mirror of https://github.com/docker/docs.git
Implementing ListTargets
This commit is contained in:
Diogo Monica
parent
30c0856266
commit
93f7d9911f
|
|
@ -10,7 +10,6 @@ import (
|
|||
"io/ioutil"
|
||||
"net/http"
|
||||
"os"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"time"
|
||||
|
||||
|
|
@ -21,8 +20,6 @@ import (
|
|||
"github.com/endophage/gotuf/keys"
|
||||
"github.com/endophage/gotuf/signed"
|
||||
"github.com/endophage/gotuf/store"
|
||||
|
||||
"github.com/spf13/viper"
|
||||
)
|
||||
|
||||
// Default paths should end with a '/' so directory creation works correctly
|
||||
|
|
@ -55,6 +52,7 @@ type Repository interface {
|
|||
}
|
||||
|
||||
type NotaryClient struct {
|
||||
baseDir string
|
||||
caStore trustmanager.X509Store
|
||||
certificateStore trustmanager.X509Store
|
||||
rootKeyStore trustmanager.EncryptedFileStore
|
||||
|
|
@ -63,6 +61,7 @@ type NotaryClient struct {
|
|||
type NotaryRepository struct {
|
||||
Gun string
|
||||
baseURL string
|
||||
tufRepoPath string
|
||||
transport http.RoundTripper
|
||||
signer *signed.Signer
|
||||
tufRepo *tuf.TufRepo
|
||||
|
|
@ -97,8 +96,11 @@ func NewTarget(targetName string, targetPath string) (*Target, error) {
|
|||
// NewClient is a helper method that returns a new notary Client, given a config
|
||||
// file. It makes the assumption that the base directory for the config file will
|
||||
// be the place where trust information is being cached locally.
|
||||
func NewClient(trustDir, rootKeysDir string) (*NotaryClient, error) {
|
||||
nClient := &NotaryClient{}
|
||||
func NewClient(baseDir string) (*NotaryClient, error) {
|
||||
trustDir := filepath.Join(baseDir, trustDir)
|
||||
rootKeysDir := filepath.Join(baseDir, rootKeysDir)
|
||||
|
||||
nClient := &NotaryClient{baseDir: baseDir}
|
||||
|
||||
err := nClient.loadKeys(trustDir, rootKeysDir)
|
||||
if err != nil {
|
||||
|
|
@ -183,7 +185,7 @@ func (r *NotaryRepository) Initialize(rootKey *data.PublicKey) error {
|
|||
r.tufRepo = tuf.NewTufRepo(kdb, r.signer)
|
||||
|
||||
r.fileStore, err = store.NewFilesystemStore(
|
||||
path.Join(viper.GetString("tufDir")),
|
||||
r.tufRepoPath,
|
||||
"metadata",
|
||||
"json",
|
||||
"targets",
|
||||
|
|
@ -232,12 +234,13 @@ func (r *NotaryRepository) ListTargets() ([]*Target, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// TODO(diogo): return hashes
|
||||
targetList := make([]*Target, 0)
|
||||
for name, meta := range r.tufRepo.Targets["targets"].Signed.Targets {
|
||||
fmt.Println(name, " ", meta.Hashes["sha256"], " ", meta.Length)
|
||||
target := &Target{Name: name, Hashes: meta.Hashes, Length: meta.Length}
|
||||
targetList = append(targetList, target)
|
||||
}
|
||||
|
||||
return nil, nil
|
||||
return targetList, nil
|
||||
}
|
||||
|
||||
// GetTargetByName returns a target given a name
|
||||
|
|
@ -299,7 +302,7 @@ func (r *NotaryRepository) Publish() error {
|
|||
|
||||
func (r *NotaryRepository) bootstrapRepo() error {
|
||||
fileStore, err := store.NewFilesystemStore(
|
||||
path.Join(viper.GetString("tufDir")),
|
||||
r.tufRepoPath,
|
||||
"metadata",
|
||||
"json",
|
||||
"targets",
|
||||
|
|
@ -415,7 +418,7 @@ func (r *NotaryRepository) ValidateRoot(root *data.Signed) error {
|
|||
for _, fingerprint := range rootSigned.Roles["root"].KeyIDs {
|
||||
// TODO(dlaw): currently assuming only one cert contained in
|
||||
// public key entry. Need to fix when we want to pass in chains.
|
||||
k, _ := pem.Decode([]byte(rootSigned.Keys["kid"].Public()))
|
||||
k, _ := pem.Decode([]byte(rootSigned.Keys[fingerprint].Public()))
|
||||
|
||||
decodedCerts, err := x509.ParseCertificates(k.Bytes)
|
||||
if err != nil {
|
||||
|
|
@ -508,7 +511,7 @@ func (c *NotaryClient) GenRootKey(passphrase string) (*data.PublicKey, error) {
|
|||
|
||||
// GetRepository returns a new repository
|
||||
func (c *NotaryClient) GetRepository(gun string, baseURL string, transport http.RoundTripper) (*NotaryRepository, error) {
|
||||
privKeyStore, err := trustmanager.NewKeyFileStore(viper.GetString("privDir"))
|
||||
privKeyStore, err := trustmanager.NewKeyFileStore(filepath.Join(c.baseDir, privDir))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -517,6 +520,7 @@ func (c *NotaryClient) GetRepository(gun string, baseURL string, transport http.
