notary: github.com/docker/notary/trustmanager Index | Files | Directories

package trustmanager

import "github.com/docker/notary/trustmanager"

Index

Package Files

errors.go interfaces.go keys.go keystore.go

func ExportKeys Uses

func ExportKeys(to io.Writer, s Exporter, from string) error

ExportKeys copies a key from the store to the io.Writer

func ExportKeysByGUN Uses

func ExportKeysByGUN(to io.Writer, s Exporter, gun string) error

ExportKeysByGUN exports all keys filtered to a GUN

func ExportKeysByID Uses

func ExportKeysByID(to io.Writer, s Exporter, ids []string) error

ExportKeysByID exports all keys matching the given ID

func GetPasswdDecryptBytes Uses

func GetPasswdDecryptBytes(passphraseRetriever notary.PassRetriever, pemBytes []byte, name, alias string) (data.PrivateKey, string, error)

GetPasswdDecryptBytes gets the password to decrypt the given pem bytes. Returns the password and private key

func ImportKeys Uses

func ImportKeys(from io.Reader, to []Importer, fallbackRole string, fallbackGUN string, passRet notary.PassRetriever) error

ImportKeys expects an io.Reader containing one or more PEM blocks. It reads PEM blocks one at a time until pem.Decode returns a nil block. Each block is written to the subpath indicated in the "path" PEM header. If the file already exists, the file is truncated. Multiple adjacent PEMs with the same "path" header are appended together.

func KeyInfoFromPEM Uses

func KeyInfoFromPEM(pemBytes []byte, filename string) (string, KeyInfo, error)

KeyInfoFromPEM attempts to get a keyID and KeyInfo from the filename and PEM bytes of a key

type ErrAttemptsExceeded Uses

type ErrAttemptsExceeded struct{}

ErrAttemptsExceeded is returned when too many attempts have been made to decrypt a key

func (ErrAttemptsExceeded) Error Uses

func (err ErrAttemptsExceeded) Error() string

ErrAttemptsExceeded is returned when too many attempts have been made to decrypt a key

type ErrKeyNotFound Uses

type ErrKeyNotFound struct {
    KeyID string
}

ErrKeyNotFound is returned when the keystore fails to retrieve a specific key.

func (ErrKeyNotFound) Error Uses

func (err ErrKeyNotFound) Error() string

ErrKeyNotFound is returned when the keystore fails to retrieve a specific key.

type ErrPasswordInvalid Uses

type ErrPasswordInvalid struct{}

ErrPasswordInvalid is returned when signing fails. It could also mean the signing key file was corrupted, but we have no way to distinguish.

func (ErrPasswordInvalid) Error Uses

func (err ErrPasswordInvalid) Error() string

ErrPasswordInvalid is returned when signing fails. It could also mean the signing key file was corrupted, but we have no way to distinguish.

type Exporter Uses

type Exporter interface {
    Get(string) ([]byte, error)
    ListFiles() []string
}

Exporter is a simple interface for the two functions we need from the Storage interface

type GenericKeyStore Uses

type GenericKeyStore struct {
    sync.Mutex
    notary.PassRetriever
    // contains filtered or unexported fields
}

GenericKeyStore is a wrapper for Storage instances that provides translation between the []byte form and Public/PrivateKey objects

func NewGenericKeyStore Uses

func NewGenericKeyStore(s Storage, p notary.PassRetriever) *GenericKeyStore

NewGenericKeyStore creates a GenericKeyStore wrapping the provided Storage instance, using the PassRetriever to enc/decrypt keys

func NewKeyFileStore Uses

func NewKeyFileStore(baseDir string, p notary.PassRetriever) (*GenericKeyStore, error)

NewKeyFileStore returns a new KeyFileStore creating a private directory to hold the keys.

func NewKeyMemoryStore Uses

func NewKeyMemoryStore(p notary.PassRetriever) *GenericKeyStore

NewKeyMemoryStore returns a new KeyMemoryStore which holds keys in memory

func (*GenericKeyStore) AddKey Uses

func (s *GenericKeyStore) AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error

AddKey stores the contents of a PEM-encoded private key as a PEM block

func (*GenericKeyStore) GetKey Uses

func (s *GenericKeyStore) GetKey(keyID string) (data.PrivateKey, data.RoleName, error)

GetKey returns the PrivateKey given a KeyID

func (*GenericKeyStore) GetKeyInfo Uses

func (s *GenericKeyStore) GetKeyInfo(keyID string) (KeyInfo, error)

GetKeyInfo returns the corresponding gun and role key info for a keyID

func (*GenericKeyStore) ListKeys Uses

func (s *GenericKeyStore) ListKeys() map[string]KeyInfo

ListKeys returns a list of unique PublicKeys present on the KeyFileStore, by returning a copy of the keyInfoMap

func (*GenericKeyStore) Name Uses

func (s *GenericKeyStore) Name() string

Name returns a user friendly name for the location this store keeps its data

func (*GenericKeyStore) RemoveKey Uses

func (s *GenericKeyStore) RemoveKey(keyID string) error

RemoveKey removes the key from the keyfilestore

type Importer Uses

type Importer interface {
    Set(string, []byte) error
}

Importer is a simple interface for the one function we need from the Storage interface

type KeyInfo Uses

type KeyInfo struct {
    Gun  data.GUN
    Role data.RoleName
}

KeyInfo stores the role and gun for a corresponding private key ID It is assumed that each private key ID is unique

type KeyStore Uses

type KeyStore interface {
    // AddKey adds a key to the KeyStore, and if the key already exists,
    // succeeds.  Otherwise, returns an error if it cannot add.
    AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error
    // Should fail with ErrKeyNotFound if the keystore is operating normally
    // and knows that it does not store the requested key.
    GetKey(keyID string) (data.PrivateKey, data.RoleName, error)
    GetKeyInfo(keyID string) (KeyInfo, error)
    ListKeys() map[string]KeyInfo
    RemoveKey(keyID string) error
    Name() string
}

KeyStore is a generic interface for private key storage

type Storage Uses

type Storage interface {
    // Add writes a file to the specified location, returning an error if this
    // is not possible (reasons may include permissions errors). The path is cleaned
    // before being made absolute against the store's base dir.
    Set(fileName string, data []byte) error

    // Remove deletes a file from the store relative to the store's base directory.
    // The path is cleaned before being made absolute to ensure no path traversal
    // outside the base directory is possible.
    Remove(fileName string) error

    // Get returns the file content found at fileName relative to the base directory
    // of the file store. The path is cleaned before being made absolute to ensure
    // path traversal outside the store is not possible. If the file is not found
    // an error to that effect is returned.
    Get(fileName string) ([]byte, error)

    // ListFiles returns a list of paths relative to the base directory of the
    // filestore. Any of these paths must be retrievable via the
    // Storage.Get method.
    ListFiles() []string

    // Location returns a human readable name indicating where the implementer
    // is storing keys
    Location() string
}

Storage implements the bare bones primitives (no hierarchy)

Directories

PathSynopsis
remoteksPackage remoteks is a generated protocol buffer package.
yubikey

Package trustmanager imports 14 packages (graph) and is imported by 479 packages. Updated 2018-07-10. Refresh now. Tools for package owners.