accessed with the given "pin". - -The agent will reply with a SSH_AGENT_SUCCESS if one or more keys have -been successfully removed or a SSH_AGENT_FAILURE if an error occurred. -The agent will also return SSH_AGENT_FAILURE if it does not support -smartcards. - -2.5 Requesting a list of known keys - -An agent may be requested to list which keys it holds. Different -requests exist for protocol 1 and protocol 2 keys. - -2.5.1 Requesting a list of protocol 1 keys - -To request a list of protocol 1 keys that are held in the agent, a -client may send the following message: - - byte SSH_AGENTC_REQUEST_RSA_IDENTITIES - -The agent will reply with the following message: - - byte SSH_AGENT_RSA_IDENTITIES_ANSWER - uint32 num_keys - -Followed by zero or more consecutive keys, encoded as: - - uint32 bits - mpint1 rsa_e - mpint1 rsa_n - string key_comment - -2.5.2 Requesting a list of protocol 2 keys - -A client may send the following message to request a list of -protocol 2 keys that are stored in the agent: - - byte SSH2_AGENTC_REQUEST_IDENTITIES - -The agent will reply with the following message header: - - byte SSH2_AGENT_IDENTITIES_ANSWER - uint32 num_keys - -Followed by zero or more consecutive keys, encoded as: - - string key_blob - string key_comment - -Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key -Algorithms" for any of the supported protocol 2 key types. - -2.6 Private key operations - -The purpose of the agent is to perform private key operations, such as -signing and encryption without requiring a passphrase to unlock the -key and without allowing the private key itself to be exposed. There -are separate requests for the protocol 1 and protocol 2 private key -operations. - -2.6.1 Protocol 1 private key challenge - -The private key operation used in version 1 of the SSH protocol is -decrypting a challenge that has been encrypted with a public key. -It may be requested using this message: - - byte SSH_AGENTC_RSA_CHALLENGE - uint32 ignored - mpint1 rsa_e - mpint1 rsa_n - mpint1 encrypted_challenge - byte[16] session_id - uint32 response_type /* must be 1 */ - -"rsa_e" and "rsa_n" are used to identify which private key to use. -"encrypted_challenge" is a challenge blob that has (presumably) -been encrypted with the public key and must be in the range -1 <= encrypted_challenge < 2^256. "session_id" is the SSH protocol 1 -session ID (computed from the server host key, the server semi-ephemeral -key and the session cookie). - -"ignored" and "response_type" exist for compatibility with legacy -implementations. "response_type" must be equal to 1; other response -types are not supported. - -On receiving this request, the server decrypts the "encrypted_challenge" -using the private key matching the supplied (rsa_e, rsa_n) values. For -the response derivation, the decrypted challenge is represented as an -unsigned, big-endian integer encoded in a 32 byte buffer (i.e. values -smaller than 2^248 will have leading 0 bytes). - -The response value is then calculated as: - - response = MD5(decrypted_challenge || session_id) - -and returned in the following message - - byte SSH_AGENT_RSA_RESPONSE - byte[16] response - -If the agent cannot find the key specified by the supplied (rsa_e, -rsa_n) then it will return SSH_AGENT_FAILURE. - -2.6.2 Protocol 2 private key signature request - -A client may use the following message to request signing of data using -a protocol 2 key: - - byte SSH2_AGENTC_SIGN_REQUEST - string key_blob - string data - uint32 flags - -Where "key_blob" is encoded as per RFC 4253 section 6.6 "Public Key -Algorithms" for any of the supported protocol 2 key types. "flags" is -a bit-mask, but at present only one possible value is defined (see below -for its meaning): - - SSH_AGENT_OLD_SIGNATURE 1 - -Upon receiving this request, the agent will look up the private key that -corresponds to the public key contained in key_blob. It will use this -private key to sign the "data" and produce a signature blob using the -key type-specific method described in RFC 4253 section 6.6 "Public Key -Algorithms". - -An exception to this is for "ssh-dss" keys where the "flags" word -contains the value SSH_AGENT_OLD_SIGNATURE. In this case, a legacy -signature encoding is used in lieu of the standard one. In this case, -the DSA signature blob is encoded as: - - byte[40] signature - -The signature will be returned in the response message: - - byte SSH2_AGENT_SIGN_RESPONSE - string signature_blob - -If the agent cannot find the key specified by the supplied key_blob then -it will return SSH_AGENT_FAILURE. - -2.7 Locking or unlocking an agent - -The agent supports temporary locking with a passphrase to suspend -processing of sensitive operations until it has been unlocked with the -same passphrase. To lock an agent, a client send the following request: - - byte SSH_AGENTC_LOCK - string passphrase - -Upon receipt of this message and if the agent is not already locked, -it will suspend processing requests and return a SSH_AGENT_SUCCESS -reply. If the agent is already locked, it will return SSH_AGENT_FAILURE. - -While locked, the agent will refuse all requests except -SSH_AGENTC_UNLOCK, SSH_AGENTC_REQUEST_RSA_IDENTITIES and -SSH2_AGENTC_REQUEST_IDENTITIES. The "request identities" requests are -treated specially by a locked agent: it will always return an empty list -of keys. - -To unlock an agent, a client may request: - - byte SSH_AGENTC_UNLOCK - string passphrase - -If the passphrase matches and the agent is locked, then it will resume -processing all requests and return SSH_AGENT_SUCCESS. If the agent -is not locked or the passphrase does not match then it will return -SSH_AGENT_FAILURE. - -Locking and unlocking affects both protocol 1 and protocol 2 keys. - -3. Protocol message numbers - -3.1 Requests from client to agent for protocol 1 key operations - - SSH_AGENTC_REQUEST_RSA_IDENTITIES 1 - SSH_AGENTC_RSA_CHALLENGE 3 - SSH_AGENTC_ADD_RSA_IDENTITY 7 - SSH_AGENTC_REMOVE_RSA_IDENTITY 8 - SSH_AGENTC_REMOVE_ALL_RSA_IDENTITIES 9 - SSH_AGENTC_ADD_RSA_ID_CONSTRAINED 24 - -3.2 Requests from client to agent for protocol 2 key operations - - SSH2_AGENTC_REQUEST_IDENTITIES 11 - SSH2_AGENTC_SIGN_REQUEST 13 - SSH2_AGENTC_ADD_IDENTITY 17 - SSH2_AGENTC_REMOVE_IDENTITY 18 - SSH2_AGENTC_REMOVE_ALL_IDENTITIES 19 - SSH2_AGENTC_ADD_ID_CONSTRAINED 25 - -3.3 Key-type independent requests from client to agent - - SSH_AGENTC_ADD_SMARTCARD_KEY 20 - SSH_AGENTC_REMOVE_SMARTCARD_KEY 21 - SSH_AGENTC_LOCK 22 - SSH_AGENTC_UNLOCK 23 - SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26 - -3.4 Generic replies from agent to client - - SSH_AGENT_FAILURE 5 - SSH_AGENT_SUCCESS 6 - -3.5 Replies from agent to client for protocol 1 key operations - - SSH_AGENT_RSA_IDENTITIES_ANSWER 2 - SSH_AGENT_RSA_RESPONSE 4 - -3.6 Replies from agent to client for protocol 2 key operations - - SSH2_AGENT_IDENTITIES_ANSWER 12 - SSH2_AGENT_SIGN_RESPONSE 14 - -3.7 Key constraint identifiers - - SSH_AGENT_CONSTRAIN_LIFETIME 1 - SSH_AGENT_CONSTRAIN_CONFIRM 2 - -$OpenBSD: PROTOCOL.agent,v 1.7 2013/01/02 00:33:49 djm Exp $ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/agent/agent b/Godeps/_workspace/src/github.com/docker/libtrust/agent/agent deleted file mode 100644 index c05255c11a..0000000000 Binary files a/Godeps/_workspace/src/github.com/docker/libtrust/agent/agent and /dev/null differ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/agent/agent.go b/Godeps/_workspace/src/github.com/docker/libtrust/agent/agent.go deleted file mode 100644 index 1af92ac869..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/agent/agent.go +++ /dev/null @@ -1,31 +0,0 @@ -package main - -import ( - "code.google.com/p/go.crypto/ssh/agent" - "log" - "net" - "os" -) - -func main() { - c, err := net.Dial("unix", os.Getenv("SSH_AUTH_SOCK")) - if err != nil { - log.Fatal(err) - } - defer c.Close() - - agent := agent.NewClient(c) - - log.Println("Listing agent keys") - - log.Println("SSH") - keys, err := agent.List() - if err != nil { - log.Fatalf("Error listing keys: %s", err) - } - for _, k := range keys { - log.Printf("Key: %s", k.String()) - log.Printf("Type: %s", k.Type()) - } - -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/b2d b/Godeps/_workspace/src/github.com/docker/libtrust/b2d/b2d deleted file mode 100644 index 1b47df8579..0000000000 Binary files a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/b2d and /dev/null differ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/ca-key.pem b/Godeps/_workspace/src/github.com/docker/libtrust/b2d/ca-key.pem deleted file mode 100644 index c4cbdd819a..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/ca-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAttE00a4G72DrFCOUhxlfxpTGCoIapwXlaTD3xUqNsjEPIkBg -4egRWIfLNThA89SaFoe0nAHzpvmVzDzLqiV1dlQZG9NQjudmAu/lRBTp26MLQgT9 -yl7xFthyTOmkkysTwyS300DXrMjew9rjd7hc4qqxTorLI47lZtZPxdGh+jProOKW -KnVJfXw3hfRkp9Y3TAarhcV8brRdlzoroWgxPEiZETRrAkGD+o4DmJozOPoL6L05 -ZAQ6PIY5IQ+oy0h9rkZ7hwAyUdqzod4EogD9mIAp4UrMQemYgMkxPGwSKHN/1KjU -70AcKDayNti8/sGbBig8w35Ju7YuJKWPDBiEFQIDAQABAoIBAAGZ53qGqazjDmwI -u75LLJmSqAFjjlQ0KwQ215S0yHTtFRLZuX+BBtXdqpv2uCrqi8byvVQ4eCfYO8Wk -Kqx804CL0AR8X1JBGJWiAEIOZNX1oZ2caZSiLD5k+utNiJF5aRzmb228PadXwwu4 -GRHtXXLmx9LGSG0xTTUPX3d+FIsacYTuukgp73JF2YhNl1N1ThwCZINcYjyfOBHK -geDisw8yLIKLb5QCrMKWl1kS3Z6104JfBq00sjm3Yi7JjPfObepP9HXvUB8p0J6d -QYeHnqqqr2AkUiUBNXSt6GaxW0Mc5E/mnVzPa+jrKlIe2bmmQZt/lHJZsLT6F4Q0 -OUdA2cECgYEAz6R7/B0VTLX4PdZ15vU4ao5bSxu3Gxe3IxVB1+PQLJklpBCc6npk -akrrt3STYgiWG+Dcz3cD3SKVs9oei5t8s2Db83XVfsBRNFFf9GIVncNc1ia+cJ7/ -PDcLmmY1U0oByJr4xoyA4wYARuxS5MP3PljFoDCeaU4APX8GQgBgc7kCgYEA4WSn -LNUVPAR8CMf3926LQsnu7z3y6HkgmX/txUspb7ji3X1+eL/yKhIKsDFPppAUc/Tn -+W6ef7RtcZPFhA1HAiqvwvzAh6YUvnQ6NVzXqb1X73Ub1wf/kBK4pbuP9trOvR2f -b95iIq6qt22uDYaeGBqR6VDOdRe5Sbavlmv++T0CgYEAjE2NRWZ1bPcMPOR7mEqc -C0wTneWlTRYyNe94JSOXF3uH9psPHFUFItlq+vQ3XieFHmNLcJfvsW1cEEHTH+w5 -T4+kL5awYswaUqqllqDsEETgpwdY6QpWVl6vZW2onJXGLMGiVa68rCny5/lpbZCI -sMUVDE+tymPdP7BkDxboFWkCgYEAwmf9pba41QaNMUnBgGKRrW7dLu+A57EqRBvK -qwR0Xg/bZe2LO31b05uyKlyt9d2KNqYDu+oEveOTDobFs2t8VssYxJcbPSUr+UXo -uwQ0ZAyTn0+kTqlwbgUnzJNlzibWcNnvHh9zB7UePI5WtQXqsKGiPtra6LYotALl -mlnWF4UCgYEAjFJG9KRuIUe9IzXI2XxA22/seaji9qy7/ojHHlo9iwQeb/OPJyp4 -sCHS/qiMAfMU6r7OyOfnI51TsP3gr92/VKo/RoXn3mxCjFUXe3sIxsArOZ8f38DM -ww46KDGHFemUCeycnbjoZcnqO1V8Vdj6FFENPuq0UxS7NW+4dcxlfJE= ------END RSA PRIVATE KEY----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/ca.pem b/Godeps/_workspace/src/github.com/docker/libtrust/b2d/ca.pem deleted file mode 100644 index eeb4d5f8c4..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/ca.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC1jCCAcCgAwIBAgIRAOH/6qnnXARR27iWmrzfGAAwCwYJKoZIhvcNAQEFMBYx -FDASBgNVBAoTC0Jvb3QyRG9ja2VyMB4XDTE0MDgwNTA3MDc1NFoXDTE3MDcyMDA3 -MDc1NFowFjEUMBIGA1UEChMLQm9vdDJEb2NrZXIwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQC20TTRrgbvYOsUI5SHGV/GlMYKghqnBeVpMPfFSo2yMQ8i -QGDh6BFYh8s1OEDz1JoWh7ScAfOm+ZXMPMuqJXV2VBkb01CO52YC7+VEFOnbowtC -BP3KXvEW2HJM6aSTKxPDJLfTQNesyN7D2uN3uFziqrFOissjjuVm1k/F0aH6M+ug -4pYqdUl9fDeF9GSn1jdMBquFxXxutF2XOiuhaDE8SJkRNGsCQYP6jgOYmjM4+gvo -vTlkBDo8hjkhD6jLSH2uRnuHADJR2rOh3gSiAP2YgCnhSsxB6ZiAyTE8bBIoc3/U -qNTvQBwoNrI22Lz+wZsGKDzDfkm7ti4kpY8MGIQVAgMBAAGjIzAhMA4GA1UdDwEB -/wQEAwIApDAPBgNVHRMBAf8EBTADAQH/MAsGCSqGSIb3DQEBBQOCAQEAqtoYLEuU -unbLo48zOHVSit3tIAnZ775HDy1WWK7zL1AzbB0WwT1nrB+SzR8lGzYmmPJB8sCH -rHBPpCF8MNqpZI8NOkS4ZcLF+WJhcZRnIsSz64lzFQThu2rAK7fhheAo3ONZYAYJ -DkZZrF7IMH3vMaQGZESBKuYiTstz+xMRTXxDQdgdpKZ1q2XB9wBeHLu6HRSh0cR4 -0Ehs+NCFj50JkgzrxdXgSOlrSk2Icztb1MH89CuRPZNEbJbd1cU/kekxtkLzDtmX -Kai2FoHdonB1m5IfBJ7n2h5sexs73Qymohc4W81OZivdB/I+OixMjbc3Pn65KmWA -foD/K4Atw1090w== ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/cert.pem b/Godeps/_workspace/src/github.com/docker/libtrust/b2d/cert.pem deleted file mode 100644 index 1571c2aa12..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/cert.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC+DCCAeKgAwIBAgIQHxTMkfKCDjxUR1lji0Hs/TALBgkqhkiG9w0BAQUwFjEU -MBIGA1UEChMLQm9vdDJEb2NrZXIwHhcNMTQwODA1MDYwMTU0WhcNMTcwNzIwMDYw -MTU0WjAWMRQwEgYDVQQKEwtCb290MkRvY2tlcjCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBALgW92LOxgrH59EoMJTsBDuKp2w2vOaY+WT4UduqxWTtPaQv -aeGmK4/1T562prRIG/dH9IR/wYR3fYXKUkcHP6FaPTUnGEhUcnjg8vFMwoYnGLUo -nCBK0HiZMPKkjnWzkiVJgdpQt3pLIRAomT0ehtP6LfMsrJoof8MCI+anu450hV/6 -VATtmxy8FnivfiLFlroolPXKp5kQck7nJBhsIOY4BDT8qgehGXtpJuqZaBrhCY2S -7sAzIZtemWYFQNvwJDsMmsMNBMur4SwA/kST0kTlczH2vI423CeTa2PsrZmoFQvt -whohfdLTH1Ul3bbtCPnDD2StkqUs9/JTigyEaj8CAwEAAaNGMEQwDgYDVR0PAQH/ -BAQDAgCgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAwDwYDVR0R -BAgwBocEfwAAATALBgkqhkiG9w0BAQUDggEBAISM38fkqTAg5lP/fpgW6vmNNW+U -VeQ/ZlXwQxzu+gmIli+PgPy/QM98xxs+SR3NwWTlh5yHDKHYPbmc1FRV5q8U1zvf -DqDmyDEQTMCwWMOBRKwfGcmzV4WlZvxR96XQEpo0zfP61eMo7ditRraDD1PMBNGv -4QqGJADKKHfqm53eS1tzd0MSBteah59OYLzF0hjXT/NL9P00XaotRznFmsjmura6 -0Xs6EKrudPTAdfCWBwundclq7d9BofU8/kBKwE8J7zCI6KA3fpGMutMojVIopIFO -Bowka1TKV+2+8Nt1gqIvpvlX4E119BemIA/m9uZiSdYahffHniKBFiXsr8Y= ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/client-key.pem b/Godeps/_workspace/src/github.com/docker/libtrust/b2d/client-key.pem deleted file mode 100644 index 22f22086d6..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/client-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAvv7GjStV0fiOc1wf1hm2B3YGwTp6W0gCpYpOqEotetVOBf5c -/9qbn4ihOZJK2GY69z6SchttmAL87EfhzFQjDifv0skjKHJkspyi80OJYeM+Tlj8 -4kHI3WXkD9K9UPO3JGkeNrTjOKIXbcQDOgYkDl6wYW6bdSIEyjxQ4+0jTZX0wYD4 -anSNJJXYA9UWq8B0GiwIrRF1378AjZzGyOuBhw1nj6AfAgsgVmNPu+Dh/5nteKEe -HVz+iUOsiUmzZQ/4y+XxyFqe00+6gzF7dN18cRLatj9ifIsiSyEZUeF0vsqKyzG4 -HVG9o2R5uZoBOvyNMpUlxv9dVaSqCjHB3rELmwIDAQABAoIBAQCS6072lug8TXPe -v3Xp7vs8QAkwKHiosPsANiUNhYn4nA6Zw7HsSlA95w8GR0d1sSYYvLRQPFMQhPPk -GeNSl0IkCIqN3ZVC7sQRNTaP5FrQxspN4Fwe+7W0wUUu+tAQbnlp88Z/FKRZEy7s -i8RjpQelWidZu4iwEMwYeU9MFUV7ztK5U+9NScu8d4svVbqZuBDrZiofBD++MYN4 -SvIzXCku+r67W2nN1a94/87MWGTUr8oGWbkvRIJ/23ifnvL7cQeqJ08VPr8BIj5w -4su14xpITXEH02WpgTruEDrk2DO6wfoqAGJ/fZHRkDVIFSXd5miwurKQmL1Iursk -FU98mPsBAoGBAOldZ9HDFX69+XGW4u80qkkaCHGrrKRDSHA1HfNEOu1nhyMD1vXW -8xwOJ5H8yBrEMTSP2N8bdeEp8m/aKuleUpzIjxNyIbiw0m4v3p+lpbgEVKfC8L/B -umU4HtRYgujvOfUFWEnvonQh9k1J/N5Ym93xXgs4WXzRG2ABeEmlsjGBAoGBANGF -Ti2MdQYXf51Hgsw9oADiyEimbw6wEsLvK1sSA+lscTCyBdZyD+5PntnC5jcUtg1p -moVFxHkyatVE3TffchTwjPgKAv0zKh3e6w9mJhRd1c9vNaTiIqPr0MyaftrZ1tSH -DnAK8Lisd3zODaVawbPyOBPFfUnqWzYqIsPpWVMbAoGBAJOuWr8yV+4HR06NEDwU -9hag9OsKm4ywT61C0Btc+HW46JpOGcEmMF92za/jarcVpZX/2l0GwcimhRgn1rQs -ztcNTQ4fUhvROrokbRxW9dLIWtJ32WdgsBbSNyBmiyHiEqluonrXvdUEkRxEUFRd -evYvgzZSiL8mjc5p37ertmMBAoGAWAuAsrtXYdv2EI3AdTtgRX8HUyA9gxqSh8Ah -o/+KDUk4t5HXyincb/SdeDziqTrW1gQOnvqWeaeqJTzvCU+ojQwY8RKj9urNRAgt -FyeB0QUtmCHPlR5CGEg8Uf6KWEU6dczbUFIInlI7VALy0Q22YHvk/Mn8wFbvRW+n -dFRW6QkCgYEAtOoFUZSlJkU6LleX+M7dS6Jbd44SbCb+acirbl6eHKxEDLL2+MRM -qZui45SqnCFnyWo8cgW4xqFeJVGoeTDFZK65Qup1IsBlrPODmTes5cSMPGdZ3brG -BVCVcmuygGkMC/tGOmydVStZx0Spt0va96p/Na2x4akdscZKVTCCap4= ------END RSA PRIVATE KEY----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/client.pem b/Godeps/_workspace/src/github.com/docker/libtrust/b2d/client.pem deleted file mode 100644 index fd77418753..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/client.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC4DCCAcqgAwIBAgIRAJ6X6zjqpxM03GqlIXCYtpIwCwYJKoZIhvcNAQEFMBYx -FDASBgNVBAoTC0Jvb3QyRG9ja2VyMB4XDTE0MDgwNTA3MDc1OFoXDTE3MDcyMDA3 -MDc1OFowFjEUMBIGA1UEChMLQm9vdDJEb2NrZXIwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQC+/saNK1XR+I5zXB/WGbYHdgbBOnpbSAKlik6oSi161U4F -/lz/2pufiKE5kkrYZjr3PpJyG22YAvzsR+HMVCMOJ+/SySMocmSynKLzQ4lh4z5O -WPziQcjdZeQP0r1Q87ckaR42tOM4ohdtxAM6BiQOXrBhbpt1IgTKPFDj7SNNlfTB -gPhqdI0kldgD1RarwHQaLAitEXXfvwCNnMbI64GHDWePoB8CCyBWY0+74OH/me14 -oR4dXP6JQ6yJSbNlD/jL5fHIWp7TT7qDMXt03XxxEtq2P2J8iyJLIRlR4XS+yorL -MbgdUb2jZHm5mgE6/I0ylSXG/11VpKoKMcHesQubAgMBAAGjLTArMA4GA1UdDwEB -/wQEAwIAoDAMBgNVHRMBAf8EAjAAMAsGA1UdEQQEMAKCADALBgkqhkiG9w0BAQUD -ggEBAKXqTtDj/F2AJj55trGsk/fc3LtYTOeq0I9JB45hNOjpixpBdsS1VxkxdTM5 -3wgUVEUyjQzBWtSBO5jRrDjOHsXqtqh83+Jh+GwUAf3mncGSss7JJ78kYe4zBxSi -tgMc3KUi82ppoeiB0xsaEXfBRf6U+wJNVATpabJPeveMhaRVAd9gE5aLWrkZ09+b -wR5y4YXZ0LncqWYnq03BAPn0eTDWgzJvXaSSyE9wFF847T9XRicwzsgTNXzqb4PU -5s23GHfkIIv6PQzOUSpYTyCVWBdOk2qnhyUkeYCX+ZfwvJlb2NIwQjMwaysX6ZdJ -T2q+prcDXnzOhwpsqUbTOD8RxOM= ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/generate_cert.go b/Godeps/_workspace/src/github.com/docker/libtrust/b2d/generate_cert.go deleted file mode 100644 index 7bbcfd3061..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/generate_cert.go +++ /dev/null @@ -1,173 +0,0 @@ -// Usage: -// Generate CA -// ./generate_cert --cert ca.pem --key ca-key.pem -// Generate signed certificate -// ./generate_cert --host 127.0.0.1 --cert cert.pem --key key.pem --ca ca.pem --ca-key ca-key.pem - -package main - -import ( - "crypto/rand" - "crypto/rsa" - "crypto/tls" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "flag" - "log" - "math/big" - "net" - "os" - "strings" - "time" -) - -var ( - host = flag.String("host", "", "Comma-separated hostnames and IPs to generate a certificate for") - certFile = flag.String("cert", "", "Output file for certificate") - keyFile = flag.String("key", "", "Output file for key") - ca = flag.String("ca", "", "Certificate authority file to sign with") - caKey = flag.String("ca-key", "", "Certificate authority key file to sign with") -) - -const ( - RSABITS = 2048 - VALIDFOR = 1080 * 24 * time.Hour - ORG = "Boot2Docker" -) - -func main() { - flag.Parse() - - if *certFile == "" { - log.Fatalf("Missing required parameter: --cert") - } - - if *keyFile == "" { - log.Fatalf("Missing required parameter: --key") - } - - if *ca == "" { - if *caKey != "" { - log.Fatalf("Must provide both --ca and --ca-key") - } - if err := GenerateCA(*certFile, *keyFile); err != nil { - log.Fatalf("Failured to generate CA: %s", err) - } - } else { - if err := GenerateCert(strings.Split(*host, ","), *certFile, *keyFile, *ca, *caKey); err != nil { - log.Fatalf("Failured to generate cert: %s", err) - } - } -} - -// newCertificate creates a new template -func newCertificate() *x509.Certificate { - notBefore := time.Now() - notAfter := notBefore.Add(time.Hour * 24 * 1080) - - serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) - serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) - if err != nil { - log.Fatalf("failed to generate serial number: %s", err) - } - - return &x509.Certificate{ - SerialNumber: serialNumber, - Subject: pkix.Name{ - Organization: []string{ORG}, - }, - NotBefore: notBefore, - NotAfter: notAfter, - - KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, - //ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, - BasicConstraintsValid: true, - } -} - -// GenerateCA generates a new certificate authority -// and stores the resulting certificate and key file -// in the arguments. -func GenerateCA(certFile, keyFile string) error { - template := newCertificate() - template.IsCA = true - template.KeyUsage |= x509.KeyUsageCertSign - - priv, err := rsa.GenerateKey(rand.Reader, RSABITS) - if err != nil { - return err - } - - derBytes, err := x509.CreateCertificate(rand.Reader, template, template, &priv.PublicKey, priv) - if err != nil { - return err - } - - certOut, err := os.Create(certFile) - if err != nil { - return err - } - pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) - certOut.Close() - - keyOut, err := os.OpenFile(keyFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) - if err != nil { - return err - } - pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) - keyOut.Close() - - return nil -} - -// GenerateCert generates a new certificate signed using the provided -// certificate authority files and stores the result in the certificate -// file and key provided. The provided host names are set to the -// appropriate certificate fields. -func GenerateCert(hosts []string, certFile, keyFile, caFile, caKeyFile string) error { - template := newCertificate() - for _, h := range hosts { - if ip := net.ParseIP(h); ip != nil { - template.IPAddresses = append(template.IPAddresses, ip) - } else { - template.DNSNames = append(template.DNSNames, h) - } - } - - tlsCert, err := tls.LoadX509KeyPair(caFile, caKeyFile) - if err != nil { - return err - } - - priv, err := rsa.GenerateKey(rand.Reader, RSABITS) - if err != nil { - return err - } - - x509Cert, err := x509.ParseCertificate(tlsCert.Certificate[0]) - if err != nil { - return err - } - - derBytes, err := x509.CreateCertificate(rand.Reader, template, x509Cert, &priv.PublicKey, tlsCert.PrivateKey) - if err != nil { - return err - } - - certOut, err := os.Create(certFile) - if err != nil { - return err - } - pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) - certOut.Close() - - keyOut, err := os.OpenFile(keyFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) - if err != nil { - return err - } - pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) - keyOut.Close() - - return nil -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/key.pem b/Godeps/_workspace/src/github.com/docker/libtrust/b2d/key.pem deleted file mode 100644 index 3c3ffaeeba..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAuBb3Ys7GCsfn0SgwlOwEO4qnbDa85pj5ZPhR26rFZO09pC9p -4aYrj/VPnramtEgb90f0hH/BhHd9hcpSRwc/oVo9NScYSFRyeODy8UzChicYtSic -IErQeJkw8qSOdbOSJUmB2lC3ekshECiZPR6G0/ot8yysmih/wwIj5qe7jnSFX/pU -BO2bHLwWeK9+IsWWuiiU9cqnmRByTuckGGwg5jgENPyqB6EZe2km6ploGuEJjZLu -wDMhm16ZZgVA2/AkOwyaww0Ey6vhLAD+RJPSROVzMfa8jjbcJ5NrY+ytmagVC+3C -GiF90tMfVSXdtu0I+cMPZK2SpSz38lOKDIRqPwIDAQABAoIBAC6B9tvqm1Pr7yAD -RErLWcJlJCkNpymm6hLdPWj+usHlwdXx+JD+dzD2a7gQMwuG0DHn5tl2oUBDI94i -ICk7ppKwBpigGN1lIEpzokzd9KMJy48xBEiQPhzJrvkOI8OOq1RqPrkV/VSTGHZJ -m3U6ehuhr+wolC6aHrT4nHNQWu0BCqnLqbiwo1cDfH8bgKD+EF6uRZHuZOITFkY2 -rMhhI/gkVwVjDbyyJhIDALUkV3ovpZ4L+P9+8XJd7s6Y8gZjI9Ti2z8X2sUny4NS -zbLuWYOaeHdFuGzTvFf48YNnB1sf8R/f/n3DkgDos+FkPLmTO0MNnXPmBB3R+B6R -KzuLdikCgYEA85rRBuUsp3rNxxck4rNYIVg4/TcGUcQ959MrSadnB8QOJdBGUash -XitPzHaAMYwsFAyb36qdhGtmqTQHtjYIl6alehN5g1g/clFceFu4riocdd/KKvVe -qe6GagJx8BVDR8Oon61CRbi4/0LhYYfbf4ezN1PKbxlkfa5WMDtoH3MCgYEAwXTo -7RH8ue9J5cSmtImX9Q3YVZy4gooYp4/teFX+da7cT2RbAsDoxFMY9Ka0ORHOFl1c -74UIlqB2VdUhitgLWuqLhcaFFPyTbsJsuKi8RcP7sAA1YviweOsehBq7zpmaR7oF -Ldb8It2W37PjIt1C2M5muyztd5FRLP63c5CnvwUCgYAK17g4C1lKdw/TrbcJlBv3 -F/spYhqY5xguSlrh416VnOdYTYXjuq84hsr9ecTI78lCdzE06l4qd7FRFKzHMm59 -eYBiB53f97yTNQXdoY99yQgNQxG3icZV3/UBoOw7WGbvOck2mjqZ6dfqHKr1cVuW -uI6Ehuk6urGbWnghm3NN+wKBgQCkuSJYMleqDnkyvsZftUUBcP+CrkZhSKsDikbe -jwJzPCf1JfNkndPUzxjRwFx2t5Vub6Lhg7ozX4BDR44fBiRtDocsqkPJAeObjMs8 -VNiy4tSdISBUHINPAoxiWc0OdrXqWxdr18GrAlkkM6y0lAgGSYEp4XB1vfOLx3t3 -WHWs7QKBgQCkTGUse1vFTfCzA5rTFzBWJM7bdaUCIymU2BQPbRFSgdx3kKbmnrab -fOLOaVxMWAOAJ7PF1LlOyUlesLEJzqO+pYgRgnG3d6qz99Ytz3sk7uzVr3n/Ic68 -TwYlXLHGQmP7OyR2tMPVI0rSb5g5lbRdCOqMbHN+6ce10KcibdBF/g== ------END RSA PRIVATE KEY----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/server-key.pem b/Godeps/_workspace/src/github.com/docker/libtrust/b2d/server-key.pem deleted file mode 100644 index 8748e4d3ae..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/server-key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAqS5MaKMuR9OWhPbGw/tc1JmJgtEtNp5dSx5hlPEkSY8dsi5Z -uFZvCqYK7uaNUlap4/ytlFDIozOnZs+MrgcM5Ek/nPNtol+pts777H3Xo3oChRnc -X1/JXQ1tdVTT//LvUJmtkg6V6+iORuMnTMpia+Sl+7cgdW3EElfzPMY8J9RIUPBE -NyedJyp3K+RM/m+KOzmYqkHcrKhhblbjLOr5a0zu+D8ilCG87QDAUUf1gbXOUi/S -CYH/9v20sUbPqHr8Z1wuJLeNvKPFrdC2+mtJyhqyMaH7tgsyKOmqeHxQlkNbril2 -tvZRAzqaTDDYMfJDKAwEk345CJW1avkk6GBc2wIDAQABAoIBAHJGn74eW2iQ958g -weono/DHNSdz+8Jk/kd7YhalPAmj7j8pJ9loKOFcfw4YFWWEvIUPbIA+gQgcH/tG -PpRelsqs35c4ptmDHLQq4+g+qKX4CDO34C9cGDwOkd0rS3gbtKMQ6zk5OPN8xn4D -ecxY+FpAvA1nCTnIxyRM3DQ1AvUzSe+UpLtdc/vliCJiFVpAtpok6fVo/Cxevf51 -dU1BIgZcJjsmro2/GR7e7l4c0C+ZHV0Perkdfw1fqZvpj0u3ca1dfwuWUVGc7VYf -v7D5aFH8tw5bGHdM2ajPn3mpgJ+BNuIOdG1ipiUmrv4NoWNmyd2on9+Jy+2tILOx -dcPKqwECgYEAz5/Y6qUuhp+23t4hynbD1YCX4RZtwtuqUef7BxeaRSocQrK15zlZ -iOYeZe7/F6b/ueuN9q64lQBy8HvtWphNifhaXAW7SVwrzNDnbZWFVaQB7+Srj53u -/sOgEKDgi5LoEUH4aQV1prMyajWNGkBX0lmdGELkyisTvvsu/BN8S/sCgYEA0Jlp -lO0rT5xUsM0EsQvPmgSz3/+bGEgmmNoBt2Fnp7JuVsfJQDujFUvi2tQ2seDbVupc -+LSbPudIUIdPch450IGQSZFLiN7fAePMXIUdUuZ6amHEz6+dtdl+kjlzUmmE7/VP -M/o8A0F0Qkn3LoU6yH8fesJ9p6JCzIpJSJuFfKECgYA0v32Sj4i0dxs0n+ah026J -bXQooVQdb0VkLbWe5aYx8DLh1xlTt0RB/YS3jPKOBcVubKPSii0m3chVxIZWv97j -MI90VZhxWNNf46sIMjZ/vX0of0X+5Lb1Tqn5z4V8sEP5LnN36wUq5tfmF9jTVIl7 -TX0Vztjla/BGUvZq4GBxxQKBgEyXN5QN7OwjK1lrPYDAJG6ZsW3ajRjCTSGsUhsB -8aw6MJc+bd9exkdogJf2eUqglAh6rr5GmgXjp8KhnAL7pCCxocfRSFmt81XfTUbf -PWAV7fanhTr4cUC25elMnNIymjP87yLXizdqzgQU4mQ7WNULEATj6n0lb79oOvYk -3ENhAoGBAKjsl7MDi7WokpshGkEIPTxccefWPPx6wtdvDw1Yy6nrc/4KapsIvRZc -u9r9GBEodxOFbuPKFqsTehpMuSMaWuPhHs6txP3/q1q58rpeqmXD29zcdDTuHJoS -ZKqBPsot328/q38DwqavP9PZsuLQ/M95uXwYR4tnNnbbQwDqn61B ------END RSA PRIVATE KEY----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/server.pem b/Godeps/_workspace/src/github.com/docker/libtrust/b2d/server.pem deleted file mode 100644 index 17c11357ce..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/b2d/server.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC5DCCAc6gAwIBAgIRAL3D43hlFPxMmrICmKJjxn4wCwYJKoZIhvcNAQEFMBYx -FDASBgNVBAoTC0Jvb3QyRG9ja2VyMB4XDTE0MDgwNTA3MTAwM1oXDTE3MDcyMDA3 -MTAwM1owFjEUMBIGA1UEChMLQm9vdDJEb2NrZXIwggEiMA0GCSqGSIb3DQEBAQUA -A4IBDwAwggEKAoIBAQCpLkxooy5H05aE9sbD+1zUmYmC0S02nl1LHmGU8SRJjx2y -Llm4Vm8Kpgru5o1SVqnj/K2UUMijM6dmz4yuBwzkST+c822iX6m2zvvsfdejegKF -GdxfX8ldDW11VNP/8u9Qma2SDpXr6I5G4ydMymJr5KX7tyB1bcQSV/M8xjwn1EhQ -8EQ3J50nKncr5Ez+b4o7OZiqQdysqGFuVuMs6vlrTO74PyKUIbztAMBRR/WBtc5S -L9IJgf/2/bSxRs+oevxnXC4kt428o8Wt0Lb6a0nKGrIxofu2CzIo6ap4fFCWQ1uu -KXa29lEDOppMMNgx8kMoDASTfjkIlbVq+SToYFzbAgMBAAGjMTAvMA4GA1UdDwEB -/wQEAwIAoDAMBgNVHRMBAf8EAjAAMA8GA1UdEQQIMAaHBMCoO2gwCwYJKoZIhvcN -AQEFA4IBAQC0ttuFbfSrzGdDcO/442nfpzQdO9wN0nee5OazHHTZlA+SaQ4VyZoS -LeCdP+rRPIX0qmJ0Bf95nvkL7Mideg6IQsTTWz3e2pfcIdSZ1Gc9Bzx4cGf2yWWt -mwi2uLAbAOKznNh8Ndc45zG614QYo3Cli/p91y+zJyDhS3ucERGCwC9ru+ngHBp4 -KrAfH4AUNRi5JRt0vHn3MXbl8Xmymt5FHeOtEM9iXCFBMtejYcngceOz8bRPXke2 -86TExl86jIHjAItEqydANhG7wNIylNOdXGCgQ4yQX1ImNiY2I4n7FeLh8vu8nCbR -zwPv/s2m4xsr4ilA6xLq9Ur8K7FK4Q4a ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/chainsign b/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/chainsign deleted file mode 100644 index e9284e8414..0000000000 Binary files a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/chainsign and /dev/null differ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/ca.pem b/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/ca.pem deleted file mode 100644 index 1b19e6bc7c..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/ca.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBNTCB3KADAgECAgEAMAoGCCqGSM49BAMCMBIxEDAOBgNVBAMTB0NBIFJvb3Qw -HhcNMTQwOTIyMTYzNzU4WhcNMTQwOTI5MTYzNzU5WjASMRAwDgYDVQQDEwdDQSBS -b290MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEaS6UJn72kZaD1U1+9wXVFtk/ -lqSOzq+snB6qslXpLE2C+6N1NjDoivZ87CPzJt6VYgeS+iZ63+AlH5Uiz+q1SKMj -MCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwID -SAAwRQIhALxyd72Aev/IAvXZpx7TLbLrGMrZGTEMjXMi1Gda9MAFAiA82SUmu3dR -9d0VWY74lOlHsojsoi3keb4PeOMyyFFFaQ== ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/cert.pem b/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/cert.pem deleted file mode 100644 index f9b670a569..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/cert.pem +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBPTCB5KADAgECAgEAMAoGCCqGSM49BAMCMBcxFTATBgNVBAMTDEludGVybWVk -aWF0ZTAeFw0xNDA5MjIxNjM3NThaFw0xNDA5MjkxNjM3NTlaMBUxEzARBgNVBAMT -ClRydXN0IENlcnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASR+jpYA6SPRkq+ -2B9FH23Qrqgsn2ScgfiU73PN9Kgn0xyStp2RHoDhyKoQKU5T1TPOdWxVan3+ljUx -/O/1pKdSoyMwITAOBgNVHQ8BAf8EBAMCAIAwDwYDVR0TAQH/BAUwAwEB/zAKBggq -hkjOPQQDAgNIADBFAiEA2NpSs22EiYwbZlkjcVuAryJlBbnRzYvX7IIkk9fSRYQC -IH4YfZC3tvUWFxc4Spvic2uCHazAu+0Fzjs53OJxwirZ ------END CERTIFICATE----- ---- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/chain.pem b/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/chain.pem deleted file mode 100644 index e274e88453..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/chain.pem +++ /dev/null @@ -1,45 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBPzCB5qADAgECAgEAMAoGCCqGSM49BAMCMBcxFTATBgNVBAMTDEludGVybWVk -aWF0ZTAeFw0xNDA5MjIxNjM3NThaFw0xNDA5MjkxNjM3NTlaMBcxFTATBgNVBAMT -DEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABMac+uvHxGGH -xCisqvN5+ZO6w9Q3BlPXu5r2GVXmo07DX15Dj894S4ByNMo8iluDyqK/8JS/1cq1 -S+Q0CE6yRw6jIzAhMA4GA1UdDwEB/wQEAwIABjAPBgNVHRMBAf8EBTADAQH/MAoG -CCqGSM49BAMCA0gAMEUCIDHx2NPcyo4JiBKFRdCZiLTyncBDJIlWzOhprFbmm914 -AiEAjbxeVHWiO+Q/7nzQXpGzsnszaMdmL1LLSQuTf9MX+bc= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIBPzCB5qADAgECAgEAMAoGCCqGSM49BAMCMBcxFTATBgNVBAMTDEludGVybWVk -aWF0ZTAeFw0xNDA5MjIxNjM3NThaFw0xNDA5MjkxNjM3NTlaMBcxFTATBgNVBAMT -DEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABJJo+KFt18Og -0hbUmxnxBTBHg0FIxlWJMac1iNnqlH6hnPZf1a1uJJm/iNZNPxd+jHh+ZjInvTmU -Fg7DiDXiyuOjIzAhMA4GA1UdDwEB/wQEAwIABjAPBgNVHRMBAf8EBTADAQH/MAoG -CCqGSM49BAMCA0gAMEUCIHGyXQESb6pph5gz4ppgfD4br9F5TYM2/Fap+IK1Jhm1 -AiEAxamUnj4AWIHut2T5R3Xg2tn0q5JDtsB3drZ/MXoMepI= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIBPzCB5qADAgECAgEAMAoGCCqGSM49BAMCMBcxFTATBgNVBAMTDEludGVybWVk -aWF0ZTAeFw0xNDA5MjIxNjM3NThaFw0xNDA5MjkxNjM3NTlaMBcxFTATBgNVBAMT -DEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNIvT/bkf6rm -RYNE5e53izqdm9HHSBXlSFQGWShDrmYmlJbJrzE7gdd6dWMaTi3TzUGJzVcvASNJ -/tkZZW2uMaKjIzAhMA4GA1UdDwEB/wQEAwIABjAPBgNVHRMBAf8EBTADAQH/MAoG -CCqGSM49BAMCA0gAMEUCIQCYu0lvqmvj+99qiyOc/vJWhT/oIKUu+h8dIU3bULt1 -AwIgKiMptAa9IJfXa+VvleIdWpdldJa5g1OvRaP+ANQ/MGA= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIBPjCB5qADAgECAgEAMAoGCCqGSM49BAMCMBcxFTATBgNVBAMTDEludGVybWVk -aWF0ZTAeFw0xNDA5MjIxNjM3NThaFw0xNDA5MjkxNjM3NTlaMBcxFTATBgNVBAMT -DEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABKx0nRr6QlXX -xYLe1+BmJkI3moUdYxJr/6xfhnqJTPhk7UR8/h69BlAX7PE5Cp1j7q4bCoAAdARN -csjpOKn1tpOjIzAhMA4GA1UdDwEB/wQEAwIABjAPBgNVHRMBAf8EBTADAQH/MAoG -CCqGSM49BAMCA0cAMEQCIConoQP4XuaCoobZD3v0t0/WROD/wVDUBu5xILa8sSKe -AiBJCWa8cXi2U6z6cc/RKcRaDOTmL+1Cs38aRUiU/+VCPw== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIBOjCB4aADAgECAgEAMAoGCCqGSM49BAMCMBIxEDAOBgNVBAMTB0NBIFJvb3Qw -HhcNMTQwOTIyMTYzNzU4WhcNMTQwOTI5MTYzNzU5WjAXMRUwEwYDVQQDEwxJbnRl -cm1lZGlhdGUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQsGtLo05ztLyhrzzMu -bziiYR7Y1qxhm6DlV9kaa7DHyuLpNOsEKNkW6gx/9g1AxVfDv2dcuoqnCErawdab -+jgDoyMwITAOBgNVHQ8BAf8EBAMCAAYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjO -PQQDAgNIADBFAiEAy+WumOj7I8iIhQNf+NQfV+LNBBoy4ufeeyaPGcRG3hICIFMW -th+PDs1HgdeQvG1tPP9d7TBfMu7k1lVlCf7KcvKN ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/generatecerts b/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/generatecerts deleted file mode 100644 index 4dc7b9c06d..0000000000 Binary files a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/generatecerts and /dev/null differ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/key.pem b/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/key.pem deleted file mode 100644 index 11628f842c..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/key.pem +++ /dev/null @@ -1,5 +0,0 @@ ------BEGIN EC PRIVATE KEY----- -MHcCAQEEIDmjTNf5Q5kuGCFrfsa60qLUKZDoSuIgS+GKOb9vRWFJoAoGCCqGSM49 -AwEHoUQDQgAEkfo6WAOkj0ZKvtgfRR9t0K6oLJ9knIH4lO9zzfSoJ9MckradkR6A -4ciqEClOU9UzznVsVWp9/pY1Mfzv9aSnUg== ------END EC PRIVATE KEY----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/main.go b/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/main.go deleted file mode 100644 index cde8cf20c3..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/generatecerts/main.go +++ /dev/null @@ -1,161 +0,0 @@ -package main - -import ( - "crypto/rand" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "log" - "math/big" - "os" - "time" - - "github.com/docker/libtrust" -) - -func generateTrustCA() (libtrust.PrivateKey, *x509.Certificate) { - key, err := libtrust.GenerateECP256PrivateKey() - if err != nil { - panic(err) - } - cert := &x509.Certificate{ - SerialNumber: big.NewInt(0), - Subject: pkix.Name{ - CommonName: "CA Root", - }, - NotBefore: time.Now().Add(-time.Second), - NotAfter: time.Now().Add(24 * 7 * time.Hour), - IsCA: true, - KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, - BasicConstraintsValid: true, - } - - certDER, err := x509.CreateCertificate( - rand.Reader, cert, cert, - key.CryptoPublicKey(), key.CryptoPrivateKey(), - ) - if err != nil { - panic(err) - } - - cert, err = x509.ParseCertificate(certDER) - if err != nil { - panic(err) - } - - return key, cert -} - -func generateIntermediate(key libtrust.PublicKey, parentKey libtrust.PrivateKey, parent *x509.Certificate) *x509.Certificate { - cert := &x509.Certificate{ - SerialNumber: big.NewInt(0), - Subject: pkix.Name{ - CommonName: "Intermediate", - }, - NotBefore: time.Now().Add(-time.Second), - NotAfter: time.Now().Add(24 * 7 * time.Hour), - IsCA: true, - KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, - BasicConstraintsValid: true, - } - - certDER, err := x509.CreateCertificate( - rand.Reader, cert, parent, - key.CryptoPublicKey(), parentKey.CryptoPrivateKey(), - ) - if err != nil { - panic(err) - } - - cert, err = x509.ParseCertificate(certDER) - if err != nil { - panic(err) - } - - return cert -} - -func generateTrustCert(key libtrust.PublicKey, parentKey libtrust.PrivateKey, parent *x509.Certificate) *x509.Certificate { - cert := &x509.Certificate{ - SerialNumber: big.NewInt(0), - Subject: pkix.Name{ - CommonName: "Trust Cert", - }, - NotBefore: time.Now().Add(-time.Second), - NotAfter: time.Now().Add(24 * 7 * time.Hour), - IsCA: true, - KeyUsage: x509.KeyUsageDigitalSignature, - BasicConstraintsValid: true, - } - - certDER, err := x509.CreateCertificate( - rand.Reader, cert, parent, - key.CryptoPublicKey(), parentKey.CryptoPrivateKey(), - ) - if err != nil { - panic(err) - } - - cert, err = x509.ParseCertificate(certDER) - if err != nil { - panic(err) - } - - return cert -} - -func generateTrustChain(key libtrust.PrivateKey, ca *x509.Certificate) (libtrust.PrivateKey, []*x509.Certificate) { - parent := ca - parentKey := key - chain := make([]*x509.Certificate, 6) - for i := 5; i > 0; i-- { - intermediatekey, err := libtrust.GenerateECP256PrivateKey() - if err != nil { - panic(err) - } - chain[i] = generateIntermediate(intermediatekey, parentKey, parent) - parent = chain[i] - parentKey = intermediatekey - } - trustKey, err := libtrust.GenerateECP256PrivateKey() - if err != nil { - panic(err) - } - chain[0] = generateTrustCert(trustKey, parentKey, parent) - - return trustKey, chain -} - -func main() { - caKey, caCert := generateTrustCA() - key, chain := generateTrustChain(caKey, caCert) - - caf, err := os.OpenFile("ca.pem", os.O_CREATE|os.O_WRONLY, 0600) - if err != nil { - log.Fatalf("Error opening ca.pem: %s", err) - } - defer caf.Close() - pem.Encode(caf, &pem.Block{Type: "CERTIFICATE", Bytes: caCert.Raw}) - - chainf, err := os.OpenFile("chain.pem", os.O_CREATE|os.O_WRONLY, 0600) - if err != nil { - log.Fatalf("Error opening ca.pem: %s", err) - } - defer chainf.Close() - for _, c := range chain[1:] { - pem.Encode(chainf, &pem.Block{Type: "CERTIFICATE", Bytes: c.Raw}) - } - - certf, err := os.OpenFile("cert.pem", os.O_CREATE|os.O_WRONLY, 0600) - if err != nil { - log.Fatalf("Error opening ca.pem: %s", err) - } - defer certf.Close() - pem.Encode(certf, &pem.Block{Type: "CERTIFICATE", Bytes: chain[0].Raw}) - - err = libtrust.SaveKey("key.pem", key) - if err != nil { - log.Fatalf("Error saving key: %s", err) - } - -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/keys.txt b/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/keys.txt deleted file mode 100644 index 2dfc2cb6b5..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/keys.txt +++ /dev/null @@ -1 +0,0 @@ -LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL derek diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/sign.go b/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/sign.go deleted file mode 100644 index 8c79bdb090..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/chainsign/sign.go +++ /dev/null @@ -1,184 +0,0 @@ -package main - -import ( - "bufio" - "crypto/tls" - "crypto/x509" - "encoding/json" - "errors" - "flag" - "io/ioutil" - "log" - "os" - "strings" - - "github.com/docker/libtrust" -) - -var ca string -var chain string -var cert string -var signKey string -var validKeys string - -func init() { - flag.StringVar(&ca, "ca", "", "Certificate authorities (pem file)") - flag.StringVar(&chain, "chain", "", "Certificate chain to include (pem file)") - flag.StringVar(&cert, "cert", "", "Certificate used to sign") - flag.StringVar(&signKey, "k", "", "Private key to use for signing (pem or JWS file)") - flag.StringVar(&validKeys, "keys", "", "File containing list of valid keys and namespaces") -} - -func LoadValidKeys(filename string) (map[string][]string, error) { - f, err := os.Open(filename) - if err != nil { - return nil, err - } - validKeys := make(map[string][]string) - r := bufio.NewScanner(f) - for r.Scan() { - parts := strings.Split(r.Text(), " ") - if len(parts) < 2 { - return nil, errors.New("Invalid line input: expecting ...") - } - validKeys[parts[0]] = parts[1:] - } - return validKeys, nil -} - -func main() { - flag.Parse() - if ca == "" { - log.Fatal("Missing ca") - } - if chain == "" { - log.Fatalf("Missing chain") - } - if cert == "" { - log.Fatalf("Missing certificate") - } - if signKey == "" { - log.Fatalf("Missing key") - } - if validKeys == "" { - log.Fatalf("Missing valid keys") - } - - caPool, err := libtrust.LoadCertificatePool(ca) - if err != nil { - log.Fatalf("Error loading ca certs: %s", err) - } - - chainCerts, err := libtrust.LoadCertificateBundle(chain) - if err != nil { - log.Fatalf("Error loading chain certificates; %s", err) - } - chainPool := x509.NewCertPool() - for _, cert := range chainCerts { - chainPool.AddCert(cert) - } - - signCert, err := tls.LoadX509KeyPair(cert, signKey) - if err != nil { - log.Fatalf("Error loading key: %s", err) - } - if signCert.Certificate == nil { - log.Fatalf("Signed Cert is empty") - } - - validKeyMap, err := LoadValidKeys(validKeys) - if err != nil { - log.Fatalf("Error loading valid keys: %s", err) - } - - verifyOptions := x509.VerifyOptions{ - Intermediates: chainPool, - Roots: caPool, - } - - parsedCert, err := x509.ParseCertificate(signCert.Certificate[0]) - if err != nil { - log.Fatalf("Error parsing certificate: %s", err) - } - - chains, err := parsedCert.Verify(verifyOptions) - if err != nil { - log.Fatalf("Error verifying certificate: %s", err) - } - if len(chains) == 0 { - log.Fatalf("No verified chains") - } - - content, err := ioutil.ReadAll(os.Stdin) - if err != nil { - log.Fatalf("Error reading content from stdin: %s", err) - } - - sig, err := libtrust.ParsePrettySignature(content, "signatures") - - buildKeys, err := sig.Verify() - if err != nil { - log.Fatalf("Error verifying signatures: %s", err) - } - - type manifest struct { - Name string `json:"name"` - Tag string `json:"tag"` - } - var buildManifest manifest - payload, err := sig.Payload() - if err != nil { - log.Fatalf("Error retrieving payload: %s", err) - } - err = json.Unmarshal(payload, &buildManifest) - if err != nil { - log.Fatalf("Error unmarshalling build manifest: %s", err) - } - - log.Printf("Build keys: %#v", buildKeys) - // Check keys against list of valid keys - var foundKey bool - for _, key := range buildKeys { - keyID := key.KeyID() - log.Printf("Checking key id: %s", keyID) - namespaces, ok := validKeyMap[keyID] - if ok { - for _, namespace := range namespaces { - if namespace == "*" || strings.HasPrefix(buildManifest.Name, namespace) { - foundKey = true - } - } - } - - } - - if !foundKey { - log.Fatalf("No valid key found for build") - } - - verifiedSig, err := libtrust.NewJSONSignature(content) - if err != nil { - log.Fatalf("Error creating JSON signature: %s", err) - } - - privKey, err := libtrust.FromCryptoPrivateKey(signCert.PrivateKey) - if err != nil { - log.Fatalf("Error converting priv key: %s", err) - } - signChain := make([]*x509.Certificate, 1, len(chainCerts)+1) - signChain[0] = parsedCert - err = verifiedSig.SignWithChain(privKey, append(signChain, chainCerts...)) - if err != nil { - log.Fatalf("Error signing with chain: %s", err) - } - - // Output signed content to stdout - out, err := verifiedSig.PrettySignature("verifySignatures") - if err != nil { - log.Fatalf("Error formatting output: %s", err) - } - _, err = os.Stdout.Write(out) - if err != nil { - log.Fatalf("Error writing output: %s", err) - } -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/cover.out b/Godeps/_workspace/src/github.com/docker/libtrust/cover.out deleted file mode 100644 index 098276aee9..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/cover.out +++ /dev/null @@ -1,599 +0,0 @@ -mode: set -github.com/docker/libtrust/jsonsign.go:53.40,57.2 1 1 -github.com/docker/libtrust/jsonsign.go:61.52,63.2 1 0 -github.com/docker/libtrust/jsonsign.go:65.60,72.16 3 1 -github.com/docker/libtrust/jsonsign.go:76.2,76.49 1 1 -github.com/docker/libtrust/jsonsign.go:72.16,74.3 1 0 -github.com/docker/libtrust/jsonsign.go:79.76,85.2 5 1 -github.com/docker/libtrust/jsonsign.go:88.53,90.16 2 1 -github.com/docker/libtrust/jsonsign.go:93.2,94.16 2 1 -github.com/docker/libtrust/jsonsign.go:97.2,98.16 2 1 -github.com/docker/libtrust/jsonsign.go:102.2,114.12 4 1 -github.com/docker/libtrust/jsonsign.go:90.16,92.3 1 0 -github.com/docker/libtrust/jsonsign.go:94.16,96.3 1 0 -github.com/docker/libtrust/jsonsign.go:98.16,100.3 1 0 -github.com/docker/libtrust/jsonsign.go:120.89,127.16 2 1 -github.com/docker/libtrust/jsonsign.go:130.2,131.16 2 1 -github.com/docker/libtrust/jsonsign.go:134.2,135.16 2 1 -github.com/docker/libtrust/jsonsign.go:139.2,144.29 2 1 -github.com/docker/libtrust/jsonsign.go:148.2,156.12 3 1 -github.com/docker/libtrust/jsonsign.go:127.16,129.3 1 0 -github.com/docker/libtrust/jsonsign.go:131.16,133.3 1 0 -github.com/docker/libtrust/jsonsign.go:135.16,137.3 1 0 -github.com/docker/libtrust/jsonsign.go:144.29,146.3 1 1 -github.com/docker/libtrust/jsonsign.go:161.56,163.42 2 1 -github.com/docker/libtrust/jsonsign.go:200.2,200.18 1 1 -github.com/docker/libtrust/jsonsign.go:163.42,165.17 2 1 -github.com/docker/libtrust/jsonsign.go:168.3,169.38 2 1 -github.com/docker/libtrust/jsonsign.go:188.3,189.17 2 1 -github.com/docker/libtrust/jsonsign.go:193.3,194.17 2 1 -github.com/docker/libtrust/jsonsign.go:198.3,198.22 1 1 -github.com/docker/libtrust/jsonsign.go:165.17,167.4 1 0 -github.com/docker/libtrust/jsonsign.go:169.38,171.18 2 0 -github.com/docker/libtrust/jsonsign.go:174.4,175.18 2 0 -github.com/docker/libtrust/jsonsign.go:178.4,179.18 2 0 -github.com/docker/libtrust/jsonsign.go:171.18,173.5 1 0 -github.com/docker/libtrust/jsonsign.go:175.18,177.5 1 0 -github.com/docker/libtrust/jsonsign.go:179.18,181.5 1 0 -github.com/docker/libtrust/jsonsign.go:182.5,182.41 1 1 -github.com/docker/libtrust/jsonsign.go:182.41,184.4 1 1 -github.com/docker/libtrust/jsonsign.go:184.5,186.4 1 0 -github.com/docker/libtrust/jsonsign.go:189.17,191.4 1 0 -github.com/docker/libtrust/jsonsign.go:194.17,196.4 1 0 -github.com/docker/libtrust/jsonsign.go:206.89,208.42 2 1 -github.com/docker/libtrust/jsonsign.go:266.2,266.20 1 1 -github.com/docker/libtrust/jsonsign.go:208.42,210.17 2 1 -github.com/docker/libtrust/jsonsign.go:213.3,214.38 2 1 -github.com/docker/libtrust/jsonsign.go:210.17,212.4 1 0 -github.com/docker/libtrust/jsonsign.go:214.38,216.18 2 1 -github.com/docker/libtrust/jsonsign.go:219.4,220.18 2 1 -github.com/docker/libtrust/jsonsign.go:223.4,224.18 2 1 -github.com/docker/libtrust/jsonsign.go:227.4,228.39 2 1 -github.com/docker/libtrust/jsonsign.go:243.4,249.18 3 1 -github.com/docker/libtrust/jsonsign.go:252.4,255.18 3 1 -github.com/docker/libtrust/jsonsign.go:259.4,260.18 2 1 -github.com/docker/libtrust/jsonsign.go:216.18,218.5 1 0 -github.com/docker/libtrust/jsonsign.go:220.18,222.5 1 0 -github.com/docker/libtrust/jsonsign.go:224.18,226.5 1 0 -github.com/docker/libtrust/jsonsign.go:228.39,230.38 2 1 -github.com/docker/libtrust/jsonsign.go:230.38,232.20 2 1 -github.com/docker/libtrust/jsonsign.go:235.6,236.20 2 1 -github.com/docker/libtrust/jsonsign.go:239.6,239.41 1 1 -github.com/docker/libtrust/jsonsign.go:232.20,234.7 1 0 -github.com/docker/libtrust/jsonsign.go:236.20,238.7 1 0 -github.com/docker/libtrust/jsonsign.go:249.18,251.5 1 1 -github.com/docker/libtrust/jsonsign.go:255.18,257.5 1 0 -github.com/docker/libtrust/jsonsign.go:260.18,262.5 1 0 -github.com/docker/libtrust/jsonsign.go:271.48,272.29 1 0 -github.com/docker/libtrust/jsonsign.go:275.2,280.47 2 0 -github.com/docker/libtrust/jsonsign.go:272.29,274.3 1 0 -github.com/docker/libtrust/jsonsign.go:283.28,285.2 1 1 -github.com/docker/libtrust/jsonsign.go:287.59,288.77 1 1 -github.com/docker/libtrust/jsonsign.go:294.2,294.8 1 1 -github.com/docker/libtrust/jsonsign.go:288.77,290.21 2 1 -github.com/docker/libtrust/jsonsign.go:290.21,292.4 1 1 -github.com/docker/libtrust/jsonsign.go:310.55,317.16 4 0 -github.com/docker/libtrust/jsonsign.go:320.2,320.33 1 0 -github.com/docker/libtrust/jsonsign.go:323.2,324.16 2 0 -github.com/docker/libtrust/jsonsign.go:328.2,329.16 2 0 -github.com/docker/libtrust/jsonsign.go:332.2,333.46 2 0 -github.com/docker/libtrust/jsonsign.go:354.2,354.16 1 0 -github.com/docker/libtrust/jsonsign.go:317.16,319.3 1 0 -github.com/docker/libtrust/jsonsign.go:320.33,322.3 1 0 -github.com/docker/libtrust/jsonsign.go:324.16,326.3 1 0 -github.com/docker/libtrust/jsonsign.go:329.16,331.3 1 0 -github.com/docker/libtrust/jsonsign.go:333.46,337.36 2 0 -github.com/docker/libtrust/jsonsign.go:340.3,340.34 1 0 -github.com/docker/libtrust/jsonsign.go:347.3,351.4 1 0 -github.com/docker/libtrust/jsonsign.go:337.36,339.4 1 0 -github.com/docker/libtrust/jsonsign.go:340.34,342.18 2 0 -github.com/docker/libtrust/jsonsign.go:345.4,345.26 1 0 -github.com/docker/libtrust/jsonsign.go:342.18,344.5 1 0 -github.com/docker/libtrust/jsonsign.go:359.63,362.16 3 1 -github.com/docker/libtrust/jsonsign.go:366.2,373.32 5 1 -github.com/docker/libtrust/jsonsign.go:376.2,377.35 2 1 -github.com/docker/libtrust/jsonsign.go:380.2,383.16 3 1 -github.com/docker/libtrust/jsonsign.go:362.16,364.3 1 0 -github.com/docker/libtrust/jsonsign.go:373.32,375.3 1 0 -github.com/docker/libtrust/jsonsign.go:377.35,379.3 1 0 -github.com/docker/libtrust/jsonsign.go:388.75,389.24 1 1 -github.com/docker/libtrust/jsonsign.go:396.2,400.16 4 1 -github.com/docker/libtrust/jsonsign.go:403.2,409.16 4 1 -github.com/docker/libtrust/jsonsign.go:390.2,390.30 0 1 -github.com/docker/libtrust/jsonsign.go:391.2,391.16 0 0 -github.com/docker/libtrust/jsonsign.go:392.2,393.46 1 0 -github.com/docker/libtrust/jsonsign.go:400.16,402.3 1 0 -github.com/docker/libtrust/jsonsign.go:412.71,414.9 2 1 -github.com/docker/libtrust/jsonsign.go:417.2,417.27 1 1 -github.com/docker/libtrust/jsonsign.go:414.9,416.3 1 0 -github.com/docker/libtrust/jsonsign.go:418.2,419.17 1 0 -github.com/docker/libtrust/jsonsign.go:420.2,421.22 1 1 -github.com/docker/libtrust/jsonsign.go:422.2,423.18 1 0 -github.com/docker/libtrust/jsonsign.go:427.82,429.9 2 1 -github.com/docker/libtrust/jsonsign.go:432.2,433.8 2 1 -github.com/docker/libtrust/jsonsign.go:429.9,431.3 1 0 -github.com/docker/libtrust/jsonsign.go:440.88,443.16 3 1 -github.com/docker/libtrust/jsonsign.go:446.2,447.9 2 1 -github.com/docker/libtrust/jsonsign.go:451.2,453.16 3 1 -github.com/docker/libtrust/jsonsign.go:457.2,460.49 3 1 -github.com/docker/libtrust/jsonsign.go:511.2,511.36 1 1 -github.com/docker/libtrust/jsonsign.go:514.2,520.16 6 1 -github.com/docker/libtrust/jsonsign.go:443.16,445.3 1 0 -github.com/docker/libtrust/jsonsign.go:447.9,449.3 1 0 -github.com/docker/libtrust/jsonsign.go:453.16,455.3 1 0 -github.com/docker/libtrust/jsonsign.go:460.49,462.17 2 1 -github.com/docker/libtrust/jsonsign.go:465.3,467.17 3 1 -github.com/docker/libtrust/jsonsign.go:471.3,472.10 2 1 -github.com/docker/libtrust/jsonsign.go:475.3,476.10 2 1 -github.com/docker/libtrust/jsonsign.go:479.3,480.17 2 1 -github.com/docker/libtrust/jsonsign.go:483.3,483.27 1 1 -github.com/docker/libtrust/jsonsign.go:488.3,488.30 1 1 -github.com/docker/libtrust/jsonsign.go:494.3,498.39 2 1 -github.com/docker/libtrust/jsonsign.go:505.3,509.4 1 1 -github.com/docker/libtrust/jsonsign.go:462.17,464.4 1 0 -github.com/docker/libtrust/jsonsign.go:467.17,469.4 1 0 -github.com/docker/libtrust/jsonsign.go:472.10,474.4 1 0 -github.com/docker/libtrust/jsonsign.go:476.10,478.4 1 0 -github.com/docker/libtrust/jsonsign.go:480.17,482.4 1 0 -github.com/docker/libtrust/jsonsign.go:483.27,485.4 1 1 -github.com/docker/libtrust/jsonsign.go:485.5,485.45 1 0 -github.com/docker/libtrust/jsonsign.go:485.45,487.4 1 0 -github.com/docker/libtrust/jsonsign.go:488.30,490.4 1 1 -github.com/docker/libtrust/jsonsign.go:490.5,490.59 1 0 -github.com/docker/libtrust/jsonsign.go:490.59,492.4 1 0 -github.com/docker/libtrust/jsonsign.go:498.39,500.18 2 1 -github.com/docker/libtrust/jsonsign.go:503.4,503.26 1 1 -github.com/docker/libtrust/jsonsign.go:500.18,502.5 1 0 -github.com/docker/libtrust/jsonsign.go:511.36,513.3 1 0 -github.com/docker/libtrust/jsonsign.go:525.79,526.29 1 1 -github.com/docker/libtrust/jsonsign.go:529.2,530.16 2 1 -github.com/docker/libtrust/jsonsign.go:533.2,537.21 4 1 -github.com/docker/libtrust/jsonsign.go:542.2,542.24 1 1 -github.com/docker/libtrust/jsonsign.go:546.2,549.21 4 1 -github.com/docker/libtrust/jsonsign.go:563.2,565.25 2 1 -github.com/docker/libtrust/jsonsign.go:526.29,528.3 1 0 -github.com/docker/libtrust/jsonsign.go:530.16,532.3 1 0 -github.com/docker/libtrust/jsonsign.go:537.21,539.3 1 1 -github.com/docker/libtrust/jsonsign.go:539.4,541.3 1 1 -github.com/docker/libtrust/jsonsign.go:542.24,544.3 1 0 -github.com/docker/libtrust/jsonsign.go:549.21,557.3 7 1 -github.com/docker/libtrust/jsonsign.go:557.4,562.3 4 1 -github.com/docker/libtrust/key.go:71.79,72.51 1 1 -github.com/docker/libtrust/key.go:73.2,74.42 1 1 -github.com/docker/libtrust/key.go:75.2,76.48 1 1 -github.com/docker/libtrust/key.go:77.2,78.81 1 0 -github.com/docker/libtrust/key.go:85.83,86.53 1 1 -github.com/docker/libtrust/key.go:87.2,88.44 1 1 -github.com/docker/libtrust/key.go:89.2,90.50 1 1 -github.com/docker/libtrust/key.go:91.2,92.83 1 0 -github.com/docker/libtrust/key.go:98.60,100.21 2 1 -github.com/docker/libtrust/key.go:106.2,106.37 1 1 -github.com/docker/libtrust/key.go:100.21,102.3 1 0 -github.com/docker/libtrust/key.go:102.4,102.42 1 1 -github.com/docker/libtrust/key.go:102.42,104.3 1 0 -github.com/docker/libtrust/key.go:112.68,115.6 2 1 -github.com/docker/libtrust/key.go:132.2,132.21 1 1 -github.com/docker/libtrust/key.go:115.6,118.22 3 1 -github.com/docker/libtrust/key.go:124.3,125.17 2 1 -github.com/docker/libtrust/key.go:129.3,129.36 1 1 -github.com/docker/libtrust/key.go:118.22,119.9 1 1 -github.com/docker/libtrust/key.go:120.5,120.43 1 1 -github.com/docker/libtrust/key.go:120.43,122.4 1 0 -github.com/docker/libtrust/key.go:125.17,127.4 1 0 -github.com/docker/libtrust/key.go:137.62,139.21 2 1 -github.com/docker/libtrust/key.go:143.2,145.9 2 1 -github.com/docker/libtrust/key.go:165.2,167.17 2 1 -github.com/docker/libtrust/key.go:139.21,141.3 1 0 -github.com/docker/libtrust/key.go:146.2,148.17 2 1 -github.com/docker/libtrust/key.go:151.3,151.41 1 1 -github.com/docker/libtrust/key.go:152.2,154.17 2 1 -github.com/docker/libtrust/key.go:157.3,158.17 2 1 -github.com/docker/libtrust/key.go:161.2,162.86 1 0 -github.com/docker/libtrust/key.go:148.17,150.4 1 0 -github.com/docker/libtrust/key.go:154.17,156.4 1 0 -github.com/docker/libtrust/key.go:158.17,160.4 1 0 -github.com/docker/libtrust/key.go:172.60,176.16 3 1 -github.com/docker/libtrust/key.go:183.2,184.16 2 1 -github.com/docker/libtrust/key.go:188.2,188.9 1 1 -github.com/docker/libtrust/key.go:176.16,180.3 1 0 -github.com/docker/libtrust/key.go:184.16,186.3 1 0 -github.com/docker/libtrust/key.go:189.2,191.33 1 1 -github.com/docker/libtrust/key.go:192.2,194.34 1 1 -github.com/docker/libtrust/key.go:195.2,198.4 1 0 -github.com/docker/libtrust/key.go:204.65,206.16 2 1 -github.com/docker/libtrust/key.go:210.2,212.33 2 1 -github.com/docker/libtrust/key.go:220.2,220.21 1 1 -github.com/docker/libtrust/key.go:206.16,208.3 1 0 -github.com/docker/libtrust/key.go:212.33,214.17 2 1 -github.com/docker/libtrust/key.go:217.3,217.36 1 1 -github.com/docker/libtrust/key.go:214.17,216.4 1 0 -github.com/docker/libtrust/key.go:225.62,229.16 3 1 -github.com/docker/libtrust/key.go:236.2,237.16 2 1 -github.com/docker/libtrust/key.go:241.2,241.9 1 1 -github.com/docker/libtrust/key.go:229.16,233.3 1 0 -github.com/docker/libtrust/key.go:237.16,239.3 1 0 -github.com/docker/libtrust/key.go:242.2,244.34 1 1 -github.com/docker/libtrust/key.go:245.2,247.35 1 1 -github.com/docker/libtrust/key.go:248.2,251.4 1 0 -github.com/docker/libtrust/key_files.go:18.56,20.16 2 1 -github.com/docker/libtrust/key_files.go:30.2,30.18 1 1 -github.com/docker/libtrust/key_files.go:20.16,21.25 1 1 -github.com/docker/libtrust/key_files.go:27.3,27.18 1 1 -github.com/docker/libtrust/key_files.go:21.25,23.4 1 1 -github.com/docker/libtrust/key_files.go:23.5,25.4 1 0 -github.com/docker/libtrust/key_files.go:39.55,41.16 2 1 -github.com/docker/libtrust/key_files.go:45.2,47.81 2 1 -github.com/docker/libtrust/key_files.go:59.2,59.17 1 1 -github.com/docker/libtrust/key_files.go:41.16,43.3 1 0 -github.com/docker/libtrust/key_files.go:47.81,49.17 2 1 -github.com/docker/libtrust/key_files.go:49.17,51.4 1 0 -github.com/docker/libtrust/key_files.go:52.4,54.17 2 1 -github.com/docker/libtrust/key_files.go:54.17,56.4 1 0 -github.com/docker/libtrust/key_files.go:64.60,66.16 2 1 -github.com/docker/libtrust/key_files.go:70.2,72.81 2 1 -github.com/docker/libtrust/key_files.go:84.2,84.17 1 1 -github.com/docker/libtrust/key_files.go:66.16,68.3 1 0 -github.com/docker/libtrust/key_files.go:72.81,74.17 2 1 -github.com/docker/libtrust/key_files.go:74.17,76.4 1 0 -github.com/docker/libtrust/key_files.go:77.4,79.17 2 1 -github.com/docker/libtrust/key_files.go:79.17,81.4 1 0 -github.com/docker/libtrust/key_files.go:89.53,93.81 3 1 -github.com/docker/libtrust/key_files.go:108.2,109.16 2 1 -github.com/docker/libtrust/key_files.go:113.2,113.12 1 1 -github.com/docker/libtrust/key_files.go:93.81,96.17 2 1 -github.com/docker/libtrust/key_files.go:96.17,98.4 1 0 -github.com/docker/libtrust/key_files.go:99.4,102.17 2 1 -github.com/docker/libtrust/key_files.go:105.3,105.44 1 1 -github.com/docker/libtrust/key_files.go:102.17,104.4 1 0 -github.com/docker/libtrust/key_files.go:109.16,111.3 1 0 -github.com/docker/libtrust/key_files.go:117.58,121.81 3 1 -github.com/docker/libtrust/key_files.go:136.2,137.16 2 1 -github.com/docker/libtrust/key_files.go:141.2,141.12 1 1 -github.com/docker/libtrust/key_files.go:121.81,124.17 2 1 -github.com/docker/libtrust/key_files.go:124.17,126.4 1 0 -github.com/docker/libtrust/key_files.go:127.4,130.17 2 1 -github.com/docker/libtrust/key_files.go:133.3,133.44 1 1 -github.com/docker/libtrust/key_files.go:130.17,132.4 1 0 -github.com/docker/libtrust/key_files.go:137.16,139.3 1 0 -github.com/docker/libtrust/key_files.go:151.59,152.81 1 1 -github.com/docker/libtrust/key_files.go:157.2,157.36 1 1 -github.com/docker/libtrust/key_files.go:152.81,154.3 1 1 -github.com/docker/libtrust/key_files.go:160.64,161.20 1 1 -github.com/docker/libtrust/key_files.go:166.2,169.16 3 1 -github.com/docker/libtrust/key_files.go:173.2,173.25 1 1 -github.com/docker/libtrust/key_files.go:161.20,164.3 1 1 -github.com/docker/libtrust/key_files.go:169.16,171.3 1 0 -github.com/docker/libtrust/key_files.go:176.63,178.49 2 1 -github.com/docker/libtrust/key_files.go:182.2,182.43 1 1 -github.com/docker/libtrust/key_files.go:178.49,180.3 1 0 -github.com/docker/libtrust/key_files.go:185.62,187.49 2 1 -github.com/docker/libtrust/key_files.go:191.2,191.42 1 1 -github.com/docker/libtrust/key_files.go:187.49,189.3 1 0 -github.com/docker/libtrust/key_files.go:195.58,196.81 1 1 -github.com/docker/libtrust/key_files.go:201.2,201.40 1 1 -github.com/docker/libtrust/key_files.go:196.81,198.3 1 1 -github.com/docker/libtrust/key_files.go:204.62,206.16 2 1 -github.com/docker/libtrust/key_files.go:210.2,211.49 2 1 -github.com/docker/libtrust/key_files.go:215.2,216.16 2 1 -github.com/docker/libtrust/key_files.go:220.2,224.16 4 1 -github.com/docker/libtrust/key_files.go:228.2,229.16 2 1 -github.com/docker/libtrust/key_files.go:233.2,233.12 1 1 -github.com/docker/libtrust/key_files.go:206.16,208.3 1 0 -github.com/docker/libtrust/key_files.go:211.49,213.3 1 0 -github.com/docker/libtrust/key_files.go:216.16,218.3 1 0 -github.com/docker/libtrust/key_files.go:224.16,226.3 1 0 -github.com/docker/libtrust/key_files.go:229.16,231.3 1 0 -github.com/docker/libtrust/key_files.go:236.61,239.16 2 1 -github.com/docker/libtrust/key_files.go:242.2,245.16 3 1 -github.com/docker/libtrust/key_files.go:249.2,250.16 2 1 -github.com/docker/libtrust/key_files.go:254.2,254.12 1 1 -github.com/docker/libtrust/key_files.go:239.16,241.3 1 0 -github.com/docker/libtrust/key_files.go:245.16,247.3 1 0 -github.com/docker/libtrust/key_files.go:250.16,252.3 1 0 -github.com/docker/libtrust/rsa_key.go:26.69,28.2 1 1 -github.com/docker/libtrust/rsa_key.go:31.41,33.2 1 1 -github.com/docker/libtrust/rsa_key.go:36.39,47.2 5 1 -github.com/docker/libtrust/rsa_key.go:49.40,51.2 1 1 -github.com/docker/libtrust/rsa_key.go:57.83,60.16 2 1 -github.com/docker/libtrust/rsa_key.go:64.2,66.16 3 1 -github.com/docker/libtrust/rsa_key.go:69.2,72.16 3 1 -github.com/docker/libtrust/rsa_key.go:76.2,76.12 1 1 -github.com/docker/libtrust/rsa_key.go:60.16,62.3 1 0 -github.com/docker/libtrust/rsa_key.go:66.16,68.3 1 0 -github.com/docker/libtrust/rsa_key.go:72.16,74.3 1 0 -github.com/docker/libtrust/rsa_key.go:82.59,84.2 1 1 -github.com/docker/libtrust/rsa_key.go:86.55,88.31 2 1 -github.com/docker/libtrust/rsa_key.go:91.2,96.12 5 1 -github.com/docker/libtrust/rsa_key.go:88.31,90.3 1 1 -github.com/docker/libtrust/rsa_key.go:101.63,103.2 1 1 -github.com/docker/libtrust/rsa_key.go:106.55,108.16 2 1 -github.com/docker/libtrust/rsa_key.go:111.2,112.59 2 1 -github.com/docker/libtrust/rsa_key.go:108.16,110.3 1 0 -github.com/docker/libtrust/rsa_key.go:115.74,117.2 1 1 -github.com/docker/libtrust/rsa_key.go:119.67,121.9 2 1 -github.com/docker/libtrust/rsa_key.go:124.2,124.10 1 1 -github.com/docker/libtrust/rsa_key.go:121.9,123.3 1 0 -github.com/docker/libtrust/rsa_key.go:127.77,134.16 2 1 -github.com/docker/libtrust/rsa_key.go:138.2,139.16 2 1 -github.com/docker/libtrust/rsa_key.go:144.2,145.16 2 1 -github.com/docker/libtrust/rsa_key.go:149.2,150.16 2 1 -github.com/docker/libtrust/rsa_key.go:154.2,160.8 3 1 -github.com/docker/libtrust/rsa_key.go:170.2,170.27 1 1 -github.com/docker/libtrust/rsa_key.go:174.2,176.17 2 1 -github.com/docker/libtrust/rsa_key.go:134.16,136.3 1 0 -github.com/docker/libtrust/rsa_key.go:139.16,141.3 1 0 -github.com/docker/libtrust/rsa_key.go:145.16,147.3 1 0 -github.com/docker/libtrust/rsa_key.go:150.16,152.3 1 0 -github.com/docker/libtrust/rsa_key.go:160.8,162.17 2 1 -github.com/docker/libtrust/rsa_key.go:165.3,165.25 1 1 -github.com/docker/libtrust/rsa_key.go:162.17,164.4 1 0 -github.com/docker/libtrust/rsa_key.go:165.25,167.4 1 0 -github.com/docker/libtrust/rsa_key.go:170.27,172.3 1 0 -github.com/docker/libtrust/rsa_key.go:189.73,194.2 1 1 -github.com/docker/libtrust/rsa_key.go:197.47,199.2 1 1 -github.com/docker/libtrust/rsa_key.go:201.41,203.2 1 0 -github.com/docker/libtrust/rsa_key.go:211.108,217.16 4 1 -github.com/docker/libtrust/rsa_key.go:220.2,223.16 3 1 -github.com/docker/libtrust/rsa_key.go:227.2,229.8 2 1 -github.com/docker/libtrust/rsa_key.go:217.16,219.3 1 0 -github.com/docker/libtrust/rsa_key.go:223.16,225.3 1 0 -github.com/docker/libtrust/rsa_key.go:235.62,237.2 1 1 -github.com/docker/libtrust/rsa_key.go:239.56,252.26 10 1 -github.com/docker/libtrust/rsa_key.go:265.2,265.12 1 1 -github.com/docker/libtrust/rsa_key.go:252.26,254.33 2 0 -github.com/docker/libtrust/rsa_key.go:262.3,262.31 1 0 -github.com/docker/libtrust/rsa_key.go:254.33,261.4 6 0 -github.com/docker/libtrust/rsa_key.go:270.64,272.2 1 1 -github.com/docker/libtrust/rsa_key.go:275.56,279.2 3 1 -github.com/docker/libtrust/rsa_key.go:281.79,289.16 2 1 -github.com/docker/libtrust/rsa_key.go:292.2,293.16 2 1 -github.com/docker/libtrust/rsa_key.go:296.2,297.16 2 1 -github.com/docker/libtrust/rsa_key.go:300.2,301.16 2 1 -github.com/docker/libtrust/rsa_key.go:304.2,305.16 2 1 -github.com/docker/libtrust/rsa_key.go:308.2,309.16 2 1 -github.com/docker/libtrust/rsa_key.go:313.2,314.29 2 1 -github.com/docker/libtrust/rsa_key.go:322.2,323.16 2 1 -github.com/docker/libtrust/rsa_key.go:327.2,338.16 2 1 -github.com/docker/libtrust/rsa_key.go:383.2,388.17 2 1 -github.com/docker/libtrust/rsa_key.go:289.16,291.3 1 0 -github.com/docker/libtrust/rsa_key.go:293.16,295.3 1 0 -github.com/docker/libtrust/rsa_key.go:297.16,299.3 1 0 -github.com/docker/libtrust/rsa_key.go:301.16,303.3 1 0 -github.com/docker/libtrust/rsa_key.go:305.16,307.3 1 0 -github.com/docker/libtrust/rsa_key.go:309.16,311.3 1 0 -github.com/docker/libtrust/rsa_key.go:314.29,317.3 2 0 -github.com/docker/libtrust/rsa_key.go:323.16,325.3 1 0 -github.com/docker/libtrust/rsa_key.go:338.16,341.10 2 0 -github.com/docker/libtrust/rsa_key.go:344.3,345.32 2 0 -github.com/docker/libtrust/rsa_key.go:348.3,352.39 4 0 -github.com/docker/libtrust/rsa_key.go:379.3,380.47 2 0 -github.com/docker/libtrust/rsa_key.go:341.10,343.4 1 0 -github.com/docker/libtrust/rsa_key.go:345.32,347.4 1 0 -github.com/docker/libtrust/rsa_key.go:352.39,354.11 2 0 -github.com/docker/libtrust/rsa_key.go:358.4,359.18 2 0 -github.com/docker/libtrust/rsa_key.go:362.4,363.18 2 0 -github.com/docker/libtrust/rsa_key.go:366.4,367.18 2 0 -github.com/docker/libtrust/rsa_key.go:371.4,376.73 6 0 -github.com/docker/libtrust/rsa_key.go:354.11,356.5 1 0 -github.com/docker/libtrust/rsa_key.go:359.18,361.5 1 0 -github.com/docker/libtrust/rsa_key.go:363.18,365.5 1 0 -github.com/docker/libtrust/rsa_key.go:367.18,369.5 1 0 -github.com/docker/libtrust/rsa_key.go:395.68,398.16 3 1 -github.com/docker/libtrust/rsa_key.go:402.2,405.8 3 1 -github.com/docker/libtrust/rsa_key.go:398.16,400.3 1 0 -github.com/docker/libtrust/rsa_key.go:409.54,411.16 2 1 -github.com/docker/libtrust/rsa_key.go:415.2,415.15 1 1 -github.com/docker/libtrust/rsa_key.go:411.16,413.3 1 0 -github.com/docker/libtrust/rsa_key.go:419.54,421.16 2 1 -github.com/docker/libtrust/rsa_key.go:425.2,425.15 1 1 -github.com/docker/libtrust/rsa_key.go:421.16,423.3 1 0 -github.com/docker/libtrust/rsa_key.go:429.54,431.16 2 1 -github.com/docker/libtrust/rsa_key.go:435.2,435.15 1 1 -github.com/docker/libtrust/rsa_key.go:431.16,433.3 1 0 -github.com/docker/libtrust/util.go:21.43,23.2 1 1 -github.com/docker/libtrust/util.go:29.52,30.20 1 1 -github.com/docker/libtrust/util.go:39.2,39.43 1 1 -github.com/docker/libtrust/util.go:31.2,31.9 0 1 -github.com/docker/libtrust/util.go:32.2,33.12 1 1 -github.com/docker/libtrust/util.go:34.2,35.11 1 1 -github.com/docker/libtrust/util.go:36.2,37.53 1 0 -github.com/docker/libtrust/util.go:42.35,46.33 4 1 -github.com/docker/libtrust/util.go:51.2,52.21 2 1 -github.com/docker/libtrust/util.go:46.33,50.3 3 1 -github.com/docker/libtrust/util.go:55.74,57.9 2 1 -github.com/docker/libtrust/util.go:61.2,62.9 2 1 -github.com/docker/libtrust/util.go:65.2,67.17 2 1 -github.com/docker/libtrust/util.go:57.9,59.3 1 0 -github.com/docker/libtrust/util.go:62.9,64.3 1 0 -github.com/docker/libtrust/util.go:70.80,74.16 3 1 -github.com/docker/libtrust/util.go:77.2,78.33 2 1 -github.com/docker/libtrust/util.go:81.2,81.43 1 1 -github.com/docker/libtrust/util.go:74.16,76.3 1 0 -github.com/docker/libtrust/util.go:78.33,80.3 1 0 -github.com/docker/libtrust/util.go:84.82,86.16 2 1 -github.com/docker/libtrust/util.go:98.2,102.32 4 1 -github.com/docker/libtrust/util.go:106.2,106.43 1 1 -github.com/docker/libtrust/util.go:86.16,88.3 1 0 -github.com/docker/libtrust/util.go:102.32,104.3 1 0 -github.com/docker/libtrust/util.go:109.61,111.16 2 1 -github.com/docker/libtrust/util.go:115.2,115.43 1 1 -github.com/docker/libtrust/util.go:111.16,113.3 1 0 -github.com/docker/libtrust/util.go:118.52,126.24 4 1 -github.com/docker/libtrust/util.go:131.2,131.16 1 1 -github.com/docker/libtrust/util.go:126.24,127.18 1 1 -github.com/docker/libtrust/util.go:127.18,128.9 1 1 -github.com/docker/libtrust/util.go:134.63,136.16 2 1 -github.com/docker/libtrust/util.go:142.2,146.50 4 1 -github.com/docker/libtrust/util.go:136.16,138.3 1 0 -github.com/docker/libtrust/util.go:149.93,151.16 2 1 -github.com/docker/libtrust/util.go:155.2,156.16 2 1 -github.com/docker/libtrust/util.go:160.2,160.47 1 1 -github.com/docker/libtrust/util.go:151.16,153.3 1 0 -github.com/docker/libtrust/util.go:156.16,158.3 1 0 -github.com/docker/libtrust/util.go:163.103,165.28 2 1 -github.com/docker/libtrust/util.go:180.2,180.22 1 1 -github.com/docker/libtrust/util.go:165.28,166.26 1 1 -github.com/docker/libtrust/util.go:167.3,168.29 1 1 -github.com/docker/libtrust/util.go:169.3,170.20 1 1 -github.com/docker/libtrust/util.go:175.3,175.11 0 0 -github.com/docker/libtrust/util.go:170.20,172.5 1 1 -github.com/docker/libtrust/util.go:172.6,174.5 0 0 -github.com/docker/libtrust/util.go:183.65,185.16 2 1 -github.com/docker/libtrust/util.go:189.2,190.16 2 1 -github.com/docker/libtrust/util.go:194.2,196.20 2 1 -github.com/docker/libtrust/util.go:185.16,187.3 1 0 -github.com/docker/libtrust/util.go:190.16,192.3 1 0 -github.com/docker/libtrust/util.go:199.64,200.43 1 1 -github.com/docker/libtrust/util.go:200.43,202.21 2 1 -github.com/docker/libtrust/util.go:207.3,207.40 1 1 -github.com/docker/libtrust/util.go:202.21,204.4 1 1 -github.com/docker/libtrust/util.go:204.5,206.4 1 1 -github.com/docker/libtrust/certificates.go:24.69,33.15 2 1 -github.com/docker/libtrust/certificates.go:37.2,37.21 1 1 -github.com/docker/libtrust/certificates.go:41.2,41.21 1 1 -github.com/docker/libtrust/certificates.go:45.2,58.3 1 1 -github.com/docker/libtrust/certificates.go:33.15,35.3 1 1 -github.com/docker/libtrust/certificates.go:37.21,39.3 1 1 -github.com/docker/libtrust/certificates.go:41.21,43.3 1 1 -github.com/docker/libtrust/certificates.go:61.123,69.16 4 1 -github.com/docker/libtrust/certificates.go:73.2,74.16 2 1 -github.com/docker/libtrust/certificates.go:78.2,78.8 1 1 -github.com/docker/libtrust/certificates.go:69.16,71.3 1 0 -github.com/docker/libtrust/certificates.go:74.16,76.3 1 0 -github.com/docker/libtrust/certificates.go:84.118,93.2 2 1 -github.com/docker/libtrust/certificates.go:97.78,104.2 2 1 -github.com/docker/libtrust/certificates.go:108.89,118.2 3 1 -github.com/docker/libtrust/certificates.go:123.93,126.41 2 1 -github.com/docker/libtrust/certificates.go:135.2,135.22 1 1 -github.com/docker/libtrust/certificates.go:126.41,128.17 2 1 -github.com/docker/libtrust/certificates.go:132.3,132.25 1 1 -github.com/docker/libtrust/certificates.go:128.17,130.4 1 0 -github.com/docker/libtrust/certificates.go:140.74,142.16 2 1 -github.com/docker/libtrust/certificates.go:145.2,148.47 4 1 -github.com/docker/libtrust/certificates.go:160.2,160.26 1 1 -github.com/docker/libtrust/certificates.go:142.16,144.3 1 0 -github.com/docker/libtrust/certificates.go:148.47,149.34 1 1 -github.com/docker/libtrust/certificates.go:149.34,151.18 2 1 -github.com/docker/libtrust/certificates.go:154.4,154.45 1 1 -github.com/docker/libtrust/certificates.go:151.18,153.5 1 0 -github.com/docker/libtrust/certificates.go:155.5,157.4 1 0 -github.com/docker/libtrust/certificates.go:165.67,167.16 2 1 -github.com/docker/libtrust/certificates.go:170.2,171.29 2 1 -github.com/docker/libtrust/certificates.go:174.2,174.18 1 1 -github.com/docker/libtrust/certificates.go:167.16,169.3 1 0 -github.com/docker/libtrust/certificates.go:171.29,173.3 1 1 -github.com/docker/libtrust/ec_key.go:30.78,33.9 2 1 -github.com/docker/libtrust/ec_key.go:34.2,35.86 1 1 -github.com/docker/libtrust/ec_key.go:36.2,37.86 1 1 -github.com/docker/libtrust/ec_key.go:38.2,39.86 1 1 -github.com/docker/libtrust/ec_key.go:40.2,41.55 1 0 -github.com/docker/libtrust/ec_key.go:46.40,48.2 1 1 -github.com/docker/libtrust/ec_key.go:52.42,54.2 1 1 -github.com/docker/libtrust/ec_key.go:57.38,68.2 5 1 -github.com/docker/libtrust/ec_key.go:70.39,72.2 1 1 -github.com/docker/libtrust/ec_key.go:78.82,81.47 1 1 -github.com/docker/libtrust/ec_key.go:86.2,88.38 3 1 -github.com/docker/libtrust/ec_key.go:92.2,98.16 6 1 -github.com/docker/libtrust/ec_key.go:101.2,103.44 2 1 -github.com/docker/libtrust/ec_key.go:107.2,107.12 1 1 -github.com/docker/libtrust/ec_key.go:81.47,83.3 1 0 -github.com/docker/libtrust/ec_key.go:88.38,90.3 1 0 -github.com/docker/libtrust/ec_key.go:98.16,100.3 1 0 -github.com/docker/libtrust/ec_key.go:103.44,105.3 1 0 -github.com/docker/libtrust/ec_key.go:113.58,115.2 1 1 -github.com/docker/libtrust/ec_key.go:117.54,119.31 2 1 -github.com/docker/libtrust/ec_key.go:122.2,139.12 13 1 -github.com/docker/libtrust/ec_key.go:119.31,121.3 1 1 -github.com/docker/libtrust/ec_key.go:144.62,146.2 1 1 -github.com/docker/libtrust/ec_key.go:149.54,151.16 2 1 -github.com/docker/libtrust/ec_key.go:154.2,155.59 2 1 -github.com/docker/libtrust/ec_key.go:151.16,153.3 1 0 -github.com/docker/libtrust/ec_key.go:158.73,160.2 1 1 -github.com/docker/libtrust/ec_key.go:162.66,164.9 2 1 -github.com/docker/libtrust/ec_key.go:167.2,167.10 1 1 -github.com/docker/libtrust/ec_key.go:164.9,166.3 1 1 -github.com/docker/libtrust/ec_key.go:170.75,177.16 2 1 -github.com/docker/libtrust/ec_key.go:181.2,186.9 2 1 -github.com/docker/libtrust/ec_key.go:201.2,202.16 2 1 -github.com/docker/libtrust/ec_key.go:205.2,206.16 2 1 -github.com/docker/libtrust/ec_key.go:210.2,211.16 2 1 -github.com/docker/libtrust/ec_key.go:214.2,215.16 2 1 -github.com/docker/libtrust/ec_key.go:219.2,226.8 3 1 -github.com/docker/libtrust/ec_key.go:236.2,238.17 2 1 -github.com/docker/libtrust/ec_key.go:177.16,179.3 1 0 -github.com/docker/libtrust/ec_key.go:187.2,189.17 2 1 -github.com/docker/libtrust/ec_key.go:190.2,192.17 2 1 -github.com/docker/libtrust/ec_key.go:193.2,195.17 2 1 -github.com/docker/libtrust/ec_key.go:196.2,197.88 1 0 -github.com/docker/libtrust/ec_key.go:202.16,204.3 1 0 -github.com/docker/libtrust/ec_key.go:206.16,208.3 1 0 -github.com/docker/libtrust/ec_key.go:211.16,213.3 1 0 -github.com/docker/libtrust/ec_key.go:215.16,217.3 1 0 -github.com/docker/libtrust/ec_key.go:226.8,228.17 2 1 -github.com/docker/libtrust/ec_key.go:231.3,231.25 1 1 -github.com/docker/libtrust/ec_key.go:228.17,230.4 1 0 -github.com/docker/libtrust/ec_key.go:231.25,233.4 1 0 -github.com/docker/libtrust/ec_key.go:252.82,254.16 2 1 -github.com/docker/libtrust/ec_key.go:258.2,258.57 1 1 -github.com/docker/libtrust/ec_key.go:254.16,256.3 1 0 -github.com/docker/libtrust/ec_key.go:262.46,264.2 1 1 -github.com/docker/libtrust/ec_key.go:266.40,268.2 1 0 -github.com/docker/libtrust/ec_key.go:276.107,283.16 3 1 -github.com/docker/libtrust/ec_key.go:286.2,289.16 3 1 -github.com/docker/libtrust/ec_key.go:292.2,304.8 9 1 -github.com/docker/libtrust/ec_key.go:283.16,285.3 1 0 -github.com/docker/libtrust/ec_key.go:289.16,291.3 1 0 -github.com/docker/libtrust/ec_key.go:310.61,312.2 1 1 -github.com/docker/libtrust/ec_key.go:314.55,335.2 8 1 -github.com/docker/libtrust/ec_key.go:339.63,341.2 1 1 -github.com/docker/libtrust/ec_key.go:344.55,346.16 2 1 -github.com/docker/libtrust/ec_key.go:349.2,350.63 2 1 -github.com/docker/libtrust/ec_key.go:346.16,348.3 1 0 -github.com/docker/libtrust/ec_key.go:353.77,355.16 2 1 -github.com/docker/libtrust/ec_key.go:362.2,363.16 2 1 -github.com/docker/libtrust/ec_key.go:367.2,368.16 2 1 -github.com/docker/libtrust/ec_key.go:372.2,380.17 2 1 -github.com/docker/libtrust/ec_key.go:355.16,357.3 1 0 -github.com/docker/libtrust/ec_key.go:363.16,365.3 1 0 -github.com/docker/libtrust/ec_key.go:368.16,370.3 1 0 -github.com/docker/libtrust/ec_key.go:387.78,390.16 3 1 -github.com/docker/libtrust/ec_key.go:394.2,397.8 3 1 -github.com/docker/libtrust/ec_key.go:390.16,392.3 1 0 -github.com/docker/libtrust/ec_key.go:401.53,403.16 2 1 -github.com/docker/libtrust/ec_key.go:407.2,410.15 3 1 -github.com/docker/libtrust/ec_key.go:403.16,405.3 1 0 -github.com/docker/libtrust/ec_key.go:414.53,416.16 2 1 -github.com/docker/libtrust/ec_key.go:420.2,423.15 3 1 -github.com/docker/libtrust/ec_key.go:416.16,418.3 1 0 -github.com/docker/libtrust/ec_key.go:427.53,429.16 2 1 -github.com/docker/libtrust/ec_key.go:433.2,436.15 3 1 -github.com/docker/libtrust/ec_key.go:429.16,431.3 1 0 -github.com/docker/libtrust/filter.go:10.91,13.30 2 1 -github.com/docker/libtrust/filter.go:49.2,49.22 1 1 -github.com/docker/libtrust/filter.go:13.30,15.55 2 1 -github.com/docker/libtrust/filter.go:28.3,28.22 1 1 -github.com/docker/libtrust/filter.go:36.3,36.37 1 1 -github.com/docker/libtrust/filter.go:16.3,17.13 1 1 -github.com/docker/libtrust/filter.go:18.3,19.28 1 1 -github.com/docker/libtrust/filter.go:19.28,21.12 2 1 -github.com/docker/libtrust/filter.go:24.5,24.29 1 1 -github.com/docker/libtrust/filter.go:21.12,22.14 1 0 -github.com/docker/libtrust/filter.go:28.22,29.20 1 1 -github.com/docker/libtrust/filter.go:32.4,32.12 1 1 -github.com/docker/libtrust/filter.go:29.20,31.5 1 1 -github.com/docker/libtrust/filter.go:36.37,38.18 2 1 -github.com/docker/libtrust/filter.go:42.4,42.13 1 1 -github.com/docker/libtrust/filter.go:38.18,40.5 1 0 -github.com/docker/libtrust/filter.go:42.13,44.13 2 1 -github.com/docker/libtrust/hash.go:15.51,17.2 1 1 -github.com/docker/libtrust/hash.go:19.51,21.2 1 1 -github.com/docker/libtrust/hash.go:32.75,33.9 1 1 -github.com/docker/libtrust/hash.go:34.2,35.20 1 1 -github.com/docker/libtrust/hash.go:36.2,37.20 1 1 -github.com/docker/libtrust/hash.go:38.2,39.20 1 1 -github.com/docker/libtrust/hash.go:40.2,41.82 1 0 -github.com/docker/libtrust/hash.go:45.85,46.9 1 1 -github.com/docker/libtrust/hash.go:47.2,48.15 1 1 -github.com/docker/libtrust/hash.go:49.2,50.15 1 1 -github.com/docker/libtrust/hash.go:51.2,52.14 1 1 -github.com/docker/libtrust/hash.go:53.2,54.15 1 1 diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/docs/cli.md b/Godeps/_workspace/src/github.com/docker/libtrust/docs/cli.md deleted file mode 100644 index a90a64fc24..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/docs/cli.md +++ /dev/null @@ -1,14 +0,0 @@ -# The `trust` client binary - -The `trust` binary is a tool to manage key pair, signatures, and ACLs -in the global trust graph. - -## Command Reference - -### `grant` command - -### `grants` command - -### `register` command - -Registers a public key with a key server and links it with a user namespace \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/jsonsign/jsonsign.go b/Godeps/_workspace/src/github.com/docker/libtrust/jsonsign/jsonsign.go deleted file mode 100644 index a3d90e98e3..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/jsonsign/jsonsign.go +++ /dev/null @@ -1,568 +0,0 @@ -package jsonsign - -import ( - "bytes" - "crypto" - "crypto/x509" - "encoding/base64" - "encoding/json" - "errors" - "fmt" - "time" - "unicode" - - "github.com/docker/libtrust" -) - -var ( - // ErrInvalidSignContent is used when the content to be signed is invalid. - ErrInvalidSignContent = errors.New("invalid sign content") - - // ErrInvalidJSONContent is used when invalid json is encountered. - ErrInvalidJSONContent = errors.New("invalid json content") - - // ErrMissingSignatureKey is used when the specified signature key - // does not exist in the JSON content. - ErrMissingSignatureKey = errors.New("missing signature key") -) - -type jsHeader struct { - JWK libtrust.PublicKey `json:"jwk,omitempty"` - Algorithm string `json:"alg"` - Chain []string `json:"x5c,omitempty"` -} - -type jsSignature struct { - Header *jsHeader `json:"header"` - Signature string `json:"signature"` - Protected string `json:"protected,omitempty"` -} - -type signKey struct { - libtrust.PrivateKey - Chain []*x509.Certificate -} - -// JSONSignature represents a signature of a json object. -type JSONSignature struct { - payload string - signatures []*jsSignature - indent string - formatLength int - formatTail []byte -} - -func newJSONSignature() *JSONSignature { - return &JSONSignature{ - signatures: make([]*jsSignature, 0, 1), - } -} - -// Payload returns the encoded payload of the signature. This -// payload should not be signed directly -func (js *JSONSignature) Payload() ([]byte, error) { - return joseBase64UrlDecode(js.payload) -} - -func (js *JSONSignature) protectedHeader() (string, error) { - protected := map[string]interface{}{ - "formatLength": js.formatLength, - "formatTail": joseBase64UrlEncode(js.formatTail), - "time": time.Now().UTC().Format(time.RFC3339), - } - protectedBytes, err := json.Marshal(protected) - if err != nil { - return "", err - } - - return joseBase64UrlEncode(protectedBytes), nil -} - -func (js *JSONSignature) signBytes(protectedHeader string) ([]byte, error) { - buf := make([]byte, len(js.payload)+len(protectedHeader)+1) - copy(buf, protectedHeader) - buf[len(protectedHeader)] = '.' - copy(buf[len(protectedHeader)+1:], js.payload) - return buf, nil -} - -// Sign adds a signature using the given private key. -func (js *JSONSignature) Sign(key PrivateKey) error { - protected, err := js.protectedHeader() - if err != nil { - return err - } - signBytes, err := js.signBytes(protected) - if err != nil { - return err - } - sigBytes, algorithm, err := key.Sign(bytes.NewReader(signBytes), crypto.SHA256) - if err != nil { - return err - } - - header := &jsHeader{ - JWK: key.PublicKey(), - Algorithm: algorithm, - } - sig := &jsSignature{ - Header: header, - Signature: joseBase64UrlEncode(sigBytes), - Protected: protected, - } - - js.signatures = append(js.signatures, sig) - - return nil -} - -// SignWithChain adds a signature using the given private key -// and setting the x509 chain. The public key of the first element -// in the chain must be the public key corresponding with the sign key. -func (js *JSONSignature) SignWithChain(key PrivateKey, chain []*x509.Certificate) error { - // Ensure key.Chain[0] is public key for key - //key.Chain.PublicKey - //key.PublicKey().CryptoPublicKey() - - // Verify chain - protected, err := js.protectedHeader() - if err != nil { - return err - } - signBytes, err := js.signBytes(protected) - if err != nil { - return err - } - sigBytes, algorithm, err := key.Sign(bytes.NewReader(signBytes), crypto.SHA256) - if err != nil { - return err - } - - header := &jsHeader{ - Chain: make([]string, len(chain)), - Algorithm: algorithm, - } - - for i, cert := range chain { - header.Chain[i] = base64.StdEncoding.EncodeToString(cert.Raw) - } - - sig := &jsSignature{ - Header: header, - Signature: joseBase64UrlEncode(sigBytes), - Protected: protected, - } - - js.signatures = append(js.signatures, sig) - - return nil -} - -// Verify verifies all the signatures and returns the list of -// public keys used to sign. Any x509 chains are not checked. -func (js *JSONSignature) Verify() ([]libtrust.PublicKey, error) { - keys := make([]libtrust.PublicKey, len(js.signatures)) - for i, signature := range js.signatures { - signBytes, err := js.signBytes(signature.Protected) - if err != nil { - return nil, err - } - var publicKey libtrust.PublicKey - if len(signature.Header.Chain) > 0 { - certBytes, err := base64.StdEncoding.DecodeString(signature.Header.Chain[0]) - if err != nil { - return nil, err - } - cert, err := x509.ParseCertificate(certBytes) - if err != nil { - return nil, err - } - publicKey, err = FromCryptoPublicKey(cert.PublicKey) - if err != nil { - return nil, err - } - } else if signature.Header.JWK != nil { - publicKey = signature.Header.JWK - } else { - return nil, errors.New("missing public key") - } - - sigBytes, err := joseBase64UrlDecode(signature.Signature) - if err != nil { - return nil, err - } - - err = publicKey.Verify(bytes.NewReader(signBytes), signature.Header.Algorithm, sigBytes) - if err != nil { - return nil, err - } - - keys[i] = publicKey - } - return keys, nil -} - -// VerifyChains verifies all the signatures and the chains associated -// with each signature and returns the list of verified chains. -// Signatures without an x509 chain are not checked. -func (js *JSONSignature) VerifyChains(ca *x509.CertPool) ([][]*x509.Certificate, error) { - chains := make([][]*x509.Certificate, 0, len(js.signatures)) - for _, signature := range js.signatures { - signBytes, err := js.signBytes(signature.Protected) - if err != nil { - return nil, err - } - var publicKey libtrust.PublicKey - if len(signature.Header.Chain) > 0 { - certBytes, err := base64.StdEncoding.DecodeString(signature.Header.Chain[0]) - if err != nil { - return nil, err - } - cert, err := x509.ParseCertificate(certBytes) - if err != nil { - return nil, err - } - publicKey, err = FromCryptoPublicKey(cert.PublicKey) - if err != nil { - return nil, err - } - intermediates := x509.NewCertPool() - if len(signature.Header.Chain) > 1 { - intermediateChain := signature.Header.Chain[1:] - for i := range intermediateChain { - certBytes, err := base64.StdEncoding.DecodeString(intermediateChain[i]) - if err != nil { - return nil, err - } - intermediate, err := x509.ParseCertificate(certBytes) - if err != nil { - return nil, err - } - intermediates.AddCert(intermediate) - } - } - - verifyOptions := x509.VerifyOptions{ - Intermediates: intermediates, - Roots: ca, - } - - verifiedChains, err := cert.Verify(verifyOptions) - if err != nil { - return nil, err - } - chains = append(chains, verifiedChains...) - - sigBytes, err := joseBase64UrlDecode(signature.Signature) - if err != nil { - return nil, err - } - - err = publicKey.Verify(bytes.NewReader(signBytes), signature.Header.Algorithm, sigBytes) - if err != nil { - return nil, err - } - } - - } - return chains, nil -} - -// JWS returns JSON serialized JWS according to -// http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-31#section-7.2 -func (js *JSONSignature) JWS() ([]byte, error) { - if len(js.signatures) == 0 { - return nil, errors.New("missing signature") - } - jsonMap := map[string]interface{}{ - "payload": js.payload, - "signatures": js.signatures, - } - - return json.MarshalIndent(jsonMap, "", " ") -} - -func notSpace(r rune) bool { - return !unicode.IsSpace(r) -} - -func detectJSONIndent(jsonContent []byte) (indent string) { - if len(jsonContent) > 2 && jsonContent[0] == '{' && jsonContent[1] == '\n' { - quoteIndex := bytes.IndexRune(jsonContent[1:], '"') - if quoteIndex > 0 { - indent = string(jsonContent[2 : quoteIndex+1]) - } - } - return -} - -type jsParsedHeader struct { - JWK json.RawMessage `json:"jwk"` - Algorithm string `json:"alg"` - Chain []string `json:"x5c"` -} - -type jsParsedSignature struct { - Header *jsParsedHeader `json:"header"` - Signature string `json:"signature"` - Protected string `json:"protected"` -} - -// ParseJWS parses a JWS serialized JSON object into a Json Signature. -func ParseJWS(content []byte) (*JSONSignature, error) { - type jsParsed struct { - Payload string `json:"payload"` - Signatures []*jsParsedSignature `json:"signatures"` - } - parsed := &jsParsed{} - err := json.Unmarshal(content, parsed) - if err != nil { - return nil, err - } - if len(parsed.Signatures) == 0 { - return nil, errors.New("missing signatures") - } - payload, err := joseBase64UrlDecode(parsed.Payload) - if err != nil { - return nil, err - } - - js, err := NewJSONSignature(payload) - if err != nil { - return nil, err - } - js.signatures = make([]*jsSignature, len(parsed.Signatures)) - for i, signature := range parsed.Signatures { - header := &jsHeader{ - Algorithm: signature.Header.Algorithm, - } - if signature.Header.Chain != nil { - header.Chain = signature.Header.Chain - } - if signature.Header.JWK != nil { - publicKey, err := UnmarshalPublicKeyJWK([]byte(signature.Header.JWK)) - if err != nil { - return nil, err - } - header.JWK = publicKey - } - js.signatures[i] = &jsSignature{ - Header: header, - Signature: signature.Signature, - Protected: signature.Protected, - } - } - - return js, nil -} - -// NewJSONSignature returns a new unsigned JWS from a json byte array. -// JSONSignature will need to be signed before serializing or storing. -func NewJSONSignature(content []byte) (*JSONSignature, error) { - var dataMap map[string]interface{} - err := json.Unmarshal(content, &dataMap) - if err != nil { - return nil, err - } - - js := newJSONSignature() - js.indent = detectJSONIndent(content) - - js.payload = joseBase64UrlEncode(content) - - // Find trailing } and whitespace, put in protected header - closeIndex := bytes.LastIndexFunc(content, notSpace) - if content[closeIndex] != '}' { - return nil, ErrInvalidJSONContent - } - lastRuneIndex := bytes.LastIndexFunc(content[:closeIndex], notSpace) - if content[lastRuneIndex] == ',' { - return nil, ErrInvalidJSONContent - } - js.formatLength = lastRuneIndex + 1 - js.formatTail = content[js.formatLength:] - - return js, nil -} - -// NewJSONSignatureFromMap returns a new unsigned JSONSignature from a map or -// struct. JWS will need to be signed before serializing or storing. -func NewJSONSignatureFromMap(content interface{}) (*JSONSignature, error) { - switch content.(type) { - case map[string]interface{}: - case struct{}: - default: - return nil, errors.New("invalid data type") - } - - js := newJSONSignature() - js.indent = " " - - payload, err := json.MarshalIndent(content, "", js.indent) - if err != nil { - return nil, err - } - js.payload = joseBase64UrlEncode(payload) - - // Remove '\n}' from formatted section, put in protected header - js.formatLength = len(payload) - 2 - js.formatTail = payload[js.formatLength:] - - return js, nil -} - -func readIntFromMap(key string, m map[string]interface{}) (int, bool) { - value, ok := m[key] - if !ok { - return 0, false - } - switch v := value.(type) { - case int: - return v, true - case float64: - return int(v), true - default: - return 0, false - } -} - -func readStringFromMap(key string, m map[string]interface{}) (v string, ok bool) { - value, ok := m[key] - if !ok { - return "", false - } - v, ok = value.(string) - return -} - -// ParsePrettySignature parses a formatted signature into a -// JSON signature. If the signatures are missing the format information -// an error is thrown. The formatted signature must be created by -// the same method as format signature. -func ParsePrettySignature(content []byte, signatureKey string) (*JSONSignature, error) { - var contentMap map[string]json.RawMessage - err := json.Unmarshal(content, &contentMap) - if err != nil { - return nil, fmt.Errorf("error unmarshalling content: %s", err) - } - sigMessage, ok := contentMap[signatureKey] - if !ok { - return nil, ErrMissingSignatureKey - } - - var signatureBlocks []jsParsedSignature - err = json.Unmarshal([]byte(sigMessage), &signatureBlocks) - if err != nil { - return nil, fmt.Errorf("error unmarshalling signatures: %s", err) - } - - js := newJSONSignature() - js.signatures = make([]*jsSignature, len(signatureBlocks)) - - for i, signatureBlock := range signatureBlocks { - protectedBytes, err := joseBase64UrlDecode(signatureBlock.Protected) - if err != nil { - return nil, fmt.Errorf("base64 decode error: %s", err) - } - var protectedHeader map[string]interface{} - err = json.Unmarshal(protectedBytes, &protectedHeader) - if err != nil { - return nil, fmt.Errorf("error unmarshalling protected header: %s", err) - } - - formatLength, ok := readIntFromMap("formatLength", protectedHeader) - if !ok { - return nil, errors.New("missing formatted length") - } - encodedTail, ok := readStringFromMap("formatTail", protectedHeader) - if !ok { - return nil, errors.New("missing formatted tail") - } - formatTail, err := joseBase64UrlDecode(encodedTail) - if err != nil { - return nil, fmt.Errorf("base64 decode error on tail: %s", err) - } - if js.formatLength == 0 { - js.formatLength = formatLength - } else if js.formatLength != formatLength { - return nil, errors.New("conflicting format length") - } - if len(js.formatTail) == 0 { - js.formatTail = formatTail - } else if bytes.Compare(js.formatTail, formatTail) != 0 { - return nil, errors.New("conflicting format tail") - } - - header := &jsHeader{ - Algorithm: signatureBlock.Header.Algorithm, - Chain: signatureBlock.Header.Chain, - } - if signatureBlock.Header.JWK != nil { - publicKey, err := UnmarshalPublicKeyJWK([]byte(signatureBlock.Header.JWK)) - if err != nil { - return nil, fmt.Errorf("error unmarshalling public key: %s", err) - } - header.JWK = publicKey - } - js.signatures[i] = &jsSignature{ - Header: header, - Signature: signatureBlock.Signature, - Protected: signatureBlock.Protected, - } - } - if js.formatLength > len(content) { - return nil, errors.New("invalid format length") - } - formatted := make([]byte, js.formatLength+len(js.formatTail)) - copy(formatted, content[:js.formatLength]) - copy(formatted[js.formatLength:], js.formatTail) - js.indent = detectJSONIndent(formatted) - js.payload = joseBase64UrlEncode(formatted) - - return js, nil -} - -// PrettySignature formats a json signature into an easy to read -// single json serialized object. -func (js *JSONSignature) PrettySignature(signatureKey string) ([]byte, error) { - if len(js.signatures) == 0 { - return nil, errors.New("no signatures") - } - payload, err := joseBase64UrlDecode(js.payload) - if err != nil { - return nil, err - } - payload = payload[:js.formatLength] - - var marshalled []byte - var marshallErr error - if js.indent != "" { - marshalled, marshallErr = json.MarshalIndent(js.signatures, js.indent, js.indent) - } else { - marshalled, marshallErr = json.Marshal(js.signatures) - } - if marshallErr != nil { - return nil, marshallErr - } - - buf := bytes.NewBuffer(make([]byte, 0, len(payload)+len(marshalled)+34)) - buf.Write(payload) - buf.WriteByte(',') - if js.indent != "" { - buf.WriteByte('\n') - buf.WriteString(js.indent) - buf.WriteByte('"') - buf.WriteString(signatureKey) - buf.WriteString("\": ") - buf.Write(marshalled) - buf.WriteByte('\n') - } else { - buf.WriteByte('"') - buf.WriteString(signatureKey) - buf.WriteString("\":") - buf.Write(marshalled) - } - buf.WriteByte('}') - - return buf.Bytes(), nil -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/jsonsign/jsonsign_test.go b/Godeps/_workspace/src/github.com/docker/libtrust/jsonsign/jsonsign_test.go deleted file mode 100644 index dfd95d8dcc..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/jsonsign/jsonsign_test.go +++ /dev/null @@ -1,372 +0,0 @@ -package jsonsign - -import ( - "bytes" - "crypto/rand" - "crypto/x509" - "crypto/x509/pkix" - "encoding/json" - "fmt" - "math/big" - "testing" - "time" - - "github.com/docker/libtrust" -) - -func createTestJSON(sigKey string, indent string) (map[string]interface{}, []byte) { - testMap := map[string]interface{}{ - "name": "dmcgowan/mycontainer", - "config": map[string]interface{}{ - "ports": []int{9101, 9102}, - "run": "/bin/echo \"Hello\"", - }, - "layers": []string{ - "2893c080-27f5-11e4-8c21-0800200c9a66", - "c54bc25b-fbb2-497b-a899-a8bc1b5b9d55", - "4d5d7e03-f908-49f3-a7f6-9ba28dfe0fb4", - "0b6da891-7f7f-4abf-9c97-7887549e696c", - "1d960389-ae4f-4011-85fd-18d0f96a67ad", - }, - } - formattedSection := `{"config":{"ports":[9101,9102],"run":"/bin/echo \"Hello\""},"layers":["2893c080-27f5-11e4-8c21-0800200c9a66","c54bc25b-fbb2-497b-a899-a8bc1b5b9d55","4d5d7e03-f908-49f3-a7f6-9ba28dfe0fb4","0b6da891-7f7f-4abf-9c97-7887549e696c","1d960389-ae4f-4011-85fd-18d0f96a67ad"],"name":"dmcgowan/mycontainer","%s":[{"header":{` - formattedSection = fmt.Sprintf(formattedSection, sigKey) - if indent != "" { - buf := bytes.NewBuffer(nil) - json.Indent(buf, []byte(formattedSection), "", indent) - return testMap, buf.Bytes() - } - return testMap, []byte(formattedSection) - -} - -func TestSignJSON(t *testing.T) { - key, err := GenerateECP256PrivateKey() - if err != nil { - t.Fatalf("Error generating EC key: %s", err) - } - - testMap, _ := createTestJSON("buildSignatures", " ") - indented, err := json.MarshalIndent(testMap, "", " ") - if err != nil { - t.Fatalf("Marshall error: %s", err) - } - - js, err := NewJSONSignature(indented) - if err != nil { - t.Fatalf("Error creating JSON signature: %s", err) - } - err = js.Sign(key) - if err != nil { - t.Fatalf("Error signing content: %s", err) - } - - keys, err := js.Verify() - if err != nil { - t.Fatalf("Error verifying signature: %s", err) - } - if len(keys) != 1 { - t.Fatalf("Error wrong number of keys returned") - } - if keys[0].KeyID() != key.KeyID() { - t.Fatalf("Unexpected public key returned") - } - -} - -func TestSignMap(t *testing.T) { - key, err := GenerateECP256PrivateKey() - if err != nil { - t.Fatalf("Error generating EC key: %s", err) - } - - testMap, _ := createTestJSON("buildSignatures", " ") - js, err := NewJSONSignatureFromMap(testMap) - if err != nil { - t.Fatalf("Error creating JSON signature: %s", err) - } - err = js.Sign(key) - if err != nil { - t.Fatalf("Error signing JSON signature: %s", err) - } - - keys, err := js.Verify() - if err != nil { - t.Fatalf("Error verifying signature: %s", err) - } - if len(keys) != 1 { - t.Fatalf("Error wrong number of keys returned") - } - if keys[0].KeyID() != key.KeyID() { - t.Fatalf("Unexpected public key returned") - } -} - -func TestFormattedJson(t *testing.T) { - key, err := GenerateECP256PrivateKey() - if err != nil { - t.Fatalf("Error generating EC key: %s", err) - } - - testMap, firstSection := createTestJSON("buildSignatures", " ") - indented, err := json.MarshalIndent(testMap, "", " ") - if err != nil { - t.Fatalf("Marshall error: %s", err) - } - - js, err := NewJSONSignature(indented) - if err != nil { - t.Fatalf("Error creating JSON signature: %s", err) - } - err = js.Sign(key) - if err != nil { - t.Fatalf("Error signing content: %s", err) - } - - b, err := js.PrettySignature("buildSignatures") - if err != nil { - t.Fatalf("Error signing map: %s", err) - } - - if bytes.Compare(b[:len(firstSection)], firstSection) != 0 { - t.Fatalf("Wrong signed value\nExpected:\n%s\nActual:\n%s", firstSection, b[:len(firstSection)]) - } - - parsed, err := ParsePrettySignature(b, "buildSignatures") - if err != nil { - t.Fatalf("Error parsing formatted signature: %s", err) - } - - keys, err := parsed.Verify() - if err != nil { - t.Fatalf("Error verifying signature: %s", err) - } - if len(keys) != 1 { - t.Fatalf("Error wrong number of keys returned") - } - if keys[0].KeyID() != key.KeyID() { - t.Fatalf("Unexpected public key returned") - } - - var unmarshalled map[string]interface{} - err = json.Unmarshal(b, &unmarshalled) - if err != nil { - t.Fatalf("Could not unmarshall after parse: %s", err) - } - -} - -func TestFormattedFlatJson(t *testing.T) { - key, err := GenerateECP256PrivateKey() - if err != nil { - t.Fatalf("Error generating EC key: %s", err) - } - - testMap, firstSection := createTestJSON("buildSignatures", "") - unindented, err := json.Marshal(testMap) - if err != nil { - t.Fatalf("Marshall error: %s", err) - } - - js, err := NewJSONSignature(unindented) - if err != nil { - t.Fatalf("Error creating JSON signature: %s", err) - } - err = js.Sign(key) - if err != nil { - t.Fatalf("Error signing JSON signature: %s", err) - } - - b, err := js.PrettySignature("buildSignatures") - if err != nil { - t.Fatalf("Error signing map: %s", err) - } - - if bytes.Compare(b[:len(firstSection)], firstSection) != 0 { - t.Fatalf("Wrong signed value\nExpected:\n%s\nActual:\n%s", firstSection, b[:len(firstSection)]) - } - - parsed, err := ParsePrettySignature(b, "buildSignatures") - if err != nil { - t.Fatalf("Error parsing formatted signature: %s", err) - } - - keys, err := parsed.Verify() - if err != nil { - t.Fatalf("Error verifying signature: %s", err) - } - if len(keys) != 1 { - t.Fatalf("Error wrong number of keys returned") - } - if keys[0].KeyID() != key.KeyID() { - t.Fatalf("Unexpected public key returned") - } -} - -func generateTrustCA() (PrivateKey, *x509.Certificate) { - key, err := GenerateECP256PrivateKey() - if err != nil { - panic(err) - } - cert := &x509.Certificate{ - SerialNumber: big.NewInt(0), - Subject: pkix.Name{ - CommonName: "CA Root", - }, - NotBefore: time.Now().Add(-time.Second), - NotAfter: time.Now().Add(time.Hour), - IsCA: true, - KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, - BasicConstraintsValid: true, - } - - certDER, err := x509.CreateCertificate( - rand.Reader, cert, cert, - key.CryptoPublicKey(), key.CryptoPrivateKey(), - ) - if err != nil { - panic(err) - } - - cert, err = x509.ParseCertificate(certDER) - if err != nil { - panic(err) - } - - return key, cert -} - -func generateIntermediate(key libtrust.PublicKey, parentKey PrivateKey, parent *x509.Certificate) *x509.Certificate { - cert := &x509.Certificate{ - SerialNumber: big.NewInt(0), - Subject: pkix.Name{ - CommonName: "Intermediate", - }, - NotBefore: time.Now().Add(-time.Second), - NotAfter: time.Now().Add(time.Hour), - IsCA: true, - KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, - BasicConstraintsValid: true, - } - - certDER, err := x509.CreateCertificate( - rand.Reader, cert, parent, - key.CryptoPublicKey(), parentKey.CryptoPrivateKey(), - ) - if err != nil { - panic(err) - } - - cert, err = x509.ParseCertificate(certDER) - if err != nil { - panic(err) - } - - return cert -} - -func generateTrustCert(key libtrust.PublicKey, parentKey PrivateKey, parent *x509.Certificate) *x509.Certificate { - cert := &x509.Certificate{ - SerialNumber: big.NewInt(0), - Subject: pkix.Name{ - CommonName: "Trust Cert", - }, - NotBefore: time.Now().Add(-time.Second), - NotAfter: time.Now().Add(time.Hour), - IsCA: true, - KeyUsage: x509.KeyUsageDigitalSignature, - BasicConstraintsValid: true, - } - - certDER, err := x509.CreateCertificate( - rand.Reader, cert, parent, - key.CryptoPublicKey(), parentKey.CryptoPrivateKey(), - ) - if err != nil { - panic(err) - } - - cert, err = x509.ParseCertificate(certDER) - if err != nil { - panic(err) - } - - return cert -} - -func generateTrustChain(key PrivateKey, ca *x509.Certificate) (PrivateKey, []*x509.Certificate) { - parent := ca - parentKey := key - chain := make([]*x509.Certificate, 6) - for i := 5; i > 0; i-- { - intermediatekey, err := GenerateECP256PrivateKey() - if err != nil { - panic(err) - } - chain[i] = generateIntermediate(intermediatekey, parentKey, parent) - parent = chain[i] - parentKey = intermediatekey - } - trustKey, err := GenerateECP256PrivateKey() - if err != nil { - panic(err) - } - chain[0] = generateTrustCert(trustKey, parentKey, parent) - - return trustKey, chain -} - -func TestChainVerify(t *testing.T) { - caKey, ca := generateTrustCA() - trustKey, chain := generateTrustChain(caKey, ca) - - testMap, _ := createTestJSON("verifySignatures", " ") - js, err := NewJSONSignatureFromMap(testMap) - if err != nil { - t.Fatalf("Error creating JSONSignature from map: %s", err) - } - - err = js.SignWithChain(trustKey, chain) - if err != nil { - t.Fatalf("Error signing with chain: %s", err) - } - - pool := x509.NewCertPool() - pool.AddCert(ca) - chains, err := js.VerifyChains(pool) - if err != nil { - t.Fatalf("Error verifying content: %s", err) - } - if len(chains) != 1 { - t.Fatalf("Unexpected chains length: %d", len(chains)) - } - if len(chains[0]) != 7 { - t.Fatalf("Unexpected chain length: %d", len(chains[0])) - } -} - -func TestInvalidChain(t *testing.T) { - caKey, ca := generateTrustCA() - trustKey, chain := generateTrustChain(caKey, ca) - - testMap, _ := createTestJSON("verifySignatures", " ") - js, err := NewJSONSignatureFromMap(testMap) - if err != nil { - t.Fatalf("Error creating JSONSignature from map: %s", err) - } - - err = js.SignWithChain(trustKey, chain[:5]) - if err != nil { - t.Fatalf("Error signing with chain: %s", err) - } - - pool := x509.NewCertPool() - pool.AddCert(ca) - chains, err := js.VerifyChains(pool) - if err == nil { - t.Fatalf("Expected error verifying with bad chain") - } - if len(chains) != 0 { - t.Fatalf("Unexpected chains returned from invalid verify") - } -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/libtrust.test b/Godeps/_workspace/src/github.com/docker/libtrust/libtrust.test deleted file mode 100644 index 40fb2bfbb7..0000000000 Binary files a/Godeps/_workspace/src/github.com/docker/libtrust/libtrust.test and /dev/null differ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/manager/manager b/Godeps/_workspace/src/github.com/docker/libtrust/manager/manager deleted file mode 100644 index a0cfee8109..0000000000 Binary files a/Godeps/_workspace/src/github.com/docker/libtrust/manager/manager and /dev/null differ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/manager/manager.go b/Godeps/_workspace/src/github.com/docker/libtrust/manager/manager.go deleted file mode 100644 index ed72cd7363..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/manager/manager.go +++ /dev/null @@ -1,27 +0,0 @@ -package main - -import ( - "bytes" - "github.com/docker/libtrust" - "log" -) - -func main() { - ids, err := libtrust.ListSSHAgentIDs() - if err != nil { - log.Fatalf("Error listing ssh agent ids: %s", err) - } - - for i := range ids { - var id libtrust.ID - id = ids[i] - log.Printf("ID: %#v", id.JSONWebKey()) - - signed, err := id.Sign(bytes.NewReader([]byte("hello there"))) - if err != nil { - log.Fatalf("Error signing: %s", err) - } - - log.Printf("Signed\n%x", signed) - } -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/ca-key.json b/Godeps/_workspace/src/github.com/docker/libtrust/official/ca-key.json deleted file mode 100644 index c0af1b3ae1..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/official/ca-key.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "crv": "P-256", - "d": "T68FInnZjHW8c8Y3y8UKDEwVEfubGX7mP8X5EOpxRw0", - "kid": "GW4F:GS7P:22KY:SQXM:FI74:SQBS:KRXR:V4TR:IG6Q:7NLL:OJIS:3XXJ", - "kty": "EC", - "x": "B23slGpLr16MTAJ3MaGVZK6QYEb_l5EZkpnrPcdX6JQ", - "y": "xgkrg8u46RGLbAMqeg7tYxMGbsEdpxdZ4liN_V8TNZQ" -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/ca.pem b/Godeps/_workspace/src/github.com/docker/libtrust/official/ca.pem deleted file mode 100644 index 1f082c8ccf..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/official/ca.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBnzCCAUSgAwIBAgIBADAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdT -N1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6 -M1hYSjAeFw0xNDA5MDUyMzA3NTRaFw0yNDA5MDkyMzA3NTRaMEYxRDBCBgNVBAMT -O0dXNEY6R1M3UDoyMktZOlNRWE06Rkk3NDpTUUJTOktSWFI6VjRUUjpJRzZROjdO -TEw6T0pJUzozWFhKMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEB23slGpLr16M -TAJ3MaGVZK6QYEb/l5EZkpnrPcdX6JTGCSuDy7jpEYtsAyp6Du1jEwZuwR2nF1ni -WI39XxM1lKMjMCEwDgYDVR0PAQH/BAQDAgAEMA8GA1UdEwEB/wQFMAMBAf8wCgYI -KoZIzj0EAwIDSQAwRgIhAOFl3YnbPAPd7hRbh2Wpe0RrtZ0KAZGpjKk3C1ZhQEG4 -AiEAh6R8OVclkFNXFbQML8X5uEL+3d7wB+osNU0OlHFaiiQ= ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/cert.pem b/Godeps/_workspace/src/github.com/docker/libtrust/official/cert.pem deleted file mode 100644 index fa242a2d9b..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/official/cert.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcy -QjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6 -WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMT -O1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02 -MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ -4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN -3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYI -KoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkC -IDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdT -N1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6 -M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMT -O09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNV -TEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80e -o8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8Uw -Raw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYI -KoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsC -IQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg== ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/graphtool b/Godeps/_workspace/src/github.com/docker/libtrust/official/graphtool deleted file mode 100644 index 66ff1f80b0..0000000000 Binary files a/Godeps/_workspace/src/github.com/docker/libtrust/official/graphtool and /dev/null differ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/josh-signed.json b/Godeps/_workspace/src/github.com/docker/libtrust/official/josh-signed.json deleted file mode 100644 index 57a574c77f..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/official/josh-signed.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "revocations": [], - "grants": [ - { - "subject": "/library", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - }, - { - "subject": "/library", - "permission": 15, - "grantee": "OIH7:HQFS:44FK:45VB:3B53:OIAG:TPL4:ATF5:6PNE:MGHN:NHQX:2GE4" - }, - { - "subject": "/library", - "permission": 15, - "grantee": "PTC6:ABN6:Q4GG:GAAP:ZI7C:4TVD:NERQ:IWSC:UWVO:4HUK:DSI6:4NKD" - } - ], - "expiration": "2017-03-19T19:30:00.894517334Z", - "issuedAt": "2015-03-19T19:30:00.894517667Z", - "signatures": [ - { - "header": { - "alg": "ES256", - "x5c": [ - "MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcyQjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkCIDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U", - "MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdTN1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNVTEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80eo8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8UwRaw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsCIQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg==" - ] - }, - "signature": "KjhqAzsjY87dEyVdQkGoMgJciUalpFla1bno6KnZR6irMhfTxH_qwP69VAqPRrhHV5UdplAeKCDgTiXI6tphFg", - "protected": "eyJmb3JtYXRMZW5ndGgiOjYxNiwiZm9ybWF0VGFpbCI6IkNuMCIsInRpbWUiOiIyMDE1LTAzLTE5VDE5OjMwOjAwWiJ9" - } - ] -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/josh.json b/Godeps/_workspace/src/github.com/docker/libtrust/official/josh.json deleted file mode 100644 index e96f4cd187..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/official/josh.json +++ /dev/null @@ -1,17 +0,0 @@ -[ - { - "subject": "/library", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - }, - { - "subject": "/library", - "permission": 15, - "grantee": "OIH7:HQFS:44FK:45VB:3B53:OIAG:TPL4:ATF5:6PNE:MGHN:NHQX:2GE4" - }, - { - "subject": "/library", - "permission": 15, - "grantee": "PTC6:ABN6:Q4GG:GAAP:ZI7C:4TVD:NERQ:IWSC:UWVO:4HUK:DSI6:4NKD" - } -] diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/master-key.json b/Godeps/_workspace/src/github.com/docker/libtrust/official/master-key.json deleted file mode 100644 index 0dfed0f612..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/official/master-key.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "crv": "P-256", - "d": "vIA7rvskakiQZI33vYTsOr_icsaTkQoml5IZjFAdBzA", - "kid": "OQIS:G2B4:P7QB:G3ZI:THPN:ZITM:UDP2:V7ZS:US6H:CULD:RIZB:X7PI", - "kty": "EC", - "x": "K0pEXXaql80eo8khKBUhwg8fXwDnc-QIR3CB86JnCVg", - "y": "hFrJFKwZkGb3XPCUw7cQQr37PZxu8mfFMEWsOhvUHVI" -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/official.json b/Godeps/_workspace/src/github.com/docker/libtrust/official/official.json deleted file mode 100644 index 1fe5718c40..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/official/official.json +++ /dev/null @@ -1,17 +0,0 @@ -[ - { - "subject": "/library", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - }, - { - "subject": "/library", - "permission": 15, - "grantee": "OIH7:HQFS:44FK:45VB:3B53:OIAG:TPL4:ATF5:6PNE:MGHN:NHQX:2GE4" - }, - { - "subject": "/library", - "permission": 15, - "grantee": "TIX7:E75F:VWRT:NFT6:3E25:TPJX:CAEL:YBHA:FTLE:IDGI:BBJ5:HS67" - } -] diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/official.json.1 b/Godeps/_workspace/src/github.com/docker/libtrust/official/official.json.1 deleted file mode 100644 index 534c283fb8..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/official/official.json.1 +++ /dev/null @@ -1,25 +0,0 @@ -{ - "revocations": [], - "grants": [ - { - "subject": "/library", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - } - ], - "expiration": "2014-12-29T00:08:20.565183779Z", - "issuedAt": "2014-09-30T00:08:20.565183976Z", - "signatures": [ - { - "header": { - "alg": "ES256", - "x5c": [ - "MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcyQjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkCIDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U", - "MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdTN1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNVTEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80eo8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8UwRaw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsCIQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg==" - ] - }, - "signature": "uYMwXO869mGDkq7jrE-xfXHcY96JkcIZt_lLWidUtK4Z3-VH8UJx8j-bHQh0rD3C4Olsx7SY5dDOO_Zq60_i1w", - "protected": "eyJmb3JtYXRMZW5ndGgiOjMwMCwiZm9ybWF0VGFpbCI6IkNuMCIsInRpbWUiOiIyMDE0LTA5LTMwVDAwOjA4OjIwWiJ9" - } - ] -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-02-19-2015-longexpire.json b/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-02-19-2015-longexpire.json deleted file mode 100644 index 7224df7972..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-02-19-2015-longexpire.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "revocations": [], - "grants": [ - { - "subject": "/library", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - }, - { - "subject": "/library", - "permission": 15, - "grantee": "OIH7:HQFS:44FK:45VB:3B53:OIAG:TPL4:ATF5:6PNE:MGHN:NHQX:2GE4" - } - ], - "expiration": "2017-02-19T22:55:15.973200265Z", - "issuedAt": "2015-02-19T22:55:15.973200588Z", - "signatures": [ - { - "header": { - "alg": "ES256", - "x5c": [ - "MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcyQjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkCIDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U", - "MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdTN1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNVTEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80eo8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8UwRaw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsCIQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg==" - ] - }, - "signature": "YYP07HOiZWVZ5ZYBvFW5FOlAbY86GrLQ62uGpDphPAJFUFzGgCZCuN04iXVIyFueiJOS6brPSV2dDcd_LlSz-A", - "protected": "eyJmb3JtYXRMZW5ndGgiOjQ1OCwiZm9ybWF0VGFpbCI6IkNuMCIsInRpbWUiOiIyMDE1LTAyLTE5VDIyOjU1OjE1WiJ9" - } - ] -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-02-19-2015.json b/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-02-19-2015.json deleted file mode 100644 index 30368f49fc..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-02-19-2015.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "revocations": [], - "grants": [ - { - "subject": "/library", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - }, - { - "subject": "/library", - "permission": 15, - "grantee": "OIH7:HQFS:44FK:45VB:3B53:OIAG:TPL4:ATF5:6PNE:MGHN:NHQX:2GE4" - } - ], - "expiration": "2015-05-20T22:07:15.075359917Z", - "issuedAt": "2015-02-19T22:07:15.075360044Z", - "signatures": [ - { - "header": { - "alg": "ES256", - "x5c": [ - "MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcyQjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkCIDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U", - "MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdTN1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNVTEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80eo8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8UwRaw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsCIQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg==" - ] - }, - "signature": "te7xmIGQ9EGfYjikIwx0orqZ8WWH7DQN7-sAsoyfDfv_uq5DpgRqs5qkW_rGkwsbF37rq6Bdhdwktvt9YsmlVA", - "protected": "eyJmb3JtYXRMZW5ndGgiOjQ1OCwiZm9ybWF0VGFpbCI6IkNuMCIsInRpbWUiOiIyMDE1LTAyLTE5VDIyOjA3OjE1WiJ9" - } - ] -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-03-22-2015-longexpire.json b/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-03-22-2015-longexpire.json deleted file mode 100644 index c26a7dd1e9..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-03-22-2015-longexpire.json +++ /dev/null @@ -1,35 +0,0 @@ -{ - "revocations": [], - "grants": [ - { - "subject": "/library", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - }, - { - "subject": "/library", - "permission": 15, - "grantee": "OIH7:HQFS:44FK:45VB:3B53:OIAG:TPL4:ATF5:6PNE:MGHN:NHQX:2GE4" - }, - { - "subject": "/library", - "permission": 15, - "grantee": "TIX7:E75F:VWRT:NFT6:3E25:TPJX:CAEL:YBHA:FTLE:IDGI:BBJ5:HS67" - } - ], - "expiration": "2017-03-22T19:04:46.713978458Z", - "issuedAt": "2015-03-22T19:04:46.713978769Z", - "signatures": [ - { - "header": { - "alg": "ES256", - "x5c": [ - "MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcyQjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkCIDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U", - "MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdTN1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNVTEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80eo8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8UwRaw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsCIQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg==" - ] - }, - "signature": "h-4MmsL1QB9lEfq2V4MVpZNcuiw0cKYP4C8T-nd4JtU1WhJ1q2_9mMQmtaXOdg6wWTcBll1bbf11UwXP26OhaA", - "protected": "eyJmb3JtYXRMZW5ndGgiOjYxNiwiZm9ybWF0VGFpbCI6IkNuMCIsInRpbWUiOiIyMDE1LTAzLTIyVDE5OjA0OjQ2WiJ9" - } - ] -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-10-01-2014.json b/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-10-01-2014.json deleted file mode 100644 index 534c283fb8..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-10-01-2014.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "revocations": [], - "grants": [ - { - "subject": "/library", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - } - ], - "expiration": "2014-12-29T00:08:20.565183779Z", - "issuedAt": "2014-09-30T00:08:20.565183976Z", - "signatures": [ - { - "header": { - "alg": "ES256", - "x5c": [ - "MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcyQjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkCIDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U", - "MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdTN1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNVTEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80eo8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8UwRaw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsCIQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg==" - ] - }, - "signature": "uYMwXO869mGDkq7jrE-xfXHcY96JkcIZt_lLWidUtK4Z3-VH8UJx8j-bHQh0rD3C4Olsx7SY5dDOO_Zq60_i1w", - "protected": "eyJmb3JtYXRMZW5ndGgiOjMwMCwiZm9ybWF0VGFpbCI6IkNuMCIsInRpbWUiOiIyMDE0LTA5LTMwVDAwOjA4OjIwWiJ9" - } - ] -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-11-24-2014.json b/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-11-24-2014.json deleted file mode 100644 index b4f523ae3a..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/official/official_release-11-24-2014.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "revocations": [], - "grants": [ - { - "subject": "/library", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - }, - { - "subject": "/library", - "permission": 15, - "grantee": "OIH7:HQFS:44FK:45VB:3B53:OIAG:TPL4:ATF5:6PNE:MGHN:NHQX:2GE4" - } - ], - "expiration": "2015-02-22T22:47:54.722420237Z", - "issuedAt": "2014-11-24T22:47:54.722420583Z", - "signatures": [ - { - "header": { - "alg": "ES256", - "x5c": [ - "MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcyQjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkCIDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U", - "MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdTN1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNVTEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80eo8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8UwRaw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsCIQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg==" - ] - }, - "signature": "WIxdNx3olDbq4fLRx46HHKyghPqpqTMB_RJkI5mCLrg3lIFq8ke-gNgfD_xDHHKgV7CBdmQpUS-FDABcKhQ_0g", - "protected": "eyJmb3JtYXRMZW5ndGgiOjQ1OCwiZm9ybWF0VGFpbCI6IkNuMCIsInRpbWUiOiIyMDE0LTExLTI0VDIyOjQ3OjU0WiJ9" - } - ] -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/official/trust-key.json b/Godeps/_workspace/src/github.com/docker/libtrust/official/trust-key.json deleted file mode 100644 index 684157c7c0..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/official/trust-key.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "crv": "P-256", - "d": "6kQq64Rv3qOPLbS9Yj125E1y0ytaUxL8zBA6NJcVEPM", - "kid": "W52V:BWCQ:OUY6:IQ5N:X5XG:M7KJ:GX6P:TWMQ:ZFHJ:M632:K23V:XF45", - "kty": "EC", - "x": "G9rANGMaOxoZ4XzItNBpqrzZLe_hyMY_hnlXARER0rY", - "y": "xKeQecpebA2GlxCPNFYKVBjb5XhTlXO8jd63JU9eLZs" -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/proposal.md b/Godeps/_workspace/src/github.com/docker/libtrust/proposal.md deleted file mode 100644 index f171739a38..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/proposal.md +++ /dev/null @@ -1,57 +0,0 @@ -### Motivation - -Currently, client to daemon authentication over a TCP port can only be achieved through generating TLS certificates for both the client and daemon. Each daemon instance then needs to be configured to use the generated TLS certificate and the client must specify its own certificate as well. Production critical, large-scale deployments should already be using this method to secure and control access to Docker daemons, but the extra setup required by generating your own keys, getting them signed by a certificate authority, and distributing those certificates is too much overhead for setting up small-scale deployments such as a Boot2Docker VM running on a developer's Mac, for example. Software developers are already familiar with how SSH key distribution works: through a list of authorized_keys on the server and known_host keys on the client. Ideally each instance of the Docker engine (client or daemon) would have a unique identity represented by its own public key. With a list of trusted public keys, two engines can authenticate to eachother and the daemon can authorize the connection. This can be done at the TLS layer after initially loading a list of trusted public keys into a CA Pool. - -### Proposal Summary - -Every instance of Docker will have its own public key which it either generates and saves on first run or loads from a file on subsequent runs. The public key will be distributed to other instances by a user of docker or system administrator to allow connections between two docker engines. Each instance will have a list of public keys which are trusted to accept connections from (trusted clients) and a separate list which it trusts to make connectionss to (trusted hosts). These public keys will be stored as JSON Web Keys and can be distributed as a JSON file, or as a standard PEM file. For TLS connections, the Docker engine's key pair will be used to generate a self-signed TLS certificate and the list of public keys will be used to generate a certificate pool with a certificate authority for each public key. For TLS servers the list of public keys will be loaded from an authorization file (authorized_keys.json) and for TLS clients the list will be loaded from a known hosts file (allowed_hosts.json), a client must always provide its certificate if the daemon requires it. In addition, a certificate authority PEM file will be allowed to be specified to maintain the existing TLS behavior. As another possible addition, upon connecting to a previously unknown server, a CLI user can be prompted to allow a public key now and in the future, leaving it up the user’s discretion. - -### Key Files - -Docker will support key files in either JSON Web Key format or more traditional PEM format. - -##### Private and Public Key files - -Both the docker daemon and client will have a private key file and a public key file in either of these formats. A client's private key default location will be at `~/.docker/key.(pem|json|jwk)` and public key at `~/.docker/pub_key.(pem|json|jwk)` where `~` is the home directory of the user running the `docker` client. The daemon's private key default location will be at `/var/lib/docker/key.(pem|json|jwk)` and public key at `/var/lib/docker/pub_key.(pem|json|jwk)`. Unix file permissions for these private keys MUST be set to `0600`, or 'Read/Write only by User'. It is suggested that the public keys have permissions set to `0644`, or 'Read/Write by User, Read by group/others'. Because these keys may have a variable file extension, Docker will load whichever one matches the glob `key.*` first, so it is NOT RECOMMENDED that there be multiple `key.*` files to avoid any ambiguity over which key file will be used. If the `--tlskey=KEYFILE` argument is used, that exact file will be used. Optionally, we may add a config file for Docker client and daemon in which users may specify the file to use, but that possibility is up for discussion. - -##### Authorized Keys file - -An instance of the Docker engine in daemon mode will need to know which clients are authorized to connect. We propose a file which contains a list of public keys which are authorized to access the Docker Remote API. This idea is borrowed from SSH's `authorized_keys` file. Any client which has the corresponding private key for any public key in this list will be able to connect. This is accomplished by generating a Certificate Authority Pool with a CA certificate automatically generated by the daemon for each key in this list. The server's TLS configuration will allow clients which present a self-signed certificate using one of these keys. Like today, the daemon can still be configured to use a traditional Certificate Authority (the `--tlscacert=CACERTFILE` option). The default location for this file will be `/var/lib/docker/authorized_keys.(pem|json|jwk)`. Docker will also look for trusted client keys in individual files in a directory at `/var/lib/docker/authorized_keys.d` in either PEM or JWK format. - -##### Trusted Hosts file - -An instance of the Docker engine in client mode will need to know which hosts it trusts to connect to. We propose a file which contains a list of public keys which the client trusts to be the key of the Docker Remote API server it wishes to connect to. This idea is borrowed from SSH's `know_hosts` file. Any daemon which has the corresponding private key for a public key in this list AND presents a self-signed server certificate in the TLS handshake which has the desired server name (hostname or IP address of `$DOCKER_HOST`) using one of these keys. Like today, the client can still be configured to use a traditional Certificate Authority (the `--tlscacert=CACERTFILE` option). The TCP address (in the form of `:`) will be specified for each key using extended attributes for the key, i.e, a `address` JSON field if in JWK format or a `address` header if in PEM format. The default location for this file will be `~/.docker/trusted_hosts.(pem|json|jwk)`. Docker will also look for trusted host keys in individual files in a directory at `~/.docker/trusted_hosts.d` in either PEM or JWK format. - -### Key Types - -By default, a Docker engine will generate an ECDSA key, using the standard P-256 elliptic curve, if a private key file does not already exist. Supported Elliptic Curves are P-256, P-384, and P-521. RSA keys are also supported. The default of Elliptic Curve Cryptography was chosen due to more efficient key generation and smaller key sizes for equivalent levels of security when compared to RSA [[reference](http://www.nsa.gov/business/programs/elliptic_curve.shtml)]. - -### User visible changes -- TLS is always used for when using tcp:// (unix:// does not require) -- Client TLS verification is on by default (`--insecure` flag added to disable) -- Server TLS verification is on by default (`--insecure` flag added to disable) -- `--tls` and `--tlsverify` flags removed -- `-i`/`--identity` flag to specify the identity (private key) file -- User prompt added when connecting to unknown server - -### Backwards Compatibility - -In order to maintain backwards compatibility, existing TLS ca, cert, and key options for setting up TLS connections will be allowed. Scripts using `--tls` and `--tlsverify` will need to remove these options since these are now the default. To use the existing insecure behavior, run scripts will need to be modified to use `--insecure`, this is not recommended. These changes do no have any effect on servers using unix sockets. - -- Connecting from older client: The client must generate a certificate which is distributed to the server. Optionally the newer server can run with `--insecure` which will require no changes to the client. -- Connecting to an older server: If non-TLS, Client will maintain ability to connect to endpoint using the `--insecure` flag. If TLS is manually configured, no changes should be required. - -### Usage Pattern -- Single Machine - Setup using Unix socket, no changes -- Single Machine (with non-B2D VM) - - - Invoke docker on host to generate key.json - - Invoke docker on guest to generate key.json - - Copy ~/.docker/pub_key.json on guest to /var/lib/docker/trusted_hosts.d/guest.json on host - - Copy /var/lib/docker/pub_key.json on host to ~/.docker/authorized_keys.d/host.json on guest (optionally use prompt) -- Single Machine (B2D) - Boot2Docker installation generates and copies keys -- Two Machines - - - Invoke docker on client to generate key.json - - Invoke docker on server to generate key.json - - Copy ~/.docker/pub_key.json on client to ~/.docker/authorized_keys.d/client.json on server - - Copy /var/lib/docker/pub_key.json on server to ~/.docker/trusted_hosts.d/server.json on client - diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/cert.pem b/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/cert.pem deleted file mode 100644 index eb9c9abd01..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/cert.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC7DCCAdagAwIBAgIRAMzw0lcScp8VgiIX5W18bkUwCwYJKoZIhvcNAQELMBYx -FDASBgNVBAoTC0Jvb3QyRG9ja2VyMB4XDTE0MTAxMzIxMjIyOVoXDTE3MDkyNzIx -MjIyOVowEzERMA8GA1UEChMIUmVnaXN0cnkwggEiMA0GCSqGSIb3DQEBAQUAA4IB -DwAwggEKAoIBAQC8V4jsxvsRZ5ml1Q/VXtrJStFcTjzwh2niEPCvER6xYcWHloMM -A6q8cvoHYv2/1ELbKQbLaIuKowWa3gvsiL1Fs3b02jv0a9rN4kFofkRLKuvYKroB -Y2P06LNT/sXnE+jCSw9OEdYZuoVXeohmVpcQUCeh8LNDS0b+vg+fU/O46iggUlqu -LOaXC8A68SSiBP6qG/cOBPNmfGi09G8sCJ7b7Xd2J8MPeUovNVw+2Wfj4Bzox8s/ -7B9Ef6iIfwdkvclHoBZIzclJdA0ew5aam/a7SStuRMgX7yhDfRh9sRiyv/ZvKXW6 -CUy0Oqa//UlmQoC6K3kOm/EMzPocI6NwJ53PAgMBAAGjPDA6MA4GA1UdDwEB/wQE -AwIAoDAMBgNVHRMBAf8EAjAAMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATAL -BgkqhkiG9w0BAQsDggEBAJjOpgKhzlMcrWhh2pFNaHK77IIROMG8XgmdWE3u2IS9 -oKbe31n1scyNIvUkrE11iwqJ+4i6C9/eHf1sTz1sHSoBA+7w9O7ghErQ5XK+rfZD -Ax/Bu7o1lpnxtrQTiMaVUXZrBnowooDCdjyQyX0BeiIIRhQyBbx3lMpfjbyXFM/l -hTuRC8Mt2QSu6pn+Le8t9rlkFq9exHg0Jng1ZpaJWCt6K27J8rMS3jngFUa2ihG6 -d5vSu6Gqaqhtki4uGA2mUu7RPUhZ5H+WLmDknHeD3/k9ASloa6jw2ehcyU9o4PMB -5Lr1zMEG5RkNDVcE5qurWNrpZc1ajPomxmuTrcwO6vQ= ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/generate_cert.go b/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/generate_cert.go deleted file mode 100644 index a84ecd16c4..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/generate_cert.go +++ /dev/null @@ -1,173 +0,0 @@ -// Usage: -// Generate CA -// ./generate_cert --cert ca.pem --key ca-key.pem -// Generate signed certificate -// ./generate_cert --host 127.0.0.1 --cert cert.pem --key key.pem --ca ca.pem --ca-key ca-key.pem - -package main - -import ( - "crypto/rand" - "crypto/rsa" - "crypto/tls" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "flag" - "log" - "math/big" - "net" - "os" - "strings" - "time" -) - -var ( - host = flag.String("host", "", "Comma-separated hostnames and IPs to generate a certificate for") - certFile = flag.String("cert", "", "Output file for certificate") - keyFile = flag.String("key", "", "Output file for key") - ca = flag.String("ca", "", "Certificate authority file to sign with") - caKey = flag.String("ca-key", "", "Certificate authority key file to sign with") -) - -const ( - RSABITS = 2048 - VALIDFOR = 1080 * 24 * time.Hour - ORG = "Registry" -) - -func main() { - flag.Parse() - - if *certFile == "" { - log.Fatalf("Missing required parameter: --cert") - } - - if *keyFile == "" { - log.Fatalf("Missing required parameter: --key") - } - - if *ca == "" { - if *caKey != "" { - log.Fatalf("Must provide both --ca and --ca-key") - } - if err := GenerateCA(*certFile, *keyFile); err != nil { - log.Fatalf("Failured to generate CA: %s", err) - } - } else { - if err := GenerateCert(strings.Split(*host, ","), *certFile, *keyFile, *ca, *caKey); err != nil { - log.Fatalf("Failured to generate cert: %s", err) - } - } -} - -// newCertificate creates a new template -func newCertificate() *x509.Certificate { - notBefore := time.Now() - notAfter := notBefore.Add(time.Hour * 24 * 1080) - - serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) - serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) - if err != nil { - log.Fatalf("failed to generate serial number: %s", err) - } - - return &x509.Certificate{ - SerialNumber: serialNumber, - Subject: pkix.Name{ - Organization: []string{ORG}, - }, - NotBefore: notBefore, - NotAfter: notAfter, - - KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, - //ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, - BasicConstraintsValid: true, - } -} - -// GenerateCA generates a new certificate authority -// and stores the resulting certificate and key file -// in the arguments. -func GenerateCA(certFile, keyFile string) error { - template := newCertificate() - template.IsCA = true - template.KeyUsage |= x509.KeyUsageCertSign - - priv, err := rsa.GenerateKey(rand.Reader, RSABITS) - if err != nil { - return err - } - - derBytes, err := x509.CreateCertificate(rand.Reader, template, template, &priv.PublicKey, priv) - if err != nil { - return err - } - - certOut, err := os.Create(certFile) - if err != nil { - return err - } - pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) - certOut.Close() - - keyOut, err := os.OpenFile(keyFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) - if err != nil { - return err - } - pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) - keyOut.Close() - - return nil -} - -// GenerateCert generates a new certificate signed using the provided -// certificate authority files and stores the result in the certificate -// file and key provided. The provided host names are set to the -// appropriate certificate fields. -func GenerateCert(hosts []string, certFile, keyFile, caFile, caKeyFile string) error { - template := newCertificate() - for _, h := range hosts { - if ip := net.ParseIP(h); ip != nil { - template.IPAddresses = append(template.IPAddresses, ip) - } else { - template.DNSNames = append(template.DNSNames, h) - } - } - - tlsCert, err := tls.LoadX509KeyPair(caFile, caKeyFile) - if err != nil { - return err - } - - priv, err := rsa.GenerateKey(rand.Reader, RSABITS) - if err != nil { - return err - } - - x509Cert, err := x509.ParseCertificate(tlsCert.Certificate[0]) - if err != nil { - return err - } - - derBytes, err := x509.CreateCertificate(rand.Reader, template, x509Cert, &priv.PublicKey, tlsCert.PrivateKey) - if err != nil { - return err - } - - certOut, err := os.Create(certFile) - if err != nil { - return err - } - pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) - certOut.Close() - - keyOut, err := os.OpenFile(keyFile, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) - if err != nil { - return err - } - pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(priv)}) - keyOut.Close() - - return nil -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/key.pem b/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/key.pem deleted file mode 100644 index c0b29fa9e7..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpQIBAAKCAQEAvFeI7Mb7EWeZpdUP1V7ayUrRXE488Idp4hDwrxEesWHFh5aD -DAOqvHL6B2L9v9RC2ykGy2iLiqMFmt4L7Ii9RbN29No79GvazeJBaH5ESyrr2Cq6 -AWNj9OizU/7F5xPowksPThHWGbqFV3qIZlaXEFAnofCzQ0tG/r4Pn1PzuOooIFJa -rizmlwvAOvEkogT+qhv3DgTzZnxotPRvLAie2+13difDD3lKLzVcPtln4+Ac6MfL -P+wfRH+oiH8HZL3JR6AWSM3JSXQNHsOWmpv2u0krbkTIF+8oQ30YfbEYsr/2byl1 -uglMtDqmv/1JZkKAuit5DpvxDMz6HCOjcCedzwIDAQABAoIBAQCDKJZTBbK8CSCH -yptPJNJJ0Y+Ar39ipXqIEvH5iHuOXZ8YcClsiXUx7QPPdxFssF2qj6SKrJBYiHST -x8QYAZWFX5gcpYmRCjcCn2ibYyseCZLaI88KvnNSj2aqvMaGyGeUPn83B9bIbgsD -w3IPioeCtb8T2DKOT3LuXd81PlqAz2Q2O1OHhTpWYA9gLAeXx+z6jU+Cvn9z67n0 -+9utUTk8n+SN4+K4h7ufM7CFzLgnugyrhvIgm0NfHDhR9SBwwSTJ/J1CrD4TLkIm -d3HetZemfRjByg11Zrltm3YgxdTWKrjfqX3XguR/6HIiXvo5vWhs5DAuQtvTc8Wa -ahceS2KxAoGBAMPqj8mWu+LSlWmXIx2gXNPkhK1EovZL0gImouWbb7kCHxQNYTJs -wWzG61y9NdCHkhbCDsGXj9rFpPlrDr567gMZTYmLBzcB8DXpHr5XPyl6ZDqYs/L0 -4jDTSG/tthIDnxVY1O+bGrzknVpakrgJ9H2yivgWIWBVX3XUfXEH8f4HAoGBAPYa -T5408onWBzWpbydvPd4loAbuCgG2bXOJjqsyZALHS4SoDQ2HUIZokVlf9yWOzyhd -R8iWYADhMps+/wVW6eNAva3hCzI8US0ZiF7SgIZlq31UV1kDXl/XV+ccFp1R95KV -c0VbRw2Tqzhmdu7OcvysP8FYZvGWGCev6Opxqe/5AoGBAJDt1xp4kFsWDwOCk66Z -77GsTd3jdW4f3qZKsJyMJNTG1fi+gRWNUHVIndoH+mRdtdtyCPp7RSbAqO79nHWa -eLIAKNTD7T1rCKjI4D5MSmRDrxuN1Si4sQ8PbXmnbtXaqfdftH3fzqLHuAOcFwdg -DeZiit1FecFKxohi/bz89K5HAoGAQI0qMQ8mRu0yuuqUUz2kdq5byTWKvmRBVTrR -hyoSfYAU2NjTg6bogjjPVygKxXkt8SJ2f7ChwdlP0tS1Q4tGkesbVY5fx292w2Od -F3ITcC0ezCLhPmHZ0T3EusPtUpp7W6GDuL92ZaNEF+kYbQ8NriToHCi558g80bwc -VdI2htECgYEAjOkauwVyJrNt3/NNW7yv/hLOzgX+Cxe9GSWZj9LoYdjB1Y9/rzyq -f2YGdmyrrY8dWXHI9YK/RXk9/r2EDNNGwyH0+6na5pS5D+r78DhS1fiba7EJrPYK -s68QsKo397pa6gWhlQpsUJr97/y2V9Fba8SINnzzmG0zJehPGQXuRFc= ------END RSA PRIVATE KEY----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/registry.cert b/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/registry.cert deleted file mode 100644 index 8047bf75cd..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/registry.cert +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC3DCCAcagAwIBAgIQXHT/h2+fDzoIxPvBTexiCjALBgkqhkiG9w0BAQswFjEU -MBIGA1UEChMLQm9vdDJEb2NrZXIwHhcNMTQxMDEzMjIxMzI5WhcNMTcwOTI3MjIx -MzI5WjATMREwDwYDVQQKEwhSZWdpc3RyeTCCASIwDQYJKoZIhvcNAQEBBQADggEP -ADCCAQoCggEBAPKkPwCO4bgmrJek6lWjToBuyF4Or3E/38GwIECpuZuymoBs4C1B -7Qp7oOrGIRh96htgYPl5WkDUM0If9yG2bDR9JwLxs5OEZrwLbzsvDgaGYiLocElH -nKoUdorkr2DtG/rBOgiAqiw9Rw4+Bb0J09hx/Q+S9xuebthSnnKKtBXicBfmHkbD -UhfolSdbdBa4u3R2gkFzGXCoAnuYJSerO6fewCJTg2jWxGjuU/Ekm3m13XWQWBis -OQN7qGRr/sHLaB4wp69X/mtOKyK1BoGPYV2f73VKremU52QsTcpYw9q6Zoy/iztq -WZMVY0Mo4x1TvVKFlzbb9g3UpqDEZCgxS60CAwEAAaMtMCswDgYDVR0PAQH/BAQD -AgCgMAwGA1UdEwEB/wQCMAAwCwYDVR0RBAQwAoIAMAsGCSqGSIb3DQEBCwOCAQEA -rq6CCnZKw39nT8VVAMiGS63q6+eGX0u8SjsPQu7qqxDex4La09rAZzlfh2GvusCz -kJcFyliCwbZTZqFyfYXex+dFgBRaGmjTaE5ZKS7e0UV0oPE4ig9OFMl8/5dsOWJe -3SpXOwC41idNAqzJ/StcWy2IIco7TM3YcjCFQeHwNOpspgOiTN3CYkUCmxkRVd2q -U8aEvk6/rmmVCesDWsAAngfdHPRVca7PSn8Xz0hglHtdTsO/32EfCmOJI9Lc78cR -6g9mX98oJwstQYTsA7lvcTArbCVhbQ/4z8T/AZu2P89Nr8+GW6XRxM5Ne08RnvlE -IZa1y0Fg07FIqgJB3HAbHA== ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/registry.key b/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/registry.key deleted file mode 100644 index 84f45a2ff6..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/registry-test/registry.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEA8qQ/AI7huCasl6TqVaNOgG7IXg6vcT/fwbAgQKm5m7KagGzg -LUHtCnug6sYhGH3qG2Bg+XlaQNQzQh/3IbZsNH0nAvGzk4RmvAtvOy8OBoZiIuhw -SUecqhR2iuSvYO0b+sE6CICqLD1HDj4FvQnT2HH9D5L3G55u2FKecoq0FeJwF+Ye -RsNSF+iVJ1t0Fri7dHaCQXMZcKgCe5glJ6s7p97AIlODaNbEaO5T8SSbebXddZBY -GKw5A3uoZGv+wctoHjCnr1f+a04rIrUGgY9hXZ/vdUqt6ZTnZCxNyljD2rpmjL+L -O2pZkxVjQyjjHVO9UoWXNtv2DdSmoMRkKDFLrQIDAQABAoIBAHkE4IN3wC7n4ydT -UqlZ5Tp7hqYa7vguInzpSnzV6kQ0xYiORRVtjzuuQ6k1Hqanjo8O9+8VzqUM8W/m -n40J/lgDn+SBBs7pt4/MqDK9mmI4vlOo2PBDrmjKAgHuY2aVfGIJ49b/zWB5Q6pf -1t7dOvL2j4AoDeWRlLmCI5L/iShsKlm8isnEqnvSoWYQEIjyesum8LhjfvDVyvl7 -huOiIbwqCz5198GedhrbCRE4O/owbv9e1yv9RpV/Kruauw+W1uRg4o+WAzvaZ71q -rzlJAi0TQ144E0DqCmCswpJpB/jxK+prcagdTY80SYxg+MPToqqwlUGzwP4piHyO -Hltqm6UCgYEA+7IufLh6nhTgVRD5nPAVDZXxA5906YlZTWTeRH5gOBWoULh+4Ur/ -L+hEZzwiZz5cdWf+qggDmO8HAgtbvUdgMddAOGfEcsVma+H1BqD6ktFXU3tuFqPG -+Mvtz7uDpyVCSiltBOBtI/Ps6VXXRyjXtpWir3QCjLn+emFlxB/kTKMCgYEA9spt -k6TcFMVI8pXzpDhi4WDaf63/WftF3+FBCXLIejq1gQH0edUtKTYieyajgemo4/ph -3LiF9P6lWLRjHpWyrIlW5j3qSOXu/KX1MkKGUnWXXu5EXf+U5+yXl/LgNvgkA3Rc -lpIiL6xhJkkOn0b9b6SfDO3Mkc+fdFLNtoFzu28CgYBhwLEXVVqh/L+nqiEX15KF -pT9mxc5VSTe6vDsq5N4fyiGFwDHe9A6qH445ffxqlqi4HHymstga1HKnU5v8pjTx -BoV1oq+EV7BQpABS48CNtuowjRaTimYjiKhC7rPR/cGCJhamNzeMKBdSBDnI9E7b -JcB6XhcDatUv2JX6ltxG+wKBgEGqbymf7idgrx5NI/0IO9c4TCs5Av7QSzFc4E9B -SXKseGsROBnKzS9wBhC6oTsKDzRKBQwT1SDxONG3fcA/mMEr8gFlbBdlhweWqP1s -kg0S2Oobf/l67gYf/94gc+RsdjitF43A6HPC7D6hpdBftUOli+SGya3qjsUG21G6 -dC7lAoGAJ84wM2yGU358OCmMdbxdjSpwk3P5ue+kcZqYa6R9NX503hg+zdDAnPzS -Dn0Psf7XKklGqMnDRLyusKNPE4hhR/AukeGvBpB8rntBkXvBn0gR3Pz9mJioUvCw -nvsYNrv7yPaMUjDpi3tlDdCxA/c1OYI4nPD1RO1z6KtXzXumg6k= ------END RSA PRIVATE KEY----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/save_test1.json b/Godeps/_workspace/src/github.com/docker/libtrust/save_test1.json deleted file mode 100644 index 2e3c77aed0..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/save_test1.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "keyType": "jwk", - "keyId": "KVKI:GMUJ:FMD7:7BWO:KP7O:QIWP:VRDG:IAWU:MJ6Z:GX35:N6E5:XCD6:2AIQ", - "key": { - "crv": "P-256", - "d": "woOnFXsfJ2UhOW0A0sHRQr-j-ylaFp5hSqv9MXaWIfA", - "kid": "KVKI:GMUJ:FMD7:7BWO:KP7O:QIWP:VRDG:IAWU:MJ6Z:GX35:N6E5:XCD6:2AIQ", - "kty": "EC", - "x": "7C7zxqK8TJUO0yiO3QHhaUm5gjBO_u4UN6Gdw2U846Y", - "y": "11bnKVNb4Yoy0rpJA7slvBm44Lmc4c36h_LjEP8PJmQ" - } -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/test_ecdsa_keys b/Godeps/_workspace/src/github.com/docker/libtrust/test_ecdsa_keys deleted file mode 100644 index 2b24527878..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/test_ecdsa_keys +++ /dev/null @@ -1,5 +0,0 @@ -MHcCAQEEIFlzVietDbzPESwRynJaAZA38KgGkyxkmnOko1OAxniMoAoGCCqGSM49AwEHoUQDQgAEL1Rx9iUzepbmqQub62qSPgC2YTabUFtnqDXNrfN7g2z0P9FYV/ScBIqxnBDdV6Sy1ZIrfUgiuA7JyaABg4hjCw== -MHcCAQEEIGrv2ULb+HV3KoJlciMJ1THswtYxvZ9HVrvIVYaZyt3UoAoGCCqGSM49AwEHoUQDQgAEV+CHKKPoF1rFiVkFiEdoXlXa8UybgoNPQmPVr8ImuR0grslx2Tk/Ja/23CYzYtLeEuRa+lRQSxKa2NjDo7BhfQ== -MHcCAQEEIBxKadItcsdt+lqIh9fCOYX8OpTiIYLlaeZWeKxvJrw4oAoGCCqGSM49AwEHoUQDQgAEp8JenwbJSTVXKS0IHH1KrwPgF7duEwV3aIejGYiBlVZDdgz+DzJcQOGEh9gcOjQ02p7/ciwE4RGZVWs5gUi2nA== -MHcCAQEEIEP8tpIAkgABEl87mJgiPLkdUIjowoDWFm6phU8bTpZ4oAoGCCqGSM49AwEHoUQDQgAEMvc0R61PCQT+NmyJjnjJugzZhfab2yb/7t40DiehQhotCpAiFY1xRIeTq0TphgsFAR7TSRajvBVwdPYfEypOAQ== -MHcCAQEEIHQ1lyvaMTwnbab+NRQvZY4+uvrRwhiotyrZHkfnNWpSoAoGCCqGSM49AwEHoUQDQgAEujEqwGrX0laAM+OHIjM/84n/eYitBmcTTNPgoRaiGfd5xdFPdtTG6ZSt4/m+FBdQ1RAF8bvYPgyMmvm8V7uFDg== diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/test_rsa_keys b/Godeps/_workspace/src/github.com/docker/libtrust/test_rsa_keys deleted file mode 100644 index 9e94f91108..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/test_rsa_keys +++ /dev/null @@ -1,5 +0,0 @@ -MIIJKAIBAAKCAgEAonlf583Avnb72EySBaYxGLvjXDN9jYPPeuNw0E8X8KP5W0bPQNseJBDnXzuIoBwhBy5kecaoIo5UWVei9Z8KBYKP5OnfoEX15tOdm8wQxxACNv/9WtIAVt8Z9RGvuDseCy+Zk9aLBuxK/jIlOr0Ro6kX85Q9Dd/xErgDV/Fkekfzm/NpV5l2LsiUSulcXzsqWwhPEtLMIXYJh7otxcjzzmmrr0tVtlUE/uXq/VxCzf7oJ2liakOvmRSYYq0Kb39j1B75sjA3H7lzxL8ibth1iTsBtHLC16trq8ciFP4eUi+nncdmrAJ53vYX4M1i3lRR5K22Nnfb1NzTEmXjHHWBMjeYAe5Wx3PPDAiGMr5A8N0Bcq3pgy3jhFtHH5B2gO7GlyUoOrSaq9/B4v/UCexiMyacVUC1nfP4OboKXUXwI4CvS0UR0GTnsmloI7fsZUDJH0H8yWkXrDkueSDubTSjxK+B+WtVMXh7xjxAEqenWRKsL8o5QbvWPHjHnFsXbW2TCS72gzrbsx5n1GRHQw/QTKjZ6gaeCZxijZc0Fc7o9BEcFi2RUNmf4hdlvw4ioVeiwOCBsl0R8mIow2PlYsyrzqmPCJkdEIuxt2pstRcoiKIgMec9hIntz1QDU52SMhqquQupRa85rglkWk/AMaERj93/7ljtT8rpXpJkrsxuDwsCAwEAAQKCAgAJFgKQAwihXiQNX5LW8AlU2cUINfTyggmLVMbNT28GTRU3zojulpJj7/IQeFLWqVwLe8Owr7RdYlpDOMxrMf6sejWz1oRkASWUSAdLXCkgCLwm+T/g4VeVhBp+gwOxqNSwSXQsOVZDB9nVx1Yfp80huuYVABg9+2UO5+1/8Ibu87Ei6oTcmj9qtFreqZg51yQyPQ+2/MTfpis4ROgkZG2GAJDSV8MuVCjYXGE80/kEbhnrglA3oxth0y4GbqjjvVsG1Mif92RNyOA5g3rYehBwoTUiMzzENNjrnVJBnEhzzihwgWMzgVvxZQ/GyZWa21pNEI3dE+zeRY8kO0BtKgEUiAW3Zvjhn+P/rdP3FsThLhVawwcrgAYnuRjp9B+NbycctzLXdUfJ9SioSzBx/9ztDHDV3AzH+zOtfrUDmKQ7gLYaJMXZ9ZrrFM4XuxLADo3S4R1zjxipEu2iy/ePitP11sCgVJ3jMWDfHaZpxGUFGypCIfI+rACny9HzrZBjYUozs9LCC4a1bRIfyfmgPp6w3IPOqpyWH9usswhDZVD/ubQ9SKvNfsiQ+oJCki5Py6gIg/6cTt9VLX6e/UPUJdcD7cebnoQOQEjBHT8ONOFu+XhUQcpz/A/d7Af7Py8y0okpZpFYaGAgyzhmJqYcTyriER+cAePaiI4sjiS3z/WX6QKCAQEAxGZH63VehvqWhSZbmDuW+k4KHAKoSPgP0nARL91LxUqg/wE9Ca9a+r3I9y9y7GHLFQc0Z1j/cvpQzQgsfZZZlZ5rHiBKfUgg0ia16pJyVaJXx/7BiL+vJRvFq+AFD3hyIUXooXw3Bnu9TpkNyahIoOJUMw4SNkjV++61ERfr68x1+nfQ8yI1N93uNFXkEZjddlsm6+i8NOBbxvAtxxsnK99m2oL5cGsZmdGwTHwI7lkNvF6QpUaolD5JUWmYYjQW3FLU+fN2Ck6DNarXvq9j+8Mm/1Z+BjW/aMYst12AsUvZ/W/6KhGhAfCDTcmiy5E2fPt39Akq3k7lszwbTXjO/QKCAQEA08eGafWOCAchWyppOSl3kwjYgzzxcTPWYGwcw4pcTHDdVKIpCTMJBc1yi1mykba4lH1J2+bHt23Cwsic7zMDDzS3/0Tfa6XybBOABXokAHbMBWPBSiapou+5s53psI35TrVjnQ78UAxvAzL4GRqwmPLoo122u99rEIcTDIaHmzryDzuUbzT9ZF6r/s8y+GxqtmUdUjijf40NX1IOVm1nkF8xCsFa7q9i7Gnc2lDkIX5+is7NPFMStG9MMFJ7BQi+Gj39aNeL0C2IBqT8J2TTs1WWdSjFGVkRQM/RQGu7+j2OrVwU/KHbey4sbkg3JyR66A9ZlL+DZxIeC2yc8r2opwKCAQB7LSboLvl1MI7cvXzu0ljTbcR7YtNGyIWr1uuAmItgFnk41f8BJwCpiAQVu6WZSZBEBPvB4Zh89S9eGEVHEtfmta+6+kedoXIsO2kW0Hhy6tmhLk8VRBtF69AjBuJFnKX/5keLmEsufsbxF58FHc1HUgu65ZVYhH/ofQME0Hr/rYFE8IaVJpw4CLHQExpySuyCwZJ8nMAFbb1B3PrpCEeeBYQNgd2Nuy4YQeIPZi93xVSPEsQnVFSAfTwgmlifJso7rpuylBYxSqKSMy8Sgg/0I6Y+uHFb1bPRs5DyA+ulxsvWXreIUPwpKj4/uDmo8M86vcCyxlkjiloX+pepFB7FAoIBAQDLVEO/M91746yo5N1F3oRJjTKjPj3pnAV1ahdrvknDspEuEssnY/KDua8CD8qckDxDhM8G7FpPyHg3n3jdR7LmRI1r7uo7ZoaMMWS23X/3WhekDRSlZt1z7In04+ZcdtMoOIs9XgftqyJihesh3zgygPXO88jgNC+NHMKzQe6soTmKWn+3Db9DQIoOCU08qosCN66hJHQFoJ14KUZOwJewS1TAqMfvZkCqDzHWAdgmOFayWr897dyFlF4n/ujR+oTamS3WHSzFYRG6n2jhQbLn+YKNVel23sbr3RtgqI9AQR3dYA1eSOB7MefCsl8Rm7rNVv+BCybULNbfzRYbEPD9AoIBABLEFXpQIrbWJhsElj2VSdbtSLGgnfugc37G3gmBVtIA/l9ZZ5Kh0xuRUtCX3LxUp21+U66Dlk3YxcOKUu4jrO9VQGawzvqefHKvY++SapW3hwTBQKfipG6r2/344rh2xGH5WNV5y/n8Rdubin1viPXaFMy2Xg4N6Yx7XNsYqqt1ctjmk1bZ0jVXo9vEzOw36MEhWjZr+dfJh7ifMrTUEIQzwawbC3zIf3WgTVfjFmcJuMubPa6zPeypdmfK8ZCPSpm+s0wpQENqJoo7b5qCtrXM8ZXSk3wWYselJEKMxe6N97ltXRtRYOzK+mNiwsAKdIjg7bWb4hl5urc0Wwh5NPQ= -MIIJJwIBAAKCAgEAu1Rb7RmjsZOpMfxtXLNwg0rj3lu/jJS67xZ6RlRi6wAeSqM9x2i1W/LwrcP9gp0XSYYde7WzDy1KVkm7x8zV38rrMeWNKISF2y1IyatwXUNWpMpKLT5Px37ayyU5HD29eH+A7yAA6wfvv/QXNh2mxf/qTquqiZ6E/Z6JjpVOOIJXAjjH4k4iHtXrDR11VEvMhpoiClue4iKYOZUgZdP2fjVYtyJmKXr0lpAtuROdZ+s655dUzvNkp9PlgPLU9iF020DGwD0/4JFXAj1dYDMwKlLkL1auU8zqARgWabis/4FGLwN66QryAJXySyjBcByPWtuapxZwlKyqr4sDUfd68YuAQ9Y6sTS9SCWIeM6iXpxRBl03gFITDv0E6T0RXOBtqIJ5he3L9ajR3ynGN7jA5R6cVNJ1gtqkFRKquasTT+7iAOZdNcIXl7PP3dPNdWzGONAf8A0yEyJ7rKxPZLx6KuZUZ6q51JpDa7Rr6zcoeKVZ1rjisI1dtXEneqQ8ay8bNRzuc8IBY/AzYPcvK4oQRj1syVL9ZqWBxnahKfs/YJzyraA/GpepAPSUAIFpxcad0UOl7HYuawkk8a+nB/pfR1fAmyFJ8EKfg4utRG8tnP1W86yIVZ24Uqaf5RMeR/S3AiQyroZKODUOLWdrnTJ24t7Pf7+I3pcdzVFY2dFo66MCAwEAAQKCAgA57wDu9rr1NCFjYBnCTYxCTmriXaWDqIuXXXA7R+W/n62+j3WPsgZEhYGBe9dvCX4mMt/zXmIeE3el7++u/t4189+A8ukQ2ss62WplVCvP6/9jv1vpWhf6LnUj1kMvRLjQBz6stU0TYsT2rFpxVgI5wceIxPZc0TV36gvImMw0Fbsq6LyIdHmA589lovKiOz7pccmNQoCElwZU6JW4aDEXHxBssqq9sVTrK3O4hSRs+wagkOCdkBBVBuc3VeIerIIjPIk68rZKkShDfQ7frXT74d7H9Rq8t+a2p+hmkcKO0kAOUhk08TmejMD+FYCdV3fONZRCkGII2M2AtJE2TD8s5OgLvyrk7/eINf1npwKPLW0+jwHvF5IkxFgrEGVO6mDMcKnS9GJ8Okq6OHO6NsG6SKfxQ6PJEBU3k8YPIQmdpEPgmu+VTzEPwsaImLZBclEkXX9IfvWm8nfoI5KK0UPkHBW+9gPQxa1p5FaHkXO3GARurRU/dIkLU8sBYr3dorNbW8kAQvWK+G8BBKoIQRKb9nGvITcny/+vg/NTdumUqxBrbRL90AgZXC5HJ8fhKgRpsR2nL4VUysESJfE81QVrpN7tl36R+F7oscHwQhpknhZz1QrXb9GEn5ZDvZGol6X3EpCMJKgAQ/umGHohltbanCGJmrgMaQ5wZjLm4yIaQQKCAQEA1lTP3Cq8NgcY5xJFdBGeK2cPpGQ3frMue3dXPEHDaHxpPhllAFbIfWwfWocgTlk3RKUpo2Kmu/b6r+ZHaIEMSC6X0bqPBLEZ1XJ8XVkUBucjHXHqR6GJefbsCipPl5TbbtTrmnDL7EwIcZ2g/dRW10zbfV7M3LDhTQyEsPG6Aai4UVztxFV050wmG7N6fmx7TFx2xtlvZ41sIVMB2ZpodjMV74xV+g22ojyRDMT7+jHdWAbfT7+YXyO1Qb1GvOsLOV9M4sfAKVVpv/AllTfAtgYvIufzRjXIRnTrR7rIeIQSaocUxJaz7NAslKgZAFxijuQXoy4e6iLjovtB0bIJOwKCAQEA37+t4tbDfy+J3O6Tfmioy+aHQ9u+7e8a+vKsnyUxssE29n2wfGtq8wbpP6+ffkLinisu4JkkHeO5A/cvbfYQWLmDRDnDMyO2qJROoI4E1SQQtqAAo/194oiPLY3wKenw8EZn24EUR+7N5JM60I2R3kZKe+Hn6VsIn7SjBSLGMBzGRDZ6+jaYT/bSu9E3JRE2ZAiFo9uAxroOMx2pfhaZ0Rkjav8fURc0pMy1Jr/bTljO6xLlk2eLLEe0SEf+5mzMr8C2ZFklDDFhroDSNR7zqiZ0qslNPXqAdY2a6hbG243X7BjY/wjJs3P8bRvN8nBfO4Gj4E/yo7LMUbcbVTzAuQKCAQBg7yqzIIDOzpbsqs7Ol8k5R/tDFjAjFVbIcEj776I490uB0mpjpNw4HVZw0vxBcwgT+77BLjTKfgES3Mse8H5lhu0S5ZUZQh+08XpdnZP5K0AuaP7UNrK+fnZygoBMxf4YOiP0TV9tF1YaTHgrVIWSCiiaou10QmsjNa4teKXvaicyZR0D1sJweXgivyF/XADHoGn3tQ81fjiROcF0cOkdzCz3kjiwRtN6vHm9lLmBhlvdG/6TSsvW+4dWnAwKFSOWZwuW5VB7YS3aqPnWasi1ikZ3OwBDmL9jXi2q20cfelv54e36m030pJIFCaGFEENi7LXkD0/cBLt/UrOJ60NRAoIBACE+ME6Yi/k0je4WQDGyyQlqWcR6PJbLRJ3uOjl25Dhjvo/Gwtbper1a1ILSzAaNV3AaiF90QUpzkASH0DMtMOaNwXP8hQTvFG9dgYUXNJ6aOiV4BkBXJEHo+iTRhtIjYNnCDCIvvlylnU+NlFpx/i8hEGXxfWxNSy23P9U+gmWZkNeHpKPSQrT2vf6Lqf7G3Obl4T0kGrDr6boseQczwmyvqHR4LSX2Jasqguub67BrP2rrptJMuv+8M4vdroB7v7mJD1A/cmKqX5H2r8SWsashBYpuWBx/O+C7Rj3rXmY2X9NDKdJScu1HmUR4shOIII4Nx9RG7IznvrWRV+1FFnkCggEAZpeoy6ucv1+0N7NPPIq1s/bYOVMEFZ10+EQulNOVzLkZayFklfuDN84H7goEGFZx9H5R/vWOjPWot/886S8qGMGxeHL0e9smiLg6MC8dXTq9+kg3hfOGB/WeiQHLv1CGuM5aYZqAEIbOf0Svn2GR1C0Z1TWHxC8dr6AejSZ5AZ3RpJoJOwvQOI8xnUr+pXLxpokrPgLM4MpfgZMBkRgUGZtv0CEufiP2npDnNBD3kCvsBBhdsIynCQv5LU79QTaYWheSJBSSk70CUXU/SuEYDnj6yu4DZhCehvIwJBkS7D4YUJjZPrj5slXjyEernNyORMlXuvK8DMBn1gK1SrPh7g== -MIIJKQIBAAKCAgEAxqzmn280w+345zwcVb3sn51+aZ4fHHrV9ngkzv/+qc2chBSQb+yfIh9SGd16y9Ct6yNRpkwyndcIBkeEzMsQ89vRa+5yzGwGpj/+GJ43GyTIJx4LGnvZ2rfqsw7emp06+bjMvfB+zeN2nWO5q8VX610q8alRZJKPqs8rNLi7x7GWIAj1JThocuxJ0VkkWeBhDCyMa4sZvaYunPSmBlvPGfzZ/el2UFTUXmyJTf0DcOqJP46B9s9F2smel3t7k2v5J+r8qD7JO/Q5B0vGMJGbSUCFe7d5usGUO/d0CrIzS/GuvZM8s7rqUEnUsYrosC2uURwE1ub8A7IcTDMPfQJ8L5nm76H1l+CZfBRxlj30/ms6aC8h0qVjpfN83suxzX5s3V8HsBp5sd4KA8dFG1rZb+9ziEwjELV2YWkiHEdn5BZ/t5i761ufE882c/e3LgpEVqbcaTczPSLHbdwgA8JavgwzSuuRFnZatYDoGbr3XRBJePy/7msIdkf1wXxeO757vtR2NlCqy8ERSBCI1oHf7wmsTjZbYjSdY6hvQI6gwLoSJWvlckzsDMdCEP+Vj3Vcqu8pWwT0WP4DGmJH3ZCtNm/qp9llPJagcD7jtJQYD2fBsmddtSPnZ08yQJyKgvqB/pkFD8SqrUJUk22rHdX/7ITV71x1c7WjHI/XqbxZz5cCAwEAAQKCAgEAkN9RiF8CHgEwqAVIMCm/GyEwJfoce5sC3Kf9R0iavd1lzVZlgIgN/kbSinPbcDXqLHVju50Cp+A+RL3wE5nb8caP7mFBKtl2+9HcCr2MN2nZ3dRlillXocrNBObJ4frXH3PnMHXnMWE1hE1M/fl4Q/N7Nh8eb/UDeC17NwWiQFq5uwBtKkf4uhydM2AKRtN8UPFHL8CN86HziZZIXoih+zRLDYEpOiixd20zrj/aO4N6s3LKSFwadxDgaVus3/IzDC2pMVIfUW2kDDLwAUib8I1xCKbgyBMScave3VHWYAGLR0fPUsvwwr0jsJc3WAjnfNOun7pteJBvXA07tQ+T16UrXgEtu6tlq1muBcBjdjLBI7HcxngwqRZOKLxox6uSAHpSNQ6NamWBtmBYOzmZ7V6mrdeOmLJT6B0y8JWrn5yqR1/bGmVhJ3mS3A7gSCXLeS9shLtEPXiQa3ry9Vz1QQo18LK3AQrIb9aWvDWOu5f5llqOgrEWl6/UkaJU+jFHTX7iYPewWaGkTIah/haI6CWp0gGk7nPOsPivOJostYmi3cyNzRAqpmv56ahOudPHFQnIjJrUXKZ+p4BVmHpibL9GEVHkKwSsg7nSXA/XnWReAjrov4cJTMPlB40bqDl/TQ0eJVUcE/bIJTS0Wm7r0S5MUq5JWlMzmKU8T1G7l1ECggEBANzid637XvUsKQjNeJ/daPcS81GUsTtpIPGtW291MkGKaQhqQc3kvU71IWCKUyN6BXidc9eGohzKVhhSRmdPjIjNJ+10SJX83UbUgKeuMVWiyZsMeIJOFR23ub0ex9av4vmo5HkLRX5vocI1Rp9MvoOyxGwygRRBiOPfKnux5amho7YaJkfn9b6wFHdC5AQ8ay1oD2Fz8abTMPkXGB000dWiPrvFbC91vczAdAS4hzCa85w+i6H6eTzVIDLBARLNYeEMSD4ao337tdie40pAFfT3h2iSIO0DIaA+S1xeMdFoiai0K4nUJpnWGxD28Y9tkRtAUeWnRlQBttLt+tX24nkCggEBAOZCkInHVpBdFWxjxDr9GgIzY6SfBq2PcHrMv65cPmP2/LONnYV2y9z0N/+jd0T0+uuNPWAeX13+sXK0XdRqfP8ejOS61Y7Z6iaCtxCxipDskv4qHf6uVH5ftViKbW9G/ibzULCGXS46p9dTjxcWL0hv/qeoS7+ExWIuCNDCCh6X7v+Rpfe1WzlpS38C0ldf4ts2Ib8lDdKVBtpZL1nvdPUH00cbByjsC1QXzlkHrB9GbFFL2nDybkZzqjv4ZsIdvTQlP0cuLiWgLZC1/5OAo9GZWPUwweTJpknSTb7g2PZGoOEFYkVBQu/uzHXqZ8BsYFGX94VNCSDdvlYX1GtYPo8CggEAWdgf9/uT/0OMGVGCK/xiMoVZxSgnAtRbGxJ5a5eO7ou+9zZJN9c/jTs17U+2S2rZiNr6gIL5s541cMUeb+0ya36PLA2tbJyi4KmU/x9iX8PMHy3uYooiGqldemhnvpJiT0x8SiPki24arKUA6dDMeUMglCXizPtvE8j1PcT5dosRzQNL6NmX4o06ddwWZQayTZDTGL+RXlruw5K6Mz8FztCklbnSrGdG4V6yki0AiCuuxTHHmAYKhEzoQNyydBRoKKLXS7OIJrlYmRjfuJbil3aLdGRj0iQA7G4KNzL1LolH3QAT6YcKgG5PKhJX5RAbAquh5Diq6Yac96Tm71rxeQKCAQBS70TKK181biGKQcDrEkCs7D+GirTIDLMRt++OaLEcJljMf0RuTuSMt/X3gLQzxR0ffGbP2QC2hUb6rpZhLN3KsgFDXTwQUNLyfgBb5ean3l3vZ9IX6kiKoARcWLej7ekatGaqviqPvRa5CuKuCRKMv7H0RzzJRZQmkbghINKuREEUEiy6NLsfyZokrCqAyAuYsz2icEEzSPQH7zmL5iC1JNVndge1KJfH+S8ciBPpy961xWFvbxJjE8QMB6NTZYzBXG0XQT3j1Xaz+amNQjc/BkGxRpd/xVW8nx/bkXbz9Wp6wgqsMR5f9x3zlrM57o8etGK1w5J3IQcuUTT0WPtnAoIBAQCd5Eic6Puecp35/wZtk3vtYMbM6Qg0JhX4D1/uN3xfZBCKxL9rerlrAMpQuHAcqU7OwNokaQLJn5CUs0GlXMoBEhYLcsa8HRa+HY1jTUcDStwr5erBCJVNbAJyOS361AHzJ2NRcC5ZibvKUha4F1fcjWT/4JkoELY3mtbBNXO+X4Za3hZiwLLwH8yzO2BRHEEH1KFy1e3yRXx5SkDA1ZAfebhZNvyIw/EQ0GZ3+zuzzoNxkgOnB6BmhWWVdVo1Iz/bxCVXUNbSkVa7g2/5Jl6OBzni8VPsc3RVTxeJmpRz7CxP9pHJV/RNChbkb/s80Er6ZsuhVasMmICtXEXuvl7B -MIIJKQIBAAKCAgEA1XJzVZsvnmQ7XvV8tmzY1y/BGOsi9G/Ux+FJhHKeimcrJ7MybfTpsDXmbtHGwrOwq0W1rf3GJfDNXpp/zyr2iWTbLZg1W6HyKuheZiK2IxItdnIW68qh0hpcqAlg41WclX9K26Rqc7CdwZI0ssdZGwowjHKGOhrK8fZKvurJwNHE8euxuh5T58TRCrdj/lozzop0jIJMPBW/GzmQhIFOKI+j6PIhMwJ1jBHEUG+yeh0VqapGzPmWyGqSi2W1exBaYmruneCTgaV3Ok3usfcq8GMKC40YBtSOwQTDTBUlmgAGM9qN4PtJOsbCXwsIdITO8wmiLzi8Bt/tbJTPKZwUe3BUZzrudFt45ifGDq8XDGJLzpegqBrmibwR9IwjYm6FBjN0tj9wUIfFHIt1iQmXBMiGadXUF9I05YdPukxPt9pJxZ0+4e4p2FoK+8U74iRu0gBg6k+iT9WpFDl4Lv1/nZ2cV9UEjbqwXmT2vRejbispiOyvZJQPwOpjXlDG7AJgVnldkM2K9dMUB6jbaoYXI00SOBH/G8aQloqMXdkAEvqyv+TGkbEgpbftnq/Lhjl1yFj/d0Aci05pvUkxGd5TFrUG9BLAagoTBfcXB5JnUkZJnZTfRaeFc+21KvnbroxRuw5IF1sThD6IfOxa2757za+XxwvXOnEyRds63QpMuQECAwEAAQKCAgEAq0Kxl7Z0droliQOflR+wvLfsT3obCdXQ/K+etU7iNlqhHbGCfQdNmb0lrzVSLVbQIhxEsd405qxXm9iLREZMmeD6m5LM/UDrddIMLBcd3PXw1GCmU3q6bEIKpikgPEes46bHAYTihQDpEy+kaO3aaP+8BHS/jk+BFrNvNdBdIQEu7I0YhSVgXU5mDBspeCQX/VjKOxMw5+Tq+YUul6LIe3MFKRtd1/fZKRH4WjHFGoXLo96kAEMi4JviCUcKXju4yc7StopC0HtbNsThCJoxMb/Fh48mABT8lZKkwJ8XFIGAeIqb3DDDiQ2BV5Ear6MACbFpGEqFU17IuZ6Mue4p34oVBbBlPO5EDHjXCv1OyAIFYbCTw3Eg24MR5n9IITyWA/3ZawEyuxEpVR9YUF37NdwmXTFo6sCJwO2mID9Lm9VLMaWJgzNCoZD0/eFwqljo3/UILXFIXWRcNa6aVRlM5ZxIRtqTiwjsN8XWHpQ5N8c7Eja4UBYr8XTG0ra2OgZgdV7AT5pI/LqtSnG0a1qgp1OuZl9Ya4+HmdvOKJgHNFOSgsFzCuG95H3LQqWj9C/Q9v3vw1w58T/uZ2fxSDR8t9IUS1d8x6Mhe7v3ZdkAwmvkuKDpW0wXqlpHwHGjA0QUsg6KBgvembM0cvI51JA8fwqlWNF0JrLYnfbFndq5JaECggEBAOxxJ7jJBO7oKPBxWYfQsP5fzzQtR5su9cYvQ4FW4s7COre5bUvUWWm+QKzO3O8qdzneaDXOMr3qm4ayrghMZxlsOQB+M9adJMqMeoi6xxZOoEq7bb/c9bNyeNd5DvKpi9l/FwgXerFcmMYbD5aXtkbCPNJOGL1FtGaVWqLg2WkzyhYBy1PkiTU69fKNmwl0mkLAsHVJyY4fYia5wlVa3qsCJrCr1A6EhCyeh7ajdPGheFHO4paCilnVBuBkXcAsGV+QKekIc3VZ25yx92i5ffg6qfa2dvOnEJ9+G0GR5jKDOBtugLP+Ct22sQGUvqT1yM/AK+/r9XoHoN6zw5bEVB8CggEBAOcaXAfChblJX9/0h0Ce756WzU/zVoEtGRoUf1b8ep2pUhDpeOIEINmJQzGBFvGXBpHAYXmrUoOKWZ+FzoIJfilTmnlVkladnrTQBukqFEVMWyjaA6mQi86p63HPH8p8VyAUM71B87N9wO/W8ZKIuCmjRNmjM2M2mLinnWp5/ZVYWIOoMZ5zzDbSnjMYqXComgAMJ55FpTeb4k/DyT9BSJbaH9Mi+frmQZRsfiPZdpBc6AFkh6x1Nf4L+NyCMGzNO/eA2cMrhhoStenSdP7EFyeVLj6wrHr9yXRfg6ixR8pdQxkxblpB4sKz7tvzYFABaEWXA7ojKGwM7H8ZrJeaTt8CggEBAI0mcCQsPTmydt4zjNM7jq4M3FG1xk2qFycdCBuqlvP/l7YeiFUAi/BIl6uSQuq0W0C8uVGFq10dNYOQH7zsf4/5v32/2YqBfXk9q9j8R+XVQnPauIYVjsh1yhY4Oug6tzY8XK+D9Mb1FG8PsJqiLzrGsjCKVtKHTk7/UoBx4tifBkFlCNEoWZDhhfoq9ycJ6R14kt8yEZU6vwmHU7BI8yz7t8U4jvuruIw6h6JMqn+leYK9Ex/vBlDij5xdzmnu6abXFW38kZC4+BXvWFe4hK8vtk+GVjTWw2GzkunuA5KcK16U9Vh+jFYXvkvHVJh98kez3Yb5Qi57Z1oLzvOueNkCggEAaHomOOvcAJQHX/vwWWqA8bVDRG3CIcv9mSjDGNQzqqstiq/CEovDPhUr52lwse+Q7LuIVbT6LLWTJucbIPahrpU5NLlW2wmPAjc5qJd5aorGe4V0Omg6jEeNRXpZ6PSlfr8jVOBICFFFtCf8Nj7Q4yIIsktxo9y+1lwQcl6MIcQ63+pd5EB9hhtZocf4chIG7RaRop/hvW4ftefRR2OAKZKa6JzbXm5SH4Oc0yAw1brquBZ2r6SdsChBbY79zXJLNe1uhSlcCtWCoB6g/bwwq5hpu7WrhD7PoGi94LmktvvKpc0PEobOuS8XQSCZ3hGEzlEjQjc6wv5kvGEjAbalCQKCAQAppSlaI/vMwjOtON7rxA0chWYr3xK2kMAsW5SSIsV5/sxwcglZgPYBjy0J5sPg/mPXxVpwGGhAl303qPJkTDCNUhkKm75RnDsvCeQ3QBYDmBL3TMsy9gVUpulm3j3vz6RNwCH6dZz9iLK7sJRtqz1mineZfo2Jg9XGU9Phr0LX5Y/LsCBnoESEiPva4iwZqJKyS8SDCAq/T2IzIYqfjYR2Vsz84REIejZ4PJcF1S/cFd5SitLYkLeSh0up5org8fPbdNG4KcRuBjZp2Cg6WVaip7+iIdJQuJXL9uluczwchukCb6V1tovr4nPr3qKU3aB2Ut18Qpc363d8tyhSEpIA -MIIEpQIBAAKCAQEAsbSxg1wOa/TuwCiOaIGCwIUQXoKOtOOy5IUx7jhiH89ZBwyXelw2mYxHo5VtTTKjmreAgb7UUle+9+/b92uFudJ05VammjgzjB2jOJT4U5luMFBIjiRn5AH1EpXxHdHAvPB9BaNCGC70DjbJMskG6keJeM5VPsvvV3B8wLkzRRvQ5eZCFdAz3iwYHss3Wfx1WQWLG4zE8uXq8IgmJb8+wkLzlsesvPfZpraYFE2A35FeOFYTPY2XqQ3hHAnHdA1pqhWEvq+Nqt3b/UxusEKT4dTjJrEg9CQXycBM3AXudnlZ3Dfgd63rmIVWdkRRc+fhEU/aBes16FijeWNyVq6CAwIDAQABAoIBAQCPdNlgu+4AhMhAY/0irHqLRGBEi4z8xlxiUoxOTUIZf9/U6vtWEh8Zsb8bdcO48EpW2hBprU3l82P876tZf3mC2zz27w6rrPcgA8UCJnCZvGDRq94GsakUzeezy0vM0MmRPWsQJA11TGJFH0EpOFPWyU1XMupqOWPL6MktI9UZ0dPe/Ce5PjJTfQgcje/vbLJxhOMTcuX4vtu/SSEGPWf9seLTickgqsz5B1pRmV8tCNol0DCfjy33jXAwx+JkuNHYeO87cL1FMwiLxMsV7XznDDNj9nj6senTY4likuC/lvGzd3zbBKf9+vfoAffpDLp3TJ0OXqpgmv+tqWeu/NAxAoGBAMoDiYKkb4XiM7ZyFYjRf7JV97+OCAdJLIov0odldKkVMzj9Sihmsv//Iz9gere54X4u51JQA0y1RApw2yA6S3U+E3ULKlD/GZ3+sNN5+RIhuRX0RFrcCr4zHE3uhCv8Zw1XvOwguj+cEd/4im3IapRvPhyoAN1TCiURo7EAaZHVAoGBAOEyKcXVPZdIQut+mJHBVwApy9vx514UYs9Y1g7ICn08IoKvfntB2/7scvV70imhXaihNDFVcHJEw2d7ezTh7ZaLIw2yOUs8Z9ecqiXDDcraG1g2zMBILrIzCt1EzAm/6nDG+oWxof0NRBUIlvubcOUkLbm2stKGFjyiLUKAUNh3AoGAL1V81vuolfpWm51HpnNQNH0oO94Py4U9xnNGJSuElkm9YtEWmzjVIF6r56G3n20ShPqAgSz2WPbwJnIjJf4CyEnvTTF8jNX5LqgKzsJ5teHo+Ffv3EpKyh43t5r3pUbS7rFsNvfELDtphM07wlV/g6A9MYG8Eh/u9JiZflPWaLECgYEAqhKvd6iHPnSljaLraNDies4WFwMHoIa25S+LYlhzi4dZ7ObLGB1yH4HFhF5CJ4yl5k/w0f1b0gDarpGUSCkEvThRfeuG16pEJpM78Q7xoKy+EA467lDVa2GfJ+LoUciuLwQnecbgtvNI4rW9CUKorXV4TxSK0vHPY3V7xwiPhhsCgYEAlvERyrVhOT0u/thXpbQPtJ01Ydwgv94acHC6mR+e2Ty9jO6OBj39vVIWeF3PGd4ZHBNhaKfYG4X9eUGwepU2ewhjqjxLr3DSTgjYHikUfKMcqOYRuNMltkIfYbGDRVFQPvik2abm1mtlvIBm5xlZCe9AEnN7S9XnR6rxA0lQIOM= diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/client_data/private_key.pem b/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/client_data/private_key.pem new file mode 100644 index 0000000000..2c9113fd4c --- /dev/null +++ b/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/client_data/private_key.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PRIVATE KEY----- +comment: TLS Demo Client +keyID: YCNH:BVIR:5GVK:RZOG:JNWW:ZL4B:MQRY:WXEF:AOOD:S6N6:FQZW:RGZ2 + +MHcCAQEEIOLL3nXjiX0XDSRNYV7jH7Tpd1QGoeKedwGTmB96bz77oAoGCCqGSM49 +AwEHoUQDQgAEHpO8+XFpL5+dcOazOlZDfnVNif+HSZxFaQ2bLcslQKUdIkrV2+Up +tQd6fXupPYDVfWGuelkQrdel5ObnMAZ8YQ== +-----END EC PRIVATE KEY----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/client_data/public_key.pem b/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/client_data/public_key.pem new file mode 100644 index 0000000000..54b67d30b8 --- /dev/null +++ b/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/client_data/public_key.pem @@ -0,0 +1,8 @@ +-----BEGIN PUBLIC KEY----- +comment: TLS Demo Client +keyID: YCNH:BVIR:5GVK:RZOG:JNWW:ZL4B:MQRY:WXEF:AOOD:S6N6:FQZW:RGZ2 +kid: YCNH:BVIR:5GVK:RZOG:JNWW:ZL4B:MQRY:WXEF:AOOD:S6N6:FQZW:RGZ2 + +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHpO8+XFpL5+dcOazOlZDfnVNif+H +SZxFaQ2bLcslQKUdIkrV2+UptQd6fXupPYDVfWGuelkQrdel5ObnMAZ8YQ== +-----END PUBLIC KEY----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/client_data/trusted_hosts.pem b/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/client_data/trusted_hosts.pem new file mode 100644 index 0000000000..689b3a92a0 --- /dev/null +++ b/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/client_data/trusted_hosts.pem @@ -0,0 +1,8 @@ +-----BEGIN PUBLIC KEY----- +hosts: localhost,docker.example.com +keyID: LH6B:6ZBK:D34J:M6E5:RV6I:5BAL:7KGZ:PHCJ:JKDU:7PLV:2D7H:UZR2 +kid: LH6B:6ZBK:D34J:M6E5:RV6I:5BAL:7KGZ:PHCJ:JKDU:7PLV:2D7H:UZR2 + +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGn+xPy/OOCXFidcKb13zfJJV0JwS +BE1vlyxog0tSsN/U8tObgpDKaCE7+9tLl4djnd+blOOIJq6fph/dAZal4A== +-----END PUBLIC KEY----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/server_data/private_key.pem b/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/server_data/private_key.pem new file mode 100644 index 0000000000..a794cdb7c5 --- /dev/null +++ b/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/server_data/private_key.pem @@ -0,0 +1,8 @@ +-----BEGIN EC PRIVATE KEY----- +hosts: localhost,docker.example.com +keyID: LH6B:6ZBK:D34J:M6E5:RV6I:5BAL:7KGZ:PHCJ:JKDU:7PLV:2D7H:UZR2 + +MHcCAQEEILDWn14dH5vPo1JWpXrWB5qj6MS51T3XAGp/fuFTUg5IoAoGCCqGSM49 +AwEHoUQDQgAEGn+xPy/OOCXFidcKb13zfJJV0JwSBE1vlyxog0tSsN/U8tObgpDK +aCE7+9tLl4djnd+blOOIJq6fph/dAZal4A== +-----END EC PRIVATE KEY----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/server_data/public_key.pem b/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/server_data/public_key.pem new file mode 100644 index 0000000000..689b3a92a0 --- /dev/null +++ b/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/server_data/public_key.pem @@ -0,0 +1,8 @@ +-----BEGIN PUBLIC KEY----- +hosts: localhost,docker.example.com +keyID: LH6B:6ZBK:D34J:M6E5:RV6I:5BAL:7KGZ:PHCJ:JKDU:7PLV:2D7H:UZR2 +kid: LH6B:6ZBK:D34J:M6E5:RV6I:5BAL:7KGZ:PHCJ:JKDU:7PLV:2D7H:UZR2 + +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGn+xPy/OOCXFidcKb13zfJJV0JwS +BE1vlyxog0tSsN/U8tObgpDKaCE7+9tLl4djnd+blOOIJq6fph/dAZal4A== +-----END PUBLIC KEY----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/server_data/trusted_clients.pem b/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/server_data/trusted_clients.pem new file mode 100644 index 0000000000..54b67d30b8 --- /dev/null +++ b/Godeps/_workspace/src/github.com/docker/libtrust/tlsdemo/server_data/trusted_clients.pem @@ -0,0 +1,8 @@ +-----BEGIN PUBLIC KEY----- +comment: TLS Demo Client +keyID: YCNH:BVIR:5GVK:RZOG:JNWW:ZL4B:MQRY:WXEF:AOOD:S6N6:FQZW:RGZ2 +kid: YCNH:BVIR:5GVK:RZOG:JNWW:ZL4B:MQRY:WXEF:AOOD:S6N6:FQZW:RGZ2 + +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHpO8+XFpL5+dcOazOlZDfnVNif+H +SZxFaQ2bLcslQKUdIkrV2+UptQd6fXupPYDVfWGuelkQrdel5ObnMAZ8YQ== +-----END PUBLIC KEY----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tools/buildsign b/Godeps/_workspace/src/github.com/docker/libtrust/tools/buildsign deleted file mode 100644 index 477071d06e..0000000000 Binary files a/Godeps/_workspace/src/github.com/docker/libtrust/tools/buildsign and /dev/null differ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tools/buildsign.go b/Godeps/_workspace/src/github.com/docker/libtrust/tools/buildsign.go deleted file mode 100644 index 671ed03650..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/tools/buildsign.go +++ /dev/null @@ -1,53 +0,0 @@ -package main - -import ( - "flag" - "io/ioutil" - "log" - "os" - - "github.com/docker/libtrust" -) - -var ca string -var chain string -var cert string -var signKey string -var validKeys string - -func init() { - flag.StringVar(&signKey, "k", "", "Private key to use for signing (pem or JWS file)") -} - -func main() { - flag.Parse() - if signKey == "" { - log.Fatalf("Missing key") - } - - content, err := ioutil.ReadAll(os.Stdin) - if err != nil { - log.Fatalf("Error reading content from stdin: %s", err) - } - - sig, err := libtrust.NewJSONSignature(content) - if err != nil { - log.Fatalf("Error creating JSON signature: %s", err) - } - - privKey, err := libtrust.LoadKeyFile(signKey) - if err != nil { - log.Fatalf("Error loading priv key: %s", err) - } - sig.Sign(privKey) - - // Output signed content to stdout - out, err := sig.PrettySignature("signatures") - if err != nil { - log.Fatalf("Error formatting output: %s", err) - } - _, err = os.Stdout.Write(out) - if err != nil { - log.Fatalf("Error writing output: %s", err) - } -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tools/ca-key.json b/Godeps/_workspace/src/github.com/docker/libtrust/tools/ca-key.json deleted file mode 100644 index b47fc8bdb8..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/tools/ca-key.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "crv": "P-256", - "d": "z7JYp-fmJMFPsalhcGy7G0RNdE2l23VDcNh6zYI75aE", - "kid": "UAY5:GSOJ:M4G5:Y5E4:CZ43:HJC4:G5AD:IDW3:GM7B:TRKT:5C3C:H3NH", - "kty": "EC", - "x": "8P_ZDmt8RFIeIDR_vma9SUZOF3GWUV9gDF6MuAJY68I", - "y": "kFEmSOPtggWhun8pyUh3V6oQZYXfQuoz4Ia7ituWpDc" -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tools/ca.pem b/Godeps/_workspace/src/github.com/docker/libtrust/tools/ca.pem deleted file mode 100644 index a9bd71e07a..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/tools/ca.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBnjCCAUSgAwIBAgIBADAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztVQVk1OkdT -T0o6TTRHNTpZNUU0OkNaNDM6SEpDNDpHNUFEOklEVzM6R003QjpUUktUOjVDM0M6 -SDNOSDAeFw0xNDExMDQyMDQxMTVaFw0yNDExMDgyMDQxMTVaMEYxRDBCBgNVBAMT -O1VBWTU6R1NPSjpNNEc1Olk1RTQ6Q1o0MzpISkM0Okc1QUQ6SURXMzpHTTdCOlRS -S1Q6NUMzQzpIM05IMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8P/ZDmt8RFIe -IDR/vma9SUZOF3GWUV9gDF6MuAJY68KQUSZI4+2CBaG6fynJSHdXqhBlhd9C6jPg -hruK25akN6MjMCEwDgYDVR0PAQH/BAQDAgAEMA8GA1UdEwEB/wQFMAMBAf8wCgYI -KoZIzj0EAwIDSAAwRQIhAKVFo9JVRbjIJaOjgMpPUuVMxfLYffDfiEYOPvJkEu9b -AiBWSPsJyfyiv5sD+qKc/pKU31o9v/gQ8agQMs6weIomrw== ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tools/cert.pem b/Godeps/_workspace/src/github.com/docker/libtrust/tools/cert.pem deleted file mode 100644 index 9d95b1a21b..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/tools/cert.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBnjCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztKQk5IOlgy -R1o6R0tIVzpJWjZEOk1TRzY6R1BZRjo0NDU2OkNFNDY6VDRKNjpWVVdROkZEWlU6 -QUxZNDAeFw0xNDExMTEyMDQxMTRaFw0xNTAyMDkyMDQxMTVaMEYxRDBCBgNVBAMT -O1dXQUM6NURWRzpSVlhZOkFQU0M6Q0VaVzpUT1A0Ok1NSEo6RkVaVDpXTU9KOkhW -TFg6SFFNUDo2SldLMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfmp8Xhfx+d5l -FYD+Ouxq3b75DzAnCGjY2iGGwcGRpkmk5dslR9JmySCKl7saJHYcoGdljR1PeYwt -aRiEKL2Nm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYI -KoZIzj0EAwIDSAAwRQIgBhSPTHU/d4SvN9fD54wM9Es856s7KSikP2CSrvKvNW4C -IQDdwJd7h0u7oMKlD3QSadun4Wwu6hKnMoLevQPeRMV9bA== ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIBnzCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztVQVk1OkdT -T0o6TTRHNTpZNUU0OkNaNDM6SEpDNDpHNUFEOklEVzM6R003QjpUUktUOjVDM0M6 -SDNOSDAeFw0xNDExMTEyMDQxMTRaFw0xNTAyMDkyMDQxMTVaMEYxRDBCBgNVBAMT -O0pCTkg6WDJHWjpHS0hXOklaNkQ6TVNHNjpHUFlGOjQ0NTY6Q0U0NjpUNEo2OlZV -V1E6RkRaVTpBTFk0MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAECoQE4u9QsNH5 -FmoDfSQHojxMN/NoFF5qs1Tnp5M9oHTzwT+vFA2g6jArP+ZKl67nLanA/K4pFle8 -jgcCobScsKMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYI -KoZIzj0EAwIDSQAwRgIhANhTbxwevwYurL4GRP4PRreZEvSjgOJnQO0/7FGhzDct -AiEA5gPXKid+i1xQ+ZjiNcuUzdAi828WRqmpPYVbpK18AbA= ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tools/generate_trust_keys b/Godeps/_workspace/src/github.com/docker/libtrust/tools/generate_trust_keys deleted file mode 100644 index a595448376..0000000000 Binary files a/Godeps/_workspace/src/github.com/docker/libtrust/tools/generate_trust_keys and /dev/null differ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tools/generate_trust_keys.go b/Godeps/_workspace/src/github.com/docker/libtrust/tools/generate_trust_keys.go deleted file mode 100644 index 1798b00981..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/tools/generate_trust_keys.go +++ /dev/null @@ -1,126 +0,0 @@ -package main - -import ( - "crypto/rand" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "log" - "math/big" - "os" - "time" - - "github.com/docker/libtrust" -) - -func writeCertFile(filename string, certs []*x509.Certificate) error { - f, err := os.OpenFile(filename, os.O_CREATE|os.O_WRONLY, 0600) - if err != nil { - return err - } - defer f.Close() - - for _, cert := range certs { - err = pem.Encode(f, &pem.Block{Type: "CERTIFICATE", Bytes: cert.Raw}) - if err != nil { - return err - } - } - - return nil -} - -func generateIntermediate(parent *x509.Certificate, key libtrust.PublicKey, parentKey libtrust.PrivateKey) (*x509.Certificate, error) { - cert := &x509.Certificate{ - SerialNumber: big.NewInt(1), - Subject: pkix.Name{ - CommonName: key.KeyID(), - }, - NotBefore: time.Now().Add(-time.Second), - NotAfter: time.Now().Add(90 * 24 * time.Hour), - IsCA: true, - KeyUsage: x509.KeyUsageCertSign | x509.KeyUsageCRLSign, - BasicConstraintsValid: true, - } - - certDER, err := x509.CreateCertificate(rand.Reader, cert, parent, key.CryptoPublicKey(), parentKey.CryptoPrivateKey()) - if err != nil { - return nil, err - } - - cert, err = x509.ParseCertificate(certDER) - if err != nil { - return nil, err - } - - return cert, nil -} - -func generateLeaf(parent *x509.Certificate, key libtrust.PublicKey, parentKey libtrust.PrivateKey) (*x509.Certificate, error) { - cert := &x509.Certificate{ - SerialNumber: big.NewInt(2), - Subject: pkix.Name{ - CommonName: key.KeyID(), - }, - NotBefore: time.Now().Add(-time.Second), - NotAfter: time.Now().Add(90 * 24 * time.Hour), - IsCA: true, - KeyUsage: x509.KeyUsageDigitalSignature, - BasicConstraintsValid: true, - } - - certDER, err := x509.CreateCertificate(rand.Reader, cert, parent, key.CryptoPublicKey(), parentKey.CryptoPrivateKey()) - if err != nil { - return nil, err - } - - cert, err = x509.ParseCertificate(certDER) - if err != nil { - return nil, err - } - - return cert, nil -} - -func main() { - caKey, _ := libtrust.GenerateECP256PrivateKey() - masterKey, _ := libtrust.GenerateECP256PrivateKey() - trustKey, _ := libtrust.GenerateECP256PrivateKey() - - log.Printf("Generated keys:\n\tCA: %s\n\tMaster: %s\n\tTrust: %s", caKey.KeyID(), masterKey.KeyID(), trustKey.KeyID()) - - libtrust.SaveKey("ca-key.json", caKey) - libtrust.SaveKey("master-key.json", masterKey) - libtrust.SaveKey("trust-key.json", trustKey) - - // TODO better CA function - ca, err := libtrust.GenerateCACert(caKey, caKey.PublicKey()) - if err != nil { - log.Fatalf("Error generating CA: %s", err) - } - - err = writeCertFile("ca.pem", []*x509.Certificate{ca}) - if err != nil { - log.Fatalf("Error writing CA pem file: %s", err) - } - - masterCert, err := generateIntermediate(ca, masterKey.PublicKey(), caKey) - if err != nil { - log.Fatalf("Error generating master certificate: %s", err) - } - // Generate Master Server certificate, signed by CA - // Output master-key.json - - leafCert, err := generateLeaf(masterCert, trustKey.PublicKey(), masterKey) - if err != nil { - log.Fatalf("Error generating leaf certificate: %s", err) - } - // Generate key, from key trust Server certificate, signed by master - // Output cert.pem (both trust server and master certificate), key.json - - err = writeCertFile("cert.pem", []*x509.Certificate{leafCert, masterCert}) - if err != nil { - log.Fatalf("Error generating cert pem file") - } - -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tools/master-key.json b/Godeps/_workspace/src/github.com/docker/libtrust/tools/master-key.json deleted file mode 100644 index 410b739c05..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/tools/master-key.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "crv": "P-256", - "d": "VTn3fGowJO6x7dYNvmYPIMt2nLJRMOVM-GG6ZdlSUS8", - "kid": "JBNH:X2GZ:GKHW:IZ6D:MSG6:GPYF:4456:CE46:T4J6:VUWQ:FDZU:ALY4", - "kty": "EC", - "x": "CoQE4u9QsNH5FmoDfSQHojxMN_NoFF5qs1Tnp5M9oHQ", - "y": "88E_rxQNoOowKz_mSpeu5y2pwPyuKRZXvI4HAqG0nLA" -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tools/pretty_to_jws b/Godeps/_workspace/src/github.com/docker/libtrust/tools/pretty_to_jws deleted file mode 100644 index 53cc486e2c..0000000000 Binary files a/Godeps/_workspace/src/github.com/docker/libtrust/tools/pretty_to_jws and /dev/null differ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tools/pretty_to_jws.go b/Godeps/_workspace/src/github.com/docker/libtrust/tools/pretty_to_jws.go deleted file mode 100644 index 5bf34c2574..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/tools/pretty_to_jws.go +++ /dev/null @@ -1,28 +0,0 @@ -package main - -import ( - "io/ioutil" - "log" - "os" - - "github.com/docker/libtrust" -) - -func main() { - input, err := ioutil.ReadAll(os.Stdin) - if err != nil { - log.Fatalf("Error reading stdin: %s", err) - } - - sig, err := libtrust.ParsePrettySignature(input, "signatures") - if err != nil { - log.Fatalf("Error parsing pretty signature: %s", err) - } - - jws, err := sig.JWS() - if err != nil { - log.Fatalf("Error creating JWS: %s", err) - } - - os.Stdout.Write(jws) -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tools/signit b/Godeps/_workspace/src/github.com/docker/libtrust/tools/signit deleted file mode 100644 index 0a099d62a9..0000000000 Binary files a/Godeps/_workspace/src/github.com/docker/libtrust/tools/signit and /dev/null differ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tools/signit.go b/Godeps/_workspace/src/github.com/docker/libtrust/tools/signit.go deleted file mode 100644 index 4dce5b97e3..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/tools/signit.go +++ /dev/null @@ -1,44 +0,0 @@ -package main - -import ( - "io/ioutil" - "log" - "os" - "path/filepath" - - "github.com/docker/libtrust" -) - -func main() { - keyFile, err := filepath.Abs("/home/derek/.docker/key.json") - if err != nil { - log.Fatalf("Error getting path: %s", err) - } - pk, err := libtrust.LoadKeyFile(keyFile) - if err != nil { - log.Fatalf("Error loading key file: %s", err) - } - - input, err := ioutil.ReadAll(os.Stdin) - if err != nil { - log.Fatalf("Error reading stdin: %s", err) - } - - sig, err := libtrust.NewJSONSignature(input) - if err != nil { - log.Fatalf("Error creating JSON signature: %s", err) - } - - err = sig.Sign(pk) - if err != nil { - log.Fatalf("Error signing: %s", err) - } - //log.Printf("Private key (%s): %s", pk.KeyType(), pk.KeyID()) - jws, err := sig.JWS() - if err != nil { - log.Fatalf("Error getting JWS: %s", err) - } - - os.Stdout.Write(jws) - -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/tools/trust-key.json b/Godeps/_workspace/src/github.com/docker/libtrust/tools/trust-key.json deleted file mode 100644 index 2d8d211b82..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/tools/trust-key.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "crv": "P-256", - "d": "M_n9CSpMg51gEhx1vf28QcQGjxcT43sps1-F8Yzo9dQ", - "kid": "WWAC:5DVG:RVXY:APSC:CEZW:TOP4:MMHJ:FEZT:WMOJ:HVLX:HQMP:6JWK", - "kty": "EC", - "x": "fmp8Xhfx-d5lFYD-Ouxq3b75DzAnCGjY2iGGwcGRpkk", - "y": "pOXbJUfSZskgipe7GiR2HKBnZY0dT3mMLWkYhCi9jZs" -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trust/main.go b/Godeps/_workspace/src/github.com/docker/libtrust/trust/main.go deleted file mode 100644 index e986c008f2..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trust/main.go +++ /dev/null @@ -1,112 +0,0 @@ -package main - -import ( - "fmt" - "os" - "path" - "runtime" - - log "github.com/Sirupsen/logrus" - "github.com/codegangsta/cli" -) - -func main() { - dir := path.Join(getHomeDir(), ".docker") - app := cli.NewApp() - app.Name = "trust" - app.Usage = "manage keys and grants" - app.Commands = []cli.Command{ - cli.Command{ - Name: "tag", - Usage: "create or update a tag", - Action: actionTag, - Flags: []cli.Flag{ - cli.BoolFlag{ - Name: "commit", - Usage: "Whether to immediately commit tag", - }, - }, - }, - cli.Command{ - Name: "untag", - Usage: "delete a tag", - Action: actionUntag, - Flags: []cli.Flag{ - cli.StringFlag{ - Name: "ref,r", - Value: "", - Usage: "Tag or Hash reference", - }, - }, - }, - cli.Command{ - Name: "commit", - Usage: "commit target changes", - Action: actionCommit, - }, - } - app.Flags = []cli.Flag{ - cli.StringFlag{ - Name: "dir,d", - Value: dir, - Usage: "Directory for repository", - }, - } - - app.Run(os.Args) -} - -func getHomeDir() string { - if runtime.GOOS == "windows" { - return os.Getenv("USERPROFILE") - } - return os.Getenv("HOME") -} - -func updateRepository() { - log.Infof("Getting updated targets from repository") - log.Infof("Verifying local keys match repository") -} - -func actionTag(c *cli.Context) { - hash := c.Args().First() - if len(hash) == 0 { - cli.ShowCommandHelp(c, "tag") - return - } - - tag := c.Args().Get(1) - if len(tag) == 0 { - cli.ShowCommandHelp(c, "tag") - return - } - // TODO parse tag (Get last index of ':') - - updateRepository() - log.Infof("Checking hash exists for name") - log.Infof("Tagging %s as %s", hash, tag) - fmt.Printf("%s+ %s %s%s\n", Green, tag, hash, Clear) -} - -func actionUntag(c *cli.Context) { - tagOrHash := c.Args().First() - if len(tagOrHash) == 0 { - cli.ShowCommandHelp(c, "untag") - return - } - updateRepository() - fmt.Printf("%s+ %s%s\n", Red, tagOrHash, Clear) -} - -func actionCommit(c *cli.Context) { -} - -const Black = "\x1b[30;1m" -const Red = "\x1b[31;1m" -const Green = "\x1b[32;1m" -const Yellow = "\x1b[33;1m" -const Blue = "\x1b[34;1m" -const Magenta = "\x1b[35;1m" -const Cyan = "\x1b[36;1m" -const White = "\x1b[37;1m" -const Clear = "\x1b[0m" diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trust/trust b/Godeps/_workspace/src/github.com/docker/libtrust/trust/trust deleted file mode 100644 index 2fcd037d28..0000000000 Binary files a/Godeps/_workspace/src/github.com/docker/libtrust/trust/trust and /dev/null differ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/client/integtest/ca.pem b/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/client/integtest/ca.pem deleted file mode 100644 index 1f082c8ccf..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/client/integtest/ca.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBnzCCAUSgAwIBAgIBADAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdT -N1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6 -M1hYSjAeFw0xNDA5MDUyMzA3NTRaFw0yNDA5MDkyMzA3NTRaMEYxRDBCBgNVBAMT -O0dXNEY6R1M3UDoyMktZOlNRWE06Rkk3NDpTUUJTOktSWFI6VjRUUjpJRzZROjdO -TEw6T0pJUzozWFhKMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEB23slGpLr16M -TAJ3MaGVZK6QYEb/l5EZkpnrPcdX6JTGCSuDy7jpEYtsAyp6Du1jEwZuwR2nF1ni -WI39XxM1lKMjMCEwDgYDVR0PAQH/BAQDAgAEMA8GA1UdEwEB/wQFMAMBAf8wCgYI -KoZIzj0EAwIDSQAwRgIhAOFl3YnbPAPd7hRbh2Wpe0RrtZ0KAZGpjKk3C1ZhQEG4 -AiEAh6R8OVclkFNXFbQML8X5uEL+3d7wB+osNU0OlHFaiiQ= ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/client/integtest/exercise.go b/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/client/integtest/exercise.go deleted file mode 100644 index b8030ed9bf..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/client/integtest/exercise.go +++ /dev/null @@ -1,38 +0,0 @@ -package main - -import ( - "log" - - "github.com/docker/libtrust" - "github.com/docker/libtrust/trustapi/client" -) - -func exerciseBaseGraph(c *client.TrustClient, name string) []byte { - statement, err := c.GetBaseGraph(name) - if err != nil { - log.Fatal(err) - } - - b, err := statement.Bytes() - if err != nil { - log.Fatal(err) - } - return b -} - -func main() { - pool, err := libtrust.LoadCertificatePool("./ca.pem") - if err != nil { - log.Fatal(err) - } - c := client.NewTrustClient("localhost:8092", pool) - b1 := exerciseBaseGraph(c, "empty") - b2 := exerciseBaseGraph(c, "dmcgowan") - _, err = c.GetBaseGraph("empty-bad") - if err == nil { - log.Fatalf("Did not receive error getting empty-bad") - } - log.Printf("Expected error getting empty-bad: %s", err) - - log.Printf("Statements:\nempty:\n%s\n\ndmcgowan\n%s", b1, b2) -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/dmcgowan.json b/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/dmcgowan.json deleted file mode 100644 index 436c7d6138..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/dmcgowan.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "revocations": [], - "grants": [ - { - "subject": "/dmcgowan/my-app", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - } - ], - "expiration": "2014-12-11T23:14:27.32116801Z", - "issuedAt": "2014-09-12T23:14:27.321168201Z", - "signatures": [ - { - "header": { - "alg": "ES256", - "x5c": [ - "MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcyQjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkCIDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U", - "MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdTN1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNVTEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80eo8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8UwRaw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsCIQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg==" - ] - }, - "signature": "SugIISjm_U1HD2ua6BK8mocu6H5mLBVsnMNXPue-J0yuEh1PeVy5waojA0eRUCXETlO1W9vJ-GO7W0YpVSFqtw", - "protected": "eyJmb3JtYXRMZW5ndGgiOjMwNywiZm9ybWF0VGFpbCI6IkNuMCIsInRpbWUiOiIyMDE0LTA5LTEyVDIzOjE0OjI3WiJ9" - } - ] -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/empty-bad.json b/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/empty-bad.json deleted file mode 100644 index 73d9fbb813..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/empty-bad.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "revocations": [], - "grants": [], - "expiration": "2014-12-19T23:28:35.400329125Z", - "issuedAt": "2014-09-12T23:28:35.40032963Z", - "signatures": [ - { - "header": { - "alg": "ES256", - "x5c": [ - "MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcyQjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkCIDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U", - "MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdTN1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNVTEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80eo8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8UwRaw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsCIQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg==" - ] - }, - "signature": "Dp_mTZUSBDIkXpl1qBM4u__wGfcpD-zeyWXkVAHL9NnCWfSXAECKwyYiAJCv4dYRplotrZVzuIMt6DnQpe34_w", - "protected": "eyJmb3JtYXRMZW5ndGgiOjEzOCwiZm9ybWF0VGFpbCI6IkNuMCIsInRpbWUiOiIyMDE0LTA5LTEyVDIzOjI4OjM1WiJ9" - } - ] -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/empty.json b/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/empty.json deleted file mode 100644 index e94ee609c7..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/empty.json +++ /dev/null @@ -1,19 +0,0 @@ -{ - "revocations": [], - "grants": [], - "expiration": "2014-12-11T23:28:35.400329125Z", - "issuedAt": "2014-09-12T23:28:35.40032963Z", - "signatures": [ - { - "header": { - "alg": "ES256", - "x5c": [ - "MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcyQjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkCIDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U", - "MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdTN1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNVTEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80eo8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8UwRaw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsCIQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg==" - ] - }, - "signature": "Dp_mTZUSBDIkXpl1qBM4u__wGfcpD-zeyWXkVAHL9NnCWfSXAECKwyYiAJCv4dYRplotrZVzuIMt6DnQpe34_w", - "protected": "eyJmb3JtYXRMZW5ndGgiOjEzOCwiZm9ybWF0VGFpbCI6IkNuMCIsInRpbWUiOiIyMDE0LTA5LTEyVDIzOjI4OjM1WiJ9" - } - ] -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/official.json b/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/official.json deleted file mode 100644 index ac8ea0ebc2..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/official.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "revocations": [], - "grants": [ - { - "subject": "/dmcgowan", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - } - ], - "expiration": "2014-12-16T01:25:16.569500374Z", - "issuedAt": "2014-09-17T01:25:16.569500504Z", - "signatures": [ - { - "header": { - "alg": "ES256", - "x5c": [ - "MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcyQjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkCIDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U", - "MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdTN1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNVTEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80eo8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8UwRaw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsCIQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg==" - ] - }, - "signature": "RSDqbBfd2OWdEpKTxO0V6rep-cwIGiayzb8VBqVYCTcj22JrogKjmUDji4Nz965s6vw7NG9cezdaRAJB3tpflA", - "protected": "eyJmb3JtYXRMZW5ndGgiOjMwMSwiZm9ybWF0VGFpbCI6IkNuMCIsInRpbWUiOiIyMDE0LTA5LTE3VDAxOjI1OjE2WiJ9" - } - ] -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/official2.json b/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/official2.json deleted file mode 100644 index ce984e3361..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/official2.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "revocations": [], - "grants": [ - { - "subject": "/library", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - } - ], - "expiration": "2014-12-29T00:08:20.565183779Z", - "issuedAt": "2014-09-30T00:08:20.565183976Z", - "signatures": [ - { - "header": { - "alg": "ES256", - "x5c": [ - "MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcyQjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkCIDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U", - "MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdTN1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNVTEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80eo8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8UwRaw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsCIQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg==" - ] - }, - "signature": "uYMwXO869mGDkq7jrE-xfXHcY96JkcIZt_lLWidUtK4Z3-VH8UJx8j-bHQh0rD3C4Olsx7SY5dDOO_Zq60_i1w", - "protected": "eyJmb3JtYXRMZW5ndGgiOjMwMCwiZm9ybWF0VGFpbCI6IkNuMCIsInRpbWUiOiIyMDE0LTA5LTMwVDAwOjA4OjIwWiJ9" - } - ] -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/official_bak.json b/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/official_bak.json deleted file mode 100644 index ac8ea0ebc2..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/official_bak.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "revocations": [], - "grants": [ - { - "subject": "/dmcgowan", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - } - ], - "expiration": "2014-12-16T01:25:16.569500374Z", - "issuedAt": "2014-09-17T01:25:16.569500504Z", - "signatures": [ - { - "header": { - "alg": "ES256", - "x5c": [ - "MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcyQjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkCIDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U", - "MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdTN1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNVTEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80eo8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8UwRaw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsCIQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg==" - ] - }, - "signature": "RSDqbBfd2OWdEpKTxO0V6rep-cwIGiayzb8VBqVYCTcj22JrogKjmUDji4Nz965s6vw7NG9cezdaRAJB3tpflA", - "protected": "eyJmb3JtYXRMZW5ndGgiOjMwMSwiZm9ybWF0VGFpbCI6IkNuMCIsInRpbWUiOiIyMDE0LTA5LTE3VDAxOjI1OjE2WiJ9" - } - ] -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/official_exp.json b/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/official_exp.json deleted file mode 100644 index 92ab34fbf8..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/official_exp.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "revocations": [], - "grants": [ - { - "subject": "/dmcgowan", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - } - ], - "expiration": "2014-09-17T15:50:31.965636009Z", - "issuedAt": "2014-09-17T15:48:31.965636222Z", - "signatures": [ - { - "header": { - "alg": "ES256", - "x5c": [ - "MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcyQjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkCIDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U", - "MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdTN1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMTO09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNVTEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80eo8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8UwRaw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsCIQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg==" - ] - }, - "signature": "N7fvmmwZbuV70PdzlQ75EDCHapnMLWDXD3iwOxv0KpTLFF2udh7liT888GVoCSFFae187KsymOT-EO4EXTPJDQ", - "protected": "eyJmb3JtYXRMZW5ndGgiOjMwMSwiZm9ybWF0VGFpbCI6IkNuMCIsInRpbWUiOiIyMDE0LTA5LTE3VDE1OjQ4OjMxWiJ9" - } - ] -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/server b/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/server deleted file mode 100644 index 855da7f801..0000000000 Binary files a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/server and /dev/null differ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/server.go b/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/server.go deleted file mode 100644 index 7af1d4da09..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustapi/server/server.go +++ /dev/null @@ -1,60 +0,0 @@ -package main - -import ( - "flag" - "fmt" - "io/ioutil" - "log" - "net/http" - "path/filepath" - - "github.com/docker/libtrust/trustapi" - "github.com/gorilla/mux" -) - -var baseGraphs map[string][]byte -var baseDirectory string - -func init() { - baseGraphs = map[string][]byte{} - flag.StringVar(&baseDirectory, "base", "", "Base directory for base graph files") -} - -func register(r *mux.Router) { - r.Get("graphbase").HandlerFunc(handleBaseGraph) -} - -func main() { - flag.Parse() - files, err := filepath.Glob(filepath.Join(baseDirectory, "*.json")) - if err != nil { - log.Fatalf("Error loading json files: %s", err) - } - for _, f := range files { - name := filepath.Base(f) - name = name[:len(name)-5] - b, err := ioutil.ReadFile(f) - if err != nil { - log.Fatalf("Error reading file: %s", err) - } - baseGraphs[name] = b - } - - r := trustapi.NewRouter("localhost") - register(r) - http.ListenAndServe("localhost:8092", r) -} - -func handleBaseGraph(rw http.ResponseWriter, r *http.Request) { - graphname := mux.Vars(r)["graphname"] - log.Printf("Getting graph: %s", graphname) - b, ok := baseGraphs[graphname] - if !ok { - rw.WriteHeader(404) - fmt.Fprintf(rw, "base graph not found") - return - } - - rw.Header().Set("Content-Type", "application/json") - rw.Write(b) -} diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/cover.out b/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/cover.out deleted file mode 100644 index b7f0248da7..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/cover.out +++ /dev/null @@ -1,101 +0,0 @@ -mode: set -github.com/docker/libtrust/trustgraph/memory_graph.go:18.32,23.2 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:28.49,30.31 2 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:47.2,47.28 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:30.31,35.30 5 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:35.30,37.15 2 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:41.4,41.18 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:44.4,44.25 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:37.15,40.5 2 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:41.18,43.5 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:50.55,55.33 5 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:62.2,62.20 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:55.33,57.14 2 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:60.3,60.24 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:57.14,59.4 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:65.39,66.34 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:71.2,71.14 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:66.34,67.53 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:67.53,69.4 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:76.43,78.2 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:80.147,81.20 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:84.2,86.31 3 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:101.2,101.34 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:115.2,115.14 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:81.20,83.3 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:86.31,87.21 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:90.3,91.48 2 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:87.21,88.12 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:91.48,92.40 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:92.40,93.24 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:93.24,95.6 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:96.6,98.5 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:101.34,103.14 2 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:111.3,111.86 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:103.14,107.4 3 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:107.5,109.4 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:111.86,113.4 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:118.100,120.2 1 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:122.109,124.53 2 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:131.2,132.20 2 1 -github.com/docker/libtrust/trustgraph/memory_graph.go:124.53,130.3 5 1 -github.com/docker/libtrust/trustgraph/statement.go:34.56,41.2 1 1 -github.com/docker/libtrust/trustgraph/statement.go:53.38,55.2 1 1 -github.com/docker/libtrust/trustgraph/statement.go:60.45,62.2 1 1 -github.com/docker/libtrust/trustgraph/statement.go:65.79,67.16 2 1 -github.com/docker/libtrust/trustgraph/statement.go:70.2,71.16 2 1 -github.com/docker/libtrust/trustgraph/statement.go:74.2,75.16 2 1 -github.com/docker/libtrust/trustgraph/statement.go:78.2,80.16 3 1 -github.com/docker/libtrust/trustgraph/statement.go:84.2,84.22 1 1 -github.com/docker/libtrust/trustgraph/statement.go:95.2,97.24 2 1 -github.com/docker/libtrust/trustgraph/statement.go:67.16,69.3 1 0 -github.com/docker/libtrust/trustgraph/statement.go:71.16,73.3 1 1 -github.com/docker/libtrust/trustgraph/statement.go:75.16,77.3 1 0 -github.com/docker/libtrust/trustgraph/statement.go:80.16,82.3 1 0 -github.com/docker/libtrust/trustgraph/statement.go:84.22,86.17 2 1 -github.com/docker/libtrust/trustgraph/statement.go:86.17,88.4 1 1 -github.com/docker/libtrust/trustgraph/statement.go:89.4,91.17 2 1 -github.com/docker/libtrust/trustgraph/statement.go:91.17,93.4 1 1 -github.com/docker/libtrust/trustgraph/statement.go:102.151,105.16 3 1 -github.com/docker/libtrust/trustgraph/statement.go:108.2,109.16 2 1 -github.com/docker/libtrust/trustgraph/statement.go:112.2,116.16 4 1 -github.com/docker/libtrust/trustgraph/statement.go:120.2,121.16 2 1 -github.com/docker/libtrust/trustgraph/statement.go:124.2,125.16 2 1 -github.com/docker/libtrust/trustgraph/statement.go:129.2,129.24 1 1 -github.com/docker/libtrust/trustgraph/statement.go:105.16,107.3 1 0 -github.com/docker/libtrust/trustgraph/statement.go:109.16,111.3 1 0 -github.com/docker/libtrust/trustgraph/statement.go:116.16,118.3 1 0 -github.com/docker/libtrust/trustgraph/statement.go:121.16,123.3 1 0 -github.com/docker/libtrust/trustgraph/statement.go:125.16,127.3 1 0 -github.com/docker/libtrust/trustgraph/statement.go:134.34,136.2 1 1 -github.com/docker/libtrust/trustgraph/statement.go:138.44,140.2 1 1 -github.com/docker/libtrust/trustgraph/statement.go:142.39,144.2 1 1 -github.com/docker/libtrust/trustgraph/statement.go:148.96,150.39 2 1 -github.com/docker/libtrust/trustgraph/statement.go:155.2,160.35 5 1 -github.com/docker/libtrust/trustgraph/statement.go:204.2,205.34 2 1 -github.com/docker/libtrust/trustgraph/statement.go:209.2,209.35 1 1 -github.com/docker/libtrust/trustgraph/statement.go:150.39,151.43 1 1 -github.com/docker/libtrust/trustgraph/statement.go:151.43,153.4 1 1 -github.com/docker/libtrust/trustgraph/statement.go:160.35,161.56 1 1 -github.com/docker/libtrust/trustgraph/statement.go:164.3,164.42 1 1 -github.com/docker/libtrust/trustgraph/statement.go:181.3,181.52 1 1 -github.com/docker/libtrust/trustgraph/statement.go:161.56,163.4 1 1 -github.com/docker/libtrust/trustgraph/statement.go:164.42,170.31 5 1 -github.com/docker/libtrust/trustgraph/statement.go:170.31,172.16 2 1 -github.com/docker/libtrust/trustgraph/statement.go:176.5,177.26 2 1 -github.com/docker/libtrust/trustgraph/statement.go:172.16,175.6 2 1 -github.com/docker/libtrust/trustgraph/statement.go:181.52,187.31 5 1 -github.com/docker/libtrust/trustgraph/statement.go:194.4,194.19 1 1 -github.com/docker/libtrust/trustgraph/statement.go:187.31,189.16 2 1 -github.com/docker/libtrust/trustgraph/statement.go:192.5,192.26 1 1 -github.com/docker/libtrust/trustgraph/statement.go:189.16,190.11 1 1 -github.com/docker/libtrust/trustgraph/statement.go:194.19,195.39 1 1 -github.com/docker/libtrust/trustgraph/statement.go:195.39,196.54 1 1 -github.com/docker/libtrust/trustgraph/statement.go:196.54,198.7 1 1 -github.com/docker/libtrust/trustgraph/statement.go:205.34,207.3 1 1 -github.com/docker/libtrust/trustgraph/statement.go:213.62,215.31 2 1 -github.com/docker/libtrust/trustgraph/statement.go:220.2,222.36 3 1 -github.com/docker/libtrust/trustgraph/statement.go:226.2,226.27 1 1 -github.com/docker/libtrust/trustgraph/statement.go:215.31,216.29 1 1 -github.com/docker/libtrust/trustgraph/statement.go:216.29,218.4 1 1 -github.com/docker/libtrust/trustgraph/statement.go:222.36,225.3 2 1 diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/ca-key.json b/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/ca-key.json deleted file mode 100644 index c0af1b3ae1..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/ca-key.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "crv": "P-256", - "d": "T68FInnZjHW8c8Y3y8UKDEwVEfubGX7mP8X5EOpxRw0", - "kid": "GW4F:GS7P:22KY:SQXM:FI74:SQBS:KRXR:V4TR:IG6Q:7NLL:OJIS:3XXJ", - "kty": "EC", - "x": "B23slGpLr16MTAJ3MaGVZK6QYEb_l5EZkpnrPcdX6JQ", - "y": "xgkrg8u46RGLbAMqeg7tYxMGbsEdpxdZ4liN_V8TNZQ" -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/ca.pem b/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/ca.pem deleted file mode 100644 index 1f082c8ccf..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/ca.pem +++ /dev/null @@ -1,11 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBnzCCAUSgAwIBAgIBADAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdT -N1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6 -M1hYSjAeFw0xNDA5MDUyMzA3NTRaFw0yNDA5MDkyMzA3NTRaMEYxRDBCBgNVBAMT -O0dXNEY6R1M3UDoyMktZOlNRWE06Rkk3NDpTUUJTOktSWFI6VjRUUjpJRzZROjdO -TEw6T0pJUzozWFhKMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEB23slGpLr16M -TAJ3MaGVZK6QYEb/l5EZkpnrPcdX6JTGCSuDy7jpEYtsAyp6Du1jEwZuwR2nF1ni -WI39XxM1lKMjMCEwDgYDVR0PAQH/BAQDAgAEMA8GA1UdEwEB/wQFMAMBAf8wCgYI -KoZIzj0EAwIDSQAwRgIhAOFl3YnbPAPd7hRbh2Wpe0RrtZ0KAZGpjKk3C1ZhQEG4 -AiEAh6R8OVclkFNXFbQML8X5uEL+3d7wB+osNU0OlHFaiiQ= ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/cert.pem b/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/cert.pem deleted file mode 100644 index fa242a2d9b..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/cert.pem +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIBnTCCAUSgAwIBAgIBAjAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztPUUlTOkcy -QjQ6UDdRQjpHM1pJOlRIUE46WklUTTpVRFAyOlY3WlM6VVM2SDpDVUxEOlJJWkI6 -WDdQSTAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMT -O1c1MlY6QldDUTpPVVk2OklRNU46WDVYRzpNN0tKOkdYNlA6VFdNUTpaRkhKOk02 -MzI6SzIzVjpYRjQ1MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEG9rANGMaOxoZ -4XzItNBpqrzZLe/hyMY/hnlXARER0rbEp5B5yl5sDYaXEI80VgpUGNvleFOVc7yN -3rclT14tm6MjMCEwDgYDVR0PAQH/BAQDAgCAMA8GA1UdEwEB/wQFMAMBAf8wCgYI -KoZIzj0EAwIDRwAwRAIgQhkTTERnf/+2i1hM+hHivMngiciCQgqdcxo1UeK53fkC -IDzml+Gk4oAFGGcsO3wdHqbxfjyGkNr8hxfuWoq6Wl3U ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIBnjCCAUSgAwIBAgIBATAKBggqhkjOPQQDAjBGMUQwQgYDVQQDEztHVzRGOkdT -N1A6MjJLWTpTUVhNOkZJNzQ6U1FCUzpLUlhSOlY0VFI6SUc2UTo3TkxMOk9KSVM6 -M1hYSjAeFw0xNDA5MTIyMzA3NTNaFw0xNDEyMTEyMzA3NTRaMEYxRDBCBgNVBAMT -O09RSVM6RzJCNDpQN1FCOkczWkk6VEhQTjpaSVRNOlVEUDI6VjdaUzpVUzZIOkNV -TEQ6UklaQjpYN1BJMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEK0pEXXaql80e -o8khKBUhwg8fXwDnc+QIR3CB86JnCViEWskUrBmQZvdc8JTDtxBCvfs9nG7yZ8Uw -Raw6G9QdUqMjMCEwDgYDVR0PAQH/BAQDAgAGMA8GA1UdEwEB/wQFMAMBAf8wCgYI -KoZIzj0EAwIDSAAwRQIgCA6aCc66+d2/yz47PmvvZy+GDudWXFxD6plt2KUtuGsC -IQDykk/gYQ5MfIUlS8O+UEAwY7okfz6DxlpFGMVSO57gEg== ------END CERTIFICATE----- diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/grants/dmcgowan.json b/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/grants/dmcgowan.json deleted file mode 100644 index bbb2daec9e..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/grants/dmcgowan.json +++ /dev/null @@ -1,7 +0,0 @@ -[ -{ - "subject": "/dmcgowan", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" -} -] diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/grants/empty.json b/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/grants/empty.json deleted file mode 100644 index fe51488c70..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/grants/empty.json +++ /dev/null @@ -1 +0,0 @@ -[] diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/grants/official.json b/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/grants/official.json deleted file mode 100644 index 616e055faf..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/grants/official.json +++ /dev/null @@ -1,13 +0,0 @@ -[ - { - "subject": "/library", - "permission": 15, - "grantee": "LYRA:YAG2:QQKS:376F:QQXY:3UNK:SXH7:K6ES:Y5AU:XUN5:ZLVY:KBYL" - }, - { - "subject": "/library", - "permission": 15, - "grantee": "OIH7:HQFS:44FK:45VB:3B53:OIAG:TPL4:ATF5:6PNE:MGHN:NHQX:2GE4" - - } -] diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/graphtool b/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/graphtool deleted file mode 100644 index 66ff1f80b0..0000000000 Binary files a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/graphtool and /dev/null differ diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/master-key.json b/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/master-key.json deleted file mode 100644 index 0dfed0f612..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/master-key.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "crv": "P-256", - "d": "vIA7rvskakiQZI33vYTsOr_icsaTkQoml5IZjFAdBzA", - "kid": "OQIS:G2B4:P7QB:G3ZI:THPN:ZITM:UDP2:V7ZS:US6H:CULD:RIZB:X7PI", - "kty": "EC", - "x": "K0pEXXaql80eo8khKBUhwg8fXwDnc-QIR3CB86JnCVg", - "y": "hFrJFKwZkGb3XPCUw7cQQr37PZxu8mfFMEWsOhvUHVI" -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/trust-key.json b/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/trust-key.json deleted file mode 100644 index 684157c7c0..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustgraph/graphtool/trust-key.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "crv": "P-256", - "d": "6kQq64Rv3qOPLbS9Yj125E1y0ytaUxL8zBA6NJcVEPM", - "kid": "W52V:BWCQ:OUY6:IQ5N:X5XG:M7KJ:GX6P:TWMQ:ZFHJ:M632:K23V:XF45", - "kty": "EC", - "x": "G9rANGMaOxoZ4XzItNBpqrzZLe_hyMY_hnlXARER0rY", - "y": "xKeQecpebA2GlxCPNFYKVBjb5XhTlXO8jd63JU9eLZs" -} \ No newline at end of file diff --git a/Godeps/_workspace/src/github.com/docker/libtrust/trustutil/chain.go b/Godeps/_workspace/src/github.com/docker/libtrust/trustutil/chain.go deleted file mode 100644 index 4cdddb1833..0000000000 --- a/Godeps/_workspace/src/github.com/docker/libtrust/trustutil/chain.go +++ /dev/null @@ -1,31 +0,0 @@ -package trustutil - -import ( - "crypto/x509" -) - -type TrustURN struct { - nameParts []string - tag string -} - -func ParseTrustURN(string) (*TrustURN, error) { - return nil, nil -} - -func (urn *TrustURN) IsLocal() bool { - return urn.nameParts[0] == "local" -} - -func HasVerifiedURNChain(target string, chains [][]*x509.Certificate) bool { - for _, chain := range chains { - if VerifyURNChain(target, chain) { - return true - } - } - return false -} - -func VerifyURNChain(target string, chain []*x509.Certificate) bool { - return true -} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/.gitignore b/Godeps/_workspace/src/github.com/endophage/gotuf/.gitignore new file mode 100644 index 0000000000..e09760442a --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/.gitignore @@ -0,0 +1,2 @@ +/db/ +*.bkp diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/.travis.yml b/Godeps/_workspace/src/github.com/endophage/gotuf/.travis.yml new file mode 100644 index 0000000000..b0822a6c99 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/.travis.yml @@ -0,0 +1,30 @@ +language: go +go: + - 1.4 + - tip + +sudo: false + +before_install: + - go get golang.org/x/tools/cmd/cover + +script: + - go test -race -cover ./... + +notifications: + irc: + channels: + - "chat.freenode.net#flynn" + use_notice: true + skip_join: true + on_success: change + on_failure: always + template: + - "%{repository}/%{branch} - %{commit}: %{message} %{build_url}" + email: + on_success: never + on_failure: always + +matrix: + allow_failures: + - go: tip diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/Godeps/Godeps.json b/Godeps/_workspace/src/github.com/endophage/gotuf/Godeps/Godeps.json new file mode 100644 index 0000000000..eef900d105 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/Godeps/Godeps.json @@ -0,0 +1,78 @@ +{ + "ImportPath": "github.com/endophage/gotuf", + "GoVersion": "go1.4.2", + "Packages": [ + "./..." + ], + "Deps": [ + { + "ImportPath": "code.google.com/p/gosqlite/sqlite3", + "Comment": "null-16", + "Rev": "74691fb6f83716190870cde1b658538dd4b18eb0" + }, + { + "ImportPath": "github.com/Sirupsen/logrus", + "Comment": "v0.7.3", + "Rev": "55eb11d21d2a31a3cc93838241d04800f52e823d" + }, + { + "ImportPath": "github.com/agl/ed25519", + "Rev": "d2b94fd789ea21d12fac1a4443dd3a3f79cda72c" + }, + { + "ImportPath": "github.com/codegangsta/cli", + "Comment": "1.2.0-66-g6086d79", + "Rev": "6086d7927ec35315964d9fea46df6c04e6d697c1" + }, + { + "ImportPath": "github.com/docker/docker/pkg/term", + "Comment": "v1.4.1-775-g70fbd45", + "Rev": "70fbd45a5c88f6f39a07b04f81a07721bf5f3eed" + }, + { + "ImportPath": "github.com/docker/rufus/keys", + "Rev": "17e4b530d71b9222dc043c80987cbde254edcc2a" + }, + { + "ImportPath": "github.com/dustin/go-humanize", + "Rev": "145fabdb1ab757076a70a886d092a3af27f66f4c" + }, + { + "ImportPath": "github.com/flynn/go-docopt", + "Comment": "0.6.1-rc2-26-gf6dd2eb", + "Rev": "f6dd2ebbb31e9721c860cf1faf5c944aa73e3844" + }, + { + "ImportPath": "github.com/miekg/pkcs11", + "Rev": "88c9f842544e629ec046105d7fb50d5daafae737" + }, + { + "ImportPath": "github.com/tent/canonical-json-go", + "Rev": "96e4ba3a7613a1216cbd1badca4efe382adea337" + }, + { + "ImportPath": "golang.org/x/crypto/nacl/secretbox", + "Rev": "bfc286917c5fcb7420d7e3092b50bbfd31b38a98" + }, + { + "ImportPath": "golang.org/x/crypto/pbkdf2", + "Rev": "bfc286917c5fcb7420d7e3092b50bbfd31b38a98" + }, + { + "ImportPath": "golang.org/x/crypto/poly1305", + "Rev": "bfc286917c5fcb7420d7e3092b50bbfd31b38a98" + }, + { + "ImportPath": "golang.org/x/crypto/salsa20/salsa", + "Rev": "bfc286917c5fcb7420d7e3092b50bbfd31b38a98" + }, + { + "ImportPath": "golang.org/x/crypto/scrypt", + "Rev": "bfc286917c5fcb7420d7e3092b50bbfd31b38a98" + }, + { + "ImportPath": "gopkg.in/check.v1", + "Rev": "64131543e7896d5bcc6bd5a76287eb75ea96c673" + } + ] +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/Godeps/Readme b/Godeps/_workspace/src/github.com/endophage/gotuf/Godeps/Readme new file mode 100644 index 0000000000..4cdaa53d56 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/Godeps/Readme @@ -0,0 +1,5 @@ +This directory tree is generated automatically by godep. + +Please do not edit. + +See https://github.com/tools/godep for more information. diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/LICENSE b/Godeps/_workspace/src/github.com/endophage/gotuf/LICENSE new file mode 100644 index 0000000000..7d899e88b7 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/LICENSE @@ -0,0 +1,28 @@ +Copyright (c) 2015, Docker Inc. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + + * Redistributions of source code must retain the above copyright +notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above +copyright notice, this list of conditions and the following disclaimer +in the documentation and/or other materials provided with the +distribution. + * Neither the name of Prime Directive, Inc. nor the names of its +contributors may be used to endorse or promote products derived from +this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/MAINTAINERS b/Godeps/_workspace/src/github.com/endophage/gotuf/MAINTAINERS new file mode 100644 index 0000000000..d7dda3f4fc --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/MAINTAINERS @@ -0,0 +1 @@ +David Lawrence (github: endophage) diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/Makefile b/Godeps/_workspace/src/github.com/endophage/gotuf/Makefile new file mode 100644 index 0000000000..02c6d4d1b3 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/Makefile @@ -0,0 +1,34 @@ +# Set an output prefix, which is the local directory if not specified +PREFIX?=$(shell pwd) + +vet: + @echo "+ $@" + @go vet ./... + +fmt: + @echo "+ $@" + @test -z "$$(gofmt -s -l . | grep -v Godeps/_workspace/src/ | tee /dev/stderr)" || \ + echo "+ please format Go code with 'gofmt -s'" + +lint: + @echo "+ $@" + @test -z "$$(golint ./... | grep -v Godeps/_workspace/src/ | tee /dev/stderr)" + +build: + @echo "+ $@" + @go build -v ${GO_LDFLAGS} ./... + +test: + @echo "+ $@" + @go test -test.short ./... + +test-full: + @echo "+ $@" + @go test ./... + +binaries: ${PREFIX}/bin/registry ${PREFIX}/bin/registry-api-descriptor-template ${PREFIX}/bin/dist + @echo "+ $@" + +clean: + @echo "+ $@" + @rm -rf "${PREFIX}/bin/registry" "${PREFIX}/bin/registry-api-descriptor-template" diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/README.md b/Godeps/_workspace/src/github.com/endophage/gotuf/README.md new file mode 100644 index 0000000000..e72ecf8f9a --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/README.md @@ -0,0 +1,24 @@ +This is still a work in progress but will shortly be a fully compliant +Go implementation of [The Update Framework (TUF)](http://theupdateframework.com/). + +This implementation was originally forked from [flynn/go-tuf](https://github.com/flynn/go-tuf), +however in attempting to add delegations I found I was making such +significant changes that I could not maintain backwards compatibility +without the code becoming overly convoluted. + +This implementation retains the same 3 Clause BSD license present on +the original flynn implementation. + +TODOs: + +- [ ] Add Targets to existing repo +- [ ] Sign metadata files +- [ ] Refactor TufRepo to take care of signing and verification +- [ ] Ensure consistent capitalization in naming +- [ ] Make caching of metadata files smarter +- [ ] Add configuration for CLI commands. Order of configuration priority from most to least: flags, config file, defaults +- [ ] Reasses organization of data types. Possibly consolidate a few things into the data package but break up package into a few more distinct files +- [ ] Comprehensive test cases +- [ ] Delete files no longer in use +- [ ] Fix up errors. Some have to be instantiated, others don't, the inconsistency is annoying. +- [ ] Bump version numbers in meta files diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/client/client.go b/Godeps/_workspace/src/github.com/endophage/gotuf/client/client.go new file mode 100644 index 0000000000..c9376d9850 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/client/client.go @@ -0,0 +1,243 @@ +package client + +import ( + "encoding/json" + "fmt" + "io" + "path" + "path/filepath" + "strings" + + "github.com/Sirupsen/logrus" + tuf "github.com/endophage/gotuf" + "github.com/endophage/gotuf/data" + "github.com/endophage/gotuf/keys" + "github.com/endophage/gotuf/signed" + "github.com/endophage/gotuf/store" + "github.com/endophage/gotuf/utils" +) + +type Client struct { + local *tuf.TufRepo + remote store.RemoteStore + keysDB *keys.KeyDB +} + +func NewClient(local *tuf.TufRepo, remote store.RemoteStore, keysDB *keys.KeyDB) *Client { + return &Client{ + local: local, + remote: remote, + keysDB: keysDB, + } +} + +// Update an in memory copy of the TUF Repo. If an error is returned, the +// Client instance should be considered corrupted and discarded as it may +// be left in a partially updated state +func (c *Client) Update() error { + err := c.update() + if err != nil { + switch err.