|
|||
|
||||
return &NotaryRepository{Gun: gun,
|
||||
baseURL: baseURL,
|
||||
tufRepoPath: filepath.Join(c.baseDir, tufDir),
|
||||
transport: transport,
|
||||
signer: signer,
|
||||
caStore: c.caStore,
|
||||
|
|
|
|||
|
|
@ -18,9 +18,9 @@ import (
|
|||
|
||||
const configFileName string = "config"
|
||||
const configPath string = ".docker/trust/"
|
||||
const trustDir string = configPath + "trusted_certificates/"
|
||||
const privDir string = configPath + "private/"
|
||||
const rootKeysDir string = configPath + "root_keys/"
|
||||
const trustDir string = "trusted_certificates/"
|
||||
const privDir string = "private/"
|
||||
const rootKeysDir string = "root_keys/"
|
||||
|
||||
var rawOutput bool
|
||||
var nClient *notaryclient.NotaryClient
|
||||
|
|
@ -58,12 +58,11 @@ func init() {
|
|||
}
|
||||
|
||||
// Set up the defaults for our config
|
||||
viper.SetDefault("trustDir", path.Join(homeDir, path.Dir(trustDir)))
|
||||
viper.SetDefault("baseTrustDir", path.Join(homeDir, path.Dir(configPath)))
|
||||
|
||||
// Get the final value for the CA directory
|
||||
finalTrustDir := viper.GetString("trustDir")
|
||||
finalPrivDir := viper.GetString("privDir")
|
||||
finalRootKeysDir := viper.GetString("rootKeysDir")
|
||||
finalTrustDir := path.Join(viper.GetString("baseTrustDir"), trustDir)
|
||||
finalPrivDir := path.Join(viper.GetString("baseTrustDir"), privDir)
|
||||
|
||||
// Load all CAs that aren't expired and don't use SHA1
|
||||
caStore, err = trustmanager.NewX509FilteredFileStore(finalTrustDir, func(cert *x509.Certificate) bool {
|
||||
|
|
@ -74,7 +73,7 @@ func init() {
|
|||
cert.SignatureAlgorithm != x509.ECDSAWithSHA1
|
||||
})
|
||||
if err != nil {
|
||||
fatalf("could not create X509FileStore: %v", err)
|
||||
fatalf("could not create CA X509FileStore: %v", err)
|
||||
}
|
||||
|
||||
// Load all individual (nonCA) certificates that aren't expired and don't use SHA1
|
||||
|
|
@ -86,20 +85,18 @@ func init() {
|
|||
cert.SignatureAlgorithm != x509.ECDSAWithSHA1
|
||||
})
|
||||
if err != nil {
|
||||
fatalf("could not create X509FileStore: %v", err)
|
||||
fatalf("could not create Certificate X509FileStore: %v", err)
|
||||
}
|
||||
|
||||
privKeyStore, err = trustmanager.NewKeyFileStore(finalPrivDir)
|
||||
if err != nil {
|
||||
fatalf("could not create FileStore: %v", err)
|
||||
fatalf("could not create KeyFileStore: %v", err)
|
||||
}
|
||||
|
||||
// TODO(diogo): Client should receive the config
|
||||
nClient, err = notaryclient.NewClient(finalTrustDir, finalRootKeysDir)
|
||||
nClient, err = notaryclient.NewClient(viper.GetString("baseTrustDir"))
|
||||
if err != nil {
|
||||
fatalf("could not create FileStore: %v", err)
|
||||
fatalf("could not create Notary Client: %v", err)
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
func main() {
|
||||
|
|
|
|||
|
|
@ -122,8 +122,16 @@ func tufList(cmd *cobra.Command, args []string) {
|
|||
fatalf(err.Error())
|
||||
}
|
||||
|
||||
// TODO(diogo): Parse Targets and print them
|
||||
_, _ = repo.ListTargets()
|
||||
// Retreive the remote list of signed targets
|
||||
targetList, err := repo.ListTargets()
|
||||
if err != nil {
|
||||
fatalf(err.Error())
|
||||
}
|
||||
|
||||
// Print all the available targets
|
||||
for _, t := range targetList {
|
||||
fmt.Println(t.Name, " ", t.Hashes["sha256"], " ", t.Length)
|
||||
}
|
||||
}
|
||||
|
||||
func tufLookup(cmd *cobra.Command, args []string) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue