e3cee0cdbd
Refactor the client TestInitRepo test into reusable helper functions.
...
Also, eliminate the timestamp JSON constant and just generate a new
one for the tests.
The client test now also uses KeyFileStore and certs.Manager to
verify the keys and certs on disk, rather than directly manipulating
the files themselves. This way, if the exact implementation of
KeyFileStore or certs.Manager changes, this test won't fail so long
as KeyFileStore and certs.Manager are self-consistent.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-03 17:52:22 -08:00
dbcb56b3bf
Renamed keystoremanager to certs, and KeyStoreManager to Manager.
...
Since it no longer depends upon KeyStore, nor does it manipulate keys
in any way.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-23 17:19:26 -05:00
2c451909db
Fixing wrongly named file that led to test init deleting keys
2015-11-14 12:51:31 +01:00
517763a26d
Merge pull request #280 from docker/remove-get-root
...
Remove KeyStoreManager's dependency on a KeyStore.
2015-11-13 15:51:42 -08:00
edf0520c9b
Remove KeyStoreManager's dependency on a KeyStore.
...
The root generation code is handled by CryptoService now.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-13 15:00:45 -08:00
8432f9db07
Fixes client to report problems contacting the remote server.
...
Currently, when listing, publishing, or getting a particular target,
if the remote server errors, the client attempts to load it from a
local cache. However, if there is no local cache, it just returns
Metadata Not Found for listing and getting. Have it report the
remote the original remote error instead of Metadata Not Found
locally.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-13 05:26:00 -08:00
f6ecd1c1ca
Merge pull request #53 from docker/non-pkcs-in-ci
...
Start running without the pkcs11 buildtag in CI, and generate coverage.
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
2015-11-12 01:13:11 -08:00
cf85394b4c
Start running without the pkcs11 buildtag in CI, and generate coverage.
...
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
2015-11-12 01:13:08 -08:00
b894d98392
Merge pull request #54 from docker/verify_hw_sigs
...
add verification to yubikey signatures. Attempt to generate sig up to…
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
2015-11-12 01:13:05 -08:00
9b8645c39f
add verification to yubikey signatures. Attempt to generate sig up to 5 times, fail if all 5 are invalid
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-12 01:13:03 -08:00
8628b57a96
private subdir should be added by keyfilestore, rather than all over the place
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-12 01:12:57 -08:00
c82802b800
Move ecdsa_hardware_crypto_service to trustmanager/yubikeystore
...
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
2015-11-12 01:10:56 -08:00
28c3eca478
Merge pull request #28 from docker/import_to_yubikey
...
Import to yubikey
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: David Lawrence <dclwrnc@gmail.com> (github: endophage)
2015-11-12 01:09:35 -08:00
91e8b9bcdb
backup to a KeyFileStore and take out key remove
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-12 01:09:32 -08:00
e8d2240c79
write private key to a backup dir when creating keys on yubikey
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-12 01:09:31 -08:00
b7c38f0287
fixing tests
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-12 01:09:31 -08:00
be4c0669c1
move import/export to cryptoservice and add import to yubikey
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-12 01:09:31 -08:00
5b6f64de4b
Refactor notary client tests.
...
Move common code out into helper functions, and split up the bigger tests
into tests that specifically test adding targets, getting changelists,
publishing, and listing, as opposed to having two giant tests instead.
Also depend more on existing functions in the code (such as
NotaryRepository.GetChangelists and the server ServerMux), rather than
reimplementing them in the tests.
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
2015-11-12 01:09:06 -08:00
519a2ccbe8
removing all errors that aren't in use, fixing one place in memorystore that was using a different errorcode to all other stores, pushing errors into appropriate packages
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-12 01:08:49 -08:00
68992ddaf5
Resolving rebase conflicts
...
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
2015-11-12 01:07:09 -08:00
b59225297a
Fixing makefile
...
Signed-off-by: Diogo Monica <diogo@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
2015-11-12 01:06:40 -08:00
07f0065152
ask for pin when signing
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-12 01:06:38 -08:00
4648666b7c
add pkcs11 build tags
...
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
2015-11-12 01:06:26 -08:00
21138e6bad
Working version of Notary and Yubikey
...
Signed-off-by: Diogo Monica <diogo@docker.com>
Remove symlinks from notary-client repo creation
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com>
WIP
Signed-off-by: Diogo Monica <diogo@docker.com>
working yubikey integration
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
Fixing small colon bug
Signed-off-by: Diogo Monica <diogo@docker.com>
Added things. Ship it.
