ca67f1e71a
client library deletion functionality, and integration into remove cert
...
CLI
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-19 11:18:33 -08:00
138d6cea09
Add, remove, and list delegation command. TUF changelist action change
...
for deletions (force vs. individual items)
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-18 16:24:45 -08:00
c0fb05584e
fixing incorrect comments
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-15 11:30:32 -08:00
9e80ad8158
remove certs.NewManager function
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-15 11:30:32 -08:00
a8b21cafe0
CertManager is completely removed
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-15 11:30:32 -08:00
d4820c5756
Translate ErrMetaNotFound when updating, so long as it's on root, to ErrRepositoryNotExist.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-14 15:27:11 -08:00
f57f2beb08
Factor marshalling a SignedRoot into JSON into TUF/data/root.go, and
...
add an injectable serializer (so we can test JSON marshalling/unmarshalling
error propagation).
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-14 10:51:24 -08:00
b74f1835b7
Ensure that we do not unnecessarily re-sign/serialize a root.json file on publish
...
Adds additional tests to ensure that keys aren't unnecessarily created on error,
and that only the required keys to sign are used.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-14 10:51:24 -08:00
26d3f3f92b
Merge pull request #413 from endophage/fix_root_download
...
fixing bootstrapClient to prefer cached root
2016-01-13 15:48:39 -08:00
06d23e14c9
add test for invalid remote URL
...
add offline store for use when we can't initialize a remote store
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-13 15:26:57 -08:00
cf4b77b760
Revert "switching out to consistently use canonical json for all marshalling of TUF data"
...
This reverts commit f417c834c4
2016-01-08 14:53:09 -08:00
6d72fe7fd1
adding comment to bootstrapClient
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-08 09:03:27 -08:00
d11f11748c
when we download during bootstrapClient we should save the root to cache
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-08 09:03:03 -08:00
762c997104
fixing bootstrapClient to prefer cached root
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-08 09:03:03 -08:00
c1c0ccf4be
Combine bootstrapClient and tuf/client's Client.Update into NotaryRepository.Update.
...
- it is easier to understand what's going on in the online functions of NotaryRepository
- we can test NotaryRepository.Update independently (although it'd be nice to have some way
of ensuring that the actual public functions of NotaryRepository like ListTargets,
GetTargetByName, and Publish actually calls Update.
- distinct error if the remote repo doesn't exist.
This also stops wrapping signed.ErrExpired in client.ErrExpired, and just passes
signed.ErrExpired on directly.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-07 16:58:46 -08:00
f417c834c4
switching out to consistently use canonical json for all marshalling of TUF data
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-06 11:15:27 -08:00
61bbf7be49
Change ListTargetes and GetTargetsByName to return TargetWithRole.
...
This object has both the target and the role in which the target was found.
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 17:15:44 -08:00
9252d9d892
Update client.Target to include a RoleName, so we know where the target is when listed.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2016-01-04 10:49:54 -08:00
ffca6fb522
Merge pull request #388 from docker/cleanup
...
Rebased cleanup/remove PEM headers
2015-12-23 11:36:25 -08:00
fa788cb2a9
make x509 certs viable as delegated public key object
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-23 09:41:03 -08:00
98b7dd7daf
fixes to notary for docker integration
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2015-12-22 16:53:31 -08:00
0892ebb13f
Add checks to TUFRepo to fail on updating a target if there are no signing keys.
...
So UpdateDelegation, DeleteDelegation, AddTargets, RemoveTargets now
all check for the role existence, not metadata existence. And they
also check the role's signing keys - there's no point in adding if
we can't sign.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
a1cbe5d43c
Add test for, and fix bug with, publishing a bare repo not sending the targets file.
...
It should always be published the first time, like the root.json.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
c12958af36
Do not sign the actual targets metadata unless it's dirty.
...
Previously we were always signing it, but we can't do that anymore
because then delegated users won't be able to publish ever (they
probably don't have the target key).
Some other related changes: when role keys are rotated, that role
needs to be marked as dirty now in order to be re-signed and
published.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
3ecba24410
When publishing, also publish all the dirty targets roles.
...
This is in addition to the canonical targets role, which always gets
re-signed and publish (we may want to revisit this later).
This makes some tests pass - still need to do fallback of roles
and publishing a created delegation role without necessarily
having the signing key for that role.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-18 16:37:24 -08:00
d3a54cab25
the empty string should be used in delegation Paths to indicate a role can sign anything
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-18 16:10:43 -08:00
a2a4870512
adding comment about priority ordering and updating test for ListTargets with delegates to hit default no roles passed case
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-18 11:21:12 -08:00
574b4d543d
updating ListTargets delegate test to check iteration of children and correct (lack of) overwriting.
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 21:28:52 -08:00
9307692b52
reverse priority order or roles for ListTargets and GetTargetsByName
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 16:33:52 -08:00
594049b24f
fixing download to continue if we get ErrMetaNotFound
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 15:53:57 -08:00
f72f799806
fixing up ListTargets and GetTargetByName to process prioritized roles more efficiently
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 14:56:05 -08:00
4243b258b3
making GetTargetsByName work with delegations
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:46:41 -08:00
4694178bbe
download delegation test
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:09:34 -08:00
377b72a54f
updating list targets to list across multiple roles
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:09:34 -08:00
8f7e7adcef
making stack thread safe
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:09:34 -08:00
351d5483b7
Implement RemoveDelegation for NotaryRepository.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-16 16:01:17 -08:00
c72934794a
Implement AddDelegation for NotaryRepository.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-16 16:00:45 -08:00
22aefc9317
Make the addChange code easier to read using the IsDelegation function
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-16 14:31:45 -08:00
0bec06eb9b
RemoveTarget now takes an optional variadic list of roles to remove from.
...
If none are provided, it defaults to the targets role, as before.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-16 13:18:40 -08:00
19c49cf7ce
AddTarget now takes an optional variadic list of roles to add target to.
...
If none are provided, it defaults to the targets role, as before.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-16 13:18:40 -08:00
01f42b7313
Merge pull request #354 from endophage/delegations
...
Delegation primitives up to changelist level
2015-12-15 16:34:46 -08:00
5891805b29
addressing review
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-15 16:21:30 -08:00
2c7e632925
Amend rotation tests to assert old keys are removed after rotation.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-14 17:44:28 -08:00
79b05d4c0a
changelists for delegations
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-14 17:23:47 -08:00
8521ea5b6d
Convert NotaryRepository.RotateKeys to RotateKey(role, serverManages bool)
...
This should make it possible to delegate snapshot key management
to the server for existing repos, or switching back to user managing
snapshot keys.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-14 17:17:23 -08:00
9d2590ffb5
Only allow publishing if there is no snapshot.json, not if it's corrupt
...
or unreadable.
This also modifies tuf/store/filestore to return ErrMetaNotFound if the
metadata file does not exist.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-11 15:04:08 -08:00
8b9cc4c3f6
Minor review comment changes:
...
- add a specific error type when the server is requested to manage
an unsupported key type
- variable name change
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-10 17:16:53 -08:00
5717258931
When publishing, if no snapshot data exists, create it and then try to sign.
...
This supports the case of a user intializing a repo so that the server
signs the snapshot, and then changing their minds and rotating the keys
so that they now sign the snapshot, but all before publishing a single
thing.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-10 16:28:20 -08:00
aaf45a9cce
Refactor Initialize to be easier to read, and update comments per review.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-10 15:02:31 -08:00
a89bdaa9bf
Just propogate server error if server can't sign snapshot.
...
The errors returned by the server aren't great right now, so it's hard
to try to be clever in synthesizing a signed.ErrNoKeys{}.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-10 10:16:39 -08:00
a924ca172f
When initializing a repo, create local keys before getting remote keys.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-10 10:16:39 -08:00
d0e789740a
Simplify the logic to determine whether to publish the root
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-10 10:16:39 -08:00
642cf7f353
Slight refactor of NotaryRepository.Initialize
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-10 10:16:39 -08:00
39d79d9844
NotaryRepository.Publish supports server managing snapshot keys.
...
When publishing, do not sign and send the snapshot metadata if the
client does not have the snapshot key. If the server sends back
an error, then it also does not have a snapshot key and the
client should propogate the no signing key error.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-10 10:16:39 -08:00
4b46a34524
NotaryRepository.Intialize supports server managing snapshot keys.
...
If configured to have the server manage the snapshot key, the snapshot
key is not generated and there will be no snapshot metadata.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-10 10:16:39 -08:00
26d30953c8
Merge pull request #312 from mtrmac/cert-expiration
...
Cert expiration
2015-12-10 08:40:24 -08:00
bd6d937f43
Fix computation of certificate expiration
...
Instead of 3650 days, actually use 10 years (i.e. take into account leap
days).
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2015-12-09 20:02:10 +01:00
3c6335c572
Explicitly supply validity times to certificate generation
...
Add explicit startTime and endTime parameters to
cryptoservice.GenerateCertificate and trustmanager.NewCertificate.
trustmanager.NewCertificate as a low-level data manipulation function
should not be hard-coding policy (10-year expiration); that policy
belongs to its callers, or one more level higher to callers of
cryptoservice.GenerateCertificate.
These places hard-coding policy now also have an explict comment to
that effect.
In addition to conceptual cleanliness, this will allow writing tests
of certificate expiry by generating appropriate expired or nearly-expired
certificates.
Tests which don't care about the policy much will continue to use the
just added cryptoservice.GenerateTestingCertificate.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2015-12-09 20:02:10 +01:00
e19e7fc44d
Remove misleading passphrase-related error handling in NotaryRepository.Initialize:
...
1. It is on a path where those errors can never happen
2. The specific error handling would silently ignore the error, which
can’t be right anyway.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2015-12-09 19:58:02 +01:00
9ef782184c
Minor refactor of NotaryRepository constructor to use more shared code.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-07 17:19:28 -08:00
dbcb56b3bf
Renamed keystoremanager to certs, and KeyStoreManager to Manager.
...
Since it no longer depends upon KeyStore, nor does it manipulate keys
in any way.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-23 17:19:26 -05:00
8432f9db07
Fixes client to report problems contacting the remote server.
...
Currently, when listing, publishing, or getting a particular target,
if the remote server errors, the client attempts to load it from a
local cache. However, if there is no local cache, it just returns
Metadata Not Found for listing and getting. Have it report the
remote the original remote error instead of Metadata Not Found
locally.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-13 05:26:00 -08:00
519a2ccbe8
removing all errors that aren't in use, fixing one place in memorystore that was using a different errorcode to all other stores, pushing errors into appropriate packages
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-12 01:08:49 -08:00
68992ddaf5
Resolving rebase conflicts
...
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
2015-11-12 01:07:09 -08:00
07f0065152
ask for pin when signing
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-12 01:06:38 -08:00
4648666b7c
add pkcs11 build tags
...
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
2015-11-12 01:06:26 -08:00
21138e6bad
Working version of Notary and Yubikey
...
Signed-off-by: Diogo Monica <diogo@docker.com>
Remove symlinks from notary-client repo creation
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com>
WIP
Signed-off-by: Diogo Monica <diogo@docker.com>
working yubikey integration
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
Fixing small colon bug
Signed-off-by: Diogo Monica <diogo@docker.com>
Added things. Ship it.
Signed-off-by: Diogo Monica <diogo@docker.com>
Bringing ecdsahwcryptosigner to 2015
Signed-off-by: Diogo Monica <diogo@docker.com>
Working version of notary and yubikey
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-11-12 01:06:09 -08:00
9428beea50
expose cryptoservice in NotarySigner
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-30 11:08:35 -07:00
91d54899d7
Add a GetPrivateKey method to cryptoservice so that we can future-proof
...
cryptoservice having multiple keystores
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 16:34:40 -07:00
7dc0dbec84
Remove the cryptoservice argument to sign
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 16:34:21 -07:00
a3e9558b03
1. Add docstring as to why we are trying a key ID with a GUN and one without - thanks @diogo!
...
2. Call NotaryRepository.cryptoService.GetKey rather than
NotaryRepository.KeyStoreManager.KeyStore.GetKey
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 16:13:23 -07:00
b9a4175ea9
Update the client NotaryRepository to initialize with a root key ID
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 15:11:15 -07:00
ca7988d642
fixing lint + vet things
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-28 16:20:08 -07:00
f73560d839
creating concrete types for the various key ciphers
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-28 16:02:55 -07:00
daa36b43b7
Merge pull request #242 from docker/unify-root-nonroot-keystore
...
Unify root nonroot keystore
2015-10-28 13:14:19 -07:00
2833a88292
adding gotuf to notary
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-27 16:36:06 -07:00
566bd3ce67
Combine the nonRootKeyStore with the rootKeyStore, and move the abstracting
...
over the root keys directory from non-root keys directory from keystoremanager
to keystore, since we're eliminating keystoremanager.
Maintain the two separate directories, though, because one can't tell whether
there is an old-style separate-directories structure, or if someone has a GUN
that starts with tuf_keys.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-27 12:33:46 -07:00
402c704798
Remove symlinks from notary-client repo creation
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-21 14:21:10 -07:00
8a996f417a
updating godeps and notary for some syntax changes in gotuf brought on by golint
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-20 23:56:35 -07:00
e587b0427a
test for key rotation
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-09 22:53:57 -07:00
98cde51f18
working basic key rotation for targets and snapshot key. Command is 'notary key rotate [GUN]'
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-09 20:35:06 -07:00
ac54370fb0
cleanup after discussing with Diogo
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-09 19:40:36 -07:00
009400650e
minor tweaks to key rotation
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-09 19:24:08 -07:00
959d0267ac
command skeletons in place, changelist actions implemented
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-09 19:24:08 -07:00
7bee606f43
Add support for 'notary status' command to show details about unpublished changes
...
Signed-off-by: Ryan Cox <ryan.a.cox@gmail.com>
2015-10-08 22:07:36 -07:00
33b77ea733
Merge pull request #175 from endophage/get_remote_err
...
check error in initializing remote store
2015-08-10 10:30:08 -07:00
0ece438313
server side validation during updates
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-08-05 14:00:07 -07:00
3794dbf28e
check error in initializing remote store
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-31 16:20:17 -07:00
529230369a
tests for changelist client helpers
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-28 11:29:46 -07:00
0f322c69a2
fixing remove
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-28 10:21:14 -07:00
503a1b8a6e
change error log to debug
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-23 14:24:46 -07:00
6fd60f88d1
add ErrExpired to notary client to translate from gotuf ErrExpired
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-22 18:54:00 -07:00
21a9b99e94
Merge pull request #114 from docker/invalid_password_err
...
better error handling for invalid password
2015-07-22 15:09:53 -07:00
1fc3257f6e
updating gotuf dep with some better http error handling.
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-22 13:19:52 -07:00
cfe8255187
better error handling for invalid password
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-22 11:37:54 -07:00
8b2888d122
latest vendored gotuf
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-21 13:57:21 -07:00
b44e835275
update default expiry times to those agreed on
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-20 14:59:19 -07:00
ff2e583439
Merge pull request #101 from dmcgowan/passphrase-util
...
Move passphrase logic to its own package
2015-07-20 13:15:20 -07:00
c35c1ea254
Move passphrase logic to its own package
...
The logic to retrieve passphrase is generic and may be used by directly by clients.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-20 13:02:05 -07:00
a5df3c00cc
Merge pull request #89 from docker/general_cleanup
...
WIP general cleanup
2015-07-20 12:45:03 -07:00
Riyaz Faizullabhoy
David Lawrence
Ying Li
Diogo Mónica
David Lawrence
Miloslav Trmač
Diogo Monica
Jessica Frazelle
Ryan Cox
Nathan McCauley
Derek McGowan