trustmanager

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 14, 2021 License: Apache-2.0 Imports: 14 Imported by: 366

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExportKeys added in v0.6.0

func ExportKeys(to io.Writer, s Exporter, from string) error

ExportKeys copies a key from the store to the io.Writer

func ExportKeysByGUN added in v0.6.0

func ExportKeysByGUN(to io.Writer, s Exporter, gun string) error

ExportKeysByGUN exports all keys filtered to a GUN

func ExportKeysByID added in v0.6.0

func ExportKeysByID(to io.Writer, s Exporter, ids []string) error

ExportKeysByID exports all keys matching the given ID

func GetPasswdDecryptBytes

func GetPasswdDecryptBytes(passphraseRetriever notary.PassRetriever, pemBytes []byte, name, alias string) (data.PrivateKey, string, error)

GetPasswdDecryptBytes gets the password to decrypt the given pem bytes. Returns the password and private key

func ImportKeys added in v0.6.0

func ImportKeys(from io.Reader, to []Importer, fallbackRole string, fallbackGUN string, passRet notary.PassRetriever) error

ImportKeys expects an io.Reader containing one or more PEM blocks. It reads PEM blocks one at a time until pem.Decode returns a nil block. Each block is written to the subpath indicated in the "path" PEM header. If the file already exists, the file is truncated. Multiple adjacent PEMs with the same "path" header are appended together.

Types

type ErrAttemptsExceeded

type ErrAttemptsExceeded struct{}

ErrAttemptsExceeded is returned when too many attempts have been made to decrypt a key

func (ErrAttemptsExceeded) Error

func (err ErrAttemptsExceeded) Error() string

ErrAttemptsExceeded is returned when too many attempts have been made to decrypt a key

type ErrKeyNotFound

type ErrKeyNotFound struct {
	KeyID string
}

ErrKeyNotFound is returned when the keystore fails to retrieve a specific key.

func (ErrKeyNotFound) Error

func (err ErrKeyNotFound) Error() string

ErrKeyNotFound is returned when the keystore fails to retrieve a specific key.

type ErrPasswordInvalid

type ErrPasswordInvalid struct{}

ErrPasswordInvalid is returned when signing fails. It could also mean the signing key file was corrupted, but we have no way to distinguish.

func (ErrPasswordInvalid) Error

func (err ErrPasswordInvalid) Error() string

ErrPasswordInvalid is returned when signing fails. It could also mean the signing key file was corrupted, but we have no way to distinguish.

type Exporter added in v0.6.0

type Exporter interface {
	Get(string) ([]byte, error)
	ListFiles() []string
}

Exporter is a simple interface for the two functions we need from the Storage interface

type GenericKeyStore added in v0.4.0

type GenericKeyStore struct {
	sync.Mutex
	notary.PassRetriever
	// contains filtered or unexported fields
}

GenericKeyStore is a wrapper for Storage instances that provides translation between the []byte form and Public/PrivateKey objects

func NewGenericKeyStore added in v0.4.0

func NewGenericKeyStore(s Storage, p notary.PassRetriever) *GenericKeyStore

NewGenericKeyStore creates a GenericKeyStore wrapping the provided Storage instance, using the PassRetriever to enc/decrypt keys

func NewKeyFileStore

func NewKeyFileStore(baseDir string, p notary.PassRetriever) (*GenericKeyStore, error)

NewKeyFileStore returns a new KeyFileStore creating a private directory to hold the keys.

func NewKeyMemoryStore

func NewKeyMemoryStore(p notary.PassRetriever) *GenericKeyStore

NewKeyMemoryStore returns a new KeyMemoryStore which holds keys in memory

func (*GenericKeyStore) AddKey added in v0.4.0

func (s *GenericKeyStore) AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error

AddKey stores the contents of a PEM-encoded private key as a PEM block

func (*GenericKeyStore) GetKey added in v0.4.0

func (s *GenericKeyStore) GetKey(keyID string) (data.PrivateKey, data.RoleName, error)

GetKey returns the PrivateKey given a KeyID

func (*GenericKeyStore) GetKeyInfo added in v0.4.0

func (s *GenericKeyStore) GetKeyInfo(keyID string) (KeyInfo, error)

GetKeyInfo returns the corresponding gun and role key info for a keyID

func (*GenericKeyStore) ListKeys added in v0.4.0

func (s *GenericKeyStore) ListKeys() map[string]KeyInfo

ListKeys returns a list of unique PublicKeys present on the KeyFileStore, by returning a copy of the keyInfoMap

func (*GenericKeyStore) Name added in v0.4.0

func (s *GenericKeyStore) Name() string

Name returns a user friendly name for the location this store keeps its data

func (*GenericKeyStore) RemoveKey added in v0.4.0

func (s *GenericKeyStore) RemoveKey(keyID string) error

RemoveKey removes the key from the keyfilestore

type Importer added in v0.6.0

type Importer interface {
	Set(string, []byte) error
}

Importer is a simple interface for the one function we need from the Storage interface

type KeyInfo added in v0.3.0

type KeyInfo struct {
	Gun  data.GUN
	Role data.RoleName
}

KeyInfo stores the role and gun for a corresponding private key ID It is assumed that each private key ID is unique

func KeyInfoFromPEM added in v0.3.0

func KeyInfoFromPEM(pemBytes []byte, filename string) (string, KeyInfo, error)

KeyInfoFromPEM attempts to get a keyID and KeyInfo from the filename and PEM bytes of a key

type KeyStore

type KeyStore interface {
	// AddKey adds a key to the KeyStore, and if the key already exists,
	// succeeds.  Otherwise, returns an error if it cannot add.
	AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error
	// Should fail with ErrKeyNotFound if the keystore is operating normally
	// and knows that it does not store the requested key.
	GetKey(keyID string) (data.PrivateKey, data.RoleName, error)
	GetKeyInfo(keyID string) (KeyInfo, error)
	ListKeys() map[string]KeyInfo
	RemoveKey(keyID string) error
	Name() string
}

KeyStore is a generic interface for private key storage

type Storage added in v0.3.0

type Storage interface {
	// Add writes a file to the specified location, returning an error if this
	// is not possible (reasons may include permissions errors). The path is cleaned
	// before being made absolute against the store's base dir.
	Set(fileName string, data []byte) error

	// Remove deletes a file from the store relative to the store's base directory.
	// The path is cleaned before being made absolute to ensure no path traversal
	// outside the base directory is possible.
	Remove(fileName string) error

	// Get returns the file content found at fileName relative to the base directory
	// of the file store. The path is cleaned before being made absolute to ensure
	// path traversal outside the store is not possible. If the file is not found
	// an error to that effect is returned.
	Get(fileName string) ([]byte, error)

	// ListFiles returns a list of paths relative to the base directory of the
	// filestore. Any of these paths must be retrievable via the
	// Storage.Get method.
	ListFiles() []string

	// Location returns a human readable name indicating where the implementer
	// is storing keys
	Location() string
}

Storage implements the bare bones primitives (no hierarchy)

Directories

Path Synopsis
Package remoteks is a generated protocol buffer package.
Package remoteks is a generated protocol buffer package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL