This makes it possible to delegate snapshots key management to the
server, and to reclaim the responsibility.
Signed-off-by: Ying Li <ying.li@docker.com>
Add explicit startTime and endTime parameters to
cryptoservice.GenerateCertificate and trustmanager.NewCertificate.
trustmanager.NewCertificate as a low-level data manipulation function
should not be hard-coding policy (10-year expiration); that policy
belongs to its callers, or one more level higher to callers of
cryptoservice.GenerateCertificate.
These places hard-coding policy now also have an explict comment to
that effect.
In addition to conceptual cleanliness, this will allow writing tests
of certificate expiry by generating appropriate expired or nearly-expired
certificates.
Tests which don't care about the policy much will continue to use the
just added cryptoservice.GenerateTestingCertificate.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
None of these `filename`, `ext` or `configPath` should be in `main`,
they are all just for creating a instance of Viper and then nothing.
Do it in a separate function will make the function `main` more readable.
Signed-off-by: Hu Keping <hukeping@huawei.com>
Rather than create an SQL DB, then create a gorm BD using the SQL
DB. Also split the Create/Get test into two tests.
Signed-off-by: Ying Li <ying.li@docker.com>
It's no need to keep the `err` after asserting it should be `nil`, and
we can merge these two logs into one I suppose.
Signed-off-by: Hu Keping <hukeping@huawei.com>
The type must either be "local" or "remote". Previously, any invalid
configuration would default to a local signing service, but since
a remote signing service is recommended, the user has to specifically
configure a local signing service. We don't want it to be the
fallback.
Signed-off-by: Ying Li <ying.li@docker.com>
Previously, if it wasn't a remote service, the config parser was
still setting the key algorithm to be whatever was configured.
Now, if we are using a local trust service, the algorithm is always
ED25519.
Also broke the trust parsing into its own function for testing.
Signed-off-by: Ying Li <ying.li@docker.com>
The server already supported a memory backend, but now it must be
specified, rather than just being a fallback if no storage is
specified. This also adds a signer backend to signer, which
previously required a MySQL backend.
Thanks @endophage for the excellent suggestion!
Signed-off-by: Ying Li <ying.li@docker.com>
Previously, if a relative path was provided, it was relative to the
current working directory to wherever the binaries were run. Now
it is relative to whatever config file was used.
Signed-off-by: Ying Li <ying.li@docker.com>
This changes the 'addr' parameter of notary-server's config to
'http_addr', so we can add a GRPC server to notary-server if
necessary. This also allows environment variables to override
the notary-server config file entries, as notary-signer already
does.
The bugsnag configuration has also been changed so that the
bugsnag parameters are under the "bugsnag" key.
Signed-off-by: Ying Li <ying.li@docker.com>
Also add bugsnag support to notary-signer.
This also changes the 'server.cert_file' and 'server.key_file'
parameters to 'server.tls_cert_file' and 'server.tls_key_file',
respectively, to match notary-server.
Previously, the default alias, which was under the environment
variable NOTARY_SERVER_DEFAULT_ALIAS is now also available in
the config file in storage.default_alias. The password has
not changed.
Finally, this removes some of the HSM references in notary-signer.
Signed-off-by: Ying Li <ying.li@docker.com>
Previously, because it's a CryptoService wrapper around a remote signer
service, it returned nil all the time. Now, because signing is done
via private key more than CryptoService, it has to return a PrivateKey.
The key doesn't have private bytes, but can be used for signing.
Signed-off-by: Ying Li <ying.li@docker.com>
This lists any matching keys, and requires the user to pick which one
to choose, if there is more than 1 matching key. Also requires the
user to confirm before deleting.
Signed-off-by: Ying Li <ying.li@docker.com>
add verification to yubikey signatures. Attempt to generate sig up to…
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
