trustmanager

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 10, 2016 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrPathOutsideStore indicates that the returned path would be
	// outside the store
	ErrPathOutsideStore = errors.New("path outside file store")
)

Functions

func CertBundleToKey added in v0.3.0 

func CertBundleToKey(leafCert *x509.Certificate, intCerts []*x509.Certificate) (data.PublicKey, error)

CertBundleToKey creates a TUF key from a leaf certs and a list of intermediates

func CertChainToPEM added in v0.3.0 

func CertChainToPEM(certChain []*x509.Certificate) ([]byte, error)

CertChainToPEM is a utility function returns a PEM encoded chain of x509 Certificates, in the order they are passed

func CertToKey 

func CertToKey(cert *x509.Certificate) data.PublicKey

CertToKey transforms a single input certificate into its corresponding PublicKey

func CertToPEM 

func CertToPEM(cert *x509.Certificate) []byte

CertToPEM is a utility function returns a PEM encoded x509 Certificate

func CertsToKeys 

func CertsToKeys(leafCerts map[string]*x509.Certificate, intCerts map[string][]*x509.Certificate) map[string]data.PublicKey

CertsToKeys transforms each of the input certificate chains into its corresponding PublicKey

func ECDSAToPrivateKey 

func ECDSAToPrivateKey(ecdsaPrivKey *ecdsa.PrivateKey) (data.PrivateKey, error)

ECDSAToPrivateKey converts an ecdsa.Private key to a TUF data.PrivateKey type

func ED25519ToPrivateKey 

func ED25519ToPrivateKey(privKeyBytes []byte) (data.PrivateKey, error)

ED25519ToPrivateKey converts a serialized ED25519 key to a TUF data.PrivateKey type

func EncryptPrivateKey 

func EncryptPrivateKey(key data.PrivateKey, role, passphrase string) ([]byte, error)

EncryptPrivateKey returns an encrypted PEM key given a Privatekey and a passphrase

func GenerateECDSAKey 

func GenerateECDSAKey(random io.Reader) (data.PrivateKey, error)

GenerateECDSAKey generates an ECDSA Private key and returns a TUF PrivateKey

func GenerateED25519Key 

func GenerateED25519Key(random io.Reader) (data.PrivateKey, error)

GenerateED25519Key generates an ED25519 private key and returns a TUF PrivateKey. The serialization format we use is just the public key bytes followed by the private key bytes

func GenerateRSAKey 

func GenerateRSAKey(random io.Reader, bits int) (data.PrivateKey, error)

GenerateRSAKey generates an RSA private key and returns a TUF PrivateKey

func GetIntermediateCerts 

func GetIntermediateCerts(certs []*x509.Certificate) []*x509.Certificate

GetIntermediateCerts parses a list of x509 Certificates and returns all of the ones marked as a CA, to be used as intermediates

func GetLeafCerts 

func GetLeafCerts(certs []*x509.Certificate) []*x509.Certificate

GetLeafCerts parses a list of x509 Certificates and returns all of them that aren't CA

func GetPasswdDecryptBytes 

func GetPasswdDecryptBytes(passphraseRetriever passphrase.Retriever, pemBytes []byte, name, alias string) (data.PrivateKey, string, error)

GetPasswdDecryptBytes gets the password to decrypt the given pem bytes. Returns the password and private key

func KeyToPEM 

func KeyToPEM(privKey data.PrivateKey, role string) ([]byte, error)

KeyToPEM returns a PEM encoded key from a Private Key

func LoadCertBundleFromFile 

func LoadCertBundleFromFile(filename string) ([]*x509.Certificate, error)

LoadCertBundleFromFile loads certificates from the []byte provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"

func LoadCertBundleFromPEM 

func LoadCertBundleFromPEM(pemBytes []byte) ([]*x509.Certificate, error)

LoadCertBundleFromPEM loads certificates from the []byte provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"

func LoadCertFromFile 

func LoadCertFromFile(filename string) (*x509.Certificate, error)

LoadCertFromFile loads the first certificate from the file provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"

func LoadCertFromPEM 

func LoadCertFromPEM(pemBytes []byte) (*x509.Certificate, error)

LoadCertFromPEM returns the first certificate found in a bunch of bytes or error if nothing is found. Taken from https://golang.org/src/crypto/x509/cert_pool.go#L85.

func NewCertificate 

func NewCertificate(gun string, startTime, endTime time.Time) (*x509.Certificate, error)

NewCertificate returns an X509 Certificate following a template, given a GUN and validity interval.

func ParsePEMPrivateKey 

func ParsePEMPrivateKey(pemBytes []byte, passphrase string) (data.PrivateKey, error)

ParsePEMPrivateKey returns a data.PrivateKey from a PEM encoded private key. It only supports RSA (PKCS#1) and attempts to decrypt using the passphrase, if encrypted.

func ParsePEMPublicKey 

func ParsePEMPublicKey(pubKeyBytes []byte) (data.PublicKey, error)

ParsePEMPublicKey returns a data.PublicKey from a PEM encoded public key or certificate.

func RSAToPrivateKey 

func RSAToPrivateKey(rsaPrivKey *rsa.PrivateKey) (data.PrivateKey, error)

RSAToPrivateKey converts an rsa.Private key to a TUF data.PrivateKey type

func ReadRoleFromPEM 

func ReadRoleFromPEM(pemBytes []byte) string

ReadRoleFromPEM returns the value from the role PEM header, if it exists

func ValidateCertificate 

func ValidateCertificate(c *x509.Certificate) error

ValidateCertificate returns an error if the certificate is not valid for notary Currently this is only a time expiry check, and ensuring the public key has a large enough modulus if RSA

func X509PublicKeyID 

func X509PublicKeyID(certPubKey data.PublicKey) (string, error)

X509PublicKeyID returns a public key ID as a string, given a data.PublicKey that contains an X509 Certificate

Types

type ErrAttemptsExceeded 

type ErrAttemptsExceeded struct{}

ErrAttemptsExceeded is returned when too many attempts have been made to decrypt a key

func (ErrAttemptsExceeded) Error 

func (err ErrAttemptsExceeded) Error() string

ErrAttemptsExceeded is returned when too many attempts have been made to decrypt a key

type ErrKeyNotFound 

type ErrKeyNotFound struct {
	KeyID string
}

ErrKeyNotFound is returned when the keystore fails to retrieve a specific key.

func (ErrKeyNotFound) Error 

func (err ErrKeyNotFound) Error() string

ErrKeyNotFound is returned when the keystore fails to retrieve a specific key.

type ErrPasswordInvalid 

type ErrPasswordInvalid struct{}

ErrPasswordInvalid is returned when signing fails. It could also mean the signing key file was corrupted, but we have no way to distinguish.

func (ErrPasswordInvalid) Error 

func (err ErrPasswordInvalid) Error() string

ErrPasswordInvalid is returned when signing fails. It could also mean the signing key file was corrupted, but we have no way to distinguish.

type KeyFileStore 

type KeyFileStore struct {
	sync.Mutex
	SimpleFileStore
	passphrase.Retriever
	// contains filtered or unexported fields
}

KeyFileStore persists and manages private keys on disk

func NewKeyFileStore 

func NewKeyFileStore(baseDir string, passphraseRetriever passphrase.Retriever) (*KeyFileStore, error)

NewKeyFileStore returns a new KeyFileStore creating a private directory to hold the keys.

func (*KeyFileStore) AddKey 

func (s *KeyFileStore) AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error

AddKey stores the contents of a PEM-encoded private key as a PEM block

func (*KeyFileStore) ExportKey 

func (s *KeyFileStore) ExportKey(keyID string) ([]byte, error)

ExportKey exports the encrypted bytes from the keystore

func (*KeyFileStore) GetKey 

func (s *KeyFileStore) GetKey(name string) (data.PrivateKey, string, error)

GetKey returns the PrivateKey given a KeyID

func (*KeyFileStore) GetKeyInfo added in v0.3.0 

func (s *KeyFileStore) GetKeyInfo(keyID string) (KeyInfo, error)

GetKeyInfo returns the corresponding gun and role key info for a keyID

func (*KeyFileStore) ListKeys 

func (s *KeyFileStore) ListKeys() map[string]KeyInfo

ListKeys returns a list of unique PublicKeys present on the KeyFileStore, by returning a copy of the keyInfoMap

func (*KeyFileStore) Name 

func (s *KeyFileStore) Name() string

Name returns a user friendly name for the location this store keeps its data

func (*KeyFileStore) RemoveKey 

func (s *KeyFileStore) RemoveKey(keyID string) error

RemoveKey removes the key from the keyfilestore

type KeyInfo added in v0.3.0 

type KeyInfo struct {
	Gun  string
	Role string
}

KeyInfo stores the role, path, and gun for a corresponding private key ID It is assumed that each private key ID is unique

func KeyInfoFromPEM added in v0.3.0 

func KeyInfoFromPEM(pemBytes []byte, filename string) (string, KeyInfo, error)

KeyInfoFromPEM attempts to get a keyID and KeyInfo from the filename and PEM bytes of a key

type KeyMemoryStore 

type KeyMemoryStore struct {
	sync.Mutex
	MemoryFileStore
	passphrase.Retriever
	// contains filtered or unexported fields
}

KeyMemoryStore manages private keys in memory

func NewKeyMemoryStore 

func NewKeyMemoryStore(passphraseRetriever passphrase.Retriever) *KeyMemoryStore

NewKeyMemoryStore returns a new KeyMemoryStore which holds keys in memory

func (*KeyMemoryStore) AddKey 

func (s *KeyMemoryStore) AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error

AddKey stores the contents of a PEM-encoded private key as a PEM block

func (*KeyMemoryStore) ExportKey 

func (s *KeyMemoryStore) ExportKey(keyID string) ([]byte, error)

