* RemoveKey must purge the cache entry
* Add mutexes to KeyFileStore and KeyMemoryStore so the cachedKeys map
is protected in the case that keystore operations happen from multiple
goroutines
* Change GetKey to return the alias along with the key. Remove
GetKeyAlias. This simplifies the code flows that retrieve the alias
(since they usually get the key and alias together).
* Fix tests affected by key caching
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
The logic to retrieve passphrase is generic and may be used by directly by clients.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
This subdirectory is at the same level as root_keys. It avoids having
rootKeyStore and nonRootKeyStore overlap. Previously, the base directory
for rootKeyStore was .../private/root_keys and the base directory for
nonRootKeyStore was .../private.
This commit also removes deduplicating logic in ExportAllKeys, which is
no longer needed now that the stores don't overlap.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Add unit test coverage that makes this check fail. Also add unit test
coverage for making sure trying to import something that isn't PEM fails
in the expected way.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This function reads a zip file and populates the keystores with the keys
in the zip file. Root keys are left encrypted, and non-root keys are
decrypted before being added to the keystore.
The unit test first exports a repo's keys to a zip file, then imports it
into another repo. It checks that all the correct keys exist in the new
repo after the import operation.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This allows all keys to be exported to a zip file. Keys that were
already encrypted are kept as-is, and keys that weren't encrypted are
encrypted with the specified passphrase.
Also add a unit test that creates the zip file and checks the expected
keys all exist, and are all encrypted with the expected passphrase.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Aaron Lehmann
Derek McGowan
Nathan McCauley