docker-docs

mirror of https://github.com/docker/docs.git synced 2026-03-31 08:18:55 +07:00

Author	SHA1	Message	Date
Riyaz Faizullabhoy	5d0b926b7f	Use require for certs and trustmanager Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-04-04 14:44:48 -07:00
Riyaz Faizullabhoy	c54183bc27	Add error case to keyInfo generation, test yubikey backup, fix rebase conflicts Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:35:34 -07:00
Riyaz Faizullabhoy	e1613cdcb2	Address review comments Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:31:07 -07:00
Riyaz Faizullabhoy	be66056edb	change API to specify keyID instead of name Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:31:07 -07:00
Riyaz Faizullabhoy	5984b88f14	configure backing up logic for yubikey Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:31:07 -07:00
Riyaz Faizullabhoy	1ed9c352d7	change ks.AddKey to be consistent with CryptoService Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:31:06 -07:00
Riyaz Faizullabhoy	9ecd899e25	Removing key import and gun from cryptoservice Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:31:03 -07:00
Riyaz Faizullabhoy	1aad807439	update role checks for empty gun Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:06:40 -07:00
Riyaz Faizullabhoy	7bd550a39a	import refactor Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:06:40 -07:00
Riyaz Faizullabhoy	c7bccd79e3	addressing review comments Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:06:39 -07:00
Riyaz Faizullabhoy	2a37590ea6	update interface and comments Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:06:37 -07:00
Riyaz Faizullabhoy	c41cee3e5d	simplify export logic with new keymap Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:04:04 -07:00
Riyaz Faizullabhoy	0f39dd7aa8	add GetKeyInfo test for memory store Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:04:04 -07:00
Riyaz Faizullabhoy	97e845e295	AddKey for cryptoservice Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:04:04 -07:00
Riyaz Faizullabhoy	23eb203a63	add key info api, use for passwd Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:03:14 -07:00
Riyaz Faizullabhoy	351b247aec	add tests for initial keystore state, and after removing and adding Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:03:11 -07:00
Riyaz Faizullabhoy	bbaef4faba	Flatten keystore by adding map, simple tests Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-03-18 11:00:50 -07:00
Riyaz Faizullabhoy	d69d0188a4	Move yubikey import role check to avoid excessive passphrase prompting Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-24 14:29:40 -08:00
Riyaz Faizullabhoy	0fdb2d1891	update positive tests Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-08 13:40:02 -08:00
Riyaz Faizullabhoy	c66584989e	add checks to CLI command for role and gun Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-08 13:38:42 -08:00
Riyaz Faizullabhoy	caa9581bcc	add tests, consts and fixup Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-02-08 13:38:42 -08:00
Riyaz Faizullabhoy	2964e8c6f4	add integration test for adding/listing/removing targets from roles Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-01-28 10:20:27 -08:00
Riyaz Faizullabhoy	83c5ed255b	Add check for RSA key len before adding Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-01-26 23:27:06 -08:00
Riyaz Faizullabhoy	138d6cea09	Add, remove, and list delegation command. TUF changelist action change for deletions (force vs. individual items) Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>	2016-01-18 16:24:45 -08:00
HuKeping	fdc0f04268	Keep code style consistent GetLeafCerts and GetIntermediaCerts are similiar and a consistent implementation will be more friendly to those people who wants to read the code. Signed-off-by: Hu Keping <hukeping@huawei.com>	2016-01-18 19:58:02 +08:00
Ying Li	877d47bb5c	Add tests to ensure you can just drop a key in tuf_key and use it for signing. This is important for user keys, which do not necessarily need to be under a GUN, and may have a role other than one of the canonical roles (e.g. "user" role). Signed-off-by: Ying Li <ying.li@docker.com>	2016-01-15 18:54:41 -08:00
David Lawrence	48ecd8d2cb	some cleanup of certs code Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2016-01-15 11:30:32 -08:00
Udo Seidel	f1067998f6	added /usr/lib64 to search paths Signed-off-by: Udo Seidel <udoseidel@gmx.de>	2016-01-07 11:56:22 +01:00
Ying Li	0465365fb6	Return an error if unable to encrypt a key as a valid PEM file Also address review comments and fix semantic conflict after rebase. Signed-off-by: Ying Li <ying.li@docker.com>	2015-12-23 09:44:51 -08:00
