docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,005 Commits 25 Branches 28 Tags 827 MiB
Commit Graph

28 Commits

Author SHA1 Message Date
David Lawrence 1e091a0f56 CryptoService.Sign is now dead code. Remove it and update tests 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-30 16:36:34 -08:00
David Lawrence c08e732f9f fixing error message and moving signing operations up a level 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:14 -08:00
David Lawrence 2d4612c703 removekey is going to be best effort 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:32 -08:00
David Lawrence a3336e696e removekey had an errant return 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence b7c38f0287 fixing tests 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence 0fd1fa6ada arbitrary slots working 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence be4c0669c1 move import/export to cryptoservice and add import to yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
Ying Li 2a9e163bd2 Fixed cryptoservice.Create to call keyStore.AddKey with a GUN only if 
it is not a root role.

Updated the cryptoservice tests to test all key algorithms, all roles,
and cryptoservices without a GUN.  This then also found bugs in
cryptoservice.GetKey, cryptoservice.RemoveKey, and
cryptoservice.GetPrivateKey, which weren't really being exercised
previously.

Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:08:57 -08:00
Diogo Monica 21138e6bad Working version of Notary and Yubikey 
Signed-off-by: Diogo Monica <diogo@docker.com>

Remove symlinks from notary-client repo creation

Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com>

WIP

Signed-off-by: Diogo Monica <diogo@docker.com>

working yubikey integration
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)

Fixing small colon bug

Signed-off-by: Diogo Monica <diogo@docker.com>

Added things. Ship it.

Signed-off-by: Diogo Monica <diogo@docker.com>

Bringing ecdsahwcryptosigner to 2015

Signed-off-by: Diogo Monica <diogo@docker.com>

Working version of notary and yubikey

Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-11-12 01:06:09 -08:00
David Lawrence f791c01974 cryptoservices can abstract multiple keystores 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-30 11:05:43 -07:00
David Lawrence 06990fd5a1 integreating with @cyli's improvements 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-30 10:15:52 -07:00
Ying Li 91d54899d7 Add a GetPrivateKey method to cryptoservice so that we can future-proof 
cryptoservice having multiple keystores

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-29 16:34:40 -07:00
Ying Li a3e9558b03 1. Add docstring as to why we are trying a key ID with a GUN and one without - thanks @diogo! 
2. Call NotaryRepository.cryptoService.GetKey rather than
NotaryRepository.KeyStoreManager.KeyStore.GetKey

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-29 16:13:23 -07:00
Ying Li b9a4175ea9 Update the client NotaryRepository to initialize with a root key ID 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-29 15:11:15 -07:00
David Lawrence b7ce16ab6f fixes for Diogo's comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-28 19:24:51 -07:00
David Lawrence f73560d839 creating concrete types for the various key ciphers 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-28 16:02:55 -07:00
David Lawrence 2833a88292 adding gotuf to notary 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-27 16:36:06 -07:00
Derek McGowan 5eb296d276 Return invalid password when cannot retrieve passphrase 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-22 03:42:16 -07:00
David Lawrence cfe8255187 better error handling for invalid password 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-22 11:37:54 -07:00
Aaron Lehmann 1aced67471 Improvements to keystore caching 
* RemoveKey must purge the cache entry

* Add mutexes to KeyFileStore and KeyMemoryStore so the cachedKeys map
  is protected in the case that keystore operations happen from multiple
  goroutines

* Change GetKey to return the alias along with the key. Remove
  GetKeyAlias. This simplifies the code flows that retrieve the alias
  (since they usually get the key and alias together).

* Fix tests affected by key caching

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-20 13:36:03 -07:00
Nathan McCauley 38fe6bd45b gofmt across the baord 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00
Nathan McCauley de6f65b7e7 many testing fixups to support key aliasing 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:22 -07:00
Nathan McCauley 5df1eb21f3 keystore aliasing, take 1 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:20 -07:00
Nathan McCauley 23b7e8c6af Update keyfilestore to use passwordRetriever 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:16 -07:00
Aaron Lehmann d2ea9cc0d5 Updates to notary for gotuf's split of PublicKey and PrivateKey interfaces 
Functions should now take data.PublicKey or data.PrivateKey instead of
data.Key.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-17 11:35:22 -07:00
Aaron Lehmann 125d72fd77 Big refactor to make signer use cryptoservices 
- Add MemoryFileStore, a partial FileStore implementation that doesn't
  persist on disk.

- Create a KeyStore interface that allows pluggable key store types. Use
  this interface in the cryptoservice implementation.

- Add KeyMemoryStore, which uses MemoryFileStore to provide a KeyStore.

- Add GetKey and DeleteKey functions to cryptoservice.CryptoService.

- Refactor the hardware RSA signing service as a CryptoService.

- Replace custom ed25519 code with cryptoservice.CryptoService.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-17 09:33:19 -07:00
Aaron Lehmann f5c1d8dbc9 Add ED25519 support to cryptoservice and x509utils 
Add unit tests for cryptoservice that do sign and verify for all three
supported algorithms.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-16 18:44:44 -07:00
Aaron Lehmann a16581ecc7 Move CryptoService and UnlockedCryptoService into a cryptoservice package 
Move GenRootKey and GetRootCryptoService to KeyStoreManager, now that
they don't depend on client-specific types.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-14 18:39:38 -07:00