When the user insists on an invalid passphrase (or aborts the
operation), CryptoService.GetPrivateKey will try the correct root
location first, correctly failing, and then try to look for the root key
in the $gun subdirectory, and so will return the last error, a confusing
”open $path: no such file or directory”.
So, recognize the passphrase-related errors and fail with them directly.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
it is not a root role.
Updated the cryptoservice tests to test all key algorithms, all roles,
and cryptoservices without a GUN. This then also found bugs in
cryptoservice.GetKey, cryptoservice.RemoveKey, and
cryptoservice.GetPrivateKey, which weren't really being exercised
previously.
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
* RemoveKey must purge the cache entry
* Add mutexes to KeyFileStore and KeyMemoryStore so the cachedKeys map
is protected in the case that keystore operations happen from multiple
goroutines
* Change GetKey to return the alias along with the key. Remove
GetKeyAlias. This simplifies the code flows that retrieve the alias
(since they usually get the key and alias together).
* Fix tests affected by key caching
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
- Add MemoryFileStore, a partial FileStore implementation that doesn't
persist on disk.
- Create a KeyStore interface that allows pluggable key store types. Use
this interface in the cryptoservice implementation.
- Add KeyMemoryStore, which uses MemoryFileStore to provide a KeyStore.
- Add GetKey and DeleteKey functions to cryptoservice.CryptoService.
- Refactor the hardware RSA signing service as a CryptoService.
- Replace custom ed25519 code with cryptoservice.CryptoService.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Move GenRootKey and GetRootCryptoService to KeyStoreManager, now that
they don't depend on client-specific types.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Riyaz Faizullabhoy
HuKeping
Miloslav Trmač
David Lawrence
Ying Li
Diogo Monica
Derek McGowan
Aaron Lehmann
Nathan McCauley