From 4648666b7cfd50f419e1acc40313e19a9e540652 Mon Sep 17 00:00:00 2001 From: Jessica Frazelle Date: Fri, 30 Oct 2015 15:07:39 -0700 Subject: [PATCH] add pkcs11 build tags Signed-off-by: Jessica Frazelle Signed-off-by: David Lawrence Signed-off-by: Jessica Frazelle (github: endophage) --- client/client.go | 40 ---------------- client/repo.go | 50 ++++++++++++++++++++ client/repo_pkcs11.go | 52 +++++++++++++++++++++ signer/api/ecdsa_hardware_crypto_service.go | 1 + 4 files changed, 103 insertions(+), 40 deletions(-) create mode 100644 client/repo.go create mode 100644 client/repo_pkcs11.go diff --git a/client/client.go b/client/client.go index 36a361d2a6..6bd95d7f82 100644 --- a/client/client.go +++ b/client/client.go @@ -14,8 +14,6 @@ import ( "github.com/docker/notary/client/changelist" "github.com/docker/notary/cryptoservice" "github.com/docker/notary/keystoremanager" - "github.com/docker/notary/pkg/passphrase" - "github.com/docker/notary/signer/api" "github.com/docker/notary/trustmanager" "github.com/docker/notary/tuf" tufclient "github.com/docker/notary/tuf/client" @@ -98,44 +96,6 @@ func NewTarget(targetName string, targetPath string) (*Target, error) { return &Target{Name: targetName, Hashes: meta.Hashes, Length: meta.Length}, nil } -// NewNotaryRepository is a helper method that returns a new notary repository. -// It takes the base directory under where all the trust files will be stored -// (usually ~/.docker/trust/). -func NewNotaryRepository(baseDir, gun, baseURL string, rt http.RoundTripper, - passphraseRetriever passphrase.Retriever) (*NotaryRepository, error) { - - keyStoreManager, err := keystoremanager.NewKeyStoreManager(baseDir, passphraseRetriever) - if err != nil { - return nil, err - } - - yubiKeyStore := api.NewYubiKeyStore() - cryptoService := cryptoservice.NewCryptoService(gun, yubiKeyStore, keyStoreManager.KeyStore) - - nRepo := &NotaryRepository{ - gun: gun, - baseDir: baseDir, - baseURL: baseURL, - tufRepoPath: filepath.Join(baseDir, tufDir, filepath.FromSlash(gun)), - CryptoService: cryptoService, - roundTrip: rt, - KeyStoreManager: keyStoreManager, - } - - fileStore, err := store.NewFilesystemStore( - nRepo.tufRepoPath, - "metadata", - "json", - "", - ) - if err != nil { - return nil, err - } - nRepo.fileStore = fileStore - - return nRepo, nil -} - // Initialize creates a new repository by using rootKey as the root Key for the // TUF repository. func (r *NotaryRepository) Initialize(rootKeyID string) error { diff --git a/client/repo.go b/client/repo.go new file mode 100644 index 0000000000..4e7f2a406c --- /dev/null +++ b/client/repo.go @@ -0,0 +1,50 @@ +// +build !pkcs11 + +package client + +import ( + "net/http" + "path/filepath" + + "github.com/docker/notary/cryptoservice" + "github.com/docker/notary/keystoremanager" + "github.com/docker/notary/pkg/passphrase" + "github.com/docker/notary/tuf/store" +) + +// NewNotaryRepository is a helper method that returns a new notary repository. +// It takes the base directory under where all the trust files will be stored +// (usually ~/.docker/trust/). +func NewNotaryRepository(baseDir, gun, baseURL string, rt http.RoundTripper, + passphraseRetriever passphrase.Retriever) (*NotaryRepository, error) { + + keyStoreManager, err := keystoremanager.NewKeyStoreManager(baseDir, passphraseRetriever) + if err != nil { + return nil, err + } + + cryptoService := cryptoservice.NewCryptoService(gun, keyStoreManager.KeyStore) + + nRepo := &NotaryRepository{ + gun: gun, + baseDir: baseDir, + baseURL: baseURL, + tufRepoPath: filepath.Join(baseDir, tufDir, filepath.FromSlash(gun)), + CryptoService: cryptoService, + roundTrip: rt, + KeyStoreManager: keyStoreManager, + } + + fileStore, err := store.NewFilesystemStore( + nRepo.tufRepoPath, + "metadata", + "json", + "", + ) + if err != nil { + return nil, err + } + nRepo.fileStore = fileStore + + return nRepo, nil +} diff --git a/client/repo_pkcs11.go b/client/repo_pkcs11.go new file mode 100644 index 0000000000..ab59f39585 --- /dev/null +++ b/client/repo_pkcs11.go @@ -0,0 +1,52 @@ +// +build pkcs11 + +package client + +import ( + "net/http" + "path/filepath" + + "github.com/docker/notary/cryptoservice" + "github.com/docker/notary/keystoremanager" + "github.com/docker/notary/pkg/passphrase" + "github.com/docker/notary/signer/api" + "github.com/docker/notary/tuf/store" +) + +// NewNotaryRepository is a helper method that returns a new notary repository. +// It takes the base directory under where all the trust files will be stored +// (usually ~/.docker/trust/). +func NewNotaryRepository(baseDir, gun, baseURL string, rt http.RoundTripper, + passphraseRetriever passphrase.Retriever) (*NotaryRepository, error) { + + keyStoreManager, err := keystoremanager.NewKeyStoreManager(baseDir, passphraseRetriever) + if err != nil { + return nil, err + } + + yubiKeyStore := api.NewYubiKeyStore() + cryptoService := cryptoservice.NewCryptoService(gun, yubiKeyStore, keyStoreManager.KeyStore) + + nRepo := &NotaryRepository{ + gun: gun, + baseDir: baseDir, + baseURL: baseURL, + tufRepoPath: filepath.Join(baseDir, tufDir, filepath.FromSlash(gun)), + CryptoService: cryptoService, + roundTrip: rt, + KeyStoreManager: keyStoreManager, + } + + fileStore, err := store.NewFilesystemStore( + nRepo.tufRepoPath, + "metadata", + "json", + "", + ) + if err != nil { + return nil, err + } + nRepo.fileStore = fileStore + + return nRepo, nil +} diff --git a/signer/api/ecdsa_hardware_crypto_service.go b/signer/api/ecdsa_hardware_crypto_service.go index b025900d0f..a76d21e8b1 100644 --- a/signer/api/ecdsa_hardware_crypto_service.go +++ b/signer/api/ecdsa_hardware_crypto_service.go @@ -1,4 +1,5 @@ // +build pkcs11 + package api import (