本文整理汇总了Golang中github.com/docker/notary/trustmanager.NewKeyFileStore函数的典型用法代码示例。如果您正苦于以下问题:Golang NewKeyFileStore函数的具体用法?Golang NewKeyFileStore怎么用?Golang NewKeyFileStore使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了NewKeyFileStore函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。
示例1: TestExportNonRootKeyReencrypt
func TestExportNonRootKeyReencrypt(t *testing.T) {
gun := "docker.com/notary"
// Temporary directory where test files will be created
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
defer os.RemoveAll(tempBaseDir)
require.NoError(t, err, "failed to create a temporary directory: %s", err)
fileStore, err := trustmanager.NewKeyFileStore(tempBaseDir, oldPassphraseRetriever)
cs := NewCryptoService(fileStore)
pubKey, err := cs.Create(data.CanonicalSnapshotRole, gun, data.ECDSAKey)
require.NoError(t, err)
snapshotKeyID := pubKey.ID()
tempKeyFile, err := ioutil.TempFile("", "notary-test-export-")
tempKeyFilePath := tempKeyFile.Name()
defer os.Remove(tempKeyFilePath)
err = cs.ExportKeyReencrypt(tempKeyFile, snapshotKeyID, newPassphraseRetriever)
require.NoError(t, err)
tempKeyFile.Close()
// Create new repo to test import
tempBaseDir2, err := ioutil.TempDir("", "notary-test-")
defer os.RemoveAll(tempBaseDir2)
require.NoError(t, err, "failed to create a temporary directory: %s", err)
fileStore2, err := trustmanager.NewKeyFileStore(tempBaseDir2, newPassphraseRetriever)
cs2 := NewCryptoService(fileStore2)
keyReader, err := os.Open(tempKeyFilePath)
require.NoError(t, err, "could not open key file")
pemBytes, err := ioutil.ReadAll(keyReader)
require.NoError(t, err, "could not read key file")
// Convert to a data.PrivateKey, potentially decrypting the key, and add it to the cryptoservice
privKey, _, err := trustmanager.GetPasswdDecryptBytes(newPassphraseRetriever, pemBytes, "", "imported "+data.CanonicalSnapshotRole)
require.NoError(t, err)
err = cs2.AddKey(data.CanonicalSnapshotRole, gun, privKey)
require.NoError(t, err)
keyReader.Close()
// Look for repo's snapshot key in repo2
// There should be a file named after the key ID of the snapshot key we
// imported.
snapshotKeyFilename := snapshotKeyID + ".key"
_, err = os.Stat(filepath.Join(tempBaseDir2, notary.PrivDir, notary.NonRootKeysSubdir, "docker.com/notary", snapshotKeyFilename))
require.NoError(t, err, "missing snapshot key")
// Should be able to unlock the root key with the new password
key, alias, err := cs2.GetPrivateKey(snapshotKeyID)
require.NoError(t, err, "could not unlock snapshot key")
require.Equal(t, data.CanonicalSnapshotRole, alias)
require.Equal(t, snapshotKeyID, key.ID())
}
开发者ID:mbentley,项目名称:notary,代码行数:57,代码来源:import_export_test.go
示例2: TestImportExportNonRootKey
func TestImportExportNonRootKey(t *testing.T) {
gun := "docker.com/notary"
// Temporary directory where test files will be created
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
defer os.RemoveAll(tempBaseDir)
assert.NoError(t, err, "failed to create a temporary directory: %s", err)
fileStore, err := trustmanager.NewKeyFileStore(tempBaseDir, oldPassphraseRetriever)
cs := NewCryptoService(gun, fileStore)
pubKey, err := cs.Create(data.CanonicalTargetsRole, data.ECDSAKey)
assert.NoError(t, err)
targetsKeyID := pubKey.ID()
tempKeyFile, err := ioutil.TempFile("", "notary-test-export-")
tempKeyFilePath := tempKeyFile.Name()
defer os.Remove(tempKeyFilePath)
err = cs.ExportKey(tempKeyFile, targetsKeyID, data.CanonicalTargetsRole)
assert.NoError(t, err)
tempKeyFile.Close()
// Create new repo to test import
tempBaseDir2, err := ioutil.TempDir("", "notary-test-")
defer os.RemoveAll(tempBaseDir2)
assert.NoError(t, err, "failed to create a temporary directory: %s", err)
fileStore2, err := trustmanager.NewKeyFileStore(tempBaseDir2, oldPassphraseRetriever)
cs2 := NewCryptoService(gun, fileStore2)
keyReader, err := os.Open(tempKeyFilePath)
assert.NoError(t, err, "could not open key file")
pemBytes, err := ioutil.ReadAll(keyReader)
assert.NoError(t, err, "could not read key file")
err = cs2.ImportRoleKey(pemBytes, data.CanonicalTargetsRole, oldPassphraseRetriever)
assert.NoError(t, err)
keyReader.Close()
// Look for repo's targets key in repo2
// There should be a file named after the key ID of the targets key we
// imported.
targetsKeyFilename := targetsKeyID + ".key"
_, err = os.Stat(filepath.Join(tempBaseDir2, "private", "tuf_keys", "docker.com/notary", targetsKeyFilename))
assert.NoError(t, err, "missing targets key")
// Check that the key is the same
key, alias, err := cs2.GetPrivateKey(targetsKeyID)
assert.NoError(t, err, "could not unlock targets key")
assert.Equal(t, data.CanonicalTargetsRole, alias)
assert.Equal(t, targetsKeyID, key.ID())
}
开发者ID:NathanMcCauley,项目名称:notary,代码行数:54,代码来源:import_export_test.go
示例3: TestImportExportRootKeyReencrypt
func TestImportExportRootKeyReencrypt(t *testing.T) {
gun := "docker.com/notary"
// Temporary directory where test files will be created
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
defer os.RemoveAll(tempBaseDir)
assert.NoError(t, err, "failed to create a temporary directory: %s", err)
fileStore, err := trustmanager.NewKeyFileStore(tempBaseDir, oldPassphraseRetriever)
cs := NewCryptoService(gun, fileStore)
pubKey, err := cs.Create(data.CanonicalRootRole, data.ECDSAKey)
assert.NoError(t, err)
rootKeyID := pubKey.ID()
tempKeyFile, err := ioutil.TempFile("", "notary-test-export-")
tempKeyFilePath := tempKeyFile.Name()
defer os.Remove(tempKeyFilePath)
err = cs.ExportRootKeyReencrypt(tempKeyFile, rootKeyID, newPassphraseRetriever)
assert.NoError(t, err)
tempKeyFile.Close()
// Create new repo to test import
tempBaseDir2, err := ioutil.TempDir("", "notary-test-")
defer os.RemoveAll(tempBaseDir2)
assert.NoError(t, err, "failed to create a temporary directory: %s", err)
fileStore2, err := trustmanager.NewKeyFileStore(tempBaseDir2, newPassphraseRetriever)
cs2 := NewCryptoService(gun, fileStore2)
keyReader, err := os.Open(tempKeyFilePath)
assert.NoError(t, err, "could not open key file")
err = cs2.ImportRootKey(keyReader)
assert.NoError(t, err)
keyReader.Close()
// Look for repo's root key in repo2
// There should be a file named after the key ID of the root key we
// imported.
rootKeyFilename := rootKeyID + ".key"
_, err = os.Stat(filepath.Join(tempBaseDir2, "private", "root_keys", rootKeyFilename))
assert.NoError(t, err, "missing root key")
// Should be able to unlock the root key with the new password
key, alias, err := cs2.GetPrivateKey(rootKeyID)
assert.NoError(t, err, "could not unlock root key")
assert.Equal(t, "root", alias)
assert.Equal(t, rootKeyID, key.ID())
}
开发者ID:useidel,项目名称:notary,代码行数:51,代码来源:import_export_test.go
示例4: ExportKeysByGUN
// ExportKeysByGUN exports all keys associated with a specified GUN to an
// io.Writer in zip format. passphraseRetriever is used to select new passphrases to use to
// encrypt the keys.
func (cs *CryptoService) ExportKeysByGUN(dest io.Writer, gun string, passphraseRetriever passphrase.Retriever) error {
tempBaseDir, err := ioutil.TempDir("", "notary-key-export-")
defer os.RemoveAll(tempBaseDir)
// Create temporary keystore to use as a staging area
tempKeyStore, err := trustmanager.NewKeyFileStore(tempBaseDir, passphraseRetriever)
if err != nil {
return err
}
for _, ks := range cs.keyStores {
if err := moveKeysByGUN(ks, tempKeyStore, gun); err != nil {
return err
}
}
zipWriter := zip.NewWriter(dest)
if len(tempKeyStore.ListKeys()) == 0 {
return ErrNoKeysFoundForGUN
}
if err := addKeysToArchive(zipWriter, tempKeyStore); err != nil {
return err
}
zipWriter.Close()
return nil
}
开发者ID:DaveDaCoda,项目名称:docker,代码行数:33,代码来源:import_export.go
示例5: importExportedZip
// Export all the keys of a cryptoservice to a zipfile, and import it into a
// new cryptoService, and return that new cryptoService
func importExportedZip(t *testing.T, original *CryptoService,
ret passphrase.Retriever, gun string) (*CryptoService, string) {
// Temporary directory where test files will be created
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
assert.NoError(t, err, "failed to create a temporary directory: %s", err)
ks, err := trustmanager.NewKeyFileStore(tempBaseDir, ret)
assert.NoError(t, err)
var cs *CryptoService
// export keys
zipFile, err := ioutil.TempFile("", "notary-test-zipFile")
defer os.RemoveAll(zipFile.Name())
if gun != "" {
original.ExportKeysByGUN(zipFile, gun, ret)
cs = NewCryptoService(gun, ks)
} else {
original.ExportAllKeys(zipFile, ret)
cs = NewCryptoService(original.gun, ks)
}
zipFile.Close()
// import keys into the cryptoservice now
zipReader, err := zip.OpenReader(zipFile.Name())
assert.NoError(t, err)
defer zipReader.Close()
assert.NoError(t, cs.ImportKeysZip(zipReader.Reader))
return cs, tempBaseDir
}
开发者ID:useidel,项目名称:notary,代码行数:33,代码来源:import_export_compatibility_test.go
示例6: getKeyStores
func getKeyStores(baseDir string, retriever notary.PassRetriever) ([]trustmanager.KeyStore, error) {
fileKeyStore, err := trustmanager.NewKeyFileStore(baseDir, retriever)
if err != nil {
return nil, fmt.Errorf("failed to create private key store in directory: %s", baseDir)
}
return []trustmanager.KeyStore{fileKeyStore}, nil
}
开发者ID:jfrazelle,项目名称:notary,代码行数:7,代码来源:repo.go
示例7: TestImport0Dot1Zip
// Zips up the keys in the old repo, and assert that we can import it and use
// said keys. The 0.1 exported format is just a zip file of all the keys
func TestImport0Dot1Zip(t *testing.T) {
ks, ret, _ := get0Dot1(t)
zipFile, err := ioutil.TempFile("", "notary-test-zipFile")
defer os.RemoveAll(zipFile.Name())
zipWriter := zip.NewWriter(zipFile)
require.NoError(t, err)
require.NoError(t, addKeysToArchive(zipWriter, ks))
zipWriter.Close()
zipFile.Close()
origKeys := make(map[string]string)
for keyID, keyInfo := range ks.ListKeys() {
origKeys[keyID] = keyInfo.Role
}
require.Len(t, origKeys, 3)
// now import the zip file into a new cryptoservice
tempDir, err := ioutil.TempDir("", "notary-test-import")
defer os.RemoveAll(tempDir)
require.NoError(t, err)
ks, err = trustmanager.NewKeyFileStore(tempDir, ret)
require.NoError(t, err)
cs := NewCryptoService(ks)
zipReader, err := zip.OpenReader(zipFile.Name())
require.NoError(t, err)
defer zipReader.Close()
require.NoError(t, cs.ImportKeysZip(zipReader.Reader, passphrase.ConstantRetriever("randompass")))
assertHasKeys(t, cs, origKeys)
}
开发者ID:mbentley,项目名称:notary,代码行数:36,代码来源:import_export_compatibility_test.go
示例8: NewNotaryRepository
// NewNotaryRepository is a helper method that returns a new notary repository.
// It takes the base directory under where all the trust files will be stored
// (usually ~/.docker/trust/).
func NewNotaryRepository(baseDir, gun, baseURL string) (*NotaryRepository, error) {
trustDir := filepath.Join(baseDir, trustDir)
rootKeysDir := filepath.Join(baseDir, rootKeysDir)
privKeyStore, err := trustmanager.NewKeyFileStore(filepath.Join(baseDir, privDir))
if err != nil {
return nil, err
}
signer := signed.NewSigner(NewCryptoService(gun, privKeyStore))
nRepo := &NotaryRepository{
Gun: gun,
baseDir: baseDir,
baseURL: baseURL,
tufRepoPath: filepath.Join(baseDir, tufDir, gun),
signer: signer,
privKeyStore: privKeyStore,
}
if err := nRepo.loadKeys(trustDir, rootKeysDir); err != nil {
return nil, err
}
return nRepo, nil
}
开发者ID:jalateras,项目名称:notary,代码行数:29,代码来源:client.go
示例9: getKeyStores
func (k *keyCommander) getKeyStores(
config *viper.Viper, withHardware, hardwareBackup bool) ([]trustmanager.KeyStore, error) {
retriever := k.getRetriever()
directory := config.GetString("trust_dir")
fileKeyStore, err := trustmanager.NewKeyFileStore(directory, retriever)
if err != nil {
return nil, fmt.Errorf(
"Failed to create private key store in directory: %s", directory)
}
ks := []trustmanager.KeyStore{fileKeyStore}
if withHardware {
var yubiStore trustmanager.KeyStore
if hardwareBackup {
yubiStore, err = getYubiStore(fileKeyStore, retriever)
} else {
yubiStore, err = getYubiStore(nil, retriever)
}
if err == nil && yubiStore != nil {
// Note that the order is important, since we want to prioritize
// the yubikey store
ks = []trustmanager.KeyStore{yubiStore, fileKeyStore}
}
}
return ks, nil
}
开发者ID:jfrazelle,项目名称:notary,代码行数:30,代码来源:keys.go
示例10: ExportKeysByGUN
// ExportKeysByGUN exports all keys associated with a specified GUN to an
// io.Writer in zip format. passphraseRetriever is used to select new passphrases to use to
// encrypt the keys.
func (km *KeyStoreManager) ExportKeysByGUN(dest io.Writer, gun string, passphraseRetriever passphrase.Retriever) error {
tempBaseDir, err := ioutil.TempDir("", "notary-key-export-")
defer os.RemoveAll(tempBaseDir)
privNonRootKeysSubdir := filepath.Join(privDir, nonRootKeysSubdir)
// Create temporary keystore to use as a staging area
tempNonRootKeysPath := filepath.Join(tempBaseDir, privNonRootKeysSubdir)
tempNonRootKeyStore, err := trustmanager.NewKeyFileStore(tempNonRootKeysPath, passphraseRetriever)
if err != nil {
return err
}
if err := moveKeysByGUN(km.nonRootKeyStore, tempNonRootKeyStore, gun); err != nil {
return err
}
zipWriter := zip.NewWriter(dest)
if len(tempNonRootKeyStore.ListKeys()) == 0 {
return ErrNoKeysFoundForGUN
}
if err := addKeysToArchive(zipWriter, tempNonRootKeyStore, privNonRootKeysSubdir); err != nil {
return err
}
zipWriter.Close()
return nil
}
开发者ID:ChanderG,项目名称:docker,代码行数:34,代码来源:import_export.go
示例11: ExportRootKeyReencrypt
// ExportRootKeyReencrypt exports the specified root key to an io.Writer in
// PEM format. The key is reencrypted with a new passphrase.
func (cs *CryptoService) ExportRootKeyReencrypt(dest io.Writer, keyID string, newPassphraseRetriever passphrase.Retriever) error {
privateKey, role, err := cs.GetPrivateKey(keyID)
if err != nil {
return err
}
// Create temporary keystore to use as a staging area
tempBaseDir, err := ioutil.TempDir("", "notary-key-export-")
defer os.RemoveAll(tempBaseDir)
tempKeyStore, err := trustmanager.NewKeyFileStore(tempBaseDir, newPassphraseRetriever)
if err != nil {
return err
}
err = tempKeyStore.AddKey(keyID, role, privateKey)
if err != nil {
return err
}
pemBytes, err := tempKeyStore.ExportKey(keyID)
if err != nil {
return err
}
nBytes, err := dest.Write(pemBytes)
if err != nil {
return err
}
if nBytes != len(pemBytes) {
return errors.New("Unable to finish writing exported key.")
}
return nil
}
开发者ID:DaveDaCoda,项目名称:docker,代码行数:35,代码来源:import_export.go
示例12: ExportAllKeys
// ExportAllKeys exports all keys to an io.Writer in zip format.
// newPassphraseRetriever will be used to obtain passphrases to use to encrypt the existing keys.
func (cs *CryptoService) ExportAllKeys(dest io.Writer, newPassphraseRetriever notary.PassRetriever) error {
tempBaseDir, err := ioutil.TempDir("", "notary-key-export-")
defer os.RemoveAll(tempBaseDir)
// Create temporary keystore to use as a staging area
tempKeyStore, err := trustmanager.NewKeyFileStore(tempBaseDir, newPassphraseRetriever)
if err != nil {
return err
}
for _, ks := range cs.keyStores {
if err := moveKeys(ks, tempKeyStore); err != nil {
return err
}
}
zipWriter := zip.NewWriter(dest)
if err := addKeysToArchive(zipWriter, tempKeyStore); err != nil {
return err
}
zipWriter.Close()
return nil
}
开发者ID:mbentley,项目名称:notary,代码行数:28,代码来源:import_export.go
示例13: ExportRootKeyReencrypt
// ExportRootKeyReencrypt exports the specified root key to an io.Writer in
// PEM format. The key is reencrypted with a new passphrase.
func (km *KeyStoreManager) ExportRootKeyReencrypt(dest io.Writer, keyID string, newPassphraseRetriever passphrase.Retriever) error {
privateKey, alias, err := km.rootKeyStore.GetKey(keyID)
if err != nil {
return err
}
// Create temporary keystore to use as a staging area
tempBaseDir, err := ioutil.TempDir("", "notary-key-export-")
defer os.RemoveAll(tempBaseDir)
privRootKeysSubdir := filepath.Join(privDir, rootKeysSubdir)
tempRootKeysPath := filepath.Join(tempBaseDir, privRootKeysSubdir)
tempRootKeyStore, err := trustmanager.NewKeyFileStore(tempRootKeysPath, newPassphraseRetriever)
if err != nil {
return err
}
err = tempRootKeyStore.AddKey(keyID, alias, privateKey)
if err != nil {
return err
}
pemBytes, err := tempRootKeyStore.Get(keyID + "_" + alias)
if err != nil {
return err
}
_, err = dest.Write(pemBytes)
return err
}
开发者ID:waterytowers,项目名称:global-hack-day-3,代码行数:32,代码来源:import_export.go
示例14: TestImport0Dot1Zip
// Zips up the keys in the old repo, and assert that we can import it and use
// said keys. The 0.1 exported format is just a zip file of all the keys
func TestImport0Dot1Zip(t *testing.T) {
ks, ret, gun := get0Dot1(t)
zipFile, err := ioutil.TempFile("", "notary-test-zipFile")
defer os.RemoveAll(zipFile.Name())
zipWriter := zip.NewWriter(zipFile)
assert.NoError(t, err)
assert.NoError(t, addKeysToArchive(zipWriter, ks))
zipWriter.Close()
zipFile.Close()
origKeys := ks.ListKeys()
assert.Len(t, origKeys, 3)
// now import the zip file into a new cryptoservice
tempDir, err := ioutil.TempDir("", "notary-test-import")
defer os.RemoveAll(tempDir)
assert.NoError(t, err)
ks, err = trustmanager.NewKeyFileStore(tempDir, ret)
assert.NoError(t, err)
cs := NewCryptoService(gun, ks)
zipReader, err := zip.OpenReader(zipFile.Name())
assert.NoError(t, err)
defer zipReader.Close()
assert.NoError(t, cs.ImportKeysZip(zipReader.Reader))
assertHasKeys(t, cs, origKeys)
}
开发者ID:useidel,项目名称:notary,代码行数:33,代码来源:import_export_compatibility_test.go
示例15: filestoreWithTwoCerts
// Generates a Manager in a temporary directory and returns the
// manager and certificates for two keys which have been added to the keystore.
// Also returns the temporary directory so it can be cleaned up.
func filestoreWithTwoCerts(t *testing.T, gun, keyAlg string) (
string, *Manager, *cryptoservice.CryptoService, []*x509.Certificate) {
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
assert.NoError(t, err, "failed to create a temporary directory: %s", err)
fileKeyStore, err := trustmanager.NewKeyFileStore(tempBaseDir, passphraseRetriever)
assert.NoError(t, err)
cryptoService := cryptoservice.NewCryptoService(gun, fileKeyStore)
// Create a Manager
certManager, err := NewManager(tempBaseDir)
assert.NoError(t, err)
certificates := make([]*x509.Certificate, 2)
for i := 0; i < 2; i++ {
pubKey, err := cryptoService.Create("root", keyAlg)
assert.NoError(t, err)
key, _, err := fileKeyStore.GetKey(pubKey.ID())
assert.NoError(t, err)
cert, err := cryptoservice.GenerateTestingCertificate(key.CryptoSigner(), gun)
assert.NoError(t, err)
certificates[i] = cert
}
return tempBaseDir, certManager, cryptoService, certificates
}
开发者ID:useidel,项目名称:notary,代码行数:32,代码来源:certmanager_test.go
示例16: ExportAllKeys
// ExportAllKeys exports all keys to an io.Writer in zip format.
// newPassphraseRetriever will be used to obtain passphrases to use to encrypt the existing keys.
func (km *KeyStoreManager) ExportAllKeys(dest io.Writer, newPassphraseRetriever passphrase.Retriever) error {
tempBaseDir, err := ioutil.TempDir("", "notary-key-export-")
defer os.RemoveAll(tempBaseDir)
// Create temporary keystore to use as a staging area
tempKeysPath := filepath.Join(tempBaseDir, privDir)
tempKeyStore, err := trustmanager.NewKeyFileStore(tempKeysPath, newPassphraseRetriever)
if err != nil {
return err
}
if err := moveKeys(km.KeyStore, tempKeyStore); err != nil {
return err
}
zipWriter := zip.NewWriter(dest)
if err := addKeysToArchive(zipWriter, tempKeyStore, privDir); err != nil {
return err
}
zipWriter.Close()
return nil
}
开发者ID:rogaha,项目名称:notary,代码行数:27,代码来源:import_export.go
示例17: NewKeyStoreManager
// NewKeyStoreManager returns an initialized KeyStoreManager, or an error
// if it fails to create the KeyFileStores or load certificates
func NewKeyStoreManager(baseDir string) (*KeyStoreManager, error) {
nonRootKeysPath := filepath.Join(baseDir, privDir, nonRootKeysSubdir)
nonRootKeyStore, err := trustmanager.NewKeyFileStore(nonRootKeysPath)
if err != nil {
return nil, err
}
// Load the keystore that will hold all of our encrypted Root Private Keys
rootKeysPath := filepath.Join(baseDir, privDir, rootKeysSubdir)
rootKeyStore, err := trustmanager.NewKeyFileStore(rootKeysPath)
if err != nil {
return nil, err
}
trustPath := filepath.Join(baseDir, trustDir)
// Load all CAs that aren't expired and don't use SHA1
trustedCAStore, err := trustmanager.NewX509FilteredFileStore(trustPath, func(cert *x509.Certificate) bool {
return cert.IsCA && cert.BasicConstraintsValid && cert.SubjectKeyId != nil &&
time.Now().Before(cert.NotAfter) &&
cert.SignatureAlgorithm != x509.SHA1WithRSA &&
cert.SignatureAlgorithm != x509.DSAWithSHA1 &&
cert.SignatureAlgorithm != x509.ECDSAWithSHA1
})
if err != nil {
return nil, err
}
// Load all individual (non-CA) certificates that aren't expired and don't use SHA1
trustedCertificateStore, err := trustmanager.NewX509FilteredFileStore(trustPath, func(cert *x509.Certificate) bool {
return !cert.IsCA &&
time.Now().Before(cert.NotAfter) &&
cert.SignatureAlgorithm != x509.SHA1WithRSA &&
cert.SignatureAlgorithm != x509.DSAWithSHA1 &&
cert.SignatureAlgorithm != x509.ECDSAWithSHA1
})
if err != nil {
return nil, err
}
return &KeyStoreManager{
rootKeyStore: rootKeyStore,
nonRootKeyStore: nonRootKeyStore,
trustedCAStore: trustedCAStore,
trustedCertificateStore: trustedCertificateStore,
}, nil
}
开发者ID:RichardScothern,项目名称:notary,代码行数:49,代码来源:keystoremanager.go
示例18: get0Dot1
func get0Dot1(t *testing.T) (*trustmanager.KeyFileStore, passphrase.Retriever, string) {
gun := "docker.io/notary0.1/samplerepo"
ret := passphrase.ConstantRetriever("randompass")
// produce the zip file
ks, err := trustmanager.NewKeyFileStore("../fixtures/compatibility/notary0.1", ret)
assert.NoError(t, err)
return ks, ret, gun
}
开发者ID:useidel,项目名称:notary,代码行数:10,代码来源:import_export_compatibility_test.go
示例19: NewNotaryRepository
// NewNotaryRepository is a helper method that returns a new notary repository.
// It takes the base directory under where all the trust files will be stored
// (usually ~/.docker/trust/).
func NewNotaryRepository(baseDir, gun, baseURL string, rt http.RoundTripper,
retriever passphrase.Retriever, trustPinning trustpinning.TrustPinConfig) (
*NotaryRepository, error) {
fileKeyStore, err := trustmanager.NewKeyFileStore(baseDir, retriever)
if err != nil {
return nil, fmt.Errorf("failed to create private key store in directory: %s", baseDir)
}
return repositoryFromKeystores(baseDir, gun, baseURL, rt,
[]trustmanager.KeyStore{fileKeyStore}, trustPinning)
}
开发者ID:beerbubble,项目名称:docker,代码行数:15,代码来源:repo.go
示例20: fakeServerData
// reads data from the repository in order to fake data being served via
// the ServeMux.
func fakeServerData(t *testing.T, repo *NotaryRepository, mux *http.ServeMux) {
tempKey, err := data.UnmarshalPrivateKey([]byte(timestampECDSAKeyJSON))
assert.NoError(t, err)
savedTUFRepo := repo.tufRepo // in case this is overwritten
fileStore, err := trustmanager.NewKeyFileStore(repo.baseDir, passphraseRetriever)
assert.NoError(t, err)
fileStore.AddKey(
filepath.Join(filepath.FromSlash(repo.gun), tempKey.ID()),
"nonroot", tempKey)
rootJSONFile := filepath.Join(repo.baseDir, "tuf",
filepath.FromSlash(repo.gun), "metadata", "root.json")
rootFileBytes, err := ioutil.ReadFile(rootJSONFile)
signedTargets, err := savedTUFRepo.SignTargets(
"targets", data.DefaultExpires("targets"))
assert.NoError(t, err)
signedSnapshot, err := savedTUFRepo.SignSnapshot(
data.DefaultExpires("snapshot"))
assert.NoError(t, err)
signedTimestamp, err := savedTUFRepo.SignTimestamp(
data.DefaultExpires("timestamp"))
assert.NoError(t, err)
mux.HandleFunc("/v2/docker.com/notary/_trust/tuf/root.json",
func(w http.ResponseWriter, r *http.Request) {
assert.NoError(t, err)
fmt.Fprint(w, string(rootFileBytes))
})
mux.HandleFunc("/v2/docker.com/notary/_trust/tuf/timestamp.json",
func(w http.ResponseWriter, r *http.Request) {
timestampJSON, _ := json.Marshal(signedTimestamp)
fmt.Fprint(w, string(timestampJSON))
})
mux.HandleFunc("/v2/docker.com/notary/_trust/tuf/snapshot.json",
func(w http.ResponseWriter, r *http.Request) {
snapshotJSON, _ := json.Marshal(signedSnapshot)
fmt.Fprint(w, string(snapshotJSON))
})
mux.HandleFunc("/v2/docker.com/notary/_trust/tuf/targets.json",
func(w http.ResponseWriter, r *http.Request) {
targetsJSON, _ := json.Marshal(signedTargets)
fmt.Fprint(w, string(targetsJSON))
})
}
开发者ID:runcom,项目名称:notary,代码行数:54,代码来源:client_test.go
注:本文中的github.com/docker/notary/trustmanager.NewKeyFileStore函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论