(type) { + case tuf.ErrSigVerifyFail: + case tuf.ErrMetaExpired: + case tuf.ErrLocalRootExpired: + if err := c.downloadRoot(); err != nil { + logrus.Errorf("Client Update (Root):", err) + return err + } + default: + return err + } + } + // If we error again, we now have the latest root and just want to fail + // out as there's no expectation the problem can be resolved automatically + return c.update() +} + +func (c *Client) update() error { + err := c.downloadTimestamp() + if err != nil { + logrus.Errorf("Client Update (Timestamp):", err) + return err + } + err = c.downloadSnapshot() + if err != nil { + logrus.Errorf("Client Update (Snapshot):", err) + return err + } + err = c.checkRoot() + if err != nil { + return err + } + err = c.downloadTargets("targets") + if err != nil { + logrus.Errorf("Client Update (Targets):", err) + return err + } + return nil +} + +// checkRoot determines if the hash, and size are still those reported +// in the snapshot file. It will also check the expiry, however, if the +// hash and size in snapshot are unchanged but the root file has expired, +// there is little expectation that the situation can be remedied. +func (c Client) checkRoot() error { + return nil +} + +// downloadRoot is responsible for downloading the root.json +func (c *Client) downloadRoot() error { + role := data.RoleName("root") + size := c.local.Snapshot.Signed.Meta[role].Length + + raw, err := c.remote.GetMeta(role, size) + if err != nil { + return err + } + s := &data.Signed{} + err = json.Unmarshal(raw, s) + if err != nil { + return err + } + err = signed.Verify(s, role, 0, c.keysDB) + if err != nil { + return err + } + c.local.SetRoot(s) + return nil +} + +// downloadTimestamp is responsible for downloading the timestamp.json +func (c *Client) downloadTimestamp() error { + role := data.RoleName("timestamp") + raw, err := c.remote.GetMeta(role, 5<<20) + if err != nil { + return err + } + s := &data.Signed{} + err = json.Unmarshal(raw, s) + if err != nil { + return err + } + err = signed.Verify(s, role, 0, c.keysDB) + if err != nil { + return err + } + c.local.SetTimestamp(s) + return nil +} + +// downloadSnapshot is responsible for downloading the snapshot.json +func (c *Client) downloadSnapshot() error { + role := data.RoleName("snapshot") + size := c.local.Timestamp.Signed.Meta[role+".txt"].Length + raw, err := c.remote.GetMeta(role, size) + if err != nil { + return err + } + s := &data.Signed{} + err = json.Unmarshal(raw, s) + if err != nil { + return err + } + err = signed.Verify(s, role, 0, c.keysDB) + if err != nil { + return err + } + c.local.SetSnapshot(s) + return nil +} + +// downloadTargets is responsible for downloading any targets file +// including delegates roles. It will download the whole tree of +// delegated roles below the given one +func (c *Client) downloadTargets(role string) error { + role = data.RoleName(role) // this will really only do something for base targets role + snap := c.local.Snapshot.Signed + root := c.local.Root.Signed + r := c.keysDB.GetRole(role) + if r == nil { + return fmt.Errorf("Invalid role: %s", role) + } + keyIDs := r.KeyIDs + s, err := c.GetTargetsFile(role, keyIDs, snap.Meta, root.ConsistentSnapshot, r.Threshold) + if err != nil { + logrus.Error("Error getting targets file:", err) + return err + } + err = c.local.SetTargets(role, s) + if err != nil { + return err + } + t := c.local.Targets[role].Signed + for _, r := range t.Delegations.Roles { + err := c.downloadTargets(r.Name) + if err != nil { + logrus.Error("Failed to download ", role, err) + return err + } + } + return nil +} + +func (c Client) GetTargetsFile(roleName string, keyIDs []string, snapshotMeta data.Files, consistent bool, threshold int) (*data.Signed, error) { + rolePath, err := c.RoleTargetsPath(roleName, snapshotMeta, consistent) + if err != nil { + return nil, err + } + r, err := c.remote.GetMeta(rolePath, snapshotMeta[roleName+".txt"].Length) + if err != nil { + return nil, err + } + s := &data.Signed{} + err = json.Unmarshal(r, s) + if err != nil { + logrus.Error("Error unmarshalling targets file:", err) + return nil, err + } + err = signed.Verify(s, roleName, 0, c.keysDB) + if err != nil { + return nil, err + } + return s, nil +} + +func (c Client) RoleTargetsPath(roleName string, snapshotMeta data.Files, consistent bool) (string, error) { + if consistent { + roleMeta, ok := snapshotMeta[roleName] + if !ok { + return "", fmt.Errorf("Consistent Snapshots Enabled but no meta found for target role") + } + if _, ok := roleMeta.Hashes["sha256"]; !ok { + return "", fmt.Errorf("Consistent Snapshots Enabled and sha256 not found for targets file in snapshot meta") + } + dir := filepath.Dir(roleName) + if strings.Contains(roleName, "/") { + lastSlashIdx := strings.LastIndex(roleName, "/") + roleName = roleName[lastSlashIdx+1:] + } + roleName = path.Join( + dir, + fmt.Sprintf("%s.%s.json", roleMeta.Hashes["sha256"], roleName), + ) + } + return roleName, nil +} + +func (c Client) TargetMeta(path string) *data.FileMeta { + return c.local.FindTarget(path) +} + +func (c Client) DownloadTarget(dst io.Writer, path string, meta *data.FileMeta) error { + reader, err := c.remote.GetTarget(path) + if err != nil { + return err + } + defer reader.Close() + r := io.TeeReader( + io.LimitReader(reader, meta.Length), + dst, + ) + err = utils.ValidateTarget(r, meta) + return err +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/client/client_test.go b/Godeps/_workspace/src/github.com/endophage/gotuf/client/client_test.go new file mode 100644 index 0000000000..083cf35f56 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/client/client_test.go @@ -0,0 +1,150 @@ +package client + +import ( + "encoding/json" + "io/ioutil" + "testing" + + "github.com/Sirupsen/logrus" + tuf "github.com/endophage/gotuf" + "github.com/endophage/gotuf/data" + "github.com/endophage/gotuf/keys" + "github.com/endophage/gotuf/store" +) + +func TestClientUpdate(t *testing.T) { + pypiRoot := `{ + "signatures": [ + { + "keyid": "92db731bf30e31c13e775360453f0adc8bfd3107f5000b99431c4bdbcebb31ed", + "method": "PyCrypto-PKCS#1 PSS", + "sig": "31d1fa4712eaf591b367740f69ba7577fb5565863639d7e89145abe159f047d5f848e7696fbaf16f5c4214e1f2295d14e3078f5c0a6e2cbc015c13f8557836a039208970b436bb13b921f86f3e4d4518ce2f731bd7a55083d45634f206dc92e886daeb15e65a513f6451575811e9e44b5573d6999d4b69f86a27f01d0d9a868a535a1f0f6534bd9e555d4df95f019ea6859c83fca30e95e0d1c2ce1dcb2b19c91facd98a7cae9f4c81b5ff4c12980f333e38eac99f4561a8f9e5342382443f165cf0af840d5c61b62698b27413d7f5e1bdba714b98759bcfc7c3d65c567459ce093c66c88ebae836665bcdf2efc1e6921bd792406c0529dab2678a922e5fa6ef39e92f89d3072a22bd755a49b2e2e2c801ce73006fd8a7f56595fae01af3e2a49a3bce4ce9fcaec43e1aae5b0c0fc807bc4caca9fae7c34ff026a417262b5435cfd6cbf17b70aae041eae30a6bd6a857db88566c89f2c02171674b9195f22a84ec5839a4e46e2e63fbb5d4821ae66237ea261846c7d5a341d5f4ab2e12412d4e" + } + ], + "signed": { + "_type": "Root", + "expires": "2014-08-31 00:49:33 UTC", + "keys": { + "07f12f6c470e60d49fe6a60cd893dfba870db387083d50fe4fc43c6171a0be59": { + "keytype": "rsa", + "keyval": { + "private": "", + "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAtb4vuMJF1kOc1deExdqV\nZ3o9W6zulfRDX6u8Exd3NEL0/9bCYluqpshFzgmDYpCsuS79Ve5S8WgXAnEXyWOf\nHL/FnAVqFSnmgmYr52waMYV57BsNMY8pXxOnJm1opUbt0PdnF2D2yfLLY8IgZ/0m\niJ+gWojwEBMRlTOnHFx+l/UVvZAhpVsua6C8C2ThFLrXlmmtkg5BAIm1kWPsZ0nB\n3Cczcwh8zE0l2ytVi458AuRGKwi1TMIGXl064ekjsWexH1zCuoEcv/CKob0BkL4c\nLFUKe6WD6XlEp/xnMh6lNG8LT+UKzSb1hPkTtt23RntFB4Qx7UUT8LoO79bv6coE\njeEqHltmeohHpVmTLWsbTdaX7W3clWPUErGh5kAO0SJu1EM94p5nGWlZ+kwASxtO\nz1qR8AqQ02HBBQU+cY24CNnOwKDq/Kgsg1Aw7bqglvtUwBUQkuuCuisjHI0bSMFr\ntGIhlswxItfQ709/OMrN44Vw/H/Z50UzGFtRlu1h07/vAgMBAAE=\n-----END PUBLIC KEY-----" + } + }, + "2d9f41a1b79429e9d950a687fe00da0bb4fd751da98aeade1524b8d28968eb89": { + "keytype": "rsa", + "keyval": { + "private": "", + "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAmjt8CIbohZxZQ1+I8CQn\nvugLsGXq1G2OiMZvbN281q1/E1futll3+EnfxPLP0SBlyYxixma/ozoMj94lPyOX\nBbiF/U1WJ0Wp5D1kpT0Jzt9Ar0bkRxWoPhubeJ7D4k8Br2m7aG+wchfozdbMmUwK\n/MiAZ1fmpKQAr1ek3/hJiN/dURw+mQEdgXwgA4raDy4Ty3AkG7SDCG1cYoYYMJa3\nKg82AWISQQEHUO1MwRVBon2B5d2UriUEzsYYi+2whDOekchjgyd2xdcRvdCBbdGv\nJBCtzVZpd52lCwqAMJUyDGre6Mb6NmKC2nuk+TYEujqRQK97LnjmPwI42b4cBHqv\nDtg7Z8K3rEQIyD+VvrcWlu+1cE8drjh3y+r7oTtjRPr1M8xaCWn/dh8huSJmaFlk\nmWKDX9KI3/5pxFjgpry20eBRYkZHJWwByc9GVvwhRsIF61QdKvA6uGqkFHy9YQBW\nnzWTPo/4UTUwcpfjneoyMOVKx2K05ZePa5UNAgJVDgFfAgMBAAE=\n-----END PUBLIC KEY-----" + } + }, + "92db731bf30e31c13e775360453f0adc8bfd3107f5000b99431c4bdbcebb31ed": { + "keytype": "rsa", + "keyval": { + "private": "", + "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArvqUPYb6JJROPJQglPTj\n5uDrsxQKl34Mo+3pSlBVuD6puE4lDnG649a2YksJy+C8ZIPJgokn5w+C3alh+dMe\nzbdWHHxrY1h9CLpYz5cbMlE16303ubkt1rvwDqEezG0HDBzPaKj4oP9YJ9x7wbsq\ndvFcy+Qc3wWd7UWcieo6E0ihbJkYcY8chRXVLg1rL7EfZ+e3bq5+ojA2ECM5JqzZ\nzgDpqCv5hTCYYZp72MZcG7dfSPAHrcSGIrwg7whzz2UsEtCOpsJTuCl96FPN7kAu\n4w/WyM3+SPzzr4/RQXuY1SrLCFD8ebM2zHt/3ATLhPnGmyG5I0RGYoegFaZ2AViw\nlqZDOYnBtgDvKP0zakMtFMbkh2XuNBUBO7Sjs0YcZMjLkh9gYUHL1yWS3Aqus1Lw\nlI0gHS22oyGObVBWkZEgk/Foy08sECLGao+5VvhmGpfVuiz9OKFUmtPVjWzRE4ng\niekEu4drSxpH41inLGSvdByDWLpcTvWQI9nkgclh3AT/AgMBAAE=\n-----END PUBLIC KEY-----" + } + }, + "e1ccde549849bb6aa548412e79c407c93f303f3a3ca0ab1e5923ff7d5c4de769": { + "keytype": "rsa", + "keyval": { + "private": "", + "public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAqnNAzjIb73u2Nk+r2AdU\nnK+xvKDcZgIzjSzRVjtRJgu3MVffzPcGIsjv2RS8/LLl8nSf48V+tWZf/PnTzkMn\n1iJhbdOQTt6bABiizm5dLP9Jm/AIMTTUpbu+fpFbV8vNH+qM5/Z0WNOptQnOEfNs\n84MNh919lJjHc5VPTw86h68Mkn7W5RChZqnwEv75M1XfWdAnUGeLfZh6BKxFMnaB\nciYxieUvc1bnCtqsdaDE2Ab86WXM7cmNCqyLAh4JkTV+RcMzqEnZCAm68TkO6gM/\n5g4A7fbnn9Jc4O3fJvu80fYOg63nS6hAFldmN74oYu2h5PV75xyTIEERoXqJbSaj\n1Agj/98khIZGsSVjoQ5Mi7ETcSbsH7rqWdHFIu+dbKw8vlnqWnEQYjXA8CIOY3X7\nB6/u5FBS5AdxjO6AR/MuaqpWdDTZwXwgZ9c4wqO4Re4z73sGM1PugUK4dbXIGwVe\nRtzv7cSFOB7OPmj53miJWt2ILACb+Dpnxt9h6TzT1C0JAgMBAAE=\n-----END PUBLIC KEY-----" + } + } + }, + "roles": { + "release": { + "keyids": [ + "e1ccde549849bb6aa548412e79c407c93f303f3a3ca0ab1e5923ff7d5c4de769" + ], + "threshold": 1 + }, + "root": { + "keyids": [ + "92db731bf30e31c13e775360453f0adc8bfd3107f5000b99431c4bdbcebb31ed" + ], + "threshold": 1 + }, + "targets": { + "keyids": [ + "07f12f6c470e60d49fe6a60cd893dfba870db387083d50fe4fc43c6171a0be59" + ], + "threshold": 1 + }, + "timestamp": { + "keyids": [ + "2d9f41a1b79429e9d950a687fe00da0bb4fd751da98aeade1524b8d28968eb89" + ], + "threshold": 1 + } + }, + "version": 1 + } +}` + + data.SetTUFTypes( + map[string]string{ + "snapshot": "Release", + }, + ) + data.SetValidRoles( + map[string]string{ + "snapshot": "release", + }, + ) + + s := &data.Signed{} + err := json.Unmarshal([]byte(pypiRoot), s) + if err != nil { + t.Fatal(err) + } + kdb := keys.NewDB() + + logrus.SetLevel(logrus.DebugLevel) + + // Being able to set the second argument, signer, to nil is a great + // test as we shouldn't need to instantiate a signer just for reading + // a repo. + repo := tuf.NewTufRepo(kdb, nil) + repo.SetRoot(s) + remote, err := store.NewHTTPStore( + "http://mirror1.poly.edu/test-pypi/", + "metadata", + "txt", + "targets", + ) + cached := store.NewFileCacheStore(remote, "/tmp/tuf") + if err != nil { + t.Fatal(err) + } + client := Client{ + local: repo, + remote: cached, + keysDB: kdb, + } + + err = client.Update() + if err != nil { + t.Fatal(err) + } + + testTarget := "packages/2.3/T/TracHTTPAuth/TracHTTPAuth-1.0.1-py2.3.egg" + expectedHash := "dbcaa6dc0035a636234f9b457d24bf1aeecac0a29b4da97a3b32692f2729f9db" + expectedSize := int64(8140) + m := client.TargetMeta(testTarget) + if m == nil { + t.Fatal("Failed to find existing target") + } + if m.Hashes["sha256"].String() != expectedHash { + t.Fatal("Target hash incorrect.\nExpected:", expectedHash, "\nReceived:", m.Hashes["sha256"].String()) + } + if m.Length != expectedSize { + t.Fatal("Target size incorrect.\nExpected:", expectedSize, "\nReceived:", m.Length) + } + err = client.DownloadTarget(ioutil.Discard, testTarget, m) + if err != nil { + t.Fatal(err) + } +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/client/errors.go b/Godeps/_workspace/src/github.com/endophage/gotuf/client/errors.go new file mode 100644 index 0000000000..92df3e2deb --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/client/errors.go @@ -0,0 +1,106 @@ +package client + +import ( + "errors" + "fmt" +) + +var ( + ErrNoRootKeys = errors.New("tuf: no root keys found in local meta store") + ErrInsufficientKeys = errors.New("tuf: insufficient keys to meet threshold") +) + +type ErrMissingRemoteMetadata struct { + Name string +} + +func (e ErrMissingRemoteMetadata) Error() string { + return fmt.Sprintf("tuf: missing remote metadata %s", e.Name) +} + +type ErrDownloadFailed struct { + File string + Err error +} + +func (e ErrDownloadFailed) Error() string { + return fmt.Sprintf("tuf: failed to download %s: %s", e.File, e.Err) +} + +type ErrDecodeFailed struct { + File string + Err error +} + +func (e ErrDecodeFailed) Error() string { + return fmt.Sprintf("tuf: failed to decode %s: %s", e.File, e.Err) +} + +func isDecodeFailedWithErr(err, expected error) bool { + e, ok := err.(ErrDecodeFailed) + if !ok { + return false + } + return e.Err == expected +} + +type ErrNotFound struct { + File string +} + +func (e ErrNotFound) Error() string { + return fmt.Sprintf("tuf: file not found: %s", e.File) +} + +func IsNotFound(err error) bool { + _, ok := err.(ErrNotFound) + return ok +} + +type ErrWrongSize struct { + File string + Actual int64 + Expected int64 +} + +func (e ErrWrongSize) Error() string { + return fmt.Sprintf("tuf: unexpected file size: %s (expected %d bytes, got %d bytes)", e.File, e.Expected, e.Actual) +} + +type ErrLatestSnapshot struct { + Version int +} + +func (e ErrLatestSnapshot) Error() string { + return fmt.Sprintf("tuf: the local snapshot version (%d) is the latest", e.Version) +} + +func IsLatestSnapshot(err error) bool { + _, ok := err.(ErrLatestSnapshot) + return ok +} + +type ErrUnknownTarget struct { + Name string +} + +func (e ErrUnknownTarget) Error() string { + return fmt.Sprintf("tuf: unknown target file: %s", e.Name) +} + +type ErrMetaTooLarge struct { + Name string + Size int64 +} + +func (e ErrMetaTooLarge) Error() string { + return fmt.Sprintf("tuf: %s size %d bytes greater than maximum", e.Name, e.Size) +} + +type ErrInvalidURL struct { + URL string +} + +func (e ErrInvalidURL) Error() string { + return fmt.Sprintf("tuf: invalid repository URL %s", e.URL) +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/client/download.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/client/download.go new file mode 100644 index 0000000000..4c187b830b --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/client/download.go @@ -0,0 +1,111 @@ +package main + +import ( + "encoding/json" + "fmt" + "os" + "path/filepath" + + "github.com/codegangsta/cli" + "github.com/endophage/gotuf/keys" + + "github.com/endophage/gotuf" + "github.com/endophage/gotuf/client" + "github.com/endophage/gotuf/data" + "github.com/endophage/gotuf/store" +) + +var commandDownload = cli.Command{ + Name: "download", + Usage: "provide the path to a target you wish to download.", + Action: download, +} + +func init() { + commandDownload.Flags = []cli.Flag{ + cli.StringFlag{ + Name: "root, r", + Value: "", + Usage: "The local file path to the current, or immediately previous, root.json for the TUF repo.", + EnvVar: "TUF_ROOT", + }, + cli.StringFlag{ + Name: "host, h", + Value: "", + Usage: "The scheme and hostname of the TUF repository, e.g. http://example.com/.", + EnvVar: "TUF_HOST", + }, + cli.StringFlag{ + Name: "meta, m", + Value: "", + Usage: "The path prefix for TUF metadata files.", + EnvVar: "TUF_META_PREFIX", + }, + cli.StringFlag{ + Name: "ext, e", + Value: "json", + Usage: "The file extension for TUF metadata files.", + EnvVar: "TUF_META_EXT", + }, + cli.StringFlag{ + Name: "targets, t", + Value: "", + Usage: "The path prefix for target files.", + EnvVar: "TUF_TARGETS_PREFIX", + }, + } +} + +func download(ctx *cli.Context) { + if len(ctx.Args()) < 1 { + fmt.Println("At least one target name must be provided.") + return + } + var root []byte + r := &data.Signed{} + err := json.Unmarshal(root, r) + if err != nil { + fmt.Println("Could not read initial root.json") + return + } + kdb := keys.NewDB() + repo := tuf.NewTufRepo(kdb, nil) + repo.SetRoot(r) + remote, err := store.NewHTTPStore( + ctx.String("host"), + ctx.String("meta"), + ctx.String("ext"), + ctx.String("targets"), + ) + cached := store.NewFileCacheStore(remote, "/tmp/tuf") + if err != nil { + fmt.Println(err) + return + } + + client := client.NewClient(repo, cached, kdb) + + err = client.Update() + if err != nil { + fmt.Println(err) + return + } + filename := filepath.Base(ctx.Args()[0]) + f, err := os.OpenFile(filename, os.O_TRUNC|os.O_CREATE|os.O_RDWR, 0644) + if err != nil { + fmt.Println(err) + return + } + defer f.Close() + m := client.TargetMeta(ctx.Args()[0]) + if m == nil { + fmt.Println("Requested package not found.") + return + } + err = client.DownloadTarget(f, ctx.Args()[0], m) + if err != nil { + fmt.Println(err) + return + } + fmt.Println("Requested pacakge downloaded.") +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/client/main.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/client/main.go new file mode 100644 index 0000000000..4dd2a11fb1 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/client/main.go @@ -0,0 +1,27 @@ +package main + +import ( + "os" + + "github.com/codegangsta/cli" +) + +func main() { + app := cli.NewApp() + app.Name = "tufc" + app.Usage = "tuf download " + + app.Flags = []cli.Flag{ + cli.StringFlag{ + Name: "config", + Value: "config.json", + Usage: "Set the path to a json configuration file for the TUF repo you want to interact with.", + }, + } + + app.Commands = []cli.Command{ + commandDownload, + } + + app.Run(os.Args) +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tools/main.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tools/main.go new file mode 100644 index 0000000000..bdd42798fe --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tools/main.go @@ -0,0 +1,84 @@ +package main + +import ( + "fmt" + "log" + + "github.com/endophage/gotuf" + "github.com/endophage/gotuf/signed" + "github.com/endophage/gotuf/store" + "github.com/endophage/gotuf/testutils" + "github.com/flynn/go-docopt" +) + +func main() { + log.SetFlags(0) + + usage := `usage: tuftools [-h|--help] [...] + +Options: + -h, --help + +Commands: + help Show usage for a specific command + meta Generate metadata from the given file path + +See "tuf help " for more information on a specific command +` + + args, _ := docopt.Parse(usage, nil, true, "", true) + cmd := args.String[""] + cmdArgs := args.All[""].([]string) + + if cmd == "help" { + if len(cmdArgs) == 0 { // `tuf help` + fmt.Println(usage) + return + } else { // `tuf help ` + cmd = cmdArgs[0] + cmdArgs = []string{"--help"} + } + } + + if err := runCommand(cmd, cmdArgs); err != nil { + log.Fatalln("ERROR:", err) + } +} + +type cmdFunc func(*docopt.Args, *tuf.Repo) error + +type command struct { + usage string + f cmdFunc +} + +var commands = make(map[string]*command) + +func register(name string, f cmdFunc, usage string) { + commands[name] = &command{usage: usage, f: f} +} + +func runCommand(name string, args []string) error { + argv := make([]string, 1, 1+len(args)) + argv[0] = name + argv = append(argv, args...) + + cmd, ok := commands[name] + if !ok { + return fmt.Errorf("%s is not a tuf command. See 'tuf help'", name) + } + + parsedArgs, err := docopt.Parse(cmd.usage, argv, true, "", true) + if err != nil { + return err + } + + db := testutils.GetSqliteDB() + local := store.DBStore(db, "") + signer := signed.Ed25519{} + repo, err := tuf.NewRepo(&signer, local, "sha256") + if err != nil { + return err + } + return cmd.f(parsedArgs, repo) +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tools/meta.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tools/meta.go new file mode 100644 index 0000000000..5ba108813c --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tools/meta.go @@ -0,0 +1,39 @@ +package main + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "os" + + "github.com/endophage/gotuf" + "github.com/endophage/gotuf/data" + "github.com/flynn/go-docopt" +) + +func init() { + register("meta", cmdMeta, ` +usage: tuftools meta [...] + +Generate sample metadata for file(s) given by path. + +`) +} + +func cmdMeta(args *docopt.Args, repo *tuf.Repo) error { + paths := args.All[""].([]string) + for _, file := range paths { + reader, _ := os.Open(file) + meta, _ := data.NewFileMeta(reader, "sha256") + jsonBytes, err := json.Marshal(meta) + if err != nil { + return err + } + filename := fmt.Sprintf("%s.meta.json", file) + err = ioutil.WriteFile(filename, jsonBytes, 0644) + if err != nil { + return err + } + } + return nil +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/README.md b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/README.md new file mode 100644 index 0000000000..0bafb6a3a2 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/README.md @@ -0,0 +1,48 @@ +# go-tuf client CLI + +## Install + +``` +go get github.com/flynn/go-tuf/cmd/tuf-client +``` + +## Usage + +The CLI provides three commands: + +* `tuf-client init` - initialize a local file store using root keys (e.g. from + the output of `tuf root-keys`) +* `tuf-client list` - list available targets and their file sizes +* `tuf-client get` - get a target file and write to STDOUT + +All commands require the base URL of the TUF repository as the first non-flag +argument, and accept an optional `--store` flag which is the path to the local +storage. + +Run `tuf-client help` from the command line to get more detailed usage +information. + +## Examples + +``` +# init +$ tuf-client init https://example.com/path/to/repo + +# init with a custom store path +$ tuf-client init --store /tmp/tuf.db https://example.com/path/to/repo + +# list available targets +$ tuf-client list https://example.com/path/to/repo +PATH SIZE +/foo.txt 1.6KB +/bar.txt 336B +/baz.txt 1.5KB + +# get a target +$ tuf-client get https://example.com/path/to/repo /foo.txt +the contents of foo.txt + +# the prefixed / is optional +$ tuf-client get https://example.com/path/to/repo foo.txt +the contents of foo.txt +``` diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/get.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/get.go new file mode 100644 index 0000000000..e699cbc170 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/get.go @@ -0,0 +1,52 @@ +package main + +import ( + "io" + "io/ioutil" + "os" + + tuf "github.com/endophage/gotuf/client" + "github.com/endophage/gotuf/utils" + "github.com/flynn/go-docopt" +) + +func init() { + register("get", cmdGet, ` +usage: tuf-client get [-s|--store=] + +Options: + -s The path to the local file store [default: tuf.db] + +Get a target from the repository. + `) +} + +type tmpFile struct { + *os.File +} + +func (t *tmpFile) Delete() error { + t.Close() + return os.Remove(t.Name()) +} + +func cmdGet(args *docopt.Args, client *tuf.Client) error { + if _, err := client.Update(); err != nil && !tuf.IsLatestSnapshot(err) { + return err + } + target := utils.NormalizeTarget(args.String[""]) + file, err := ioutil.TempFile("", "gotuf") + if err != nil { + return err + } + tmp := tmpFile{file} + if err := client.Download(target, &tmp); err != nil { + return err + } + defer tmp.Delete() + if _, err := tmp.Seek(0, os.SEEK_SET); err != nil { + return err + } + _, err = io.Copy(os.Stdout, file) + return err +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/init.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/init.go new file mode 100644 index 0000000000..b9ba0cb1f3 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/init.go @@ -0,0 +1,41 @@ +package main + +import ( + "encoding/json" + "io" + "os" + + tuf "github.com/endophage/gotuf/client" + "github.com/endophage/gotuf/data" + "github.com/flynn/go-docopt" +) + +func init() { + register("init", cmdInit, ` +usage: tuf-client init [-s|--store=] [] + +Options: + -s The path to the local file store [default: tuf.db] + +Initialize the local file store with root keys. + `) +} + +func cmdInit(args *docopt.Args, client *tuf.Client) error { + file := args.String[""] + var in io.Reader + if file == "" || file == "-" { + in = os.Stdin + } else { + var err error + in, err = os.Open(file) + if err != nil { + return err + } + } + var rootKeys []*data.Key + if err := json.NewDecoder(in).Decode(&rootKeys); err != nil { + return err + } + return client.Init(rootKeys, len(rootKeys)) +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/list.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/list.go new file mode 100644 index 0000000000..495eca69ac --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/list.go @@ -0,0 +1,39 @@ +package main + +import ( + "fmt" + "os" + "text/tabwriter" + + "github.com/dustin/go-humanize" + tuf "github.com/endophage/gotuf/client" + "github.com/flynn/go-docopt" +) + +func init() { + register("list", cmdList, ` +usage: tuf-client list [-s|--store=] + +Options: + -s The path to the local file store [default: tuf.db] + +List available target files. + `) +} + +func cmdList(args *docopt.Args, client *tuf.Client) error { + if _, err := client.Update(); err != nil && !tuf.IsLatestSnapshot(err) { + return err + } + targets, err := client.Targets() + if err != nil { + return err + } + w := tabwriter.NewWriter(os.Stdout, 1, 2, 2, ' ', 0) + defer w.Flush() + fmt.Fprintln(w, "PATH\tSIZE") + for path, meta := range targets { + fmt.Fprintf(w, "%s\t%s\n", path, humanize.Bytes(uint64(meta.Length))) + } + return nil +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/main.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/main.go new file mode 100644 index 0000000000..d43a55e992 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf-client/main.go @@ -0,0 +1,94 @@ +package main + +import ( + "fmt" + "log" + + "github.com/endophage/gotuf/client" + "github.com/endophage/gotuf/store" + "github.com/flynn/go-docopt" +) + +func main() { + log.SetFlags(0) + + usage := `usage: tuf-client [-h|--help] [...] + +Options: + -h, --help + +Commands: + help Show usage for a specific command + init Initialize with root keys + list List available target files + get Get a target file + +See "tuf-client help " for more information on a specific command. +` + + args, _ := docopt.Parse(usage, nil, true, "", true) + cmd := args.String[""] + cmdArgs := args.All[""].([]string) + + if cmd == "help" { + if len(cmdArgs) == 0 { // `tuf-client help` + fmt.Println(usage) + return + } else { // `tuf-client help ` + cmd = cmdArgs[0] + cmdArgs = []string{"--help"} + } + } + + if err := runCommand(cmd, cmdArgs); err != nil { + log.Fatalln("ERROR:", err) + } +} + +type cmdFunc func(*docopt.Args, *client.Client) error + +type command struct { + usage string + f cmdFunc +} + +var commands = make(map[string]*command) + +func register(name string, f cmdFunc, usage string) { + commands[name] = &command{usage: usage, f: f} +} + +func runCommand(name string, args []string) error { + argv := make([]string, 1, 1+len(args)) + argv[0] = name + argv = append(argv, args...) + + cmd, ok := commands[name] + if !ok { + return fmt.Errorf("%s is not a tuf-client command. See 'tuf-client help'", name) + } + + parsedArgs, err := docopt.Parse(cmd.usage, argv, true, "", true) + if err != nil { + return err + } + + client, err := tufClient(parsedArgs) + if err != nil { + return err + } + return cmd.f(parsedArgs, client) +} + +func tufClient(args *docopt.Args) (*client.Client, error) { + storePath, ok := args.String["--store"] + if !ok { + storePath = args.String["-s"] + } + local := store.FileSystemStore(storePath, nil) + remote, err := client.HTTPRemoteStore(args.String[""], nil) + if err != nil { + return nil, err + } + return client.NewClient(local, remote), nil +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/add.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/add.go new file mode 100644 index 0000000000..088fc78725 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/add.go @@ -0,0 +1,36 @@ +package main + +import ( + // "encoding/json" + + "github.com/endophage/gotuf" + "github.com/flynn/go-docopt" +) + +func init() { + register("add", cmdAdd, ` +usage: tuf add [--expires=] [--custom=] [...] + +Add target file(s). + +Options: + --expires= Set the targets manifest to expire days from now. + --custom= Set custom JSON data for the target(s). +`) +} + +func cmdAdd(args *docopt.Args, repo *tuf.Repo) error { + // var custom json.RawMessage + // if c := args.String["--custom"]; c != "" { + // custom = json.RawMessage(c) + // } + paths := args.All[""].([]string) + if arg := args.String["--expires"]; arg != "" { + expires, err := parseExpires(arg) + if err != nil { + return err + } + return repo.AddTargetsWithExpires(nil, expires, paths...) + } + return repo.AddTargets(nil, paths...) +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/clean.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/clean.go new file mode 100644 index 0000000000..e8eb07e76c --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/clean.go @@ -0,0 +1,18 @@ +package main + +import ( + "github.com/endophage/gotuf" + "github.com/flynn/go-docopt" +) + +func init() { + register("clean", cmdClean, ` +usage: tuf clean + +Remove all staged manifests. + `) +} + +func cmdClean(args *docopt.Args, repo *tuf.Repo) error { + return repo.Clean() +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/commit.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/commit.go new file mode 100644 index 0000000000..6fbe4ce9a2 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/commit.go @@ -0,0 +1,18 @@ +package main + +import ( + "github.com/endophage/gotuf" + "github.com/flynn/go-docopt" +) + +func init() { + register("commit", cmdCommit, ` +usage: tuf commit + +Commit staged files to the repository. +`) +} + +func cmdCommit(args *docopt.Args, repo *tuf.Repo) error { + return repo.Commit() +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/gen_key.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/gen_key.go new file mode 100644 index 0000000000..ba55600c14 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/gen_key.go @@ -0,0 +1,43 @@ +package main + +import ( + "fmt" + + "github.com/endophage/gotuf" + "github.com/flynn/go-docopt" +) + +func init() { + register("gen-key", cmdGenKey, ` +usage: tuf gen-key [--expires=] + +Generate a new signing key for the given role. + +The key will be serialized to JSON and written to the "keys" directory with +filename pattern "ROLE-KEYID.json". The root manifest will also be staged +with the addition of the key's ID to the role's list of key IDs. + +Options: + --expires= Set the root manifest to expire days from now. +`) +} + +func cmdGenKey(args *docopt.Args, repo *tuf.Repo) error { + role := args.String[""] + var id string + var err error + if arg := args.String["--expires"]; arg != "" { + expires, err := parseExpires(arg) + if err != nil { + return err + } + id, err = repo.GenKeyWithExpires(role, expires) + } else { + id, err = repo.GenKey(role) + } + if err != nil { + return err + } + fmt.Println("Generated", role, "key with ID", id) + return nil +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/init.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/init.go new file mode 100644 index 0000000000..11e5e81e0f --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/init.go @@ -0,0 +1,23 @@ +package main + +import ( + "github.com/endophage/gotuf" + "github.com/flynn/go-docopt" +) + +func init() { + register("init", cmdInit, ` +usage: tuf init [--consistent-snapshot=false] + +Initialize a new repository. + +This is only required if the repository should not generate consistent +snapshots (i.e. by passing "--consistent-snapshot=false"). If consistent +snapshots should be generated, the repository will be implicitly +initialized to do so when generating keys. + `) +} + +func cmdInit(args *docopt.Args, repo *tuf.Repo) error { + return repo.Init(args.String["--consistent-snapshot"] != "false") +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/main.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/main.go new file mode 100644 index 0000000000..09f3836c73 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/main.go @@ -0,0 +1,167 @@ +package main + +import ( + "bufio" + "bytes" + "errors" + "fmt" + "log" + "os" + "strconv" + "strings" + "time" + + "github.com/docker/docker/pkg/term" + "github.com/flynn/go-docopt" + + "github.com/endophage/gotuf" + "github.com/endophage/gotuf/signed" + "github.com/endophage/gotuf/store" + "github.com/endophage/gotuf/utils" +) + +func main() { + log.SetFlags(0) + + usage := `usage: tuf [-h|--help] [-d|--dir=] [--insecure-plaintext] [...] + +Options: + -h, --help + -d The path to the repository (defaults to the current working directory) + --insecure-plaintext Don't encrypt signing keys + +Commands: + help Show usage for a specific command + gen-key Generate a new signing key for a specific manifest + revoke-key Revoke a signing key + add Add target file(s) + remove Remove a target file + snapshot Update the snapshot manifest + timestamp Update the timestamp manifest + sign Sign a manifest + commit Commit staged files to the repository + regenerate Recreate the targets manifest + clean Remove all staged manifests + root-keys Output a JSON serialized array of root keys to STDOUT + +See "tuf help " for more information on a specific command +` + + args, _ := docopt.Parse(usage, nil, true, "", true) + cmd := args.String[""] + cmdArgs := args.All[""].([]string) + + if cmd == "help" { + if len(cmdArgs) == 0 { // `tuf help` + fmt.Println(usage) + return + } else { // `tuf help ` + cmd = cmdArgs[0] + cmdArgs = []string{"--help"} + } + } + + dir, ok := args.String["-d"] + if !ok { + dir = args.String["--dir"] + } + if dir == "" { + var err error + dir, err = os.Getwd() + if err != nil { + log.Fatal(err) + } + } + + if err := runCommand(cmd, cmdArgs, dir, args.Bool["--insecure-plaintext"]); err != nil { + log.Fatalln("ERROR:", err) + } +} + +type cmdFunc func(*docopt.Args, *tuf.Repo) error + +type command struct { + usage string + f cmdFunc +} + +var commands = make(map[string]*command) + +func register(name string, f cmdFunc, usage string) { + commands[name] = &command{usage: usage, f: f} +} + +func runCommand(name string, args []string, dir string, insecure bool) error { + argv := make([]string, 1, 1+len(args)) + argv[0] = name + argv = append(argv, args...) + + cmd, ok := commands[name] + if !ok { + return fmt.Errorf("%s is not a tuf command. See 'tuf help'", name) + } + + parsedArgs, err := docopt.Parse(cmd.usage, argv, true, "", true) + if err != nil { + return err + } + + var p utils.PassphraseFunc + if !insecure { + p = getPassphrase + } + signer := signed.Ed25519{} + repo, err := tuf.NewRepo(&signer, store.FileSystemStore(dir, p), "sha256") + if err != nil { + return err + } + return cmd.f(parsedArgs, repo) +} + +func parseExpires(arg string) (time.Time, error) { + days, err := strconv.Atoi(arg) + if err != nil { + return time.Time{}, fmt.Errorf("failed to parse --expires arg: %s", err) + } + return time.Now().AddDate(0, 0, days).UTC(), nil +} + +func getPassphrase(role string, confirm bool) ([]byte, error) { + if pass := os.Getenv(fmt.Sprintf("TUF_%s_PASSPHRASE", strings.ToUpper(role))); pass != "" { + return []byte(pass), nil + } + + state, err := term.SaveState(0) + if err != nil { + return nil, err + } + term.DisableEcho(0, state) + defer term.RestoreTerminal(0, state) + + stdin := bufio.NewReader(os.Stdin) + + fmt.Printf("Enter %s keys passphrase: ", role) + passphrase, err := stdin.ReadBytes('\n') + fmt.Println() + if err != nil { + return nil, err + } + passphrase = passphrase[0 : len(passphrase)-1] + + if !confirm { + return passphrase, nil + } + + fmt.Printf("Repeat %s keys passphrase: ", role) + confirmation, err := stdin.ReadBytes('\n') + fmt.Println() + if err != nil { + return nil, err + } + confirmation = confirmation[0 : len(confirmation)-1] + + if !bytes.Equal(passphrase, confirmation) { + return nil, errors.New("The entered passphrases do not match") + } + return passphrase, nil +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/regenerate.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/regenerate.go new file mode 100644 index 0000000000..b3bba56720 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/regenerate.go @@ -0,0 +1,22 @@ +package main + +import ( + "log" + + "github.com/endophage/gotuf" + "github.com/flynn/go-docopt" +) + +func init() { + register("regenerate", cmdRegenerate, ` +usage: tuf regenerate [--consistent-snapshot=false] + +Recreate the targets manifest. + `) +} + +func cmdRegenerate(args *docopt.Args, repo *tuf.Repo) error { + // TODO: implement this + log.Println("not implemented") + return nil +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/remove.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/remove.go new file mode 100644 index 0000000000..471fd113f0 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/remove.go @@ -0,0 +1,35 @@ +package main + +import ( + "errors" + + "github.com/endophage/gotuf" + "github.com/flynn/go-docopt" +) + +func init() { + register("remove", cmdRemove, ` +usage: tuf remove [--expires=] [--all] [...] + +Remove target file(s). + +Options: + --all Remove all target files. + --expires= Set the targets manifest to expire days from now. +`) +} + +func cmdRemove(args *docopt.Args, repo *tuf.Repo) error { + paths := args.All[""].([]string) + if len(paths) == 0 && !args.Bool["--all"] { + return errors.New("either specify some paths or set the --all flag to remove all targets") + } + if arg := args.String["--expires"]; arg != "" { + expires, err := parseExpires(arg) + if err != nil { + return err + } + return repo.RemoveTargetsWithExpires(expires, paths...) + } + return repo.RemoveTargets(paths) +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/revoke_key.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/revoke_key.go new file mode 100644 index 0000000000..c176e098dd --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/revoke_key.go @@ -0,0 +1,31 @@ +package main + +import ( + "github.com/endophage/gotuf" + "github.com/flynn/go-docopt" +) + +func init() { + register("revoke-key", cmdRevokeKey, ` +usage: tuf revoke-key [--expires=] + +Revoke a signing key + +The key will be removed from the root manifest, but the key will remain in the +"keys" directory if present. + +Options: + --expires= Set the root manifest to expire days from now. +`) +} + +func cmdRevokeKey(args *docopt.Args, repo *tuf.Repo) error { + if arg := args.String["--expires"]; arg != "" { + expires, err := parseExpires(arg) + if err != nil { + return err + } + return repo.RevokeKeyWithExpires(args.String[""], args.String[""], expires) + } + return repo.RevokeKey(args.String[""], args.String[""]) +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/root_keys.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/root_keys.go new file mode 100644 index 0000000000..2cafff1559 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/root_keys.go @@ -0,0 +1,27 @@ +package main + +import ( + "encoding/json" + "os" + + "github.com/endophage/gotuf" + "github.com/flynn/go-docopt" +) + +func init() { + register("root-keys", cmdRootKeys, ` +usage: tuf root-keys + +Outputs a JSON serialized array of root keys to STDOUT. + +The resulting JSON should be distributed to clients for performing initial updates. +`) +} + +func cmdRootKeys(args *docopt.Args, repo *tuf.Repo) error { + keys, err := repo.RootKeys() + if err != nil { + return err + } + return json.NewEncoder(os.Stdout).Encode(keys) +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/sign.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/sign.go new file mode 100644 index 0000000000..d92267cd69 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/sign.go @@ -0,0 +1,18 @@ +package main + +import ( + "github.com/endophage/gotuf" + "github.com/flynn/go-docopt" +) + +func init() { + register("sign", cmdSign, ` +usage: tuf sign + +Sign a manifest. +`) +} + +func cmdSign(args *docopt.Args, repo *tuf.Repo) error { + return repo.Sign(args.String[""]) +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/snapshot.