f239757dfd
keystore aliasing, take 2
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 10:58:20 -07:00
23b7e8c6af
Update keyfilestore to use passwordRetriever
...
Signed-off-by: Nathan McCauley <nathan.mccauley@docker.com>
2015-07-20 10:58:16 -07:00
c9732dd9cb
stop targets dir being created, we don't use it
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-18 22:46:04 -07:00
54d40f2ae3
updating error messages
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-18 22:25:19 -07:00
5015b1f47d
fixing timestamps, clearing changelists, and the Adding target byte log
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-18 17:55:13 -07:00
d453c6548d
client side of multi TUF file atomic update
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-17 17:48:06 -07:00
36a8f77129
Rename certificate stores to trustedCertificateStore and trustedCAStore
...
Add convenience methods to KeyStoreManager to add certs to both cert
stores.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-15 18:10:53 -07:00
e5a42d4df9
Add ExportKeysByGUN function
...
It exports the keys for a particular GUN to a zip, encrypted with a
specified passphrase.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-15 17:14:57 -07:00
a16581ecc7
Move CryptoService and UnlockedCryptoService into a cryptoservice package
...
Move GenRootKey and GetRootCryptoService to KeyStoreManager, now that
they don't depend on client-specific types.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-14 18:39:38 -07:00
6068f30145
Move caStore and certificateStore into KeyStoreManager
...
Refactor validateRoot into KeyStoreManager. It now takes the DNS name as
a parameter. When KeyStoreManager is used with a NotaryRepository, the
DNS name should be the GUN of the repository.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-14 18:39:38 -07:00
d5c7c40955
Introduce a KeyStoreManager to abstract management of root and non-root key storage
...
This structure encapsulates what used to be "rootKeyStore" and
"privKeyStore". These are being moved out of NotaryRepository, so that
operations like listing keys, importing keys, and exporting keys aren't
tied to a NotaryRepository structure.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-14 18:39:38 -07:00
ead0224526
Removing commented out code
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-13 20:32:51 -07:00
e4704f9729
Update notary for removal of signed.Signer
...
We now deal with CryptoServices directly instead of passing around
Signers.
UnlockedSigner becomes UnlockedCryptoService because it no longer
contains a Signer.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-13 15:18:02 -07:00
a139807d89
Fixing lint
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-13 14:01:26 -07:00
765a2cf661
Refactor crypto service
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-13 13:53:47 -07:00
ba94fdd19d
Signature/key types are now used correcty and are represented by constants.
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-12 22:21:29 -07:00
085c613527
Refactored fingerprint cert and added better debugging
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-12 22:21:29 -07:00
39482c2397
Working ECDSA implementation
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-12 22:21:29 -07:00
43d0ec8a75
Initial ECDSA trustmanager methods
...
Signed-off-by: Diogo Monica <diogo@docker.com>
Splitting CryptoService into ECDSA and RSA cryptoservices
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Working ECDSA support
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-12 22:21:29 -07:00
f292b562e2
Use logrus instead of fmt.Println
...
Signed-off-by: Derek McGowan <derek@mcgstyle.net> (github: dmcgowan)
2015-07-10 17:10:23 -07:00
f8e087a17a
Unify CryptoService and RootCryptoService
...
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
2015-07-10 15:10:44 -07:00
d1b09962f1
using roundtripper in notary client
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-10 10:02:38 -07:00
06a28c89ee
Added root key creation if non-existing to notary
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-09 18:56:06 -07:00
682e7ea00b
Fixing lint
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-09 17:58:55 -07:00
082d4f3c7c
Change NotaryRepository to honor the baseURL passed in
...
Remove "transport", because it's not used.
In the actual notary client, pass in a hard-coded URL for now (same one
previously hardcoded in getRemoteStore). In tests, create a trivial HTTP
server using net/http/httptest, which returns a timestamp.key file.
Signed-off-by: Aaron Lehmann <aaron.lehmann@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-09 17:58:33 -07:00
8c6de46aca
Added list keys that ignores symlinks
2015-07-09 17:58:10 -07:00
53ad4a7539
fixing publish
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:10 -07:00
4635bed2db
Major refactor of keys
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-09 17:58:10 -07:00
73ca456297
annotating Publish and making it accept a password retriever function
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
6bff14a679
refactoring NotaryClient out
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
ebbb30b56c
hold unlocked signer on repository
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
c3e49afe1a
passing cert to initialize
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
6982d2f1ae
put rootSigner on repository
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
c9ab3394de
further publish updates, it pushes now, but doesn't sign roots correctly
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
f9f11e5781
Starting the key refactor; rename UnlockedRootKey
...
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-07-09 17:58:09 -07:00
2f986f1a1b
WIP
2015-07-09 17:58:09 -07:00
8b1e9e0faf
Fix uninitialized privKeyStore member in NotaryRepository
...
Store a pointer to trustmanager.KeyFileStore in CryptoService,
RootCryptoService, NotaryClient, and NotaryRepository, instead of
copying the KeyFileStore structure.
Populate this pointer when creating a NotaryRepository. Previously, it
was left uninitialized.
2015-07-09 17:58:09 -07:00
12b4b3d80d
working on publish with changelist
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
1d163650a3
changelist implementation
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:09 -07:00
9d5e988586
working refactor
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:08 -07:00
21d45a0f8d
IDs for root are now correct
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:08 -07:00
be6e22c355
fixes for list/lookup
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-07-09 17:58:08 -07:00
3891f724bb
Changed root directory
2015-07-09 17:58:08 -07:00
e66dc12eca
More refactor
2015-07-09 17:58:08 -07:00
93f7d9911f
Implementing ListTargets
2015-07-09 17:58:08 -07:00
30c0856266
Remove config from libnotary
2015-07-09 17:58:08 -07:00
1346296869
Initial libnotary refactor
...
Signed-off-by: Diogo Monica <diogo@docker.com>
Ported more functionality to libnotary
2015-07-09 17:57:48 -07:00
Nathan McCauley
David Lawrence
Aaron Lehmann
Diogo Monica
Derek McGowan