Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Move ecdsa_hardware_crypto_service to trustmanager/yubikeystore
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Search a list of possible paths for the Yubico pkcs11 library.
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Ensure that tests pass and binaries build without the pkcs11 build tag.
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Ensures that the notary command line help text start with capital
letters, and add information about hardware keys and online/offline operation.
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Currently commands that do not require online access will error if
this option is passed. Do not error anymore, just ignore.
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Adding integration tests for notary client.
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <cyli@users.noreply.github.com> (github: endophage)
This runs through the basic notary init/add/publish/etc. workflow,
and some basic key workflows.
Note that this does work with the Yubikey, in that created keys while
testing do not require touch.
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
add message when user is required to touch yubikey to sign.
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: David Lawrence <dclwrnc@gmail.com> (github: endophage)
Update the cobra and pflags dependencies
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Notary-client test refactor
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
Move common code out into helper functions, and split up the bigger tests
into tests that specifically test adding targets, getting changelists,
publishing, and listing, as opposed to having two giant tests instead.
Also depend more on existing functions in the code (such as
NotaryRepository.GetChangelists and the server ServerMux), rather than
reimplementing them in the tests.
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Fix the problem where root was being searched for in root_keys/repo/####_root.key
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <cyli@users.noreply.github.com> (github: endophage)
it is not a root role.
Updated the cryptoservice tests to test all key algorithms, all roles,
and cryptoservices without a GUN. This then also found bugs in
cryptoservice.GetKey, cryptoservice.RemoveKey, and
cryptoservice.GetPrivateKey, which weren't really being exercised
previously.
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
lots of errors cleanup
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
improve password challenge messaging when using yubikey
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
Ying Li
Diogo Mónica
Diogo Monica
Ying Li
David Lawrence
David Lawrence