cea46f7c3e
Change root cert rotation to be root key rotation instead
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-13 22:12:53 -07:00
708507adde
Require signing with all previous roles, instead of just the immediately previous role
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-13 22:10:58 -07:00
160ea2bc54
Address review comments and improve docstrings
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-13 11:48:36 -07:00
d835fbbca2
Implement root certificate rotation in NotaryRepository
...
NotaryRepository can now list root certificates, and
generate new versions (as changelists to be applied
on Publish).
This is a pretty mechanical encapsulation of the
root certificate rotation support in Repo.AddBaseKeys
and Repo.RemoveBaseKeys. The only slightly interesting
part is ListRootCert, which requires on-line access
to ensure fresh data, and depends on CertStore doing
some verification for us.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2016-04-13 11:48:36 -07:00
f23f2093e3
Create enough signatures as role's threshold requires
...
Tell signed.Sign how many signatures are necessary to sign a role, and
have it fail if it cannot create that many.
For most uses this does not make much of a difference because the
threshold tends to be 1 and signed.Sign was already failing if no key
could be found or if no signature could be created; only >1-threshold
roles now (correctly) fail in additional situations. But the knowledge
of a role’s threshold will be useful in a future commit.
Always use ErrInsufficientSignatures for this failure, whether this is
when loading the keys or actually using them (also fixing
ErrInsufficentSignature documentation to refer to signing and not
verification). ErrNoKeys is no longer returned by signed.Sign.
So, adjust the “snapshot key is not available” logic in
NotaryRepository.Publish accordingly, which also makes it more precise
(actually triggering only when no snapshot key is available).
Now that role's threshold is enforced when signing, update
TestValidateRootInvalidTimestampThreshold to create the second key
necessary to correctly sign the timestamp role.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2016-04-13 11:48:36 -07:00
cf4e726514
"make lint" wasn't actually linting every file in the repo. golint ./...
...
ignores buildtags, for instance, and somehow didn't pick up some code in
the signer.
This calls golint on every go file in the repo and also fixes some linting
issues, which involves renaming two yubikey functions to avoid stuttering.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-12 22:28:32 -07:00
14a563bb51
Add a few more descriptive comments
...
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2016-04-12 14:33:45 -07:00
f8c42e4cbf
NotaryRepository.Update now just returns an error, rather than a client
...
an error, because we don't actually use the client anymore.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-06 14:08:08 -07:00
38cfb6f961
Change assert to require in client/changelist package.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-04-05 15:13:29 -07:00
0a60261fab
Use constant for root role
...
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-03-29 07:08:23 +08:00
ddff581bd8
Use constant for targets role
...
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-03-29 07:08:16 +08:00
67b0ec3771
Use constant for snapshot
...
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-03-28 17:21:24 +08:00
3b80293a0c
Add test cases generating a timestamp from previous timestamps
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-23 13:24:52 -07:00
bfee37d471
update top level Signed.Signed to be a *json.RawMessage
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-03-18 16:18:53 -07:00
9ecd899e25
Removing key import and gun from cryptoservice
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-18 11:31:03 -07:00
2a37590ea6
update interface and comments
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-18 11:06:37 -07:00
95af5d4800
try cleaning up removekey, debugging tests
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-18 11:04:00 -07:00
351b247aec
add tests for initial keystore state, and after removing and adding
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-18 11:03:11 -07:00
b65723fce3
Remove mentions of fallback
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-16 15:12:12 -07:00
83f7c758ca
Remove delegation role fallback when applying targets changes
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-03-16 15:12:11 -07:00
44cccbb4db
Make all key rotations publish immediately, not just remote key rotations
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:35:30 -07:00
fa5edc40af
Publish only the key rotation changes after a remote key rotation
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:17:27 -07:00
b6c4840231
Update comments, and publish in the CLI after remote key rotation
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:17:27 -07:00
e3716f0be9
Change the CLI for rotate key to require a role type
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:17:27 -07:00
07b9f504e4
Update the CLI and client to no longer reject remote timestamp rotations.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 18:17:27 -07:00
4022e97b08
Use 'require' instead of 'assert' in client and TUF client tests
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-15 13:52:48 -07:00
e25746dac3
Use a CacheControlHandler that wraps other handlers instead
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-14 17:19:13 -07:00
6b96c7e56d
[PATCH 3/8] Add sha512 when creating target, snapshot and timestamp
...
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-03-11 10:44:42 +08:00
1bfafa0b77
Add test to check that if a key is rotated, but the requisite piece of
...
metadata hasn't been resigned, that an update fails because the
cached version is no longer valid.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-03-03 09:22:26 -08:00
cb2dd07edc
the server was not setting the longer snapshot expiry time. When generating a timestamp it was also retriving the snapshot directly from the database and only validating the checksum still matched what was in the timestamp. Due to the addition of consistent downloads, this mean a new snapshot never got generated. It is necessary for GetOrCreateTimestamp to call GetOrCreateSnapshot to ensure a new snapshot is generated as and when required
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-02-24 15:51:31 -08:00
bde878cdb6
changing API for updating delegations
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-23 11:57:08 -08:00
729bb88537
addressing review comments
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-23 11:55:31 -08:00
06e34e825a
walk for updating/creating delegations, validate changes to paths
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-23 11:55:31 -08:00
fe1c8ea1d8
More robust errors for visitor and walker, improve comments
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-23 11:55:31 -08:00
a7153aeccb
WalkTargets on tuf repo, use in getting targets/roles
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-23 11:55:31 -08:00
be3520c011
Update the integration tests after rebase
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-22 19:52:18 -08:00
4b13e7d358
Refactor RootRole verification into a helper function used by root and targets validation
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-22 19:16:32 -08:00
36ea1f6901
Add root metadata validation to the root data structure
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-22 19:16:32 -08:00
b8866877b0
Clarify test comment
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-18 18:59:14 -08:00
14edbe33e1
add snapshot meta check in download root, update tests
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-17 19:40:11 -08:00
9dfaee1add
Refactor and add to per-metadata-type mutation tests
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-17 19:39:57 -08:00
edb70b5474
Fix test bug where root role mutations weren't being tested
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-17 19:35:03 -08:00
401690d621
Include client update tests to test updating non-root metadata that are missing pieces
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-17 19:35:03 -08:00
95325cd19b
Include client update tests to test updating roots that are missing roles
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-17 19:35:03 -08:00
0d10758c32
Merge pull request #566 from docker/role-types-getters
...
Role types with keys, remove keyDB
2016-02-17 18:17:34 -08:00
1db128778d
completely removing KeyDB
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-02-16 21:11:13 -08:00
5931f93134
fix current typos
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-16 13:36:57 -08:00
aaef008706
Add test function to ensure that fixture expiry dates are all far far in the future.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-04 17:14:00 -08:00
00203f7785
Update the previous backwards compatibility test, and add a new test for downloading.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-04 11:51:20 -08:00
0369344a78
split client.go into delegations.go
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-02-02 17:10:07 -08:00
Ying Li
Miloslav Trmač
HuKeping
David Lawrence
Riyaz Faizullabhoy
Riyaz Faizullabhoy