8902c8c0e9
fix go lint
...
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
2015-11-12 01:07:05 -08:00
5f21ebd185
Add pkcs11 build tags
...
Add build tags and a check in Makefile to be sure you do not import
pkcs11 lib somewhere where it should not be. This will ensure docker
import and integration will continue to work.
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
2015-11-12 01:07:00 -08:00
913c5ef033
add build tag files for pkcs11 dlopen lib
...
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
2015-11-12 01:06:51 -08:00
af1bf0c1d5
Removing debug adding pcs11 to makefiles
...
Signed-off-by: Diogo Monica <diogo@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
2015-11-12 01:06:46 -08:00
b59225297a
Fixing makefile
...
Signed-off-by: Diogo Monica <diogo@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
2015-11-12 01:06:40 -08:00
07f0065152
ask for pin when signing
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-11-12 01:06:38 -08:00
53ed60ed89
Adding mandatory touch for signatures
...
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
2015-11-12 01:06:33 -08:00
4648666b7c
add pkcs11 build tags
...
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
2015-11-12 01:06:26 -08:00
21138e6bad
Working version of Notary and Yubikey
...
Signed-off-by: Diogo Monica <diogo@docker.com>
Remove symlinks from notary-client repo creation
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com>
WIP
Signed-off-by: Diogo Monica <diogo@docker.com>
working yubikey integration
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
Fixing small colon bug
Signed-off-by: Diogo Monica <diogo@docker.com>
Added things. Ship it.
Signed-off-by: Diogo Monica <diogo@docker.com>
Bringing ecdsahwcryptosigner to 2015
Signed-off-by: Diogo Monica <diogo@docker.com>
Working version of notary and yubikey
Signed-off-by: Diogo Monica <diogo@docker.com>
2015-11-12 01:06:09 -08:00
ae11483a7b
initial work on pkcs11 support
...
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com> (github: endophage)
2015-11-12 01:05:55 -08:00
dfaa8daf9b
Merge pull request #255 from mtrmac/no-P224
...
Don't use elliptic.P224()
2015-11-01 10:32:03 +00:00
fd0775e1dc
Merge pull request #257 from mtrmac/fix-export-root
...
Fix (notary key export-root)
2015-11-01 10:31:29 +00:00
75c1b48a58
Merge pull request #260 from cyli/document-require-1.5.1
...
Update README to reflect go 1.5.1 requirement
2015-11-01 10:21:13 +00:00
07ae585485
Fix dockerfiles to no longer have the "-X ...GitCommit" deprecation warning
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-01 01:47:55 -07:00
301c0892f3
Update README to reflect go 1.5.1 requirement and add an endpoint
...
to the makefile to check the go version
Signed-off-by: Ying Li <ying.li@docker.com>
2015-11-01 01:47:02 -07:00
fa5c4e608d
Merge pull request #256 from mtrmac/fix-import-root
...
Remove key ID from (notary key import-root)
2015-10-30 13:23:33 -07:00
e2c6e989e9
Merge pull request #259 from mtrmac/drop-debug-print
...
Remove a left-over debugging Println
2015-10-30 13:15:49 -07:00
40bfc3f890
Don't use elliptic.P224()
...
This curve is not available on Fedora and RHEL systems, so removing the
reference allows tests to pass there. Vast majority of the
curve-specific work is done in the golang crypto/elliptic package, so
this does not weaken the tests noticeably.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2015-10-30 20:44:05 +01:00
62dc66e936
Remove key ID from (notary key import-root)
...
PR #242 has started requiring a passphrase for the imported key, and
recomputes the key ID, making the command-line argument redundant. So,
remove it from the command line and from the KeyStoreManager API.
Also updates the comment for KeyStoreManager.ImportRootKey, and changes
(notary key import-root) to refuse unexpected arguments instead of
silently ignoring them.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2015-10-30 20:40:03 +01:00
93c28ccb1b
Fix (notary key export-root)
...
-c was recently taken over by --configFile; using it for
--change-passphrase as well results in
panic: shorthand redefinition
So, move --change-passphrase to -p.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2015-10-30 20:39:20 +01:00
c2d560c789
Remove a left-over debugging Println
...
