d67a7e128c
Refactor the notary command line to not use global mutable state, and to not exit on error.
...
This way we can test the command more easily (we want to test the error, as opposed to
just killing the test).
Signed-off-by: Ying Li <ying.li@docker.com>
2016-02-03 12:01:16 -08:00
9f19815b08
Comments: rework some comments
...
Make the error log message different from the following
`subtle.ConstantTimeCompare()` in the same function.
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-02-01 09:45:56 +08:00
564f8d06d3
Merge pull request #515 from docker/roles-for-targets
...
Roles for targets via notary CLI
2016-01-29 16:08:29 -08:00
bb9ef929de
Add --roles flags to targets commands
...
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
2016-01-28 09:59:04 -08:00
6b31789fe5
Tiny refactor: to keep code style consistent
...
The other CLI commands about tuf are all begin with cmdTufXXX
which I think `verify` should be the same too.
Signed-off-by: Hu Keping <hukeping@huawei.com>
2016-01-28 20:13:39 +08:00
6389c8cf75
tokenAuth should also 'succeed' if we get a 401, which will result in attempting futher authentication later
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-21 11:44:00 -08:00
33fee1d356
test for returning nil roundtripper from tokenAuth
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-19 15:47:12 -08:00
46682b71eb
if we can't connect to the server when setting up, return a nil roundtripper. Check roundtripper when initializing HTTPStore and substitute an OfflineStore if it is nil.
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-19 14:34:50 -08:00
89f250c253
when doing getTransport readOnly needs to be false for a key rotation as write permissions are required to retrieve keys
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2016-01-11 17:25:23 -08:00
377b72a54f
updating list targets to list across multiple roles
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-12-17 10:09:34 -08:00
ca1623e17b
Update CLI rotate key command to optionally rotate a single key.
...
This makes it possible to delegate snapshots key management to the
server, and to reclaim the responsibility.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-14 17:17:23 -08:00
35b104beee
Move all the pretty-print functions to their own file in cmd/notary.
...
Also add tests for pretty-printing and sorting targets.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-30 16:35:53 -08:00
d0b3bd2860
headers were still printing when no targets were found
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-15 02:48:33 -08:00
0088d16bba
pretty printing targets
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-14 10:21:08 -08:00
0344dfc038
Making tests pass
...
Signed-off-by: Diogo Monica <diogo@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
2015-11-12 01:12:31 -08:00
5b7480f599
Adding default to notary key generate and configurable trust dir from
...
config
Signed-off-by: Diogo Monica <diogo.monica@gmail.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Monica <diogo.monica@gmail.com> (github: endophage)
2015-11-12 01:12:26 -08:00
087f13ae7d
Normalize and elaborate on the command line help.
...
Ensures that the notary command line help text start with capital
letters, and add information about hardware keys and online/offline operation.
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
2015-11-12 01:10:03 -08:00
1f1868d3ee
Adding integration tests for notary client.
...
This runs through the basic notary init/add/publish/etc. workflow,
and some basic key workflows.
Note that this does work with the Yubikey, in that created keys while
testing do not require touch.
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
2015-11-12 01:09:40 -08:00
21138e6bad
Working version of Notary and Yubikey
...
Signed-off-by: Diogo Monica <diogo@docker.com>
Remove symlinks from notary-client repo creation
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com>
WIP
Signed-off-by: Diogo Monica <diogo@docker.com>
working yubikey integration
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
Fixing small colon bug
Signed-off-by: Diogo Monica <diogo@docker.com>
Added things. Ship it.
Signed-off-by: Diogo Monica <diogo@docker.com>
Bringing ecdsahwcryptosigner to 2015
Signed-off-by: Diogo Monica <diogo@docker.com>
Working version of notary and yubikey
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-11-12 01:06:09 -08:00
b9a4175ea9
Update the client NotaryRepository to initialize with a root key ID
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 15:11:15 -07:00
6150c931dd
Make a keysMap rather than just declaring
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-28 12:47:42 -07:00
566bd3ce67
Combine the nonRootKeyStore with the rootKeyStore, and move the abstracting
...
over the root keys directory from non-root keys directory from keystoremanager
to keystore, since we're eliminating keystoremanager.
Maintain the two separate directories, though, because one can't tell whether
there is an old-style separate-directories structure, or if someone has a GUN
that starts with tuf_keys.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-27 12:33:46 -07:00
61f9f84254
Use configuration option structures to set up client TLS and server TLS.
...
Test for if client cert is passed without a client key and vice versa.
Fail in ConfigureClientTLS if only one of client cert/key is passed.
Lint fixes.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-21 18:43:33 -07:00
412e0facc8
Explicitly check the skip tls verify boolean in notary client
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-21 10:38:48 -07:00
fc389b7bc3
Use tls client config utility in notary as well.
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-19 17:31:18 -07:00
a5e64ecf03
Do not use the viper singleton instance everywhere
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-19 11:50:04 -07:00
70fe89f69c
Adding check for relative VS full path
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-10-12 18:15:38 -07:00
8299e01b0a
Fixed comments, changed default config
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-10-12 17:14:23 -07:00
aeb96f27a2
Adding client-side root-ca server and config
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-10-12 17:13:39 -07:00
7bee606f43
Add support for 'notary status' command to show details about unpublished changes
...
Signed-off-by: Ryan Cox <ryan.a.cox@gmail.com>
2015-10-08 22:07:36 -07:00
2532363fa3
wrapping up token authentication
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-08-19 14:36:30 -07:00
a5aea53ef5
Add username and password prompt
...
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-08-19 13:48:16 -07:00
16ff63599d
Updated notary cli to use authenticated transport
...
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-08-19 13:48:16 -07:00
59b02db807
Addressing nits
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-28 19:35:29 -07:00
27461ad9fb
Added cli cert command, changed keylisting to be a map, fixed key removal
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-28 18:14:29 -07:00
5a57f5e970
Rebased off of master, working removes
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-28 11:55:53 -07:00
e7fb8ab46c
Fixing golint
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-28 11:47:14 -07:00
579f51866b
Removed all local keystores, added configurable trust dir
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-28 11:47:14 -07:00
0f322c69a2
fixing remove
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-28 10:21:14 -07:00
2db2764874
Only skip TLS certificate verification if this is explicitly specified in the config
...
Fixes #111
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-21 17:45:38 -07:00
6ffcb134d7
fix hash compare on verfy to be bytewise
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 17:58:46 -07:00
c35c1ea254
Move passphrase logic to its own package
...
The logic to retrieve passphrase is generic and may be used by directly by clients.
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-20 13:02:05 -07:00
6b23e7d249
review feedback
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 11:10:13 -07:00
bc939bdf1f
basic caching of root password for notary cli
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 11:00:24 -07:00
0642da80f1
review feedback
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 11:00:24 -07:00
38fe6bd45b
gofmt across the baord
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 11:00:24 -07:00
de6f65b7e7
many testing fixups to support key aliasing
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 11:00:22 -07:00
f239757dfd
keystore aliasing, take 2
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 10:58:20 -07:00
5df1eb21f3
keystore aliasing, take 1
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 10:58:20 -07:00
23b7e8c6af
Update keyfilestore to use passwordRetriever
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 10:58:16 -07:00
Ying Li
HuKeping
Diogo Mónica
Riyaz Faizullabhoy
David Lawrence
Diogo Monica
Ryan Cox
Derek McGowan
Aaron Lehmann
Nathan McCauley