Test for if client cert is passed without a client key and vice versa.
Fail in ConfigureClientTLS if only one of client cert/key is passed.
Lint fixes.
Signed-off-by: Ying Li <ying.li@docker.com>
Use the github.com/docker/distribution/context package to get a logger
that adds a unique ID and useful information about each HTTP request.
Use this logger in HTTP handlers instead of using logrus or the log
package directly.
Remove [Notary Server] and [Notary Signer] prefixes from log messages.
The distribution/context package was already vendored, so there are no
Godeps changes necessary.
Sample output:
notaryserver_1 | time="2015-07-31T23:02:01Z" level=debug msg="retrieving timestamp key for docker.com/docker"
notarysigner_1 | time="2015-07-31T23:02:01Z" level=debug msg="generated ECDSA key with keyID: ea89e7dc49a13feab1e5ed349760b148c3c6ebd86968b2bc6cb0d003a8b79f78"
notarysigner_1 | time="2015-07-31T23:02:01Z" level=debug msg="generated new ecdsa key for role: and keyID: ea89e7dc49a13feab1e5ed349760b148c3c6ebd86968b2bc6cb0d003a8b79f78"
notarysigner_1 | time="2015-07-31T23:02:01Z" level=info msg="CreateKey: Created KeyID ea89e7dc49a13feab1e5ed349760b148c3c6ebd86968b2bc6cb0d003a8b79f78"
notaryserver_1 | time="2015-07-31T23:02:01Z" level=debug msg="Creating new timestamp key for docker.com/docker. With algo: ecdsa"
notaryserver_1 | time="2015-07-31T23:02:01Z" level=debug msg="Inserting timestamp key for docker.com/docker"
notaryserver_1 | time="2015-07-31T23:02:01Z" level=debug msg="200 GET timestamp key" docker.com/docker=gun http.request.host="192.168.99.100:4443" http.request.id=a720da02-4312-48ae-b122-6d4bce9d3b20 http.request.method=GET http.request.remoteaddr="192.168.99.1:58178" http.request.uri="/v2/docker.com/docker/_trust/tuf/timestamp.key" http.request.useragent="Go 1.1 package http"
notaryserver_1 | time="2015-07-31T23:02:01Z" level=info msg="response completed" http.request.host="192.168.99.100:4443" http.request.id=a720da02-4312-48ae-b122-6d4bce9d3b20 http.request.method=GET http.request.remoteaddr="192.168.99.1:58178" http.request.uri="/v2/docker.com/docker/_trust/tuf/timestamp.key" http.request.useragent="Go 1.1 package http" http.response.duration=29.703624ms http.response.status=200 http.response.written=181
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
The key database is not generally used but only used by the signing service.
Move the implementation to the signer package to be imported by the signer.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
- Add MemoryFileStore, a partial FileStore implementation that doesn't
persist on disk.
- Create a KeyStore interface that allows pluggable key store types. Use
this interface in the cryptoservice implementation.
- Add KeyMemoryStore, which uses MemoryFileStore to provide a KeyStore.
- Add GetKey and DeleteKey functions to cryptoservice.CryptoService.
- Refactor the hardware RSA signing service as a CryptoService.
- Replace custom ed25519 code with cryptoservice.CryptoService.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This causes notary-signer to use gotuf's Key interface instead of
defining its own redundant types.
We can go further with this in the future by removing the redundant
ED25519 implementation. This would be refactored into the cryptoservice
package, and notary-signer would be changed to use that package's
cryptoservice for key creation and signing operations.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Ying Li
David Lawrence
Diogo Mónica
Aaron Lehmann
Jessica Frazelle
Derek McGowan
Diogo Monica
Nathan McCauley