This instantiates a temporary server, publishes some targets to it, and
makes sure we can pull back the correct targets from the server.
Also fixes a few problems with the client unit tests, error reporting in
the client, and logging in the server.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This subdirectory is at the same level as root_keys. It avoids having
rootKeyStore and nonRootKeyStore overlap. Previously, the base directory
for rootKeyStore was .../private/root_keys and the base directory for
nonRootKeyStore was .../private.
This commit also removes deduplicating logic in ExportAllKeys, which is
no longer needed now that the stores don't overlap.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Move GenRootKey and GetRootCryptoService to KeyStoreManager, now that
they don't depend on client-specific types.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Refactor validateRoot into KeyStoreManager. It now takes the DNS name as
a parameter. When KeyStoreManager is used with a NotaryRepository, the
DNS name should be the GUN of the repository.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This structure encapsulates what used to be "rootKeyStore" and
"privKeyStore". These are being moved out of NotaryRepository, so that
operations like listing keys, importing keys, and exporting keys aren't
tied to a NotaryRepository structure.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
We now deal with CryptoServices directly instead of passing around
Signers.
UnlockedSigner becomes UnlockedCryptoService because it no longer
contains a Signer.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Distribution updated context library to use its own uuid library which does not panic on entropy exhaustion.
Updated to use latest context library from distribution.
Updated auth to match context and uuid library version.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This test now checks ListTargets and GetTargetByName as well. To do
this, it needs to expose signed metadata files over the internal HTTP
server. This means adding the timestamp private key to the key store and
exposing various json files as endpoints that serialize the necessary
data.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Remove "transport", because it's not used.
In the actual notary client, pass in a hard-coded URL for now (same one
previously hardcoded in getRemoteStore). In tests, create a trivial HTTP
server using net/http/httptest, which returns a timestamp.key file.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com>
Diogo Monica
David Lawrence
David Lawrence
Diogo Mónica
Aaron Lehmann
Derek McGowan