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/snapshot.go new file mode 100644 index 0000000000..2a6aa67cc1 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/snapshot.go @@ -0,0 +1,29 @@ +package main + +import ( + "github.com/endophage/gotuf" + "github.com/flynn/go-docopt" +) + +func init() { + register("snapshot", cmdSnapshot, ` +usage: tuf snapshot [--expires=] [--compression=] + +Update the snapshot manifest. + +Options: + --expires= Set the snapshot manifest to expire days from now. +`) +} + +func cmdSnapshot(args *docopt.Args, repo *tuf.Repo) error { + // TODO: parse --compression + if arg := args.String["--expires"]; arg != "" { + expires, err := parseExpires(arg) + if err != nil { + return err + } + return repo.SnapshotWithExpires(tuf.CompressionTypeNone, expires) + } + return repo.Snapshot(tuf.CompressionTypeNone) +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/timestamp.go b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/timestamp.go new file mode 100644 index 0000000000..a3ba349d3a --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/cmd/tuf/timestamp.go @@ -0,0 +1,28 @@ +package main + +import ( + "github.com/endophage/gotuf" + "github.com/flynn/go-docopt" +) + +func init() { + register("timestamp", cmdTimestamp, ` +usage: tuf timestamp [--expires=] + +Update the timestamp manifest. + +Options: + --expires= Set the timestamp manifest to expire days from now. +`) +} + +func cmdTimestamp(args *docopt.Args, repo *tuf.Repo) error { + if arg := args.String["--expires"]; arg != "" { + expires, err := parseExpires(arg) + if err != nil { + return err + } + return repo.TimestampWithExpires(expires) + } + return repo.Timestamp() +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/data/root.go b/Godeps/_workspace/src/github.com/endophage/gotuf/data/root.go index 323787802e..2528c57840 100644 --- a/Godeps/_workspace/src/github.com/endophage/gotuf/data/root.go +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/data/root.go @@ -13,15 +13,15 @@ type SignedRoot struct { } type Root struct { - Type string `json:"_type"` - Version int `json:"version"` - Expires string `json:"expires"` - Keys map[string]*TUFKey `json:"keys"` - Roles map[string]*RootRole `json:"roles"` - ConsistentSnapshot bool `json:"consistent_snapshot"` + Type string `json:"_type"` + Version int `json:"version"` + Expires string `json:"expires"` + Keys map[string]*PublicKey `json:"keys"` + Roles map[string]*RootRole `json:"roles"` + ConsistentSnapshot bool `json:"consistent_snapshot"` } -func NewRoot(keys map[string]*TUFKey, roles map[string]*RootRole, consistent bool) (*SignedRoot, error) { +func NewRoot(keys map[string]*PublicKey, roles map[string]*RootRole, consistent bool) (*SignedRoot, error) { return &SignedRoot{ Signatures: make([]Signature, 0), Signed: Root{ diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/data/targets.go b/Godeps/_workspace/src/github.com/endophage/gotuf/data/targets.go index bf0da26eff..e1ed0f5505 100644 --- a/Godeps/_workspace/src/github.com/endophage/gotuf/data/targets.go +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/data/targets.go @@ -80,7 +80,7 @@ func (t *SignedTargets) AddTarget(path string, meta FileMeta) { t.Dirty = true } -func (t *SignedTargets) AddDelegation(role *Role, keys []*TUFKey) error { +func (t *SignedTargets) AddDelegation(role *Role, keys []*PublicKey) error { return nil } diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/data/types.go b/Godeps/_workspace/src/github.com/endophage/gotuf/data/types.go index 21308b0673..f35e11cca6 100644 --- a/Godeps/_workspace/src/github.com/endophage/gotuf/data/types.go +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/data/types.go @@ -98,13 +98,13 @@ func NewFileMeta(r io.Reader, hashAlgorithms ...string) (FileMeta, error) { } type Delegations struct { - Keys map[string]*TUFKey `json:"keys"` - Roles []*Role `json:"roles"` + Keys map[string]*PublicKey `json:"keys"` + Roles []*Role `json:"roles"` } func NewDelegations() *Delegations { return &Delegations{ - Keys: make(map[string]*TUFKey), + Keys: make(map[string]*PublicKey), Roles: make([]*Role, 0), } } diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/encrypted/encrypted.go b/Godeps/_workspace/src/github.com/endophage/gotuf/encrypted/encrypted.go new file mode 100644 index 0000000000..4d174d61f9 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/encrypted/encrypted.go @@ -0,0 +1,226 @@ +// Package encrypted provides a simple, secure system for encrypting data +// symmetrically with a passphrase. +// +// It uses scrypt derive a key from the passphrase and the NaCl secret box +// cipher for authenticated encryption. +package encrypted + +import ( + "crypto/rand" + "encoding/json" + "errors" + "fmt" + "io" + + "golang.org/x/crypto/nacl/secretbox" + "golang.org/x/crypto/scrypt" +) + +const saltSize = 32 + +const ( + boxKeySize = 32 + boxNonceSize = 24 +) + +const ( + // N parameter was chosen to be ~100ms of work using the default implementation + // on the 2.3GHz Core i7 Haswell processor in a late-2013 Apple Retina Macbook + // Pro (it takes ~113ms). + scryptN = 32768 + scryptR = 8 + scryptP = 1 +) + +const ( + nameScrypt = "scrypt" + nameSecretBox = "nacl/secretbox" +) + +type data struct { + KDF scryptKDF `json:"kdf"` + Cipher secretBoxCipher `json:"cipher"` + Ciphertext []byte `json:"ciphertext"` +} + +type scryptParams struct { + N int `json:"N"` + R int `json:"r"` + P int `json:"p"` +} + +func newScryptKDF() (scryptKDF, error) { + salt := make([]byte, saltSize) + if err := fillRandom(salt); err != nil { + return scryptKDF{}, err + } + return scryptKDF{ + Name: nameScrypt, + Params: scryptParams{ + N: scryptN, + R: scryptR, + P: scryptP, + }, + Salt: salt, + }, nil +} + +type scryptKDF struct { + Name string `json:"name"` + Params scryptParams `json:"params"` + Salt []byte `json:"salt"` +} + +func (s *scryptKDF) Key(passphrase []byte) ([]byte, error) { + return scrypt.Key(passphrase, s.Salt, s.Params.N, s.Params.R, s.Params.P, boxKeySize) +} + +// CheckParams checks that the encoded KDF parameters are what we expect them to +// be. If we do not do this, an attacker could cause a DoS by tampering with +// them. +func (s *scryptKDF) CheckParams() error { + if s.Params.N != scryptN || s.Params.R != scryptR || s.Params.P != scryptP { + return errors.New("encrypted: unexpected kdf parameters") + } + return nil +} + +func newSecretBoxCipher() (secretBoxCipher, error) { + nonce := make([]byte, boxNonceSize) + if err := fillRandom(nonce); err != nil { + return secretBoxCipher{}, err + } + return secretBoxCipher{ + Name: nameSecretBox, + Nonce: nonce, + }, nil +} + +type secretBoxCipher struct { + Name string `json:"name"` + Nonce []byte `json:"nonce"` + + encrypted bool +} + +func (s *secretBoxCipher) Encrypt(plaintext, key []byte) []byte { + var keyBytes [boxKeySize]byte + var nonceBytes [boxNonceSize]byte + + if len(key) != len(keyBytes) { + panic("incorrect key size") + } + if len(s.Nonce) != len(nonceBytes) { + panic("incorrect nonce size") + } + + copy(keyBytes[:], key) + copy(nonceBytes[:], s.Nonce) + + // ensure that we don't re-use nonces + if s.encrypted { + panic("Encrypt must only be called once for each cipher instance") + } + s.encrypted = true + + return secretbox.Seal(nil, plaintext, &nonceBytes, &keyBytes) +} + +func (s *secretBoxCipher) Decrypt(ciphertext, key []byte) ([]byte, error) { + var keyBytes [boxKeySize]byte + var nonceBytes [boxNonceSize]byte + + if len(key) != len(keyBytes) { + panic("incorrect key size") + } + if len(s.Nonce) != len(nonceBytes) { + // return an error instead of panicking since the nonce is user input + return nil, errors.New("encrypted: incorrect nonce size") + } + + copy(keyBytes[:], key) + copy(nonceBytes[:], s.Nonce) + + res, ok := secretbox.Open(nil, ciphertext, &nonceBytes, &keyBytes) + if !ok { + return nil, errors.New("encrypted: decryption failed") + } + return res, nil +} + +// Encrypt takes a passphrase and plaintext, and returns a JSON object +// containing ciphertext and the details necessary to decrypt it. +func Encrypt(plaintext, passphrase []byte) ([]byte, error) { + k, err := newScryptKDF() + if err != nil { + return nil, err + } + key, err := k.Key(passphrase) + if err != nil { + return nil, err + } + + c, err := newSecretBoxCipher() + if err != nil { + return nil, err + } + + data := &data{ + KDF: k, + Cipher: c, + } + data.Ciphertext = c.Encrypt(plaintext, key) + + return json.Marshal(data) +} + +// Marshal encrypts the JSON encoding of v using passphrase. +func Marshal(v interface{}, passphrase []byte) ([]byte, error) { + data, err := json.MarshalIndent(v, "", "\t") + if err != nil { + return nil, err + } + return Encrypt(data, passphrase) +} + +// Decrypt takes a JSON-encoded ciphertext object encrypted using Encrypt and +// tries to decrypt it using passphrase. If successful, it returns the +// plaintext. +func Decrypt(ciphertext, passphrase []byte) ([]byte, error) { + data := &data{} + if err := json.Unmarshal(ciphertext, data); err != nil { + return nil, err + } + + if data.KDF.Name != nameScrypt { + return nil, fmt.Errorf("encrypted: unknown kdf name %q", data.KDF.Name) + } + if data.Cipher.Name != nameSecretBox { + return nil, fmt.Errorf("encrypted: unknown cipher name %q", data.Cipher.Name) + } + if err := data.KDF.CheckParams(); err != nil { + return nil, err + } + + key, err := data.KDF.Key(passphrase) + if err != nil { + return nil, err + } + + return data.Cipher.Decrypt(data.Ciphertext, key) +} + +// Unmarshal decrypts the data using passphrase and unmarshals the resulting +// plaintext into the value pointed to by v. +func Unmarshal(data []byte, v interface{}, passphrase []byte) error { + decrypted, err := Decrypt(data, passphrase) + if err != nil { + return err + } + return json.Unmarshal(decrypted, v) +} + +func fillRandom(b []byte) error { + _, err := io.ReadFull(rand.Reader, b) + return err +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/encrypted/encrypted_test.go b/Godeps/_workspace/src/github.com/endophage/gotuf/encrypted/encrypted_test.go new file mode 100644 index 0000000000..31b058252f --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/encrypted/encrypted_test.go @@ -0,0 +1,64 @@ +package encrypted + +import ( + "encoding/json" + "testing" + + . "gopkg.in/check.v1" +) + +// Hook up gocheck into the "go test" runner. +func Test(t *testing.T) { TestingT(t) } + +type EncryptedSuite struct{} + +var _ = Suite(&EncryptedSuite{}) + +var plaintext = []byte("reallyimportant") + +func (EncryptedSuite) TestRoundtrip(c *C) { + passphrase := []byte("supersecret") + + enc, err := Encrypt(plaintext, passphrase) + c.Assert(err, IsNil) + + // successful decrypt + dec, err := Decrypt(enc, passphrase) + c.Assert(err, IsNil) + c.Assert(dec, DeepEquals, plaintext) + + // wrong passphrase + passphrase[0] = 0 + dec, err = Decrypt(enc, passphrase) + c.Assert(err, NotNil) + c.Assert(dec, IsNil) +} + +func (EncryptedSuite) TestTamperedRoundtrip(c *C) { + passphrase := []byte("supersecret") + + enc, err := Encrypt(plaintext, passphrase) + c.Assert(err, IsNil) + + data := &data{} + err = json.Unmarshal(enc, data) + c.Assert(err, IsNil) + + data.Ciphertext[0] = 0 + data.Ciphertext[1] = 0 + + enc, _ = json.Marshal(data) + + dec, err := Decrypt(enc, passphrase) + c.Assert(err, NotNil) + c.Assert(dec, IsNil) +} + +func (EncryptedSuite) TestDecrypt(c *C) { + enc := []byte(`{"kdf":{"name":"scrypt","params":{"N":32768,"r":8,"p":1},"salt":"N9a7x5JFGbrtB2uBR81jPwp0eiLR4A7FV3mjVAQrg1g="},"cipher":{"name":"nacl/secretbox","nonce":"2h8HxMmgRfuYdpswZBQaU3xJ1nkA/5Ik"},"ciphertext":"SEW6sUh0jf2wfdjJGPNS9+bkk2uB+Cxamf32zR8XkQ=="}`) + passphrase := []byte("supersecret") + + dec, err := Decrypt(enc, passphrase) + c.Assert(err, IsNil) + c.Assert(dec, DeepEquals, plaintext) +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/resources/tuf_update_flow.jpg b/Godeps/_workspace/src/github.com/endophage/gotuf/resources/tuf_update_flow.jpg new file mode 100644 index 0000000000..c4ccde841b Binary files /dev/null and b/Godeps/_workspace/src/github.com/endophage/gotuf/resources/tuf_update_flow.jpg differ diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/signed/verify.go b/Godeps/_workspace/src/github.com/endophage/gotuf/signed/verify.go index d60b732abd..3b23432b02 100644 --- a/Godeps/_workspace/src/github.com/endophage/gotuf/signed/verify.go +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/signed/verify.go @@ -46,8 +46,8 @@ func Verify(s *data.Signed, role string, minVersion int, db *keys.KeyDB) error { return ErrWrongType } if IsExpired(sm.Expires) { - //logrus.Errorf("Metadata for %s expired", role) - //return ErrExpired{sm.Expires} + logrus.Errorf("Metadata for %s expired", role) + return ErrExpired{sm.Expires} } if sm.Version < minVersion { return ErrLowVersion{sm.Version, minVersion} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/store/dbstore.go b/Godeps/_workspace/src/github.com/endophage/gotuf/store/dbstore.go new file mode 100644 index 0000000000..be75ee13f4 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/store/dbstore.go @@ -0,0 +1,252 @@ +package store + +import ( + "database/sql" + "encoding/hex" + "encoding/json" + "fmt" + "io/ioutil" + "os" + "path" + + logrus "github.com/Sirupsen/logrus" + "github.com/endophage/gotuf/data" + "github.com/endophage/gotuf/utils" +) + +const ( + tufLoc string = "/tmp/tuf" + metadataSubDir string = "metadata" +) + +// implements LocalStore +type dbStore struct { + db sql.DB + imageName string +} + +// DBStore takes a database connection and the QDN of the image +func DBStore(db *sql.DB, imageName string) *dbStore { + store := dbStore{ + db: *db, + imageName: imageName, + } + + return &store +} + +// GetMeta loads existing TUF metadata files +func (dbs *dbStore) GetMeta(name string) (json.RawMessage, error) { + data, err := dbs.readFile(name) + if err != nil { + return nil, err + } + return data, err +} + +// SetMeta writes individual TUF metadata files +func (dbs *dbStore) SetMeta(name string, meta json.RawMessage) error { + return dbs.writeFile(name, meta) +} + +// WalkStagedTargets walks all targets in scope +func (dbs *dbStore) WalkStagedTargets(paths []string, targetsFn targetsWalkFunc) error { + if len(paths) == 0 { + files := dbs.loadTargets("") + for path, meta := range files { + if err := targetsFn(path, meta); err != nil { + return err + } + } + return nil + } + + for _, path := range paths { + files := dbs.loadTargets(path) + meta, ok := files[path] + if !ok { + return fmt.Errorf("File Not Found") + } + if err := targetsFn(path, meta); err != nil { + return err + } + } + return nil +} + +// Commit writes a set of consistent (possibly) TUF metadata files +func (dbs *dbStore) Commit(metafiles map[string]json.RawMessage, consistent bool, hashes map[string]data.Hashes) error { + // TODO (endophage): write meta files to cache + return nil + +} + +// GetKeys returns private keys +func (dbs *dbStore) GetKeys(role string) ([]*data.Key, error) { + keys := []*data.Key{} + var r *sql.Rows + var err error + sql := "SELECT `key` FROM `keys` WHERE `role` = ? AND `namespace` = ?;" + tx, err := dbs.db.Begin() + defer tx.Rollback() + r, err = tx.Query(sql, role, dbs.imageName) + if err != nil { + return nil, err + } + defer r.Close() + for r.Next() { + var jsonStr string + key := new(data.Key) + r.Scan(&jsonStr) + err := json.Unmarshal([]byte(jsonStr), key) + if err != nil { + return nil, err + } + keys = append(keys, key) + } + return keys, nil +} + +// SaveKey saves a new private key +func (dbs *dbStore) SaveKey(role string, key *data.Key) error { + jsonBytes, err := json.Marshal(key) + if err != nil { + return fmt.Errorf("Could not JSON Marshal Key") + } + tx, err := dbs.db.Begin() + if err != nil { + logrus.Error(err) + return err + } + _, err = tx.Exec("INSERT INTO `keys` (`namespace`, `role`, `key`) VALUES (?,?,?);", dbs.imageName, role, string(jsonBytes)) + tx.Commit() + return err +} + +// Clean removes staged targets +func (dbs *dbStore) Clean() error { + // TODO (endophage): purge stale items from db? May just/also need a remove method + return nil +} + +// AddBlob adds an object to the store +func (dbs *dbStore) AddBlob(path string, meta data.FileMeta) { + path = utils.NormalizeTarget(path) + jsonbytes := []byte{} + if meta.Custom != nil { + jsonbytes, _ = meta.Custom.MarshalJSON() + } + + tx, err := dbs.db.Begin() + if err != nil { + logrus.Error(err) + return + } + _, err = tx.Exec("INSERT OR REPLACE INTO `filemeta` VALUES (?,?,?,?);", dbs.imageName, path, meta.Length, jsonbytes) + if err != nil { + logrus.Error(err) + } + tx.Commit() + dbs.addBlobHashes(path, meta.Hashes) +} + +func (dbs *dbStore) addBlobHashes(path string, hashes data.Hashes) { + tx, err := dbs.db.Begin() + if err != nil { + logrus.Error(err) + } + for alg, hash := range hashes { + _, err := tx.Exec("INSERT OR REPLACE INTO `filehashes` VALUES (?,?,?,?);", dbs.imageName, path, alg, hex.EncodeToString(hash)) + if err != nil { + logrus.Error(err) + } + } + tx.Commit() +} + +// RemoveBlob removes an object from the store +func (dbs *dbStore) RemoveBlob(path string) error { + tx, err := dbs.db.Begin() + if err != nil { + logrus.Error(err) + return err + } + _, err = tx.Exec("DELETE FROM `filemeta` WHERE `path`=? AND `namespace`=?", path, dbs.imageName) + if err == nil { + tx.Commit() + } else { + tx.Rollback() + } + return err +} + +func (dbs *dbStore) loadTargets(path string) map[string]data.FileMeta { + var err error + var r *sql.Rows + tx, err := dbs.db.Begin() + defer tx.Rollback() + files := make(map[string]data.FileMeta) + sql := "SELECT `filemeta`.`path`, `size`, `alg`, `hash`, `custom` FROM `filemeta` JOIN `filehashes` ON `filemeta`.`path` = `filehashes`.`path` AND `filemeta`.`namespace` = `filehashes`.`namespace` WHERE `filemeta`.`namespace`=?" + if path != "" { + sql = fmt.Sprintf("%s %s", sql, "AND `filemeta`.`path`=?") + r, err = tx.Query(sql, dbs.imageName, path) + } else { + r, err = tx.Query(sql, dbs.imageName) + } + if err != nil { + return files + } + defer r.Close() + for r.Next() { + var absPath, alg, hash string + var size int64 + var custom json.RawMessage + r.Scan(&absPath, &size, &alg, &hash, &custom) + hashBytes, err := hex.DecodeString(hash) + if err != nil { + // We're going to skip items with unparseable hashes as they + // won't be valid in the targets + logrus.Debug("Hash was not stored in hex as expected") + continue + } + if file, ok := files[absPath]; ok { + file.Hashes[alg] = hashBytes + } else { + file = data.FileMeta{ + Length: size, + Hashes: data.Hashes{ + alg: hashBytes, + }, + } + if custom != nil { + file.Custom = &custom + } + files[absPath] = file + } + } + return files +} + +func (dbs *dbStore) writeFile(name string, content []byte) error { + jsonName := fmt.Sprintf("%s.json", name) + fullPath := path.Join(tufLoc, metadataSubDir, dbs.imageName, jsonName) + dirPath := path.Dir(fullPath) + err := os.MkdirAll(dirPath, 0744) + if err != nil { + logrus.Error("error creating directory path to TUF cache") + return err + } + + err = ioutil.WriteFile(fullPath, content, 0744) + if err != nil { + logrus.Error("Error writing file") + } + return err +} + +func (dbs *dbStore) readFile(name string) ([]byte, error) { + jsonName := fmt.Sprintf("%s.json", name) + fullPath := path.Join(tufLoc, metadataSubDir, dbs.imageName, jsonName) + content, err := ioutil.ReadFile(fullPath) + return content, err +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/store/dbstore_test.go b/Godeps/_workspace/src/github.com/endophage/gotuf/store/dbstore_test.go new file mode 100644 index 0000000000..5d3b04a352 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/store/dbstore_test.go @@ -0,0 +1,155 @@ +package store + +import ( + // "fmt" + "testing" + + "github.com/endophage/gotuf/data" + "github.com/endophage/gotuf/testutils" +) + +// TestDBStore just ensures we can initialize an empty store. +// Nothing to test, just ensure no crashes :-) +func TestDBStore(t *testing.T) { + db := testutils.GetSqliteDB() + defer testutils.FlushDB(db) + _ = DBStore(db, "") +} + +func TestLoadFiles(t *testing.T) { + db := testutils.GetSqliteDB() + defer testutils.FlushDB(db) + store := DBStore(db, "docker.io/testImage") + testmeta := testutils.SampleMeta() + store.AddBlob("/foo.txt", testmeta) + + called := false + check := func(path string, meta data.FileMeta) error { + if called { + t.Fatal("Store only has one item but check called > once.") + } else { + called = true + } + + if path != "/foo.txt" { + t.Fatal("Path is incorrect", path) + } + + if meta.Length != testmeta.Length { + t.Fatal("Length is incorrect") + } + + if len(meta.Hashes) != len(testmeta.Hashes) { + t.Fatal("Hashes map has been modified") + } + + return nil + } + store.WalkStagedTargets([]string{}, check) + if !called { + t.Fatal("Walk func never called") + } +} + +func TestAddBlob(t *testing.T) { + db := testutils.GetSqliteDB() + defer testutils.FlushDB(db) + store := DBStore(db, "docker.io/testImage") + testmeta := testutils.SampleMeta() + store.AddBlob("/foo.txt", testmeta) + + called := false + check := func(path string, meta data.FileMeta) error { + if called { + t.Fatal("Store only has one item but check called > once.") + } else { + called = true + } + + if path != "/foo.txt" { + t.Fatal("Path is incorrect") + } + + if meta.Length != 1 { + t.Fatal("Length is incorrect") + } + + sha256, ok256 := meta.Hashes["sha256"] + sha512, ok512 := meta.Hashes["sha512"] + if len(meta.Hashes) != 2 || !ok256 || !ok512 { + t.Fatal("Hashes map has been modified") + } + + hash := data.HexBytes{0x01, 0x02} + if sha256[0] != hash[0] || sha256[1] != hash[1] { + t.Fatal("SHA256 has been modified") + } + hash = data.HexBytes{0x03, 0x04} + if sha512[0] != hash[0] || sha512[1] != hash[1] { + t.Fatal("SHA512 has been modified") + } + return nil + } + + store.WalkStagedTargets([]string{}, check) + + if !called { + t.Fatal("Walk func never called") + } +} + +func TestRemoveBlob(t *testing.T) { + testPath := "/foo.txt" + db := testutils.GetSqliteDB() + defer testutils.FlushDB(db) + store := DBStore(db, "docker.io/testImage") + meta := testutils.SampleMeta() + + store.AddBlob(testPath, meta) + + called := false + check := func(path string, meta data.FileMeta) error { + called = true + return nil + } + + store.RemoveBlob(testPath) + + store.WalkStagedTargets([]string{}, check) + + if called { + t.Fatal("Walk func called on empty db") + } + +} + +func TestLoadFilesWithPath(t *testing.T) { + db := testutils.GetSqliteDB() + defer testutils.FlushDB(db) + store := DBStore(db, "docker.io/testImage") + meta := testutils.SampleMeta() + + store.AddBlob("/foo.txt", meta) + store.AddBlob("/bar.txt", meta) + + called := false + check := func(path string, meta data.FileMeta) error { + if called { + t.Fatal("Store only has one item but check called > once.") + } else { + called = true + } + + if path != "/foo.txt" { + t.Fatal("Path is incorrect") + } + + return nil + } + + store.WalkStagedTargets([]string{"/foo.txt"}, check) + + if !called { + t.Fatal("Walk func never called") + } +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/store/filecache.go b/Godeps/_workspace/src/github.com/endophage/gotuf/store/filecache.go new file mode 100644 index 0000000000..f3b809402d --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/store/filecache.go @@ -0,0 +1,48 @@ +package store + +import ( + "encoding/json" + "io/ioutil" + "os" + "path" + "path/filepath" +) + +// FileCacheStore implements a super simple wrapper around RemoteStore +// to handle local file caching of metadata +type FileCacheStore struct { + RemoteStore + cachePath string +} + +func NewFileCacheStore(remote RemoteStore, cachePath string) *FileCacheStore { + return &FileCacheStore{ + RemoteStore: remote, + cachePath: cachePath, + } +} + +func (s FileCacheStore) cacheFile(name string, data json.RawMessage) error { + path := path.Join(s.cachePath, name) + dir := filepath.Dir(path) + os.MkdirAll(dir, 0600) + return ioutil.WriteFile(path+".json", data, 0600) +} + +func (s FileCacheStore) useCachedFile(name string) (json.RawMessage, error) { + path := path.Join(s.cachePath, name+".json") + return ioutil.ReadFile(path) +} + +func (s FileCacheStore) GetMeta(name string, size int64) (json.RawMessage, error) { + data, err := s.useCachedFile(name) + if err == nil || data != nil { + return data, nil + } + data, err = s.RemoteStore.GetMeta(name, size) + if err != nil { + return nil, err + } + s.cacheFile(name, data) + return data, nil +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/store/filestore.go b/Godeps/_workspace/src/github.com/endophage/gotuf/store/filestore.go new file mode 100644 index 0000000000..134c8fa184 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/store/filestore.go @@ -0,0 +1,58 @@ +package store + +import ( + "encoding/json" + "fmt" + "io/ioutil" + "os" + "path" + "path/filepath" +) + +func NewFilesystemStore(baseDir, metaSubDir, metaExtension, targetsSubDir string) (MetadataStore, error) { + metaDir := path.Join(baseDir, metaSubDir) + targetsDir := path.Join(baseDir, targetsSubDir) + + // Make sure we can create the necessary dirs and they are writable + err := os.MkdirAll(metaDir, 0644) + if err != nil { + return nil, err + } + err = os.MkdirAll(targetsDir, 0644) + if err != nil { + return nil, err + } + + return &filesystemStore{ + baseDir: baseDir, + metaDir: metaDir, + metaExtension: metaExtension, + targetsDir: targetsDir, + }, nil +} + +type filesystemStore struct { + baseDir string + metaDir string + metaExtension string + targetsDir string +} + +func (f *filesystemStore) GetMeta(name string, size int64) (json.RawMessage, error) { + fileName := fmt.Sprintf("%s.%s", name, f.metaExtension) + path := filepath.Join(f.metaDir, fileName) + meta, err := ioutil.ReadFile(path) + if err != nil { + return nil, err + } + return meta, nil +} + +func (f *filesystemStore) SetMeta(name string, meta json.RawMessage) error { + fileName := fmt.Sprintf("%s.%s", name, f.metaExtension) + path := filepath.Join(f.metaDir, fileName) + if err := ioutil.WriteFile(path, meta, 0644); err != nil { + return err + } + return nil +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/store/httpstore.go b/Godeps/_workspace/src/github.com/endophage/gotuf/store/httpstore.go new file mode 100644 index 0000000000..37c4dce1e2 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/store/httpstore.go @@ -0,0 +1,112 @@ +package store + +import ( + "bytes" + "encoding/json" + "errors" + "fmt" + "io" + "io/ioutil" + "net/url" + "path" + + "github.com/Sirupsen/logrus" + "github.com/endophage/gotuf/utils" +) + +// HTTPStore manages pulling and pushing metadata from and to a remote +// service over HTTP. It assumes the URL structure of the remote service +// maps identically to the structure of the TUF repo: +// //(root|targets|snapshot|timestamp).json +// //foo.sh +// +// If consistent snapshots are disabled, it is advised that caching is not +// enabled. Simple set a cachePath (and ensure it's writeable) to enable +// caching. +type HTTPStore struct { + baseURL url.URL + metaPrefix string + metaExtension string + targetsPrefix string +} + +func NewHTTPStore(baseURL, metaPrefix, metaExtension, targetsPrefix string) (*HTTPStore, error) { + base, err := url.Parse(baseURL) + if err != nil { + return nil, err + } + if !base.IsAbs() { + return nil, errors.New("HTTPStore requires an absolute baseURL") + } + return &HTTPStore{ + baseURL: *base, + metaPrefix: metaPrefix, + metaExtension: metaExtension, + targetsPrefix: targetsPrefix, + }, nil +} + +// GetMeta downloads the named meta file with the given size. A short body +// is acceptable because in the case of timestamp.json, the size is a cap, +// not an exact length. +func (s HTTPStore) GetMeta(name string, size int64) (json.RawMessage, error) { + url, err := s.buildMetaURL(name) + if err != nil { + return nil, err + } + resp, err := utils.Download(*url) + if err != nil { + return nil, err + } + defer resp.Body.Close() + b := io.LimitReader(resp.Body, int64(size)) + body, err := ioutil.ReadAll(b) + + if err != nil { + return nil, err + } + return json.RawMessage(body), nil +} + +func (s HTTPStore) SetMeta(name string, blob json.RawMessage) error { + url, err := s.buildMetaURL(name) + if err != nil { + return err + } + _, err = utils.Upload(url.String(), bytes.NewReader(blob)) + return err +} + +func (s HTTPStore) buildMetaURL(name string) (*url.URL, error) { + filename := fmt.Sprintf("%s.%s", name, s.metaExtension) + uri := path.Join(s.metaPrefix, filename) + return s.buildURL(uri) +} + +func (s HTTPStore) buildTargetsURL(name string) (*url.URL, error) { + uri := path.Join(s.targetsPrefix, name) + return s.buildURL(uri) +} + +func (s HTTPStore) buildURL(uri string) (*url.URL, error) { + sub, err := url.Parse(uri) + if err != nil { + return nil, err + } + return s.baseURL.ResolveReference(sub), nil +} + +// GetTarget returns a reader for the desired target or an error. +// N.B. The caller is responsible for closing the reader. +func (s HTTPStore) GetTarget(path string) (io.ReadCloser, error) { + url, err := s.buildTargetsURL(path) + if err != nil { + return nil, err + } + logrus.Debug("Attempting to download target: ", url.String()) + resp, err := utils.Download(*url) + if err != nil { + return nil, err + } + return resp.Body, nil +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/store/httpstore_test.go b/Godeps/_workspace/src/github.com/endophage/gotuf/store/httpstore_test.go new file mode 100644 index 0000000000..ff3d2bdf16 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/store/httpstore_test.go @@ -0,0 +1,93 @@ +package store + +import ( + "encoding/hex" + "encoding/json" + "encoding/pem" + "strings" + "testing" + + "github.com/tent/canonical-json-go" + + "github.com/endophage/gotuf/data" + "github.com/endophage/gotuf/signed" +) + +func TestGetMeta(t *testing.T) { + store, err := NewHTTPStore( + "http://mirror1.poly.edu/test-pypi/", + "metadata", + "txt", + "targets", + ) + if err != nil { + t.Fatal(err) + } + j, err := store.GetMeta("root", 4801) + if err != nil { + t.Fatal(err) + } + p := &data.Signed{} + err = json.Unmarshal(j, p) + if err != nil { + t.Fatal(err) + } + rootPem := "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEArvqUPYb6JJROPJQglPTj\n5uDrsxQKl34Mo+3pSlBVuD6puE4lDnG649a2YksJy+C8ZIPJgokn5w+C3alh+dMe\nzbdWHHxrY1h9CLpYz5cbMlE16303ubkt1rvwDqEezG0HDBzPaKj4oP9YJ9x7wbsq\ndvFcy+Qc3wWd7UWcieo6E0ihbJkYcY8chRXVLg1rL7EfZ+e3bq5+ojA2ECM5JqzZ\nzgDpqCv5hTCYYZp72MZcG7dfSPAHrcSGIrwg7whzz2UsEtCOpsJTuCl96FPN7kAu\n4w/WyM3+SPzzr4/RQXuY1SrLCFD8ebM2zHt/3ATLhPnGmyG5I0RGYoegFaZ2AViw\nlqZDOYnBtgDvKP0zakMtFMbkh2XuNBUBO7Sjs0YcZMjLkh9gYUHL1yWS3Aqus1Lw\nlI0gHS22oyGObVBWkZEgk/Foy08sECLGao+5VvhmGpfVuiz9OKFUmtPVjWzRE4ng\niekEu4drSxpH41inLGSvdByDWLpcTvWQI9nkgclh3AT/AgMBAAE=\n-----END PUBLIC KEY-----" + testKey, _ := pem.Decode([]byte(rootPem)) + k := data.NewPublicKey("rsa", testKey.Bytes) + + sigBytes, err := hex.DecodeString(p.Signatures[0].Signature.String()) + if err != nil { + t.Fatal(err) + } + var decoded map[string]interface{} + if err := json.Unmarshal(p.Signed, &decoded); err != nil { + t.Fatal(err) + } + msg, err := cjson.Marshal(decoded) + if err != nil { + t.Fatal(err) + } + method := strings.ToLower(p.Signatures[0].Method) + err = signed.Verifiers[method].Verify(k, sigBytes, msg) + if err != nil { + t.Fatal(err) + } + +} + +func TestPyCryptoRSAPSSCompat(t *testing.T) { + pubPem := "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAnKuXZeefa2LmgxaL5NsM\nzKOHNe+x/nL6ik+lDBCTV6OdcwAhHQS+PONGhrChIUVR6Vth3hUCrreLzPO73Oo5\nVSCuRJ53UronENl6lsa5mFKP8StYLvIDITNvkoT3j52BJIjyNUK9UKY9As2TNqDf\nBEPIRp28ev/NViwGOEkBu2UAbwCIdnDXm8JQErCZA0Ydm7PKGgjLbFsFGrVzqXHK\n6pdzJXlhr9yap3UpgQ/iO9JtoEYB2EXsnSrPc9JRjR30bNHHtnVql3fvinXrAEwq\n3xmN4p+R4VGzfdQN+8Kl/IPjqWB535twhFYEG/B7Ze8IwbygBjK3co/KnOPqMUrM\nBI8ztvPiogz+MvXb8WvarZ6TMTh8ifZI96r7zzqyzjR1hJulEy3IsMGvz8XS2J0X\n7sXoaqszEtXdq5ef5zKVxkiyIQZcbPgmpHLq4MgfdryuVVc/RPASoRIXG4lKaTJj\n1ANMFPxDQpHudCLxwCzjCb+sVa20HBRPTnzo8LSZkI6jAgMBAAE=\n-----END PUBLIC KEY-----" + //privPem := "-----BEGIN RSA PRIVATE KEY-----\nMIIG4wIBAAKCAYEAnKuXZeefa2LmgxaL5NsMzKOHNe+x/nL6ik+lDBCTV6OdcwAh\nHQS+PONGhrChIUVR6Vth3hUCrreLzPO73Oo5VSCuRJ53UronENl6lsa5mFKP8StY\nLvIDITNvkoT3j52BJIjyNUK9UKY9As2TNqDfBEPIRp28ev/NViwGOEkBu2UAbwCI\ndnDXm8JQErCZA0Ydm7PKGgjLbFsFGrVzqXHK6pdzJXlhr9yap3UpgQ/iO9JtoEYB\n2EXsnSrPc9JRjR30bNHHtnVql3fvinXrAEwq3xmN4p+R4VGzfdQN+8Kl/IPjqWB5\n35twhFYEG/B7Ze8IwbygBjK3co/KnOPqMUrMBI8ztvPiogz+MvXb8WvarZ6TMTh8\nifZI96r7zzqyzjR1hJulEy3IsMGvz8XS2J0X7sXoaqszEtXdq5ef5zKVxkiyIQZc\nbPgmpHLq4MgfdryuVVc/RPASoRIXG4lKaTJj1ANMFPxDQpHudCLxwCzjCb+sVa20\nHBRPTnzo8LSZkI6jAgMBAAECggGAdzyI7z/HLt2IfoAsXDLynNRgVYZluzgawiU3\ngeUjnnGhpSKWERXJC2IWDPBk0YOGgcnQxErNTdfXiFZ/xfRlSgqjVwob2lRe4w4B\npLr+CZXcgznv1VrPUvdolOSp3R2Mahfn7u0qVDUQ/g8jWVI6KW7FACmQhzQkPM8o\ntLGrpcmK+PA465uaHKtYccEB02ILqrK8v++tknv7eIZczrsSKlS1h/HHjSaidYxP\n2DAUiF7wnChrwwQEvuEUHhwVgQcoDMBoow0zwHdbFiFO2ZT54H2oiJWLhpR/x6RK\ngM1seqoPH2sYErPJACMcYsMtF4Tx7b5c4WSj3vDCGb+jeqnNS6nFC3aMnv75mUS2\nYDPU1heJFd8pNHVf0RDejLZZUiJSnXf3vpOxt9Xv2+4He0jeMfLV7zX0mO2Ni3MJ\nx6PiVy4xerHImOuuHzSla5crOq2ECiAxd1wEOFDRD2LRHzfhpk1ghiA5xA1qwc7Z\neRnkVfoy6PPZ4lZakZTm0p8YCQURAoHBAMUIC/7vnayLae7POmgy+np/ty7iMfyd\nV1eO6LTO21KAaGGlhaY26WD/5LcG2FUgc5jKKahprGrmiNLzLUeQPckJmuijSEVM\nl/4DlRvCo867l7fLaVqYzsQBBdeGIFNiT+FBOd8atff87ZBEfH/rXbDi7METD/VR\n4TdblnCsKYAXEJUdkw3IK7SUGERiQZIwKXrH/Map4ibDrljJ71iCgEureU0DBwcg\nwLftmjGMISoLscdRxeubX5uf/yxtHBJeRwKBwQDLjzHhb4gNGdBHUl4hZPAGCq1V\nLX/GpfoOVObW64Lud+tI6N9GNua5/vWduL7MWWOzDTMZysganhKwsJCY5SqAA9p0\nb6ohusf9i1nUnOa2F2j+weuYPXrTYm+ZrESBBdaEJPuj3R5YHVujrBA9Xe0kVOe3\nne151A+0xJOI3tX9CttIaQAsXR7cMDinkDITw6i7X4olRMPCSixHLW97cDsVDRGt\necO1d4dP3OGscN+vKCoL6tDKDotzWHYPwjH47sUCgcEAoVI8WCiipbKkMnaTsNsE\ngKXvO0DSgq3k5HjLCbdQldUzIbgfnH7bSKNcBYtiNxjR7OihgRW8qO5GWsnmafCs\n1dy6a/2835id3cnbHRaZflvUFhVDFn2E1bCsstFLyFn3Y0w/cO9yzC/X5sZcVXRF\nit3R0Selakv3JZckru4XMJwx5JWJYMBjIIAc+miknWg3niL+UT6pPun65xG3mXWI\nS+yC7c4rw+dKQ44UMLs2MDHRBoxqi8T0W/x9NkfDszpjAoHAclH7S4ZdvC3RIR0L\nLGoJuvroGbwx1JiGdOINuooNwGuswge2zTIsJi0gN/H3hcB2E6rIFiYid4BrMrwW\nmSeq1LZVS6siu0qw4p4OVy+/CmjfWKQD8j4k6u6PipiK6IMk1JYIlSCr2AS04JjT\njgNgGVVtxVt2cUM9huIXkXjEaRZdzK7boA60NCkIyGJdHWh3LLQdW4zg/A64C0lj\nIMoJBGuQkAKgfRuh7KI6Q6Qom7BM3OCFXdUJUEBQHc2MTyeZAoHAJdBQGBn1RFZ+\nn75AnbTMZJ6Twp2fVjzWUz/+rnXFlo87ynA18MR2BzaDST4Bvda29UBFGb32Mux9\nOHukqLgIE5jDuqWjy4B5eCoxZf/OvwlgXkX9+gprGR3axn/PZBFPbFB4ZmjbWLzn\nbocn7FJCXf+Cm0cMmv1jIIxej19MUU/duq9iq4RkHY2LG+KrSEQIUVmImCftXdN3\n/qNP5JetY0eH6C+KRc8JqDB0nvbqZNOgYXOfYXo/5Gk8XIHTFihm\n-----END RSA PRIVATE KEY-----" + testStr := "The quick brown fox jumps over the lazy dog." + sigHex := "4e05ee9e435653549ac4eddbc43e1a6868636e8ea6dbec2564435afcb0de47e0824cddbd88776ddb20728c53ecc90b5d543d5c37575fda8bd0317025fc07de62ee8084b1a75203b1a23d1ef4ac285da3d1fc63317d5b2cf1aafa3e522acedd366ccd5fe4a7f02a42922237426ca3dc154c57408638b9bfaf0d0213855d4e9ee621db204151bcb13d4dbb18f930ec601469c992c84b14e9e0b6f91ac9517bb3b749dd117e1cbac2e4acb0e549f44558a2005898a226d5b6c8b9291d7abae0d9e0a16858b89662a085f74a202deb867acab792bdbd2c36731217caea8b17bd210c29b890472f11e5afdd1dd7b69004db070e04201778f2c49f5758643881403d45a58d08f51b5c63910c6185892f0b590f191d760b669eff2464456f130239bba94acf54a0cb98f6939ff84ae26a37f9b890be259d9b5d636f6eb367b53e895227d7d79a3a88afd6d28c198ee80f6527437c5fbf63accb81709925c4e03d1c9eaee86f58e4bd1c669d6af042dbd412de0d13b98b1111e2fadbe34b45de52125e9a" + testKey, _ := pem.Decode([]byte(pubPem)) + k := data.NewPublicKey("rsa", testKey.Bytes) + + sigBytes, err := hex.DecodeString(sigHex) + if err != nil { + t.Fatal(err) + } + v := signed.RSAPSSVerifier{} + err = v.Verify(k, sigBytes, []byte(testStr)) + if err != nil { + t.Fatal(err) + } +} + +func TestPyNaCled25519Compat(t *testing.T) { + pubHex := "846612b43cef909a0e4ea9c818379bca4723a2020619f95e7a0ccc6f0850b7dc" + //privHex := "bf3cdb9b2a664b0460e6755cb689ffca15b6e294f79f9f1fcf90b52e5b063a76" + testStr := "The quick brown fox jumps over the lazy dog." + sigHex := "166e7013e48f26dccb4e68fe4cf558d1cd3af902f8395534336a7f8b4c56588694aa3ac671767246298a59d5ef4224f02c854f41bfcfe70241db4be1546d6a00" + + pub, _ := hex.DecodeString(pubHex) + k := data.NewPublicKey("ed25519", pub) + + sigBytes, _ := hex.DecodeString(sigHex) + + err := signed.Verifiers["ed25519"].Verify(k, sigBytes, []byte(testStr)) + if err != nil { + t.Fatal(err) + } +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/store/interfaces.go b/Godeps/_workspace/src/github.com/endophage/gotuf/store/interfaces.go new file mode 100644 index 0000000000..e103c68606 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/store/interfaces.go @@ -0,0 +1,30 @@ +package store + +import ( + "encoding/json" + "io" + + "github.com/endophage/gotuf/data" +) + +type targetsWalkFunc func(path string, meta data.FileMeta) error + +type MetadataStore interface { + GetMeta(name string, size int64) (json.RawMessage, error) + SetMeta(name string, blob json.RawMessage) error +} + +// [endophage] I'm of the opinion this should go away. +type TargetStore interface { + WalkStagedTargets(paths []string, targetsFn targetsWalkFunc) error +} + +type LocalStore interface { + MetadataStore + TargetStore +} + +type RemoteStore interface { + MetadataStore + GetTarget(path string) (io.ReadCloser, error) +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/store/memorystore.go b/Godeps/_workspace/src/github.com/endophage/gotuf/store/memorystore.go new file mode 100644 index 0000000000..257d3c788c --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/store/memorystore.go @@ -0,0 +1,89 @@ +package store + +import ( + "bytes" + "encoding/json" + + "github.com/endophage/gotuf/data" + "github.com/endophage/gotuf/errors" +) + +func MemoryStore(meta map[string]json.RawMessage, files map[string][]byte) LocalStore { + if meta == nil { + meta = make(map[string]json.RawMessage) + } + return &memoryStore{ + meta: meta, + files: files, + keys: make(map[string][]*data.Key), + } +} + +type memoryStore struct { + meta map[string]json.RawMessage + files map[string][]byte + keys map[string][]*data.Key +} + +func (m *memoryStore) GetMeta(name string, size int64) (json.RawMessage, error) { + return m.meta[name], nil +} + +func (m *memoryStore) SetMeta(name string, meta json.RawMessage) error { + m.meta[name] = meta + return nil +} + +func (m *memoryStore) AddBlob(path string, meta data.FileMeta) { + +} + +func (m *memoryStore) WalkStagedTargets(paths []string, targetsFn targetsWalkFunc) error { + if len(paths) == 0 { + for path, dat := range m.files { + meta, err := data.NewFileMeta(bytes.NewReader(dat), "sha256") + if err != nil { + return err + } + if err = targetsFn(path, meta); err != nil { + return err + } + } + return nil + } + + for _, path := range paths { + dat, ok := m.files[path] + if !ok { + return errors.ErrFileNotFound{path} + } + meta, err := data.NewFileMeta(bytes.NewReader(dat), "sha256") + if err != nil { + return err + } + if err = targetsFn(path, meta); err != nil { + return err + } + } + return nil +} + +func (m *memoryStore) Commit(map[string]json.RawMessage, bool, map[string]data.Hashes) error { + return nil +} + +func (m *memoryStore) GetKeys(role string) ([]*data.Key, error) { + return m.keys[role], nil +} + +func (m *memoryStore) SaveKey(role string, key *data.Key) error { + if _, ok := m.keys[role]; !ok { + m.keys[role] = make([]*data.Key, 0) + } + m.keys[role] = append(m.keys[role], key) + return nil +} + +func (m *memoryStore) Clean() error { + return nil +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/store/store_test.go b/Godeps/_workspace/src/github.com/endophage/gotuf/store/store_test.go new file mode 100644 index 0000000000..b309ddedc2 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/store/store_test.go @@ -0,0 +1,21 @@ +package store + +import "bytes" +import "reflect" +import "testing" + +func testMeta(t *testing.T, s *MetadataStore) { + storeName := reflect.TypeOf(s).Name() + testData := []byte{} + err := s.SetMeta(testName, testData) + if err != nil { + t.Fatal(err) + } + out, err := s.GetMeta(testName, len(testData)) + if err != nil { + t.Fatal(err) + } + if bytes.Compare(testData, out) != 0 { + t.Fatalf("%s mangled data", storeName) + } +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/testutils/utils.go b/Godeps/_workspace/src/github.com/endophage/gotuf/testutils/utils.go new file mode 100644 index 0000000000..2121494983 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/testutils/utils.go @@ -0,0 +1,46 @@ +package testutils + +import ( + "database/sql" + "fmt" + "os" + + _ "code.google.com/p/gosqlite/sqlite3" + "github.com/endophage/gotuf/data" +) + +var counter int = 1 + +func SampleMeta() data.FileMeta { + meta := data.FileMeta{ + Length: 1, + Hashes: data.Hashes{ + "sha256": data.HexBytes{0x01, 0x02}, + "sha512": data.HexBytes{0x03, 0x04}, + }, + } + return meta +} + +func GetSqliteDB() *sql.DB { + conn, err := sql.Open("sqlite3", fmt.Sprintf("/tmp/sqlite/file%d.db", counter)) + if err != nil { + panic("can't connect to db") + } + counter++ + tx, _ := conn.Begin() + tx.Exec("CREATE TABLE keys (id int auto_increment, namespace varchar(255) not null, role varchar(255) not null, key text not null, primary key (id));") + tx.Exec("CREATE TABLE filehashes(namespace varchar(255) not null, path varchar(255) not null, alg varchar(10) not null, hash varchar(128) not null, primary key (namespace, path, alg));") + tx.Exec("CREATE TABLE filemeta(namespace varchar(255) not null, path varchar(255) not null, size int not null, custom text default null, primary key (namespace, path));") + tx.Commit() + return conn +} + +func FlushDB(db *sql.DB) { + tx, _ := db.Begin() + tx.Exec("DELETE FROM `filemeta`") + tx.Exec("DELETE FROM `filehashes`") + tx.Exec("DELETE FROM `keys`") + tx.Commit() + os.RemoveAll("/tmp/tuf") +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/tuf.go b/Godeps/_workspace/src/github.com/endophage/gotuf/tuf.go new file mode 100644 index 0000000000..326f34b99a --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/tuf.go @@ -0,0 +1,513 @@ +// tuf defines the core TUF logic around manipulating a repo. +package tuf + +import ( + "bytes" + "crypto/sha256" + "encoding/hex" + "encoding/json" + "fmt" + "path/filepath" + "strings" + "time" + + "github.com/Sirupsen/logrus" + "github.com/endophage/gotuf/data" + "github.com/endophage/gotuf/errors" + "github.com/endophage/gotuf/keys" + "github.com/endophage/gotuf/signed" + "github.com/endophage/gotuf/utils" +) + +type ErrSigVerifyFail struct{} + +func (e ErrSigVerifyFail) Error() string { + return "Error: Signature verification failed" +} + +type ErrMetaExpired struct{} + +func (e ErrMetaExpired) Error() string { + return "Error: Metadata has expired" +} + +type ErrLocalRootExpired struct{} + +func (e ErrLocalRootExpired) Error() string { + return "Error: Local Root Has Expired" +} + +type ErrNotLoaded struct { + role string +} + +func (err *ErrNotLoaded) Error() string { + return fmt.Sprintf("%s role has not been loaded", err.role) +} + +// TufRepo is an in memory representation of the TUF Repo. +// It operates at the data.Signed level, accepting and producing +// data.Signed objects. Users of a TufRepo are responsible for +// fetching raw JSON and using the Set* functions to populate +// the TufRepo instance. +type TufRepo struct { + Root *data.SignedRoot + Targets map[string]*data.SignedTargets + Snapshot *data.SignedSnapshot + Timestamp *data.SignedTimestamp + keysDB *keys.KeyDB + signer *signed.Signer +} + +// NewTufRepo initializes a TufRepo instance with a keysDB and a signer. +// If the TufRepo will only be used for reading, the signer should be nil. +func NewTufRepo(keysDB *keys.KeyDB, signer *signed.Signer) *TufRepo { + repo := &TufRepo{ + Targets: make(map[string]*data.SignedTargets), + keysDB: keysDB, + signer: signer, + } + return repo +} + +// AddBaseKeys is used to add keys to the role in root.json +func (tr *TufRepo) AddBaseKeys(role string, keys ...data.Key) error { + if tr.Root == nil { + return &ErrNotLoaded{role: "root"} + } + for _, k := range keys { + key := data.NewPublicKey(k.Cipher(), k.Public()) + tr.Root.Signed.Keys[key.ID()] = key + tr.keysDB.AddKey(key) + tr.Root.Signed.Roles[role].KeyIDs = append(tr.Root.Signed.Roles[role].KeyIDs, key.ID()) + } + tr.Root.Dirty = true + signedRoot, err := tr.SignRoot(data.DefaultExpires("root")) + err = tr.UpdateSnapshot("root", signedRoot) + if err != nil { + return err + } + return nil + +} + +// RemoveKeys is used to remove keys from the roles in root.json +func (tr *TufRepo) RemoveBaseKeys(role string, keyIDs ...string) error { + if tr.Root == nil { + return &ErrNotLoaded{role: "root"} + } + keep := make([]string, 0) + toDelete := make(map[string]struct{}) + // remove keys from specified role + for _, k := range keyIDs { + toDelete[k] = struct{}{} + for _, rk := range tr.Root.Signed.Roles[role].KeyIDs { + if k != rk { + keep = append(keep, rk) + } + } + } + tr.Root.Signed.Roles[role].KeyIDs = keep + + // determine which keys are no longer in use by any roles + for roleName, r := range tr.Root.Signed.Roles { + if roleName == role { + continue + } + for _, rk := range r.KeyIDs { + if _, ok := toDelete[rk]; ok { + delete(toDelete, rk) + } + } + } + + // remove keys no longer in use by any roles + for k, _ := range toDelete { + delete(tr.Root.Signed.Keys, k) + } + tr.Root.Dirty = true + signedRoot, err := tr.SignRoot(data.DefaultExpires("root")) + err = tr.UpdateSnapshot("root", signedRoot) + if err != nil { + return err + } + return nil +} + +// UpdateDelegations updates the appropriate delegations, either adding +// a new delegation or updating an existing one. If keys are +// provided, the IDs will be added to the role (if they do not exist +// there already), and the keys will be added to the targets file. +// The "before" argument specifies another role which this new role +// will be added in front of (i.e. higher priority) in the delegation list. +// An empty before string indicates to add the role to the end of the +// delegation list. +// A new, empty, targets file will be created for the new role. +func (tr *TufRepo) UpdateDelegations(role *data.Role, keys []data.Key, before string) error { + if !role.IsDelegation() || !role.IsValid() { + return errors.ErrInvalidRole{} + } + parent := filepath.Dir(role.Name) + p, ok := tr.Targets[parent] + if !ok { + return errors.ErrInvalidRole{} + } + for _, k := range keys { + key := data.NewPublicKey(k.Cipher(), k.Public()) + if !utils.StrSliceContains(role.KeyIDs, key.ID()) { + role.KeyIDs = append(role.KeyIDs, key.ID()) + } + p.Signed.Delegations.Keys[key.ID()] = key + tr.keysDB.AddKey(key) + } + + i := -1 + var r *data.Role + for i, r = range p.Signed.Delegations.Roles { + if r.Name == role.Name { + break + } + } + if i >= 0 { + p.Signed.Delegations.Roles[i] = role + } else { + p.Signed.Delegations.Roles = append(p.Signed.Delegations.Roles, role) + } + p.Dirty = true + + roleTargets := data.NewTargets() + tr.Targets[role.Name] = roleTargets + + signedParent, err := tr.SignTargets(parent, data.DefaultExpires("targets")) + if err != nil { + return err + } + err = tr.UpdateSnapshot(role.Name, signedParent) + if err != nil { + return err + } + signedTargets, err := tr.SignTargets(role.Name, data.DefaultExpires("targets")) + if err != nil { + return err + } + err = tr.UpdateSnapshot(role.Name, signedTargets) + if err != nil { + return err + } + + tr.keysDB.AddRole(role) + + return nil +} + +// InitRepo creates the base files for a repo. It inspects data.ValidRoles and +// data.ValidTypes to determine what the role names and filename should be. It +// also relies on the keysDB having already been populated with the keys and +// roles. +func (tr *TufRepo) InitRepo(consistent bool) error { + rootRoles := make(map[string]*data.RootRole) + rootKeys := make(map[string]*data.PublicKey) + for _, r := range data.ValidRoles { + role := tr.keysDB.GetRole(r) + if role == nil { + return errors.ErrInvalidRole{} + } + rootRoles[r] = &role.RootRole + for _, kid := range role.KeyIDs { + // don't need to check if GetKey returns nil, Key presence was + // checked by KeyDB when role was added. + key := tr.keysDB.GetKey(kid) + // Create new key object to doubly ensure private key is excluded + k := data.NewPublicKey(key.Cipher(), key.Public()) + rootKeys[kid] = k + } + } + root, err := data.NewRoot(rootKeys, rootRoles, consistent) + if err != nil { + return err + } + tr.Root = root + + targets := data.NewTargets() + tr.Targets[data.ValidRoles["targets"]] = targets + + signedRoot, err := tr.SignRoot(data.DefaultExpires("root")) + if err != nil { + return err + } + signedTargets, err := tr.SignTargets("targets", data.DefaultExpires("targets")) + if err != nil { + return err + } + snapshot, err := data.NewSnapshot(signedRoot, signedTargets) + if err != nil { + return err + } + tr.Snapshot = snapshot + + signedSnapshot, err := tr.SignSnapshot(data.DefaultExpires("snapshot")) + if err != nil { + return err + } + timestamp, err := data.NewTimestamp(signedSnapshot) + if err != nil { + return err + } + + tr.Timestamp = timestamp + return nil +} + +// SetRoot parses the Signed object into a SignedRoot object, sets +// the keys and roles in the KeyDB, and sets the TufRepo.Root field +// to the SignedRoot object. +func (tr *TufRepo) SetRoot(s *data.Signed) error { + r, err := data.RootFromSigned(s) + if err != nil { + return err + } + for kid, key := range r.Signed.Keys { + tr.keysDB.AddKey(key) + logrus.Debug("Given Key ID:", kid, "\nGenerated Key ID:", key.ID()) + } + for roleName, role := range r.Signed.Roles { + roleName = strings.TrimSuffix(roleName, ".txt") + rol, err := data.NewRole( + roleName, + role.Threshold, + role.KeyIDs, + nil, + nil, + ) + if err != nil { + return err + } + err = tr.keysDB.AddRole(rol) + if err != nil { + return err + } + } + tr.Root = r + return nil +} + +// SetTimestamp parses the Signed object into a SignedTimestamp object +// and sets the TufRepo.Timestamp field. +func (tr *TufRepo) SetTimestamp(s *data.Signed) error { + ts, err := data.TimestampFromSigned(s) + if err != nil { + return err + } + tr.Timestamp = ts + return nil +} + +// SetSnapshot parses the Signed object into a SignedSnapshots object +// and sets the TufRepo.Snapshot field. +func (tr *TufRepo) SetSnapshot(s *data.Signed) error { + snap, err := data.SnapshotFromSigned(s) + if err != nil { + return err + } + + tr.Snapshot = snap + return nil +} + +// SetTargets parses the Signed object into a SignedTargets object, +// reads the delegated roles and keys into the KeyDB, and sets the +// SignedTargets object agaist the role in the TufRepo.Targets map. +func (tr *TufRepo) SetTargets(role string, s *data.Signed) error { + t, err := data.TargetsFromSigned(s) + if err != nil { + return err + } + for _, k := range t.Signed.Delegations.Keys { + tr.keysDB.AddKey(k) + } + for _, r := range t.Signed.Delegations.Roles { + tr.keysDB.AddRole(r) + } + tr.Targets[role] = t + return nil +} + +// TargetMeta returns the FileMeta entry for the given path in the +// targets file associated with the given role. This may be nil if +// the target isn't found in the targets file. +func (tr TufRepo) TargetMeta(role, path string) *data.FileMeta { + if t, ok := tr.Targets[role]; ok { + if m, ok := t.Signed.Targets[path]; ok { + return &m + } + } + return nil +} + +// TargetDelegations returns a slice of Roles that are valid publishers +// for the target path provided. +func (tr TufRepo) TargetDelegations(role, path, pathHex string) []*data.Role { + if pathHex == "" { + pathDigest := sha256.Sum256([]byte(path)) + pathHex = hex.EncodeToString(pathDigest[:]) + } + roles := make([]*data.Role, 0) + if t, ok := tr.Targets[role]; ok { + for _, r := range t.Signed.Delegations.Roles { + if r.CheckPrefixes(pathHex) || r.CheckPaths(path) { + roles = append(roles, r) + } + } + } + return roles +} + +// FindTarget attempts to find the target represented by the given +// path by starting at the top targets file and traversing +// appropriate delegations until the first entry is found or it +// runs out of locations to search. +// N.B. Multiple entries may exist in different delegated roles +// for the same target. Only the first one encountered is returned. +func (tr TufRepo) FindTarget(path string) *data.FileMeta { + pathDigest := sha256.Sum256([]byte(path)) + pathHex := hex.EncodeToString(pathDigest[:]) + + var walkTargets func(role string) *data.FileMeta + walkTargets = func(role string) *data.FileMeta { + if m := tr.TargetMeta(role, path); m != nil { + return m + } + // Depth first search of delegations based on order + // as presented in current targets file for role: + for _, r := range tr.TargetDelegations(role, path, pathHex) { + if m := walkTargets(r.Name); m != nil { + return m + } + } + return nil + } + + return walkTargets("targets") +} + +// AddTargets will attempt to add the given targets specifically to +// the directed role. If the user does not have the signing keys for the role +// the function will return an error and the full slice of targets. +func (tr *TufRepo) AddTargets(role string, targets data.Files) (data.Files, error) { + t, ok := tr.Targets[role] + if !ok { + return targets, errors.ErrInvalidRole{role} + } + invalid := make(data.Files) + for path, target := range targets { + pathDigest := sha256.Sum256([]byte(path)) + pathHex := hex.EncodeToString(pathDigest[:]) + r := tr.keysDB.GetRole(role) + if r.CheckPaths(path) || r.CheckPrefixes(pathHex) { + t.Signed.Targets[path] = target + } else { + invalid[path] = target + } + } + t.Dirty = true + signedTargets, err := tr.SignTargets(role, data.DefaultExpires("targets")) + if err != nil { + return invalid, err + } + err = tr.UpdateSnapshot(role, signedTargets) + if err != nil { + return invalid, err + } + if len(invalid) > 0 { + return invalid, fmt.Errorf("Could not add all targets") + } + return nil, nil +} + +func (tr *TufRepo) UpdateSnapshot(role string, s *data.Signed) error { + jsonData, err := json.Marshal(s) + if err != nil { + return err + } + meta, err := data.NewFileMeta(bytes.NewReader(jsonData), "sha256") + if err != nil { + return err + } + tr.Snapshot.Signed.Meta[role] = meta + return nil +} + +func (tr *TufRepo) SignRoot(expires time.Time) (*data.Signed, error) { + signed, err := tr.Root.ToSigned() + if err != nil { + return nil, err + } + root := tr.keysDB.GetRole(data.ValidRoles["root"]) + signed, err = tr.sign(signed, *root) + if err != nil { + return nil, err + } + tr.Root.Signatures = signed.Signatures + return signed, nil +} + +func (tr *TufRepo) SignTargets(role string, expires time.Time) (*data.Signed, error) { + signed, err := tr.Targets[role].ToSigned() + if err != nil { + return nil, err + } + targets := tr.keysDB.GetRole(role) + signed, err = tr.sign(signed, *targets) + if err != nil { + return nil, err + } + tr.Targets[role].Signatures = signed.Signatures + return signed, nil +} + +func (tr *TufRepo) SignSnapshot(expires time.Time) (*data.Signed, error) { + signed, err := tr.Snapshot.ToSigned() + if err != nil { + return nil, err + } + snapshot := tr.keysDB.GetRole(data.ValidRoles["snapshot"]) + signed, err = tr.sign(signed, *snapshot) + if err != nil { + return nil, err + } + tr.Snapshot.Signatures = signed.Signatures + return signed, nil +} + +func (tr *TufRepo) SignTimestamp(expires time.Time) (*data.Signed, error) { + signed, err := tr.Timestamp.ToSigned() + if err != nil { + return nil, err + } + timestamp := tr.keysDB.GetRole(data.ValidRoles["timestamp"]) + signed, err = tr.sign(signed, *timestamp) + if err != nil { + return nil, err + } + tr.Timestamp.Signatures = signed.Signatures + return signed, nil +} + +func (tr TufRepo) sign(signed *data.Signed, role data.Role) (*data.Signed, error) { + ks := make([]*data.PublicKey, 0, len(role.KeyIDs)) + for _, kid := range role.KeyIDs { + k := tr.keysDB.GetKey(kid) + if k == nil { + continue + } + ks = append(ks, k) + } + if len(ks) < 1 { + return nil, keys.ErrInvalidKey + } + err := tr.signer.Sign(signed, ks...) + if err != nil { + return nil, err + } + return signed, nil +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/tuf_test.go b/Godeps/_workspace/src/github.com/endophage/gotuf/tuf_test.go new file mode 100644 index 0000000000..638a0848df --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/tuf_test.go @@ -0,0 +1,168 @@ +package tuf + +import ( + "encoding/json" + "io/ioutil" + "os" + "path" + "path/filepath" + "testing" + + "github.com/endophage/gotuf/data" + "github.com/endophage/gotuf/keys" + "github.com/endophage/gotuf/signed" +) + +func initRepo(t *testing.T, signer *signed.Signer, keyDB *keys.KeyDB) *TufRepo { + + rootKey, err := signer.Create() + if err != nil { + t.Fatal(err) + } + targetsKey, err := signer.Create() + if err != nil { + t.Fatal(err) + } + snapshotKey, err := signer.Create() + if err != nil { + t.Fatal(err) + } + timestampKey, err := signer.Create() + if err != nil { + t.Fatal(err) + } + + keyDB.AddKey(rootKey) + keyDB.AddKey(targetsKey) + keyDB.AddKey(snapshotKey) + keyDB.AddKey(timestampKey) + + rootRole := &data.Role{ + Name: "root", + RootRole: data.RootRole{ + KeyIDs: []string{rootKey.ID()}, + Threshold: 1, + }, + } + targetsRole := &data.Role{ + Name: "targets", + RootRole: data.RootRole{ + KeyIDs: []string{targetsKey.ID()}, + Threshold: 1, + }, + } + snapshotRole := &data.Role{ + Name: "snapshot", + RootRole: data.RootRole{ + KeyIDs: []string{snapshotKey.ID()}, + Threshold: 1, + }, + } + timestampRole := &data.Role{ + Name: "timestamp", + RootRole: data.RootRole{ + KeyIDs: []string{timestampKey.ID()}, + Threshold: 1, + }, + } + + keyDB.AddRole(rootRole) + keyDB.AddRole(targetsRole) + keyDB.AddRole(snapshotRole) + keyDB.AddRole(timestampRole) + + repo := NewTufRepo(keyDB, signer) + err = repo.InitRepo(false) + if err != nil { + t.Fatal(err) + } + return repo +} + +func writeRepo(t *testing.T, dir string, repo *TufRepo) { + //err := os.Remove(dir) + //if err != nil { + // t.Fatal(err) + //} + err := os.MkdirAll(dir, 0755) + if err != nil { + t.Fatal(err) + } + signedRoot, err := repo.SignRoot(data.DefaultExpires("root")) + if err != nil { + t.Fatal(err) + } + rootJSON, _ := json.Marshal(signedRoot) + ioutil.WriteFile(dir+"/root.json", rootJSON, 0755) + + for r, _ := range repo.Targets { + signedTargets, err := repo.SignTargets(r, data.DefaultExpires("targets")) + if err != nil { + t.Fatal(err) + } + targetsJSON, _ := json.Marshal(signedTargets) + p := path.Join(dir, r+".json") + parentDir := filepath.Dir(p) + os.MkdirAll(parentDir, 0755) + ioutil.WriteFile(p, targetsJSON, 0755) + } + + signedSnapshot, err := repo.SignSnapshot(data.DefaultExpires("snapshot")) + if err != nil { + t.Fatal(err) + } + snapshotJSON, _ := json.Marshal(signedSnapshot) + ioutil.WriteFile(dir+"/snapshot.json", snapshotJSON, 0755) + + signedTimestamp, err := repo.SignTimestamp(data.DefaultExpires("timestamp")) + if err != nil { + t.Fatal(err) + } + timestampJSON, _ := json.Marshal(signedTimestamp) + ioutil.WriteFile(dir+"/timestamp.json", timestampJSON, 0755) +} + +func TestInitRepo(t *testing.T) { + ed25519 := signed.NewEd25519() + signer := signed.NewSigner(ed25519) + keyDB := keys.NewDB() + repo := initRepo(t, signer, keyDB) + writeRepo(t, "/tmp/tufrepo", repo) +} + +func TestUpdateDelegations(t *testing.T) { + ed25519 := signed.NewEd25519() + signer := signed.NewSigner(ed25519) + keyDB := keys.NewDB() + repo := initRepo(t, signer, keyDB) + + testKey, err := signer.Create() + if err != nil { + t.Fatal(err) + } + role, err := data.NewRole("targets/test", 1, []string{testKey.ID()}, []string{"test"}, []string{}) + if err != nil { + t.Fatal(err) + } + + err = repo.UpdateDelegations(role, []data.Key{testKey}, "") + if err != nil { + t.Fatal(err) + } + + testDeepKey, err := signer.Create() + if err != nil { + t.Fatal(err) + } + roleDeep, err := data.NewRole("targets/test/deep", 1, []string{testDeepKey.ID()}, []string{"test/deep"}, []string{}) + if err != nil { + t.Fatal(err) + } + + err = repo.UpdateDelegations(roleDeep, []data.Key{testDeepKey}, "") + if err != nil { + t.Fatal(err) + } + + writeRepo(t, "/tmp/tufdelegation", repo) +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/utils/util.go b/Godeps/_workspace/src/github.com/endophage/gotuf/utils/util.go new file mode 100644 index 0000000000..f5d0091b7b --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/utils/util.go @@ -0,0 +1,82 @@ +package utils + +import ( + "crypto/hmac" + "encoding/hex" + "errors" + "fmt" + gopath "path" + "path/filepath" + + "github.com/endophage/gotuf/data" +) + +var ErrWrongLength = errors.New("wrong length") + +type ErrWrongHash struct { + Type string + Expected data.HexBytes + Actual data.HexBytes +} + +func (e ErrWrongHash) Error() string { + return fmt.Sprintf("wrong %s hash, expected %s got %s", e.Type, hex.EncodeToString(e.Expected), hex.EncodeToString(e.Actual)) +} + +type ErrNoCommonHash struct { + Expected data.Hashes + Actual data.Hashes +} + +func (e ErrNoCommonHash) Error() string { + types := func(a data.Hashes) []string { + t := make([]string, 0, len(a)) + for typ := range a { + t = append(t, typ) + } + return t + } + return fmt.Sprintf("no common hash function, expected one of %s, got %s", types(e.Expected), types(e.Actual)) +} + +type ErrUnknownHashAlgorithm struct { + Name string +} + +func (e ErrUnknownHashAlgorithm) Error() string { + return fmt.Sprintf("unknown hash algorithm: %s", e.Name) +} + +type PassphraseFunc func(role string, confirm bool) ([]byte, error) + +func FileMetaEqual(actual data.FileMeta, expected data.FileMeta) error { + if actual.Length != expected.Length { + return ErrWrongLength + } + hashChecked := false + for typ, hash := range expected.Hashes { + if h, ok := actual.Hashes[typ]; ok { + hashChecked = true + if !hmac.Equal(h, hash) { + return ErrWrongHash{typ, hash, h} + } + } + } + if !hashChecked { + return ErrNoCommonHash{expected.Hashes, actual.Hashes} + } + return nil +} + +func NormalizeTarget(path string) string { + return gopath.Join("/", path) +} + +func HashedPaths(path string, hashes data.Hashes) []string { + paths := make([]string, 0, len(hashes)) + for _, hash := range hashes { + hashedPath := filepath.Join(filepath.Dir(path), hash.String()+"."+filepath.Base(path)) + paths = append(paths, hashedPath) + } + return paths +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/utils/util_test.go b/Godeps/_workspace/src/github.com/endophage/gotuf/utils/util_test.go new file mode 100644 index 0000000000..b316e6e0ec --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/utils/util_test.go @@ -0,0 +1,133 @@ +package utils + +import ( + "bytes" + "encoding/hex" + "testing" + + "github.com/endophage/gotuf/data" + . "gopkg.in/check.v1" +) + +// Hook up gocheck into the "go test" runner. +func Test(t *testing.T) { TestingT(t) } + +type UtilSuite struct{} + +var _ = Suite(&UtilSuite{}) + +func (UtilSuite) TestGenerateFileMetaDefault(c *C) { + // default is sha512 + r := bytes.NewReader([]byte("foo")) + meta, err := GenerateFileMeta(r) + c.Assert(err, IsNil) + c.Assert(meta.Length, Equals, int64(3)) + hashes := meta.Hashes + c.Assert(hashes, HasLen, 1) + hash, ok := hashes["sha512"] + if !ok { + c.Fatal("missing sha512 hash") + } + c.Assert(hash.String(), DeepEquals, "f7fbba6e0636f890e56fbbf3283e524c6fa3204ae298382d624741d0dc6638326e282c41be5e4254d8820772c5518a2c5a8c0c7f7eda19594a7eb539453e1ed7") +} + +func (UtilSuite) TestGenerateFileMetaExplicit(c *C) { + r := bytes.NewReader([]byte("foo")) + meta, err := GenerateFileMeta(r, "sha256", "sha512") + c.Assert(err, IsNil) + c.Assert(meta.Length, Equals, int64(3)) + hashes := meta.Hashes + c.Assert(hashes, HasLen, 2) + for name, val := range map[string]string{ + "sha256": "2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae", + "sha512": "f7fbba6e0636f890e56fbbf3283e524c6fa3204ae298382d624741d0dc6638326e282c41be5e4254d8820772c5518a2c5a8c0c7f7eda19594a7eb539453e1ed7", + } { + hash, ok := hashes[name] + if !ok { + c.Fatalf("missing %s hash", name) + } + c.Assert(hash.String(), DeepEquals, val) + } +} + +func (UtilSuite) TestFileMetaEqual(c *C) { + type test struct { + name string + b data.FileMeta + a data.FileMeta + err func(test) error + } + fileMeta := func(length int64, hashes map[string]string) data.FileMeta { + m := data.FileMeta{Length: length, Hashes: make(map[string]data.HexBytes, len(hashes))} + for typ, hash := range hashes { + v, err := hex.DecodeString(hash) + c.Assert(err, IsNil) + m.Hashes[typ] = v + } + return m + } + tests := []test{ + { + name: "wrong length", + a: data.FileMeta{Length: 1}, + b: data.FileMeta{Length: 2}, + err: func(test) error { return ErrWrongLength }, + }, + { + name: "wrong sha512 hash", + a: fileMeta(10, map[string]string{"sha512": "111111"}), + b: fileMeta(10, map[string]string{"sha512": "222222"}), + err: func(t test) error { return ErrWrongHash{"sha512", t.b.Hashes["sha512"], t.a.Hashes["sha512"]} }, + }, + { + name: "intersecting hashes", + a: fileMeta(10, map[string]string{"sha512": "111111", "md5": "222222"}), + b: fileMeta(10, map[string]string{"sha512": "111111", "sha256": "333333"}), + err: func(test) error { return nil }, + }, + { + name: "no common hashes", + a: fileMeta(10, map[string]string{"sha512": "111111"}), + b: fileMeta(10, map[string]string{"sha256": "222222", "md5": "333333"}), + err: func(t test) error { return ErrNoCommonHash{t.b.Hashes, t.a.Hashes} }, + }, + } + for _, t := range tests { + c.Assert(FileMetaEqual(t.a, t.b), DeepEquals, t.err(t), Commentf("name = %s", t.name)) + } +} + +func (UtilSuite) TestNormalizeTarget(c *C) { + for before, after := range map[string]string{ + "": "/", + "foo.txt": "/foo.txt", + "/bar.txt": "/bar.txt", + "foo//bar.txt": "/foo/bar.txt", + "/with/./a/dot": "/with/a/dot", + "/with/double/../dot": "/with/dot", + } { + c.Assert(NormalizeTarget(before), Equals, after) + } +} + +func (UtilSuite) TestHashedPaths(c *C) { + hexBytes := func(s string) data.HexBytes { + v, err := hex.DecodeString(s) + c.Assert(err, IsNil) + return v + } + hashes := data.Hashes{ + "sha512": hexBytes("abc123"), + "sha256": hexBytes("def456"), + } + paths := HashedPaths("foo/bar.txt", hashes) + // cannot use DeepEquals as the returned order is non-deterministic + c.Assert(paths, HasLen, 2) + expected := map[string]struct{}{"foo/abc123.bar.txt": {}, "foo/def456.bar.txt": {}} + for _, path := range paths { + if _, ok := expected[path]; !ok { + c.Fatalf("unexpected path: %s", path) + } + delete(expected, path) + } +} diff --git a/Godeps/_workspace/src/github.com/endophage/gotuf/utils/utils.go b/Godeps/_workspace/src/github.com/endophage/gotuf/utils/utils.go new file mode 100644 index 0000000000..15fbf8baf4 --- /dev/null +++ b/Godeps/_workspace/src/github.com/endophage/gotuf/utils/utils.go @@ -0,0 +1,63 @@ +package utils + +import ( + "bytes" + "crypto/sha256" + "fmt" + "io" + "net/http" + "net/url" + "os" + "strings" + + "github.com/endophage/gotuf/data" +) + +func Download(url url.URL) (*http.Response, error) { + return http.Get(url.String()) +} + +func Upload(url string, body io.Reader) (*http.Response, error) { + return http.Post(url, "application/json", body) +} + +func ValidateTarget(r io.Reader, m *data.FileMeta) error { + h := sha256.New() + length, err := io.Copy(h, r) + if err != nil { + return err + } + if length != m.Length { + return fmt.Errorf("Size of downloaded target did not match targets entry.\nExpected: %s\nReceived: %s\n", m.Length, length) + } + hashDigest := h.Sum(nil) + if bytes.Compare(m.Hashes["sha256"], hashDigest[:]) != 0 { + return fmt.Errorf("Hash of downloaded target did not match targets entry.\nExpected: %x\nReceived: %x\n", m.Hashes["sha256"], hashDigest) + } + return nil +} + +func StrSliceContains(ss []string, s string) bool { + for _, v := range ss { + if v == s { + return true + } + } + return false +} + +func StrSliceContainsI(ss []string, s string) bool { + s = strings.ToLower(s) + for _, v := range ss { + v = strings.ToLower(v) + if v == s { + return true + } + } + return false +} + +func FileExists(path string) bool { + _, err := os.Stat(path) + return os.IsNotExist(err) +} diff --git a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/AUTHORS b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/AUTHORS index dcd2c205c6..4b65bf3633 100644 --- a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/AUTHORS +++ b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/AUTHORS @@ -23,7 +23,6 @@ Henri Yandell INADA Naoki James Harr Jian Zhen -Joshua Prunier Julien Schmidt Kamil Dziedzic Leonardo YongUk Kim diff --git a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/README.md b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/README.md index 6a2bb2ca37..9edb7628b3 100644 --- a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/README.md +++ b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/README.md @@ -123,16 +123,6 @@ Default: false `allowAllFiles=true` disables the file Whitelist for `LOAD DATA LOCAL INFILE` and allows *all* files. [*Might be insecure!*](http://dev.mysql.com/doc/refman/5.7/en/load-data-local.html) -##### `allowCleartextPasswords` - -``` -Type: bool -Valid Values: true, false -Default: false -``` - -`allowCleartextPasswords=true` allows using the [cleartext client side plugin](http://dev.mysql.com/doc/en/cleartext-authentication-plugin.html) if required by an account, such as one defined with the [PAM authentication plugin](http://dev.mysql.com/doc/en/pam-authentication-plugin.html). Sending passwords in clear text may be a security problem in some configurations. To avoid problems if there is any possibility that the password would be intercepted, clients should connect to MySQL Server using a method that protects the password. Possibilities include [TLS / SSL](#tls), IPsec, or a private network. - ##### `allowOldPasswords` ``` diff --git a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/connection.go b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/connection.go index caaae013f5..a6d39bec95 100644 --- a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/connection.go +++ b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/connection.go @@ -34,22 +34,21 @@ type mysqlConn struct { } type config struct { - user string - passwd string - net string - addr string - dbname string - params map[string]string - loc *time.Location - tls *tls.Config - timeout time.Duration - collation uint8 - allowAllFiles bool - allowOldPasswords bool - allowCleartextPasswords bool - clientFoundRows bool - columnsWithAlias bool - interpolateParams bool + user string + passwd string + net string + addr string + dbname string + params map[string]string + loc *time.Location + tls *tls.Config + timeout time.Duration + collation uint8 + allowAllFiles bool + allowOldPasswords bool + clientFoundRows bool + columnsWithAlias bool + interpolateParams bool } // Handles parameters set in DSN after the connection is established diff --git a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/driver.go b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/driver.go index d310624ad1..3cbbe6031c 100644 --- a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/driver.go +++ b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/driver.go @@ -107,15 +107,6 @@ func (d MySQLDriver) Open(dsn string) (driver.Conn, error) { mc.Close() return nil, err } - } else if mc.cfg != nil && mc.cfg.allowCleartextPasswords && err == ErrCleartextPassword { - if err = mc.writeClearAuthPacket(); err != nil { - mc.Close() - return nil, err - } - if err = mc.readResultOK(); err != nil { - mc.Close() - return nil, err - } } else { mc.Close() return nil, err diff --git a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/errors.go b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/errors.go index 44cf30db60..97d7b39962 100644 --- a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/errors.go +++ b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/errors.go @@ -19,17 +19,15 @@ import ( // Various errors the driver might return. Can change between driver versions. var ( - ErrInvalidConn = errors.New("Invalid Connection") - ErrMalformPkt = errors.New("Malformed Packet") - ErrNoTLS = errors.New("TLS encryption requested but server does not support TLS") - ErrOldPassword = errors.New("This user requires old password authentication. If you still want to use it, please add 'allowOldPasswords=1' to your DSN. See also https://github.com/go-sql-driver/mysql/wiki/old_passwords") - ErrCleartextPassword = errors.New("This user requires clear text authentication. If you still want to use it, please add 'allowCleartextPasswords=1' to your DSN.") - ErrUnknownPlugin = errors.New("The authentication plugin is not supported.") - ErrOldProtocol = errors.New("MySQL-Server does not support required Protocol 41+") - ErrPktSync = errors.New("Commands out of sync. You can't run this command now") - ErrPktSyncMul = errors.New("Commands out of sync. Did you run multiple statements at once?") - ErrPktTooLarge = errors.New("Packet for query is too large. You can change this value on the server by adjusting the 'max_allowed_packet' variable.") - ErrBusyBuffer = errors.New("Busy buffer") + ErrInvalidConn = errors.New("Invalid Connection") + ErrMalformPkt = errors.New("Malformed Packet") + ErrNoTLS = errors.New("TLS encryption requested but server does not support TLS") + ErrOldPassword = errors.New("This server only supports the insecure old password authentication. If you still want to use it, please add 'allowOldPasswords=1' to your DSN. See also https://github.com/go-sql-driver/mysql/wiki/old_passwords") + ErrOldProtocol = errors.New("MySQL-Server does not support required Protocol 41+") + ErrPktSync = errors.New("Commands out of sync. You can't run this command now") + ErrPktSyncMul = errors.New("Commands out of sync. Did you run multiple statements at once?") + ErrPktTooLarge = errors.New("Packet for query is too large. You can change this value on the server by adjusting the 'max_allowed_packet' variable.") + ErrBusyBuffer = errors.New("Busy buffer") ) var errLog Logger = log.New(os.Stderr, "[MySQL] ", log.Ldate|log.Ltime|log.Lshortfile) diff --git a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/packets.go b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/packets.go index 14395bf9ab..290a3887a7 100644 --- a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/packets.go +++ b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/packets.go @@ -196,11 +196,7 @@ func (mc *mysqlConn) readInitPacket() ([]byte, error) { // return //} //return ErrMalformPkt - - // make a memory safe copy of the cipher slice - var b [20]byte - copy(b[:], cipher) - return b[:], nil + return cipher, nil } // make a memory safe copy of the cipher slice @@ -218,7 +214,6 @@ func (mc *mysqlConn) writeAuthPacket(cipher []byte) error { clientLongPassword | clientTransactions | clientLocalFiles | - clientPluginAuth | mc.flags&clientLongFlag if mc.cfg.clientFoundRows { @@ -233,7 +228,7 @@ func (mc *mysqlConn) writeAuthPacket(cipher []byte) error { // User Password scrambleBuff := scramblePassword(cipher, []byte(mc.cfg.passwd)) - pktLen := 4 + 4 + 1 + 23 + len(mc.cfg.user) + 1 + 1 + len(scrambleBuff) + 21 + 1 + pktLen := 4 + 4 + 1 + 23 + len(mc.cfg.user) + 1 + 1 + len(scrambleBuff) // To specify a db name if n := len(mc.cfg.dbname); n > 0 { @@ -299,13 +294,8 @@ func (mc *mysqlConn) writeAuthPacket(cipher []byte) error { if len(mc.cfg.dbname) > 0 { pos += copy(data[pos:], mc.cfg.dbname) data[pos] = 0x00 - pos++ } - // Assume native client during response - pos += copy(data[pos:], "mysql_native_password") - data[pos] = 0x00 - // Send Auth packet return mc.writePacket(data) } @@ -316,7 +306,7 @@ func (mc *mysqlConn) writeOldAuthPacket(cipher []byte) error { // User password scrambleBuff := scrambleOldPassword(cipher, []byte(mc.cfg.passwd)) - // Calculate the packet length and add a tailing 0 + // Calculate the packet lenght and add a tailing 0 pktLen := len(scrambleBuff) + 1 data := mc.buf.takeSmallBuffer(4 + pktLen) if data == nil { @@ -332,25 +322,6 @@ func (mc *mysqlConn) writeOldAuthPacket(cipher []byte) error { return mc.writePacket(data) } -// Client clear text authentication packet -// http://dev.mysql.com/doc/internals/en/connection-phase-packets.html#packet-Protocol::AuthSwitchResponse -func (mc *mysqlConn) writeClearAuthPacket() error { - // Calculate the packet length and add a tailing 0 - pktLen := len(mc.cfg.passwd) + 1 - data := mc.buf.takeSmallBuffer(4 + pktLen) - if data == nil { - // can not take the buffer. Something must be wrong with the connection - errLog.Print(ErrBusyBuffer) - return driver.ErrBadConn - } - - // Add the clear password [null terminated string] - copy(data[4:], mc.cfg.passwd) - data[4+pktLen-1] = 0x00 - - return mc.writePacket(data) -} - /****************************************************************************** * Command Packets * ******************************************************************************/ @@ -434,20 +405,8 @@ func (mc *mysqlConn) readResultOK() error { return mc.handleOkPacket(data) case iEOF: - if len(data) > 1 { - plugin := string(data[1:bytes.IndexByte(data, 0x00)]) - if plugin == "mysql_old_password" { - // using old_passwords - return ErrOldPassword - } else if plugin == "mysql_clear_password" { - // using clear text password - return ErrCleartextPassword - } else { - return ErrUnknownPlugin - } - } else { - return ErrOldPassword - } + // someone is using old_passwords + return ErrOldPassword default: // Error otherwise return mc.handleErrorPacket(data) diff --git a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/statement.go b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/statement.go index 6e869b3405..f9dae03fab 100644 --- a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/statement.go +++ b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/statement.go @@ -12,7 +12,6 @@ import ( "database/sql/driver" "fmt" "reflect" - "strconv" ) type mysqlStmt struct { @@ -120,7 +119,7 @@ func (stmt *mysqlStmt) Query(args []driver.Value) (driver.Rows, error) { type converter struct{} -func (c converter) ConvertValue(v interface{}) (driver.Value, error) { +func (converter) ConvertValue(v interface{}) (driver.Value, error) { if driver.IsValue(v) { return v, nil } @@ -132,7 +131,7 @@ func (c converter) ConvertValue(v interface{}) (driver.Value, error) { if rv.IsNil() { return nil, nil } - return c.ConvertValue(rv.Elem().Interface()) + return driver.DefaultParameterConverter.ConvertValue(rv.Elem().Interface()) case reflect.Int, reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64: return rv.Int(), nil case reflect.Uint, reflect.Uint8, reflect.Uint16, reflect.Uint32: @@ -140,7 +139,7 @@ func (c converter) ConvertValue(v interface{}) (driver.Value, error) { case reflect.Uint64: u64 := rv.Uint() if u64 >= 1<<63 { - return strconv.FormatUint(u64, 10), nil + return fmt.Sprintf("%d", u64), nil } return int64(u64), nil case reflect.Float32, reflect.Float64: diff --git a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/utils.go b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/utils.go index 9c97cc89c9..6693d29709 100644 --- a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/utils.go +++ b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/utils.go @@ -80,6 +80,8 @@ func parseDSN(dsn string) (cfg *config, err error) { collation: defaultCollation, } + // TODO: use strings.IndexByte when we can depend on Go 1.2 + // [user[:password]@][net[(addr)]]/dbname[?param1=value1¶mN=valueN] // Find the last '/' (since the password or the net addr might contain a '/') foundSlash := false @@ -199,14 +201,6 @@ func parseDSNParams(cfg *config, params string) (err error) { return fmt.Errorf("Invalid Bool value: %s", value) } - // Use cleartext authentication mode (MySQL 5.5.10+) - case "allowCleartextPasswords": - var isBool bool - cfg.allowCleartextPasswords, isBool = readBool(value) - if !isBool { - return fmt.Errorf("Invalid Bool value: %s", value) - } - // Use old authentication mode (pre MySQL 4.1) case "allowOldPasswords": var isBool bool diff --git a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/utils_test.go b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/utils_test.go index 79fbdd1eb3..adb8dcbd1b 100644 --- a/Godeps/_workspace/src/github.com/go-sql-driver/mysql/utils_test.go +++ b/Godeps/_workspace/src/github.com/go-sql-driver/mysql/utils_test.go @@ -22,19 +22,19 @@ var testDSNs = []struct { out string loc *time.Location }{ - {"username:password@protocol(address)/dbname?param=value", "&{user:username passwd:password net:protocol addr:address dbname:dbname params:map[param:value] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false allowCleartextPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, - {"username:password@protocol(address)/dbname?param=value&columnsWithAlias=true", "&{user:username passwd:password net:protocol addr:address dbname:dbname params:map[param:value] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false allowCleartextPasswords:false clientFoundRows:false columnsWithAlias:true interpolateParams:false}", time.UTC}, - {"user@unix(/path/to/socket)/dbname?charset=utf8", "&{user:user passwd: net:unix addr:/path/to/socket dbname:dbname params:map[charset:utf8] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false allowCleartextPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, - {"user:password@tcp(localhost:5555)/dbname?charset=utf8&tls=true", "&{user:user passwd:password net:tcp addr:localhost:5555 dbname:dbname params:map[charset:utf8] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false allowCleartextPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, - {"user:password@tcp(localhost:5555)/dbname?charset=utf8mb4,utf8&tls=skip-verify", "&{user:user passwd:password net:tcp addr:localhost:5555 dbname:dbname params:map[charset:utf8mb4,utf8] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false allowCleartextPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, - {"user:password@/dbname?loc=UTC&timeout=30s&allowAllFiles=1&clientFoundRows=true&allowOldPasswords=TRUE&collation=utf8mb4_unicode_ci", "&{user:user passwd:password net:tcp addr:127.0.0.1:3306 dbname:dbname params:map[] loc:%p tls: timeout:30000000000 collation:224 allowAllFiles:true allowOldPasswords:true allowCleartextPasswords:false clientFoundRows:true columnsWithAlias:false interpolateParams:false}", time.UTC}, - {"user:p@ss(word)@tcp([de:ad:be:ef::ca:fe]:80)/dbname?loc=Local", "&{user:user passwd:p@ss(word) net:tcp addr:[de:ad:be:ef::ca:fe]:80 dbname:dbname params:map[] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false allowCleartextPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.Local}, - {"/dbname", "&{user: passwd: net:tcp addr:127.0.0.1:3306 dbname:dbname params:map[] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false allowCleartextPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, - {"@/", "&{user: passwd: net:tcp addr:127.0.0.1:3306 dbname: params:map[] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false allowCleartextPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, - {"/", "&{user: passwd: net:tcp addr:127.0.0.1:3306 dbname: params:map[] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false allowCleartextPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, - {"", "&{user: passwd: net:tcp addr:127.0.0.1:3306 dbname: params:map[] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false allowCleartextPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, - {"user:p@/ssword@/", "&{user:user passwd:p@/ssword net:tcp addr:127.0.0.1:3306 dbname: params:map[] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false allowCleartextPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, - {"unix/?arg=%2Fsome%2Fpath.ext", "&{user: passwd: net:unix addr:/tmp/mysql.sock dbname: params:map[arg:/some/path.ext] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false allowCleartextPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, + {"username:password@protocol(address)/dbname?param=value", "&{user:username passwd:password net:protocol addr:address dbname:dbname params:map[param:value] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, + {"username:password@protocol(address)/dbname?param=value&columnsWithAlias=true", "&{user:username passwd:password net:protocol addr:address dbname:dbname params:map[param:value] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false clientFoundRows:false columnsWithAlias:true interpolateParams:false}", time.UTC}, + {"user@unix(/path/to/socket)/dbname?charset=utf8", "&{user:user passwd: net:unix addr:/path/to/socket dbname:dbname params:map[charset:utf8] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, + {"user:password@tcp(localhost:5555)/dbname?charset=utf8&tls=true", "&{user:user passwd:password net:tcp addr:localhost:5555 dbname:dbname params:map[charset:utf8] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, + {"user:password@tcp(localhost:5555)/dbname?charset=utf8mb4,utf8&tls=skip-verify", "&{user:user passwd:password net:tcp addr:localhost:5555 dbname:dbname params:map[charset:utf8mb4,utf8] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, + {"user:password@/dbname?loc=UTC&timeout=30s&allowAllFiles=1&clientFoundRows=true&allowOldPasswords=TRUE&collation=utf8mb4_unicode_ci", "&{user:user passwd:password net:tcp addr:127.0.0.1:3306 dbname:dbname params:map[] loc:%p tls: timeout:30000000000 collation:224 allowAllFiles:true allowOldPasswords:true clientFoundRows:true columnsWithAlias:false interpolateParams:false}", time.UTC}, + {"user:p@ss(word)@tcp([de:ad:be:ef::ca:fe]:80)/dbname?loc=Local", "&{user:user passwd:p@ss(word) net:tcp addr:[de:ad:be:ef::ca:fe]:80 dbname:dbname params:map[] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.Local}, + {"/dbname", "&{user: passwd: net:tcp addr:127.0.0.1:3306 dbname:dbname params:map[] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, + {"@/", "&{user: passwd: net:tcp addr:127.0.0.1:3306 dbname: params:map[] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, + {"/", "&{user: passwd: net:tcp addr:127.0.0.1:3306 dbname: params:map[] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, + {"", "&{user: passwd: net:tcp addr:127.0.0.1:3306 dbname: params:map[] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, + {"user:p@/ssword@/", "&{user:user passwd:p@/ssword net:tcp addr:127.0.0.1:3306 dbname: params:map[] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, + {"unix/?arg=%2Fsome%2Fpath.ext", "&{user: passwd: net:unix addr:/tmp/mysql.sock dbname: params:map[arg:/some/path.ext] loc:%p tls: timeout:0 collation:33 allowAllFiles:false allowOldPasswords:false clientFoundRows:false columnsWithAlias:false interpolateParams:false}", time.UTC}, } func TestDSNParser(t *testing.T) { diff --git a/Makefile b/Makefile index 2e38bed2c4..4680c5760a 100644 --- a/Makefile +++ b/Makefile @@ -17,11 +17,11 @@ version/version.go: ${PREFIX}/bin/vetinari-server: version/version.go $(shell find . -type f -name '*.go') @echo "+ $@" - @go build -o $@ ${GO_LDFLAGS} ./cmd/vetinari-server + @godep go build -o $@ ${GO_LDFLAGS} ./cmd/vetinari-server ${PREFIX}/bin/notary: version/version.go $(shell find . -type f -name '*.go') @echo "+ $@" - @go build -o $@ ${GO_LDFLAGS} ./cmd/notary + @godep go build -o $@ ${GO_LDFLAGS} ./cmd/notary vet: @echo "+ $@"