David Lawrence	2bf5d4b09a	test for legacy keys and some bugfixes for same Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-12-23 09:41:03 -08:00
David Lawrence	f2ec72b5b6	aliases removed from file names Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-12-23 09:41:03 -08:00
David Lawrence	6d5b8ff54a	add role into PEM headers Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-12-23 09:41:03 -08:00
David Lawrence	1f329868e8	making filestores consistent so you can Get, Remove, etc... the paths returned by ListFiles Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-12-23 09:41:03 -08:00
David Lawrence	8f7fddd5d5	breaking up low level storage into logical files Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)	2015-12-23 09:41:03 -08:00
Miloslav Trmač	06e58c1d11	Tighten TestNewCertificate tests Using the just added facility to generate a certificate as of a specific time, tighten TestNewCertificate to use equality comparisons. Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2015-12-09 20:02:10 +01:00
Miloslav Trmač	bd6d937f43	Fix computation of certificate expiration Instead of 3650 days, actually use 10 years (i.e. take into account leap days). Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2015-12-09 20:02:10 +01:00
Miloslav Trmač	3c6335c572	Explicitly supply validity times to certificate generation Add explicit startTime and endTime parameters to cryptoservice.GenerateCertificate and trustmanager.NewCertificate. trustmanager.NewCertificate as a low-level data manipulation function should not be hard-coding policy (10-year expiration); that policy belongs to its callers, or one more level higher to callers of cryptoservice.GenerateCertificate. These places hard-coding policy now also have an explict comment to that effect. In addition to conceptual cleanliness, this will allow writing tests of certificate expiry by generating appropriate expired or nearly-expired certificates. Tests which don't care about the policy much will continue to use the just added cryptoservice.GenerateTestingCertificate. Signed-off-by: Miloslav Trmač <mitr@redhat.com>	2015-12-09 20:02:10 +01:00
Ying Li	68962ce0f7	Merge pull request #281 from docker/better-pkcs11-logging Log whether a pkcs11 library was found and if it was loadable. This unfortunately prints out every time any operation is done on the Yubikey, producing a lot of log output, but perhaps that is better because an operation might fail at any given time. Output if no Yubikey: DEBU[0000] Failed to initialize PKCS11 environment: loaded library /usr/local/lib/libykcs11.dylib, but no HSM slots found If there is a Yubikey: DEBU[0000] Initialized PKCS11 library /usr/local/lib/libykcs11.dylib and started HSM session	2015-11-13 15:51:11 -08:00
Ying Li	f9bd60701f	Log whether a pkcs11 library was found and if it was loadable. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 02:53:39 -08:00
Ying Li	587906e6c6	More defensive coding around listing our keys in the yubikey. Signed-off-by: Ying Li <ying.li@docker.com>	2015-11-13 00:08:53 -08:00
Diogo Monica	d2f69fe5bc	Adding another path to search for ykcs libs Signed-off-by: Diogo Monica <diogo@docker.com>	2015-11-12 01:22:40 -08:00
Ying Li	87231d9a5d	Fix new bug where adding a duplicate key to a yubikey added to the backup. Added a test for this case as well - thanks @endophage! Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:58 -08:00
Ying Li	43f2d40e43	Make our CI pick up trustmanager/yubikey again Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:55 -08:00
Ying Li	6cf0643d7d	Roll back an add key to the yubikey if we can't back it up. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:46 -08:00
Ying Li	96bfaac05f	Add tests for verifying signatures before returning a signature. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:43 -08:00
Ying Li	4b7fefd5ef	Do not clean up a session if there is no session. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:35 -08:00
Ying Li	cee92fa363	Undo some changes from a bad stash pop that were unintentional. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:32 -08:00
Ying Li	38a5b5a342	Add FindObjectsFinalize to getNextEmptySlot. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:29 -08:00
Ying Li	10057562d8	Add fixes for Sign (do not continue if SignInit fails). Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:25 -08:00
Ying Li	73a26d59ac	Inject errors into pkcs11 in order to test that the yubikey code cleans up. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)	2015-11-12 01:13:22 -08:00

1 2 3 4 5

204 Commits