docker-docs

mirror of https://github.com/docker/docs.git synced 2026-03-31 00:08:55 +07:00

Author	SHA1	Message	Date
Riyaz Faizullabhoy	f0e7be69c9	Update to use require for cryptoservice package Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-04-04 13:58:56 -07:00
Riyaz Faizullabhoy	c54183bc27	Add error case to keyInfo generation, test yubikey backup, fix rebase conflicts Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:35:34 -07:00
Riyaz Faizullabhoy	e1613cdcb2	Address review comments Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:31:07 -07:00
Riyaz Faizullabhoy	1ed9c352d7	change ks.AddKey to be consistent with CryptoService Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:31:06 -07:00
Riyaz Faizullabhoy	9ecd899e25	Removing key import and gun from cryptoservice Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:31:03 -07:00
Riyaz Faizullabhoy	7bd550a39a	import refactor Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:06:40 -07:00
Riyaz Faizullabhoy	c7bccd79e3	addressing review comments Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:06:39 -07:00
Riyaz Faizullabhoy	2a37590ea6	update interface and comments Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:06:37 -07:00
Riyaz Faizullabhoy	c41cee3e5d	simplify export logic with new keymap Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:04:04 -07:00
Riyaz Faizullabhoy	0f39dd7aa8	add GetKeyInfo test for memory store Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:04:04 -07:00
Riyaz Faizullabhoy	97e845e295	AddKey for cryptoservice Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:04:04 -07:00
Riyaz Faizullabhoy	95af5d4800	try cleaning up removekey, debugging tests Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:04:00 -07:00
Riyaz Faizullabhoy	23eb203a63	add key info api, use for passwd Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:03:14 -07:00
Riyaz Faizullabhoy	351b247aec	add tests for initial keystore state, and after removing and adding Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:03:11 -07:00
Riyaz Faizullabhoy	27c8737bdc	refactor ImportRoleKey, simplify integration test code, update constants Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-08 13:40:02 -08:00
Riyaz Faizullabhoy	0fdb2d1891	update positive tests Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-08 13:40:02 -08:00
Riyaz Faizullabhoy	c66584989e	add checks to CLI command for role and gun Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-08 13:38:42 -08:00
Riyaz Faizullabhoy	caa9581bcc	add tests, consts and fixup Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-08 13:38:42 -08:00
Riyaz Faizullabhoy	690fcb96da	rework import key Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-08 13:38:42 -08:00
Riyaz Faizullabhoy	12fd5aa246	rework export key Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-08 13:38:42 -08:00
Ying Li	00203f7785	Update the previous backwards compatibility test, and add a new test for downloading. Signed-off-by: Ying Li <ying.li@docker.com>	2016-02-04 11:51:20 -08:00
Riyaz Faizullabhoy	138d6cea09	Add, remove, and list delegation command. TUF changelist action change for deletions (force vs. individual items) Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-01-18 16:24:45 -08:00
HuKeping	31d79d77a3	Comment: improve some comment To keep consistent with the comment about the interface. Signed-off-by: Hu Keping <hukeping@huawei.com>	2016-01-13 10:33:14 +08:00
Ying Li	6028de0dd1	Merge pull request #387 from docker/backwards-compatibility Tests for backwards-compatibility reading/writing/exporting/importing old repo format	2015-12-23 12:15:03 -08:00
Ying Li	785b2527b1	Test import/export of old repo format. Signed-off-by: Ying Li <ying.li@docker.com>	2015-12-23 11:47:37 -08:00
David Lawrence	e516dd88f2	cleaning up tests by converting t.Fatal to assert.___ Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-12-23 09:41:03 -08:00
David Lawrence	f2ec72b5b6	aliases removed from file names Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-12-23 09:41:03 -08:00
David Lawrence	6d5b8ff54a	add role into PEM headers Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-12-23 09:41:03 -08:00
David Lawrence	1f329868e8	making filestores consistent so you can Get, Remove, etc... the paths returned by ListFiles Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-12-23 09:41:03 -08:00
David Lawrence	26d30953c8	Merge pull request #312 from mtrmac/cert-expiration Cert expiration	2015-12-10 08:40:24 -08:00
Miloslav Trmač	3c6335c572	Explicitly supply validity times to certificate generation Add explicit startTime and endTime parameters to cryptoservice.GenerateCertificate and trustmanager.NewCertificate. trustmanager.NewCertificate as a low-level data manipulation function should not be hard-coding policy (10-year expiration); that policy belongs to its callers, or one more level higher to callers of cryptoservice.GenerateCertificate. These places hard-coding policy now also have an explict comment to that effect. In addition to conceptual cleanliness, this will allow writing tests of certificate expiry by generating appropriate expired or nearly-expired certificates. Tests which don't care about the policy much will continue to use the just added cryptoservice.GenerateTestingCertificate. Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2015-12-09 20:02:10 +01:00
Miloslav Trmač	d5c080ae9c	Add cryptoservice.GenerateTestingCertificate Various tests have been calling trustmanager.NewCertificate and open-coding most of cryptoservice.GenerateCertificate. So, add cryptoservice.GenerateTestingCertificate. It differs only by using crypto.Signer instead of data.PrivateKey because the tests have a crypto.Signer more frequently available, and converting from data.PrivateKey to crypto.Signer is easier than the other way. This will make it easier to add policy parameters which the tests don't care about to trustmanager.NewCertificate and cryptoservice.GenerateCertificate in the future. Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2015-12-09 20:02:10 +01:00
Miloslav Trmač	74d327f273	Remove an incorrect comment. The commented code is not converting DER to PEM, it is parsing DER into an in-memory data structure, and is hopefully just as clear without a comment. Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2015-12-09 20:02:10 +01:00
Miloslav Trmač	57a15112c8	Fix error handling on invalid root passphrase When the user insists on an invalid passphrase (or aborts the operation), CryptoService.GetPrivateKey will try the correct root location first, correctly failing, and then try to look for the root key in the $gun subdirectory, and so will return the last error, a confusing ”open $path: no such file or directory”. So, recognize the passphrase-related errors and fail with them directly. Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2015-12-09 19:58:02 +01:00
Miloslav Trmač	d3c3d70d6d	Add gun to CryptoServiceTester The gun field is not necessary yet, but will be useful in a future commit. But including it immediately allows us to simplify by using an ordinary method for cryptoServiceFactory instead of closures. Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2015-12-09 19:45:34 +01:00
David Lawrence	ae7459b5f2	updating commend and renaming test per comments Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-30 16:53:08 -08:00
David Lawrence	1e091a0f56	CryptoService.Sign is now dead code. Remove it and update tests Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-30 16:36:34 -08:00
Ying Li	5d0893ef2a	Oops, it'd be helpful if we actually ran the new CryptoService tests. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:14:01 -08:00
Ying Li	efff721955	Add tests for multi-keystore crypto services. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:49 -08:00
David Lawrence	8628b57a96	private subdir should be added by keyfilestore, rather than all over the place Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:12:57 -08:00
David Lawrence	ee270b6a2b	fixing integrations tests for new list keys layout Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:12:21 -08:00
David Lawrence	c08e732f9f	fixing error message and moving signing operations up a level Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:12:14 -08:00
Ying Li	0280a82ae0	Do not back up a root key that is imported into Yubikey. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:11:43 -08:00
David Lawrence	2d4612c703	removekey is going to be best effort Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:32 -08:00
David Lawrence	a3336e696e	removekey had an errant return Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	b7c38f0287	fixing tests Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	0fd1fa6ada	arbitrary slots working Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
David Lawrence	be4c0669c1	move import/export to cryptoservice and add import to yubikey Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-11-12 01:09:31 -08:00
Ying Li	2a9e163bd2	Fixed cryptoservice.Create to call keyStore.AddKey with a GUN only if it is not a root role. Updated the cryptoservice tests to test all key algorithms, all roles, and cryptoservices without a GUN. This then also found bugs in cryptoservice.GetKey, cryptoservice.RemoveKey, and cryptoservice.GetPrivateKey, which weren't really being exercised previously. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:08:57 -08:00
Diogo Monica	21138e6bad	Working version of Notary and Yubikey Signed-off-by: Diogo Monica <diogo@docker.com> Remove symlinks from notary-client repo creation Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: Diogo Monica <diogo@docker.com> WIP Signed-off-by: Diogo Monica <diogo@docker.com> working yubikey integration Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage) Fixing small colon bug Signed-off-by: Diogo Monica <diogo@docker.com> Added things. Ship it. Signed-off-by: Diogo Monica <diogo@docker.com> Bringing ecdsahwcryptosigner to 2015 Signed-off-by: Diogo Monica <diogo@docker.com> Working version of notary and yubikey Signed-off-by: Diogo Monica <diogo@docker.com>	2015-11-12 01:06:09 -08:00

1 2

74 Commits