ExportKey exports the encrypted bytes from the keystore

func (*KeyMemoryStore) GetKey 

func (s *KeyMemoryStore) GetKey(name string) (data.PrivateKey, string, error)

GetKey returns the PrivateKey given a KeyID

func (*KeyMemoryStore) GetKeyInfo added in v0.3.0 

func (s *KeyMemoryStore) GetKeyInfo(keyID string) (KeyInfo, error)

GetKeyInfo returns the corresponding gun and role key info for a keyID

func (*KeyMemoryStore) ListKeys 

func (s *KeyMemoryStore) ListKeys() map[string]KeyInfo

ListKeys returns a list of unique PublicKeys present on the KeyFileStore, by returning a copy of the keyInfoMap

func (*KeyMemoryStore) Name 

func (s *KeyMemoryStore) Name() string

Name returns a user friendly name for the location this store keeps its data

func (*KeyMemoryStore) RemoveKey 

func (s *KeyMemoryStore) RemoveKey(keyID string) error

RemoveKey removes the key from the keystore

type KeyStore 

type KeyStore interface {
	// AddKey adds a key to the KeyStore, and if the key already exists,
	// succeeds.  Otherwise, returns an error if it cannot add.
	AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error
	// Should fail with ErrKeyNotFound if the keystore is operating normally
	// and knows that it does not store the requested key.
	GetKey(keyID string) (data.PrivateKey, string, error)
	GetKeyInfo(keyID string) (KeyInfo, error)
	ListKeys() map[string]KeyInfo
	RemoveKey(keyID string) error
	ExportKey(keyID string) ([]byte, error)
	Name() string
}

KeyStore is a generic interface for private key storage

type MemoryFileStore 

type MemoryFileStore struct {
	sync.Mutex
	// contains filtered or unexported fields
}

MemoryFileStore is an implementation of Storage that keeps the contents in memory.

func NewMemoryFileStore 

func NewMemoryFileStore() *MemoryFileStore

NewMemoryFileStore creates a MemoryFileStore

func (*MemoryFileStore) Add 

func (f *MemoryFileStore) Add(name string, data []byte) error

Add writes data to a file with a given name

func (*MemoryFileStore) Get 

func (f *MemoryFileStore) Get(name string) ([]byte, error)

Get returns the data given a file name

func (*MemoryFileStore) ListFiles 

func (f *MemoryFileStore) ListFiles() []string

ListFiles lists all the files inside of a store

func (*MemoryFileStore) Remove 

func (f *MemoryFileStore) Remove(name string) error

Remove removes a file identified by name

type SimpleFileStore 

type SimpleFileStore struct {
	// contains filtered or unexported fields
}

SimpleFileStore implements FileStore

func NewFileStore added in v0.3.0 

func NewFileStore(baseDir, fileExt string, perms os.FileMode) (*SimpleFileStore, error)

NewFileStore creates a fully configurable file store

func NewPrivateSimpleFileStore 

func NewPrivateSimpleFileStore(baseDir, fileExt string) (*SimpleFileStore, error)

NewPrivateSimpleFileStore is a wrapper to create an owner readable/writeable _only_ filestore

func NewSimpleFileStore 

func NewSimpleFileStore(baseDir, fileExt string) (*SimpleFileStore, error)

NewSimpleFileStore is a convenience wrapper to create a world readable, owner writeable filestore

func (*SimpleFileStore) Add 

func (f *SimpleFileStore) Add(name string, data []byte) error

Add writes data to a file with a given name

func (*SimpleFileStore) BaseDir 

func (f *SimpleFileStore) BaseDir() string

BaseDir returns the base directory of the filestore

func (*SimpleFileStore) Get 

func (f *SimpleFileStore) Get(name string) ([]byte, error)

Get returns the data given a file name

func (*SimpleFileStore) GetPath 

func (f *SimpleFileStore) GetPath(name string) (string, error)

GetPath returns the full final path of a file with a given name

func (*SimpleFileStore) ListFiles 

func (f *SimpleFileStore) ListFiles() []string

ListFiles lists all the files inside of a store

func (*SimpleFileStore) Remove 

func (f *SimpleFileStore) Remove(name string) error

Remove removes a file identified by name

type Storage added in v0.3.0 

type Storage interface {
	// Add writes a file to the specified location, returning an error if this
	// is not possible (reasons may include permissions errors). The path is cleaned
	// before being made absolute against the store's base dir.
	Add(fileName string, data []byte) error

	// Remove deletes a file from the store relative to the store's base directory.
	// The path is cleaned before being made absolute to ensure no path traversal
	// outside the base directory is possible.
	Remove(fileName string) error

	// Get returns the file content found at fileName relative to the base directory
	// of the file store. The path is cleaned before being made absolute to ensure
	// path traversal outside the store is not possible. If the file is not found
	// an error to that effect is returned.
	Get(fileName string) ([]byte, error)

	// ListFiles returns a list of paths relative to the base directory of the
	// filestore. Any of these paths must be retrievable via the
	// Storage.Get method.
	ListFiles() []string
}

Storage implements the bare bones primitives (no hierarchy)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.