docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,025 Commits 25 Branches 28 Tags 827 MiB
Commit Graph

32 Commits

Author SHA1 Message Date
Miloslav Trmač d5c080ae9c Add cryptoservice.GenerateTestingCertificate 
Various tests have been calling trustmanager.NewCertificate and
open-coding most of cryptoservice.GenerateCertificate.  So, add
cryptoservice.GenerateTestingCertificate.  It differs only by using
crypto.Signer instead of data.PrivateKey because the tests
have a crypto.Signer more frequently available, and converting
from data.PrivateKey to crypto.Signer is easier than the other way.

This will make it easier to add policy parameters which the tests don't
care about to trustmanager.NewCertificate and
cryptoservice.GenerateCertificate in the future.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2015-12-09 20:02:10 +01:00
Ying Li bf0c6d0844 Fix bug with ED25519 cryptoservice's ListKeys 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-12-07 15:01:40 -08:00
David Lawrence ae7459b5f2 updating commend and renaming test per comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-30 16:53:08 -08:00
David Lawrence 1e091a0f56 CryptoService.Sign is now dead code. Remove it and update tests 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-30 16:36:34 -08:00
Ying Li bd84f3cce1 Address review comments. 
Thanks @mtrmac!

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-11-24 13:55:15 -05:00
Ying Li b4fb4ac173 Change the error message on the client, if the server returns 400. 
Previously it was "fatal: Unable to reach trust server at this time: 400."
and now it is "fatal: Trust server rejected operation."

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-11-18 14:53:28 -08:00
Ying Li 54e375c62e Add tests to ensure that the TUF httpstore returns the right error on 5XX. 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-11-13 05:24:51 -08:00
David Lawrence 45de2828b5 Merge pull request #271 from docker/adding-pkcs11-signed 
Adding pkcs11 signed
 2015-11-12 01:40:38 -08:00
David Lawrence 05c5615187 updating per Diogo's comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:14 -08:00
David Lawrence c08e732f9f fixing error message and moving signing operations up a level 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:12:14 -08:00
Ying Li ef1d5caa1a Fix an error message when there are insufficient signatures. 
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
 2015-11-12 01:11:09 -08:00
David Lawrence 1074897040 delete non-root keys from cryptoservice when they get rotated out 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:38 -08:00
David Lawrence de9f651494 fixing lint comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence e8d2240c79 write private key to a backup dir when creating keys on yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence 0fd1fa6ada arbitrary slots working 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence be4c0669c1 move import/export to cryptoservice and add import to yubikey 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:09:31 -08:00
David Lawrence 519a2ccbe8 removing all errors that aren't in use, fixing one place in memorystore that was using a different errorcode to all other stores, pushing errors into appropriate packages 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-11-12 01:08:49 -08:00
Jessica Frazelle 8902c8c0e9 fix go lint 
Signed-off-by: Jessica Frazelle <acidburn@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>

Signed-off-by: Jessica Frazelle <acidburn@docker.com> (github: endophage)
 2015-11-12 01:07:05 -08:00
Diogo Monica 21138e6bad Working version of Notary and Yubikey 
Signed-off-by: Diogo Monica <diogo@docker.com>

Remove symlinks from notary-client repo creation

Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: Diogo Monica <diogo@docker.com>

WIP

Signed-off-by: Diogo Monica <diogo@docker.com>

working yubikey integration
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)

Fixing small colon bug

Signed-off-by: Diogo Monica <diogo@docker.com>

Added things. Ship it.

Signed-off-by: Diogo Monica <diogo@docker.com>

Bringing ecdsahwcryptosigner to 2015

Signed-off-by: Diogo Monica <diogo@docker.com>

Working version of notary and yubikey

Signed-off-by: Diogo Monica <diogo@docker.com>
 2015-11-12 01:06:09 -08:00
Miloslav Trmač 29ae808472 Don't compute an unnecessary cryptographic hash 
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2015-11-02 15:27:02 +01:00
Miloslav Trmač 40bfc3f890 Don't use elliptic.P224() 
This curve is not available on Fedora and RHEL systems, so removing the
reference allows tests to pass there.  Vast majority of the
curve-specific work is done in the golang crypto/elliptic package, so
this does not weaken the tests noticeably.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>
 2015-10-30 20:44:05 +01:00
David Lawrence f791c01974 cryptoservices can abstract multiple keystores 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-30 11:05:43 -07:00
David Lawrence 06990fd5a1 integreating with @cyli's improvements 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-30 10:15:52 -07:00
David Lawrence 7a24fbf32f adding singer interfaces to private keys: 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-29 17:48:15 -07:00
Ying Li 91d54899d7 Add a GetPrivateKey method to cryptoservice so that we can future-proof 
cryptoservice having multiple keystores

Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-29 16:34:40 -07:00
Ying Li 7dc0dbec84 Remove the cryptoservice argument to sign 
Signed-off-by: Ying Li <ying.li@docker.com>
 2015-10-29 16:34:21 -07:00
David Lawrence b7ce16ab6f fixes for Diogo's comments 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-28 19:24:51 -07:00
David Lawrence ca7988d642 fixing lint + vet things 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-28 16:20:08 -07:00
David Lawrence f73560d839 creating concrete types for the various key ciphers 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-28 16:02:55 -07:00
David Lawrence 34cbbb270b updating maintainers and adding top level contributors, removing those files from tuf dir 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-27 22:59:23 -07:00
David Lawrence fa70a79ed7 go fmt was complaining about import order after my sed replacement 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-27 17:22:08 -07:00
David Lawrence 2833a88292 adding gotuf to notary 
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
 2015-10-27 16:36:06 -07:00