over the root keys directory from non-root keys directory from keystoremanager
to keystore, since we're eliminating keystoremanager.
Maintain the two separate directories, though, because one can't tell whether
there is an old-style separate-directories structure, or if someone has a GUN
that starts with tuf_keys.
Signed-off-by: Ying Li <ying.li@docker.com>
Import github.com/docker/distribution/registry/api/v2 to share the
regexps that the registry API uses.
Remove ErrUnauthorized in errors package, since it conflicts with one
defined in v2.
Fixes#92
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This instantiates a temporary server, publishes some targets to it, and
makes sure we can pull back the correct targets from the server.
Also fixes a few problems with the client unit tests, error reporting in
the client, and logging in the server.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This subdirectory is at the same level as root_keys. It avoids having
rootKeyStore and nonRootKeyStore overlap. Previously, the base directory
for rootKeyStore was .../private/root_keys and the base directory for
nonRootKeyStore was .../private.
This commit also removes deduplicating logic in ExportAllKeys, which is
no longer needed now that the stores don't overlap.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Move GenRootKey and GetRootCryptoService to KeyStoreManager, now that
they don't depend on client-specific types.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Refactor validateRoot into KeyStoreManager. It now takes the DNS name as
a parameter. When KeyStoreManager is used with a NotaryRepository, the
DNS name should be the GUN of the repository.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This structure encapsulates what used to be "rootKeyStore" and
"privKeyStore". These are being moved out of NotaryRepository, so that
operations like listing keys, importing keys, and exporting keys aren't
tied to a NotaryRepository structure.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
We now deal with CryptoServices directly instead of passing around
Signers.
UnlockedSigner becomes UnlockedCryptoService because it no longer
contains a Signer.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
This test now checks ListTargets and GetTargetByName as well. To do
this, it needs to expose signed metadata files over the internal HTTP
server. This means adding the timestamp private key to the key store and
exposing various json files as endpoints that serialize the necessary
data.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Remove "transport", because it's not used.
In the actual notary client, pass in a hard-coded URL for now (same one
previously hardcoded in getRemoteStore). In tests, create a trivial HTTP
server using net/http/httptest, which returns a timestamp.key file.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com>
Ying Li
David Lawrence
David Lawrence
Ryan Cox
Aaron Lehmann
Nathan McCauley
Diogo Monica
Diogo Mónica