docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
452 Commits 21 Branches 28 Tags 816 MiB
Commit Graph

99 Commits

Author SHA1 Message Date
Diogo Monica be1d365626 Changed debug key type 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-22 16:51:55 -07:00
Derek McGowan 304afb53d0 Add missing use of invalid passphrase error 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-22 04:08:14 -07:00
Derek McGowan 5eb296d276 Return invalid password when cannot retrieve passphrase 
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-22 03:42:16 -07:00
David Lawrence cfe8255187 better error handling for invalid password 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-07-22 11:37:54 -07:00
Diogo Monica b8b59dbc20 Fixed but with listDirectory and added tests 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 19:48:17 -07:00
Nathan McCauley c0b0593247 Merge pull request #104 from docker/increase-cert 
Changing certificate expiration time to 10 years
 2015-07-20 15:21:37 -07:00
Diogo Monica d1761eba25 Changing certificate expiration time to 10 years 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 14:55:36 -07:00
Diogo Monica f7ea67cfab Rebased from master 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 13:46:01 -07:00
Diogo Monica 4dfe45d64e Changing testify import 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 13:36:03 -07:00
Diogo Monica 42ded6231c Converted tests to testify and EC generation 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 13:36:03 -07:00
Aaron Lehmann 1aced67471 Improvements to keystore caching 
* RemoveKey must purge the cache entry

* Add mutexes to KeyFileStore and KeyMemoryStore so the cachedKeys map
  is protected in the case that keystore operations happen from multiple
  goroutines

* Change GetKey to return the alias along with the key. Remove
  GetKeyAlias. This simplifies the code flows that retrieve the alias
  (since they usually get the key and alias together).

* Fix tests affected by key caching

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-20 13:36:03 -07:00
Nathan McCauley 1421f47258 keystore caching 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 13:34:11 -07:00
Derek McGowan c35c1ea254 Move passphrase logic to its own package 
The logic to retrieve passphrase is generic and may be used by directly by clients.

Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
 2015-07-20 13:02:05 -07:00
Diogo Monica f3a7fdf211 Removing doubling of string in test 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 11:42:10 -07:00
Nathan McCauley 6b23e7d249 review feedback 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:10:13 -07:00
Nathan McCauley f07876602f add test for passphraseRetriever 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00
Nathan McCauley 0642da80f1 review feedback 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00
Nathan McCauley 38fe6bd45b gofmt across the baord 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:24 -07:00
Nathan McCauley de6f65b7e7 many testing fixups to support key aliasing 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 11:00:22 -07:00
Nathan McCauley f239757dfd keystore aliasing, take 2 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:20 -07:00
Nathan McCauley 5df1eb21f3 keystore aliasing, take 1 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:20 -07:00
Nathan McCauley 23b7e8c6af Update keyfilestore to use passwordRetriever 
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
 2015-07-20 10:58:16 -07:00
Diogo Monica 3b261e8972 Removing comments 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-20 10:08:15 -07:00
Diogo Monica 1e9365a384 Addressed small nits 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-19 13:43:54 -07:00
Diogo Monica cf9e6499e1 Addressing comments 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-19 01:45:43 -07:00
Diogo Monica 2eb77d3334 Removed organization from certificates and added tests for x509utils 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-18 21:48:53 -07:00
Diogo Monica 97a2d30d99 Fixed bug with RemoveCert 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-18 01:42:19 -07:00
Diogo Monica e3591c0b10 Added new helper functions 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-18 01:40:32 -07:00
Diogo Mónica 2b7682c323 Merge pull request #82 from docker/new-unit-tests 
New unit tests
 2015-07-17 18:24:35 -07:00
Aaron Lehmann f5d1a1fbf5 Add test coverage for KeyMemoryStore (and by extension, MemoryFileStore) 
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-17 16:45:36 -07:00
Diogo Monica 00f8f56942 Cosmetic code changes 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:33:06 -07:00
Diogo Monica 4c805611d0 Adding more error types and being extra careful with checks 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:33:06 -07:00
Diogo Monica 945691912a Added error type to X509FileStore 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:33:05 -07:00
Diogo Monica 2c9a0d6331 Adding tests to RemoveAll in X509Stores 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:31:43 -07:00
Diogo Monica 3ec4f1d7f4 Adding RemoveKey and Test 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:31:43 -07:00
Diogo Monica f5873eef8c Adding RemoveAll to X509FileStore and correcting functions caller 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:31:43 -07:00
Diogo Monica 5a77976901 Rebasing from master 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:31:43 -07:00
Diogo Monica 58e6544d0a Adding Cert retrieval by common name, and renaming KeyID to CertID 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:28:30 -07:00
Diogo Monica 0313aa5958 Adding parsing of multiple certificates, and leaf cert filtering methods 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-17 14:28:30 -07:00
Aaron Lehmann d2ea9cc0d5 Updates to notary for gotuf's split of PublicKey and PrivateKey interfaces 
Functions should now take data.PublicKey or data.PrivateKey instead of
data.Key.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-17 11:35:22 -07:00
Nathan McCauley 88e7346782 Merge pull request #71 from docker/unify-cryptoservice 
Unify cryptoservice
 2015-07-17 11:10:59 -07:00
Aaron Lehmann 125d72fd77 Big refactor to make signer use cryptoservices 
- Add MemoryFileStore, a partial FileStore implementation that doesn't
  persist on disk.

- Create a KeyStore interface that allows pluggable key store types. Use
  this interface in the cryptoservice implementation.

- Add KeyMemoryStore, which uses MemoryFileStore to provide a KeyStore.

- Add GetKey and DeleteKey functions to cryptoservice.CryptoService.

- Refactor the hardware RSA signing service as a CryptoService.

- Replace custom ed25519 code with cryptoservice.CryptoService.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-17 09:33:19 -07:00
Aaron Lehmann f5c1d8dbc9 Add ED25519 support to cryptoservice and x509utils 
Add unit tests for cryptoservice that do sign and verify for all three
supported algorithms.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-16 18:44:44 -07:00
Diogo Mónica 0ed6072a4a Merge pull request #67 from docker/adding-certs 
Adding new certificates
 2015-07-15 22:35:54 -07:00
Diogo Monica 3d58e6b810 Added tests for x509Filestore 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-15 19:57:48 -07:00
Diogo Monica d743dfac6e Fixed config files and trust manager tests to point at new fixtures 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-15 19:46:57 -07:00
Diogo Monica 76d81563b3 Simplifying AddCertFromPEM to use help functions 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-15 19:44:37 -07:00
Aaron Lehmann 20633e3e12 Make FileStore only allow operations on files inside the store 
Paths that abuse .. shouldn't be able to escape from the filestore. This
is especially important when importing keys from zip files that could
have "creative" paths encoded in the zip.

Add test coverage for this protection.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-15 17:14:56 -07:00
Aaron Lehmann 878a8a083d Add ExportAllKeys function 
This allows all keys to be exported to a zip file. Keys that were
already encrypted are kept as-is, and keys that weren't encrypted are
encrypted with the specified passphrase.

Also add a unit test that creates the zip file and checks the expected
keys all exist, and are all encrypted with the expected passphrase.

Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
 2015-07-15 17:14:49 -07:00
Diogo Monica 765a2cf661 Refactor crypto service 
Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-07-13 13:53:47 -07:00