Documentation ¶
Index ¶
- Variables
- func IsZipSymlink(f *zip.File) bool
- type ErrRootRotationFail
- type ErrValidationFail
- type KeyStoreManager
- func (km *KeyStoreManager) AddTrustedCACert(cert *x509.Certificate)
- func (km *KeyStoreManager) AddTrustedCert(cert *x509.Certificate)
- func (km *KeyStoreManager) ExportAllKeys(dest io.Writer, newPassphraseRetriever passphrase.Retriever) error
- func (km *KeyStoreManager) ExportKeysByGUN(dest io.Writer, gun string, passphraseRetriever passphrase.Retriever) error
- func (km *KeyStoreManager) ExportRootKey(dest io.Writer, keyID string) error
- func (km *KeyStoreManager) ExportRootKeyReencrypt(dest io.Writer, keyID string, newPassphraseRetriever passphrase.Retriever) error
- func (km *KeyStoreManager) GenRootKey(algorithm string) (string, error)
- func (km *KeyStoreManager) GetRootCryptoService(rootKeyID string) (*cryptoservice.UnlockedCryptoService, error)
- func (km *KeyStoreManager) ImportKeysZip(zipReader zip.Reader) error
- func (km *KeyStoreManager) ImportRootKey(source io.Reader, keyID string) error
- func (km *KeyStoreManager) NonRootKeyStore() *trustmanager.KeyFileStore
- func (km *KeyStoreManager) RootKeyStore() *trustmanager.KeyFileStore
- func (km *KeyStoreManager) TrustedCAStore() trustmanager.X509Store
- func (km *KeyStoreManager) TrustedCertificateStore() trustmanager.X509Store
- func (km *KeyStoreManager) ValidateRoot(root *data.Signed, gun string) error
Constants ¶
This section is empty.
Variables ¶
var ( // ErrNoValidPrivateKey is returned if a key being imported doesn't // look like a private key ErrNoValidPrivateKey = errors.New("no valid private key found") // ErrRootKeyNotEncrypted is returned if a root key being imported is // unencrypted ErrRootKeyNotEncrypted = errors.New("only encrypted root keys may be imported") // ErrNoKeysFoundForGUN is returned if no keys are found for the // specified GUN during export ErrNoKeysFoundForGUN = errors.New("no keys found for specified GUN") )
Functions ¶
func IsZipSymlink ¶
IsZipSymlink returns true if the file described by the zip file header is a symlink.
Types ¶
type ErrRootRotationFail ¶
type ErrRootRotationFail struct {
Reason string
}
ErrRootRotationFail is returned when we fail to do a full root key rotation by either failing to add the new root certificate, or delete the old ones
func (ErrRootRotationFail) Error ¶
func (err ErrRootRotationFail) Error() string
ErrRootRotationFail is returned when we fail to do a full root key rotation by either failing to add the new root certificate, or delete the old ones
type ErrValidationFail ¶
type ErrValidationFail struct {
Reason string
}
ErrValidationFail is returned when there is no valid trusted certificates being served inside of the roots.json
func (ErrValidationFail) Error ¶
func (err ErrValidationFail) Error() string
ErrValidationFail is returned when there is no valid trusted certificates being served inside of the roots.json
type KeyStoreManager ¶
type KeyStoreManager struct {
// contains filtered or unexported fields
}
KeyStoreManager is an abstraction around the root and non-root key stores, and related CA stores
func NewKeyStoreManager ¶
func NewKeyStoreManager(baseDir string, passphraseRetriever passphrase.Retriever) (*KeyStoreManager, error)
NewKeyStoreManager returns an initialized KeyStoreManager, or an error if it fails to create the KeyFileStores or load certificates
func (*KeyStoreManager) AddTrustedCACert ¶
func (km *KeyStoreManager) AddTrustedCACert(cert *x509.Certificate)
AddTrustedCACert adds a cert to the trusted CA certificate store
func (*KeyStoreManager) AddTrustedCert ¶
func (km *KeyStoreManager) AddTrustedCert(cert *x509.Certificate)
AddTrustedCert adds a cert to the trusted certificate store (not the CA store)
func (*KeyStoreManager) ExportAllKeys ¶
func (km *KeyStoreManager) ExportAllKeys(dest io.Writer, newPassphraseRetriever passphrase.Retriever) error
ExportAllKeys exports all keys to an io.Writer in zip format. newPassphraseRetriever will be used to obtain passphrases to use to encrypt the existing keys.
func (*KeyStoreManager) ExportKeysByGUN ¶
func (km *KeyStoreManager) ExportKeysByGUN(dest io.Writer, gun string, passphraseRetriever passphrase.Retriever) error
ExportKeysByGUN exports all keys associated with a specified GUN to an io.Writer in zip format. passphraseRetriever is used to select new passphrases to use to encrypt the keys.
func (*KeyStoreManager) ExportRootKey ¶
func (km *KeyStoreManager) ExportRootKey(dest io.Writer, keyID string) error
ExportRootKey exports the specified root key to an io.Writer in PEM format. The key's existing encryption is preserved.
func (*KeyStoreManager) ExportRootKeyReencrypt ¶
func (km *KeyStoreManager) ExportRootKeyReencrypt(dest io.Writer, keyID string, newPassphraseRetriever passphrase.Retriever) error
ExportRootKeyReencrypt exports the specified root key to an io.Writer in PEM format. The key is reencrypted with a new passphrase.
func (*KeyStoreManager) GenRootKey ¶
func (km *KeyStoreManager) GenRootKey(algorithm string) (string, error)
GenRootKey generates a new root key
func (*KeyStoreManager) GetRootCryptoService ¶
func (km *KeyStoreManager) GetRootCryptoService(rootKeyID string) (*cryptoservice.UnlockedCryptoService, error)
GetRootCryptoService retrieves a root key and a cryptoservice to use with it TODO(mccauley): remove this as its no longer needed once we have key caching in the keystores
func (*KeyStoreManager) ImportKeysZip ¶
func (km *KeyStoreManager) ImportKeysZip(zipReader zip.Reader) error
ImportKeysZip imports keys from a zip file provided as an zip.Reader. The keys in the root_keys directory are left encrypted, but the other keys are decrypted with the specified passphrase.
func (*KeyStoreManager) ImportRootKey ¶
func (km *KeyStoreManager) ImportRootKey(source io.Reader, keyID string) error
ImportRootKey imports a root in PEM format key from an io.Reader The key's existing encryption is preserved. The keyID parameter is necessary because otherwise we'd need the passphrase to decrypt the key in order to compute the ID.
func (*KeyStoreManager) NonRootKeyStore ¶
func (km *KeyStoreManager) NonRootKeyStore() *trustmanager.KeyFileStore
NonRootKeyStore returns the non-root key store being managed by this KeyStoreManager
func (*KeyStoreManager) RootKeyStore ¶
func (km *KeyStoreManager) RootKeyStore() *trustmanager.KeyFileStore
RootKeyStore returns the root key store being managed by this KeyStoreManager
func (*KeyStoreManager) TrustedCAStore ¶
func (km *KeyStoreManager) TrustedCAStore() trustmanager.X509Store
TrustedCAStore returns the CA store being managed by this KeyStoreManager
func (*KeyStoreManager) TrustedCertificateStore ¶
func (km *KeyStoreManager) TrustedCertificateStore() trustmanager.X509Store
TrustedCertificateStore returns the trusted certificate store being managed by this KeyStoreManager
func (*KeyStoreManager) ValidateRoot ¶
func (km *KeyStoreManager) ValidateRoot(root *data.Signed, gun string) error
ValidateRoot receives a new root, validates its correctness and attempts to do root key rotation if needed.
First we list the current trusted certificates we have for a particular GUN. If that list is non-empty means that we've already seen this repository before, and have a list of trusted certificates for it. In this case, we use this list of certificates to attempt to validate this root file.
If the previous validation suceeds, or in the case where we found no trusted certificates for this particular GUN, we check the integrity of the root by making sure that it is validated by itself. This means that we will attempt to validate the root data with the certificates that are included in the root keys themselves.
If this last steps succeeds, we attempt to do root rotation, by ensuring that we only trust the certificates that are present in the new root.
This mechanism of operation is essentially Trust On First Use (TOFU): if we have never seen a certificate for a particular CN, we trust it. If later we see a different certificate for that certificate, we return an ErrValidationFailed error.
Note that since we only allow trust data to be downloaded over an HTTPS channel we are using the current public PKI to validate the first download of the certificate adding an extra layer of security over the normal (SSH style) trust model. We shall call this: TOFUS.