529230369a
tests for changelist client helpers
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-28 11:29:46 -07:00
0f322c69a2
fixing remove
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-28 10:21:14 -07:00
02dfdaf197
Use correct regular expression for repository names in HTTP handlers
...
Import github.com/docker/distribution/registry/api/v2 to share the
regexps that the registry API uses.
Remove ErrUnauthorized in errors package, since it conflicts with one
defined in v2.
Fixes #92
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-27 14:51:59 -07:00
503a1b8a6e
change error log to debug
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-23 14:24:46 -07:00
3154aa9d29
Adding tests for CertsToRemove, and move tests around
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-22 19:08:01 -07:00
6fd60f88d1
add ErrExpired to notary client to translate from gotuf ErrExpired
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-22 18:54:00 -07:00
21a9b99e94
Merge pull request #114 from docker/invalid_password_err
...
better error handling for invalid password
2015-07-22 15:09:53 -07:00
1fc3257f6e
updating gotuf dep with some better http error handling.
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-22 13:19:52 -07:00
cfe8255187
better error handling for invalid password
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-22 11:37:54 -07:00
8b2888d122
latest vendored gotuf
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-21 13:57:21 -07:00
b44e835275
update default expiry times to those agreed on
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-20 14:59:19 -07:00
42ded6231c
Converted tests to testify and EC generation
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-20 13:36:03 -07:00
ff2e583439
Merge pull request #101 from dmcgowan/passphrase-util
...
Move passphrase logic to its own package
2015-07-20 13:15:20 -07:00
c35c1ea254
Move passphrase logic to its own package
...
The logic to retrieve passphrase is generic and may be used by directly by clients.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-20 13:02:05 -07:00
a5df3c00cc
Merge pull request #89 from docker/general_cleanup
...
WIP general cleanup
2015-07-20 12:45:03 -07:00
7c05c0e334
breaking out role initialization to shorten NotaryRepository.Initialize a bit
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-20 11:47:30 -07:00
20b60d9cc2
cleaning up cache vs filestore
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-20 11:47:30 -07:00
0642da80f1
review feedback
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 11:00:24 -07:00
38fe6bd45b
gofmt across the baord
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 11:00:24 -07:00
de6f65b7e7
many testing fixups to support key aliasing
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 11:00:22 -07:00
f239757dfd
keystore aliasing, take 2
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 10:58:20 -07:00
23b7e8c6af
Update keyfilestore to use passwordRetriever
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 10:58:16 -07:00
3b261e8972
Removing comments
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-20 10:08:15 -07:00
9d31d343f3
Merge pull request #83 from docker/cooking-the-tofu-to-support-rotations
...
Cooking the tofu to support rotations
2015-07-19 14:50:39 -07:00
3974e0015c
removing single file append changelist
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-18 22:51:40 -07:00
c9732dd9cb
stop targets dir being created, we don't use it
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-18 22:46:04 -07:00
54d40f2ae3
updating error messages
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-18 22:25:19 -07:00
5015b1f47d
fixing timestamps, clearing changelists, and the Adding target byte log
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-18 17:55:13 -07:00
117a25758d
Fixing return errors
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-18 01:42:57 -07:00
b561f347ed
updating errors to use distribution's errcode package
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-17 18:02:56 -07:00
d453c6548d
client side of multi TUF file atomic update
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-17 17:48:06 -07:00
552ccf411a
Merge pull request #80 from docker/test-publish
...
Add a unit test for publish
2015-07-17 16:53:45 -07:00
afc331b930
Add a unit test for publish
...
This instantiates a temporary server, publishes some targets to it, and
makes sure we can pull back the correct targets from the server.
Also fixes a few problems with the client unit tests, error reporting in
the client, and logging in the server.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-17 16:27:31 -07:00
f532550742
Rebase works
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-17 14:44:51 -07:00
c817ba3606
Fixed bug in Root Validation and added more test
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-17 14:33:05 -07:00
17c9fcd911
Added basic tests for ValidateRoot
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-17 14:33:05 -07:00
f5873eef8c
Adding RemoveAll to X509FileStore and correcting functions caller
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-17 14:31:43 -07:00
d2ea9cc0d5
Updates to notary for gotuf's split of PublicKey and PrivateKey interfaces
...
