docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
807 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

28 Commits

Author SHA1 Message Date
David Lawrence be4c0669c1 move import/export to cryptoservice and add import to yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence f791c01974 cryptoservices can abstract multiple keystores 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-30 11:05:43 -07:00
Ying Li 91d54899d7 Add a GetPrivateKey method to cryptoservice so that we can future-proof 
cryptoservice having multiple keystores

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-29 16:34:40 -07:00
Ying Li f9019873a6 Merge pull request #243 from endophage/key_types 
creating concrete types for the various key ciphers
 2015-10-29 14:21:33 -07:00
David Lawrence b7ce16ab6f fixes for Diogo's comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-28 19:24:51 -07:00
David Lawrence f73560d839 creating concrete types for the various key ciphers 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-28 16:02:55 -07:00
Ying Li 126691ac9e Update the notary server and signer configs to make use of client authentication. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-28 15:42:33 -07:00
Ying Li 34aecae033 Split out parsing the client TLS in notary-server. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-28 15:40:41 -07:00
David Lawrence fa70a79ed7 go fmt was complaining about import order after my sed replacement 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-27 17:22:08 -07:00
David Lawrence 2833a88292 adding gotuf to notary 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-27 16:36:06 -07:00
Ying Li 61f9f84254 Use configuration option structures to set up client TLS and server TLS. 
Test for if client cert is passed without a client key and vice versa.
Fail in ConfigureClientTLS if only one of client cert/key is passed.
Lint fixes.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-21 18:43:33 -07:00
Ying Li fb1013b997 Add servername to the client TLS config, and use it to build notary-server's 
TLS connection to notary-signer.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-19 17:29:54 -07:00
Ying Li 3c58f3cffc Simplify server health check to only check only the key management client. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-16 15:11:19 -07:00
Ying Li 6db76a873e Small cleanup as per review comments 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-16 14:48:05 -07:00
Ying Li 81380e0862 Even simpler - cancel the GRPC call using the context object passed 
to the GRPC clients - thanks @endophage!

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-16 09:46:08 -07:00
Ying Li faff328d62 Simplify by using a single buffered channel, instead of having a done 
channel and a regular channel - thanks @aaronlehmann!

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-15 11:43:17 -07:00
Ying Li 23a5d42bf6 Use a done channel to clean up and prevent the goroutine from writing 
to a closed channel.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-15 11:15:07 -07:00
Ying Li a1edc02b82 Use a function interface instead of declaring an anonymous interface in 
the function arguments.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-15 10:34:11 -07:00
Ying Li b94915628b Changing docstring to re-trigger CI 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-15 09:13:24 -07:00
Ying Li 33e031444e Better line wrapping and more comments 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-14 18:10:21 -07:00
Ying Li bca919c65f Making an RPC call would hang forever if the connection to the GRPC server dies 
(it just retries to connect, and the RPC call would just block until it does), so change up
how this works by timing out the health check.

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-14 18:03:19 -07:00
Ying Li 4028941b3f Add health checks functions to the trust service client API. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-14 13:23:21 -07:00
David Lawrence 81d69a4f5c update signature proto to include sig algorithm 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-22 16:51:55 -07:00
Diogo Monica 3b261e8972 Removing comments 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 10:08:15 -07:00
Aaron Lehmann a9f12f52f8 Implement missing functions in NotarySigner to fully satisfy CryptoService interface 
These missing functions aren't used, so they're not strictly necessary
at this point. However, it's cleaner to fully implement the interface
than to have functions that don't work with TODO comments.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-20 09:57:44 -07:00
Aaron Lehmann d2ea9cc0d5 Updates to notary for gotuf's split of PublicKey and PrivateKey interfaces 
Functions should now take data.PublicKey or data.PrivateKey instead of
data.Key.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-17 11:35:22 -07:00
Aaron Lehmann 125d72fd77 Big refactor to make signer use cryptoservices 
- Add MemoryFileStore, a partial FileStore implementation that doesn't
  persist on disk.

- Create a KeyStore interface that allows pluggable key store types. Use
  this interface in the cryptoservice implementation.

- Add KeyMemoryStore, which uses MemoryFileStore to provide a KeyStore.

- Add GetKey and DeleteKey functions to cryptoservice.CryptoService.

- Refactor the hardware RSA signing service as a CryptoService.

- Replace custom ed25519 code with cryptoservice.CryptoService.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-17 09:33:19 -07:00
Diogo Monica f03626a10e Refactored Rufus API 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-14 00:23:38 -07:00