This causes notary-signer to use gotuf's Key interface instead of
defining its own redundant types.
We can go further with this in the future by removing the redundant
ED25519 implementation. This would be refactored into the cryptoservice
package, and notary-signer would be changed to use that package's
cryptoservice for key creation and signing operations.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This subdirectory is at the same level as root_keys. It avoids having
rootKeyStore and nonRootKeyStore overlap. Previously, the base directory
for rootKeyStore was .../private/root_keys and the base directory for
nonRootKeyStore was .../private.
This commit also removes deduplicating logic in ExportAllKeys, which is
no longer needed now that the stores don't overlap.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Add unit test coverage that makes this check fail. Also add unit test
coverage for making sure trying to import something that isn't PEM fails
in the expected way.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Paths that abuse .. shouldn't be able to escape from the filestore. This
is especially important when importing keys from zip files that could
have "creative" paths encoded in the zip.
Add test coverage for this protection.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This function reads a zip file and populates the keystores with the keys
in the zip file. Root keys are left encrypted, and non-root keys are
decrypted before being added to the keystore.
The unit test first exports a repo's keys to a zip file, then imports it
into another repo. It checks that all the correct keys exist in the new
repo after the import operation.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This allows all keys to be exported to a zip file. Keys that were
already encrypted are kept as-is, and keys that weren't encrypted are
encrypted with the specified passphrase.
Also add a unit test that creates the zip file and checks the expected
keys all exist, and are all encrypted with the expected passphrase.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Move GenRootKey and GetRootCryptoService to KeyStoreManager, now that
they don't depend on client-specific types.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Refactor validateRoot into KeyStoreManager. It now takes the DNS name as
a parameter. When KeyStoreManager is used with a NotaryRepository, the
DNS name should be the GUN of the repository.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This structure encapsulates what used to be "rootKeyStore" and
"privKeyStore". These are being moved out of NotaryRepository, so that
operations like listing keys, importing keys, and exporting keys aren't
tied to a NotaryRepository structure.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Ping endpoint added so clients can get the list of authentication challenges before making an initial request.
Updated MainHandler to return JSON object instead of a string.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
ECDSA timestamp keys currently not supported by crypto service, use support ED25519.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
When we need to find a key from its ID, search all available signing
services. There should only be a few, so this shouldn't have much
overhead. This avoids the need to maintain a persistent mapping between
key ID and the responsible signing service.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
We now deal with CryptoServices directly instead of passing around
Signers.
UnlockedSigner becomes UnlockedCryptoService because it no longer
contains a Signer.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Aaron Lehmann
David Lawrence
Diogo Mónica
Diogo Monica
Richard Scothern
Nathan McCauley
Derek McGowan
David Lawrence