Signed-off-by: Diogo Monica <diogo@docker.com>
Bringing ecdsahwcryptosigner to 2015
Signed-off-by: Diogo Monica <diogo@docker.com>
Working version of notary and yubikey
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-11-12 01:06:09 -08:00
9428beea50
expose cryptoservice in NotarySigner
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-30 11:08:35 -07:00
91d54899d7
Add a GetPrivateKey method to cryptoservice so that we can future-proof
...
cryptoservice having multiple keystores
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 16:34:40 -07:00
7dc0dbec84
Remove the cryptoservice argument to sign
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 16:34:21 -07:00
a3e9558b03
1. Add docstring as to why we are trying a key ID with a GUN and one without - thanks @diogo!
...
2. Call NotaryRepository.cryptoService.GetKey rather than
NotaryRepository.KeyStoreManager.KeyStore.GetKey
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 16:13:23 -07:00
b9a4175ea9
Update the client NotaryRepository to initialize with a root key ID
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 15:11:15 -07:00
ca7988d642
fixing lint + vet things
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-28 16:20:08 -07:00
f73560d839
creating concrete types for the various key ciphers
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-28 16:02:55 -07:00
daa36b43b7
Merge pull request #242 from docker/unify-root-nonroot-keystore
...
Unify root nonroot keystore
2015-10-28 13:14:19 -07:00
fa70a79ed7
go fmt was complaining about import order after my sed replacement
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-27 17:22:08 -07:00
2833a88292
adding gotuf to notary
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-27 16:36:06 -07:00
566bd3ce67
Combine the nonRootKeyStore with the rootKeyStore, and move the abstracting
...
over the root keys directory from non-root keys directory from keystoremanager
to keystore, since we're eliminating keystoremanager.
Maintain the two separate directories, though, because one can't tell whether
there is an old-style separate-directories structure, or if someone has a GUN
that starts with tuf_keys.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-27 12:33:46 -07:00
ed61974d10
Remove linking from the filestore
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-23 21:19:47 -07:00
402c704798
Remove symlinks from notary-client repo creation
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-21 14:21:10 -07:00
8a996f417a
updating godeps and notary for some syntax changes in gotuf brought on by golint
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-20 23:56:35 -07:00
e587b0427a
test for key rotation
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-09 22:53:57 -07:00
98cde51f18
working basic key rotation for targets and snapshot key. Command is 'notary key rotate [GUN]'
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-09 20:35:06 -07:00
ac54370fb0
cleanup after discussing with Diogo
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-09 19:40:36 -07:00
009400650e
minor tweaks to key rotation
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-09 19:24:08 -07:00
959d0267ac
command skeletons in place, changelist actions implemented
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-09 19:24:08 -07:00
83f96997d3
changelist management of key rotation
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-09 19:23:47 -07:00
7bee606f43
Add support for 'notary status' command to show details about unpublished changes
...
Signed-off-by: Ryan Cox <ryan.a.cox@gmail.com>
2015-10-08 22:07:36 -07:00
83d0d8657f
Add ChangeIterator interface for Changelists
...
+ Ref https://github.com/docker/notary/issues/144
+ Create ChangeIterator interface
+ Implement ChangeIterator interface for memChangeList
+ Implement ChangeIterator interface for fileChangeList
+ Add iterator test case to changelist_test
+ Add iterator test case to file_changelist_test
+ Change func applyChangelist to use iterator per PR comment
+ Remove redundant defer statement in file_changelist_test.go (PR comment)
+ Change Next error check to simple array bounds check (PR comment)
+ Add negative unit test cases to increase code coverage
Signed-off-by: David Williamson <david.williamson@docker.com>
2015-08-30 14:19:00 -07:00
33b77ea733
Merge pull request #175 from endophage/get_remote_err
...
check error in initializing remote store
2015-08-10 10:30:08 -07:00
0ece438313
server side validation during updates
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-08-05 14:00:07 -07:00
3794dbf28e
check error in initializing remote store
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-31 16:20:17 -07:00
f7ca3ef62e
make key algorithm configurable for local development with in memory ed25519 crypto service
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-30 11:53:39 -07:00
Ying Li
Diogo Monica
Ying Li
David Lawrence
David Lawrence
Diogo Monica
Jessica Frazelle
Ryan Cox
David Williamson