3 out of 4 KeyStore implementations have already been returning this
type or a pointer to it; document this as a requirement, and modify
implementations to comply.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
When the user insists on an invalid passphrase (or aborts the
operation), CryptoService.GetPrivateKey will try the correct root
location first, correctly failing, and then try to look for the root key
in the $gun subdirectory, and so will return the last error, a confusing
”open $path: no such file or directory”.
So, recognize the passphrase-related errors and fail with them directly.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
The gun field is not necessary yet, but will be useful in a future
commit. But including it immediately allows us to simplify by using
an ordinary method for cryptoServiceFactory instead of closures.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
it is not a root role.
Updated the cryptoservice tests to test all key algorithms, all roles,
and cryptoservices without a GUN. This then also found bugs in
cryptoservice.GetKey, cryptoservice.RemoveKey, and
cryptoservice.GetPrivateKey, which weren't really being exercised
previously.
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Miloslav Trmač
Riyaz Faizullabhoy
David Lawrence
Ying Li
Nathan McCauley
Aaron Lehmann