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
2015-10-30 20:38:41 +01:00
29f5a4523c
Merge pull request #254 from endophage/cryptoservice_multiple_keystores
...
cryptoservices can abstract multiple keystores
2015-10-30 11:21:52 -07:00
9428beea50
expose cryptoservice in NotarySigner
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-30 11:08:35 -07:00
f791c01974
cryptoservices can abstract multiple keystores
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-30 11:05:43 -07:00
e5c388d470
Merge pull request #246 from endophage/private_signer
...
Private keys implement crypto.Signer
2015-10-30 10:33:46 -07:00
06990fd5a1
integreating with @cyli's improvements
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-30 10:15:52 -07:00
7e5cc048b7
Merge pull request #253 from cyli/prometheus-server
...
Add prometheus stats to server http handlers
2015-10-29 22:22:24 -07:00
5ea5b40d3f
Add prometheus stats to server http handlers
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 21:04:35 -07:00
3bd4637b09
Merge pull request #251 from HuKeping/fix-list
...
Fix broken list
2015-10-29 20:03:49 -07:00
169d67169c
Fix broken list
...
Signed-off-by: Hu Keping <hukeping@huawei.com>
2015-10-30 10:46:06 +08:00
4c195db439
Merge pull request #249 from jfrazelle/dockerfile-cleanup
...
better named dockerfiles and upgrade to go 1.5.1
2015-10-29 19:04:11 -07:00
7a24fbf32f
adding singer interfaces to private keys:
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-29 17:48:15 -07:00
e904675043
Merge pull request #247 from cyli/remove-unlocked-cryptoservice
...
Remove unlocked_cryptoservice and GetRootCryptoService
2015-10-29 17:47:31 -07:00
4e59ed05bc
better named dockerfiles and upgrade to go 1.5.1
...
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
2015-10-29 17:18:43 -07:00
91d54899d7
Add a GetPrivateKey method to cryptoservice so that we can future-proof
...
cryptoservice having multiple keystores
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 16:34:40 -07:00
7dc0dbec84
Remove the cryptoservice argument to sign
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 16:34:21 -07:00
a3e9558b03
1. Add docstring as to why we are trying a key ID with a GUN and one without - thanks @diogo!
...
2. Call NotaryRepository.cryptoService.GetKey rather than
NotaryRepository.KeyStoreManager.KeyStore.GetKey
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 16:13:23 -07:00
a0b8fa4957
Rename unlocked_crypto_service files
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 15:17:08 -07:00
b9a4175ea9
Update the client NotaryRepository to initialize with a root key ID
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 15:11:15 -07:00
9d2585ea8a
Remove unlocked crypto service and get root crypto service.
...
Generate key is now just a function.
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-29 15:03:27 -07:00
f9019873a6
Merge pull request #243 from endophage/key_types
...
creating concrete types for the various key ciphers
2015-10-29 14:21:33 -07:00
0e5ebb984a
Merge pull request #245 from cyli/prometheus
...
Add prometheus as a dependency
2015-10-29 14:18:31 -07:00
8696c64d12
Add prometheus as a dependency
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-28 20:21:45 -07:00
b7ce16ab6f
fixes for Diogo's comments
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-28 19:24:51 -07:00
ca7988d642
fixing lint + vet things
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-28 16:20:08 -07:00
f73560d839
creating concrete types for the various key ciphers
...
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
2015-10-28 16:02:55 -07:00
570ef86584
Merge pull request #233 from cyli/codecov
...
Use make targets in circleci, more complete coverage
2015-10-28 15:55:33 -07:00
6dcad7860f
Merge pull request #237 from cyli/mutual-auth
...
Support mutual authentication between the server and signer
2015-10-28 15:55:24 -07:00
aa5b621968
Fix import error after rebase
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-28 15:44:33 -07:00
adda5776cb
Use ListenAndServeTLS with blank args, since ListenAndServe doesn't actually set up TLS
...
Signed-off-by: Ying Li <ying.li@docker.com>
2015-10-28 15:42:36 -07:00
Jessica Frazelle