Functions should now take data.PublicKey or data.PrivateKey instead of
data.Key.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-17 11:35:22 -07:00
1a5ad474f3
Merge pull request #66 from docker/rename-certificate-stores
...
Rename certificate stores to trustedCertificateStore and trustedCAStore
2015-07-15 22:40:03 -07:00
0ed6072a4a
Merge pull request #67 from docker/adding-certs
...
Adding new certificates
2015-07-15 22:35:54 -07:00
d743dfac6e
Fixed config files and trust manager tests to point at new fixtures
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-15 19:46:57 -07:00
36a8f77129
Rename certificate stores to trustedCertificateStore and trustedCAStore
...
Add convenience methods to KeyStoreManager to add certs to both cert
stores.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-15 18:10:53 -07:00
e5a42d4df9
Add ExportKeysByGUN function
...
It exports the keys for a particular GUN to a zip, encrypted with a
specified passphrase.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-15 17:14:57 -07:00
6d3d98b873
Move non-root keys to tuf_keys subdirectory
...
This subdirectory is at the same level as root_keys. It avoids having
rootKeyStore and nonRootKeyStore overlap. Previously, the base directory
for rootKeyStore was .../private/root_keys and the base directory for
nonRootKeyStore was .../private.
This commit also removes deduplicating logic in ExportAllKeys, which is
no longer needed now that the stores don't overlap.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-15 17:14:57 -07:00
a16581ecc7
Move CryptoService and UnlockedCryptoService into a cryptoservice package
...
Move GenRootKey and GetRootCryptoService to KeyStoreManager, now that
they don't depend on client-specific types.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-14 18:39:38 -07:00
6068f30145
Move caStore and certificateStore into KeyStoreManager
...
Refactor validateRoot into KeyStoreManager. It now takes the DNS name as
a parameter. When KeyStoreManager is used with a NotaryRepository, the
DNS name should be the GUN of the repository.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-14 18:39:38 -07:00
d5c7c40955
Introduce a KeyStoreManager to abstract management of root and non-root key storage
...
This structure encapsulates what used to be "rootKeyStore" and
"privKeyStore". These are being moved out of NotaryRepository, so that
operations like listing keys, importing keys, and exporting keys aren't
tied to a NotaryRepository structure.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-14 18:39:38 -07:00
ead0224526
Removing commented out code
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-13 20:32:51 -07:00
e4704f9729
Update notary for removal of signed.Signer
...
We now deal with CryptoServices directly instead of passing around
Signers.
UnlockedSigner becomes UnlockedCryptoService because it no longer
contains a Signer.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-13 15:18:02 -07:00
a139807d89
Fixing lint
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-13 14:01:26 -07:00
765a2cf661
Refactor crypto service
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-13 13:53:47 -07:00
c87caf3979
Use uuid library from distribution
...
Distribution updated context library to use its own uuid library which does not panic on entropy exhaustion.
Updated to use latest context library from distribution.
Updated auth to match context and uuid library version.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-13 10:09:06 -07:00
1a054d7741
Small nits
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-12 22:21:29 -07:00
ba94fdd19d
Signature/key types are now used correcty and are represented by constants.
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-12 22:21:29 -07:00
085c613527
Refactored fingerprint cert and added better debugging
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-12 22:21:29 -07:00
39482c2397
Working ECDSA implementation
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-12 22:21:29 -07:00
43d0ec8a75
Initial ECDSA trustmanager methods
...
Signed-off-by: Diogo Monica <diogo@docker.com>
Splitting CryptoService into ECDSA and RSA cryptoservices
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Working ECDSA support
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-12 22:21:29 -07:00
f292b562e2
Use logrus instead of fmt.Println
...
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-10 17:10:23 -07:00
f8e087a17a
Unify CryptoService and RootCryptoService
...
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-10 15:10:44 -07:00
81f5fd7461
Switch to RSA-PSS
...
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-10 15:10:19 -07:00
a45c3e3965
Modify TestAddTarget to make TestAddListTarget
...
This test now checks ListTargets and GetTargetByName as well. To do
this, it needs to expose signed metadata files over the internal HTTP
server. This means adding the timestamp private key to the key store and
exposing various json files as endpoints that serialize the necessary
data.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-10 10:19:14 -07:00
d1b09962f1
using roundtripper in notary client
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-10 10:02:38 -07:00
1ae9cf057e
Removing dangling temp test directories
2015-07-09 21:03:54 -07:00
06a28c89ee
Added root key creation if non-existing to notary
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-09 18:56:06 -07:00
682e7ea00b
Fixing lint
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-09 17:58:55 -07:00
082d4f3c7c
Change NotaryRepository to honor the baseURL passed in
...
Remove "transport", because it's not used.
In the actual notary client, pass in a hard-coded URL for now (same one
previously hardcoded in getRemoteStore). In tests, create a trivial HTTP
server using net/http/httptest, which returns a timestamp.key file.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-09 17:58:33 -07:00
8c6de46aca
Added list keys that ignores symlinks
2015-07-09 17:58:10 -07:00
53ad4a7539
fixing publish
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:10 -07:00
8d9ce1b2e5
forgot to add client/helpers file
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:10 -07:00
4635bed2db
Major refactor of keys
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-09 17:58:10 -07:00
73ca456297
annotating Publish and making it accept a password retriever function
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
6738a40cd8
Rebased and fixed issues
2015-07-09 17:58:09 -07:00
4f6b2da44d
Add TestValidateRootKey, validates presence of x509 cert in root.json
2015-07-09 17:58:09 -07:00
abe320307d
Add TestAddTarget
...
This test adds two targets, and after each one, inspects the changelist
files to make sure they meet expectations.
2015-07-09 17:58:09 -07:00
6bff14a679
refactoring NotaryClient out
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
ebbb30b56c
hold unlocked signer on repository
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
c3e49afe1a
passing cert to initialize
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
6982d2f1ae
put rootSigner on repository
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
c9ab3394de
further publish updates, it pushes now, but doesn't sign roots correctly
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
e7163aacff
Add missing Close calls to address file descriptor leak
2015-07-09 17:58:09 -07:00
f9f11e5781
Starting the key refactor; rename UnlockedRootKey
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-09 17:58:09 -07:00
2f986f1a1b
WIP
2015-07-09 17:58:09 -07:00
aa2caade20
Convert client_test.go to use testify
...
This simplifies the code and will be more consistent with upcoming
tests.
2015-07-09 17:58:09 -07:00
4602f5fb6c
Extend TestInitRepo to parse and sanity-check TUF metadata
2015-07-09 17:58:09 -07:00
42e3f1a1c0
Use trustmanager.FingerprintCert instead of more complex method
2015-07-09 17:58:09 -07:00
458a7a8fac
Add TestInitRepo
...
This test initializes a repo and then performs a series of sanity checks
on the filesystem hierarchy.
2015-07-09 17:58:09 -07:00
8b1e9e0faf
Fix uninitialized privKeyStore member in NotaryRepository
...
Store a pointer to trustmanager.KeyFileStore in CryptoService,
RootCryptoService, NotaryClient, and NotaryRepository, instead of
copying the KeyFileStore structure.
Populate this pointer when creating a NotaryRepository. Previously, it
was left uninitialized.
2015-07-09 17:58:09 -07:00
12b4b3d80d
working on publish with changelist
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
1d163650a3
changelist implementation
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
9d5e988586
working refactor
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:08 -07:00
21d45a0f8d
IDs for root are now correct
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:08 -07:00
be6e22c355
fixes for list/lookup
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:08 -07:00
3891f724bb
Changed root directory
2015-07-09 17:58:08 -07:00
e66dc12eca
More refactor
2015-07-09 17:58:08 -07:00
93f7d9911f
Implementing ListTargets
2015-07-09 17:58:08 -07:00
30c0856266
Remove config from libnotary
2015-07-09 17:58:08 -07:00
1346296869
Initial libnotary refactor
...
Signed-off-by: Diogo Monica <diogo@docker.com>
Ported more functionality to libnotary
2015-07-09 17:57:48 -07:00
David Lawrence