mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
Update libtrust version
Signed-off-by: Victor Vieux <vieux@docker.com>
This commit is contained in:
Victor Vieux
parent
8545155c41
commit
6e92dfdfd8
11 changed files with 68 additions and 37 deletions
|
|
@ -68,7 +68,7 @@ func LoadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
|
|||
return nil, fmt.Errorf("Error saving key file: %s", err)
|
||||
}
|
||||
} else if err != nil {
|
||||
log.Fatalf("Error loading key file: %s", err)
|
||||
return nil, fmt.Errorf("Error loading key file: %s", err)
|
||||
}
|
||||
return trustKey, nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ import (
|
|||
"net/http/httptest"
|
||||
"os"
|
||||
"path"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"testing"
|
||||
"time"
|
||||
|
|
@ -187,6 +188,7 @@ func newTestEngine(t Fataler, autorestart bool, root string) *engine.Engine {
|
|||
// Either InterContainerCommunication or EnableIptables must be set,
|
||||
// otherwise NewDaemon will fail because of conflicting settings.
|
||||
InterContainerCommunication: true,
|
||||
TrustKeyPath: filepath.Join(root, "key.json"),
|
||||
}
|
||||
d, err := daemon.NewDaemon(cfg, eng)
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ clone hg code.google.com/p/go.net 84a4013f96e0
|
|||
|
||||
clone hg code.google.com/p/gosqlite 74691fb6f837
|
||||
|
||||
clone git github.com/docker/libtrust d273ef2565ca
|
||||
clone git github.com/docker/libtrust 230dfd18c232
|
||||
|
||||
clone git github.com/Sirupsen/logrus v0.6.0
|
||||
|
||||
|
|
|
|||
11
vendor/src/github.com/docker/libtrust/ec_key.go
vendored
11
vendor/src/github.com/docker/libtrust/ec_key.go
vendored
|
|
@ -55,16 +55,7 @@ func (k *ecPublicKey) CurveName() string {
|
|||
|
||||
// KeyID returns a distinct identifier which is unique to this Public Key.
|
||||
func (k *ecPublicKey) KeyID() string {
|
||||
// Generate and return a libtrust fingerprint of the EC public key.
|
||||
// For an EC key this should be:
|
||||
// SHA256("EC"+curveName+bytes(X)+bytes(Y))
|
||||
// Then truncated to 240 bits and encoded into 12 base32 groups like so:
|
||||
// ABCD:EFGH:IJKL:MNOP:QRST:UVWX:YZ23:4567:ABCD:EFGH:IJKL:MNOP
|
||||
hasher := crypto.SHA256.New()
|
||||
hasher.Write([]byte(k.KeyType() + k.CurveName()))
|
||||
hasher.Write(k.X.Bytes())
|
||||
hasher.Write(k.Y.Bytes())
|
||||
return keyIDEncode(hasher.Sum(nil)[:30])
|
||||
return keyIDFromCryptoKey(k)
|
||||
}
|
||||
|
||||
func (k *ecPublicKey) String() string {
|
||||
|
|
|
|||
24
vendor/src/github.com/docker/libtrust/filter.go
vendored
24
vendor/src/github.com/docker/libtrust/filter.go
vendored
|
|
@ -11,9 +11,21 @@ func FilterByHosts(keys []PublicKey, host string, includeEmpty bool) ([]PublicKe
|
|||
filtered := make([]PublicKey, 0, len(keys))
|
||||
|
||||
for _, pubKey := range keys {
|
||||
hosts, ok := pubKey.GetExtendedField("hosts").([]interface{})
|
||||
var hosts []string
|
||||
switch v := pubKey.GetExtendedField("hosts").(type) {
|
||||
case []string:
|
||||
hosts = v
|
||||
case []interface{}:
|
||||
for _, value := range v {
|
||||
h, ok := value.(string)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
hosts = append(hosts, h)
|
||||
}
|
||||
}
|
||||
|
||||
if !ok || (ok && len(hosts) == 0) {
|
||||
if len(hosts) == 0 {
|
||||
if includeEmpty {
|
||||
filtered = append(filtered, pubKey)
|
||||
}
|
||||
|
|
@ -21,12 +33,7 @@ func FilterByHosts(keys []PublicKey, host string, includeEmpty bool) ([]PublicKe
|
|||
}
|
||||
|
||||
// Check if any hosts match pattern
|
||||
for _, hostVal := range hosts {
|
||||
hostPattern, ok := hostVal.(string)
|
||||
if !ok {
|
||||
continue
|
||||
}
|
||||
|
||||
for _, hostPattern := range hosts {
|
||||
match, err := filepath.Match(hostPattern, host)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -37,7 +44,6 @@ func FilterByHosts(keys []PublicKey, host string, includeEmpty bool) ([]PublicKe
|
|||
continue
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return filtered, nil
|
||||
|
|
|
|||
|
|
@ -27,6 +27,8 @@ func TestFilter(t *testing.T) {
|
|||
t.Fatal(err)
|
||||
}
|
||||
|
||||
// we use both []interface{} and []string here because jwt uses
|
||||
// []interface{} format, while PEM uses []string
|
||||
switch {
|
||||
case i == 0:
|
||||
// Don't add entries for this key, key 0.
|
||||
|
|
@ -36,10 +38,10 @@ func TestFilter(t *testing.T) {
|
|||
key.AddExtendedField("hosts", []interface{}{"*.even.example.com"})
|
||||
case i == 7:
|
||||
// Should catch only the last key, and make it match any hostname.
|
||||
key.AddExtendedField("hosts", []interface{}{"*"})
|
||||
key.AddExtendedField("hosts", []string{"*"})
|
||||
default:
|
||||
// should catch keys 1, 3, 5.
|
||||
key.AddExtendedField("hosts", []interface{}{"*.example.com"})
|
||||
key.AddExtendedField("hosts", []string{"*.example.com"})
|
||||
}
|
||||
|
||||
keys = append(keys, key)
|
||||
|
|
|
|||
|
|
@ -138,7 +138,7 @@ func testTrustedHostKeysFile(t *testing.T, trustedHostKeysFilename string) {
|
|||
}
|
||||
|
||||
for addr, hostKey := range trustedHostKeysMapping {
|
||||
t.Logf("Host Address: %s\n", addr)
|
||||
t.Logf("Host Address: %d\n", addr)
|
||||
t.Logf("Host Key: %s\n\n", hostKey)
|
||||
}
|
||||
|
||||
|
|
@ -160,7 +160,7 @@ func testTrustedHostKeysFile(t *testing.T, trustedHostKeysFilename string) {
|
|||
}
|
||||
|
||||
for addr, hostKey := range trustedHostKeysMapping {
|
||||
t.Logf("Host Address: %s\n", addr)
|
||||
t.Logf("Host Address: %d\n", addr)
|
||||
t.Logf("Host Key: %s\n\n", hostKey)
|
||||
}
|
||||
|
||||
|
|
|
|||
11
vendor/src/github.com/docker/libtrust/rsa_key.go
vendored
11
vendor/src/github.com/docker/libtrust/rsa_key.go
vendored
|
|
@ -34,16 +34,7 @@ func (k *rsaPublicKey) KeyType() string {
|
|||
|
||||
// KeyID returns a distinct identifier which is unique to this Public Key.
|
||||
func (k *rsaPublicKey) KeyID() string {
|
||||
// Generate and return a 'libtrust' fingerprint of the RSA public key.
|
||||
// For an RSA key this should be:
|
||||
// SHA256("RSA"+bytes(N)+bytes(E))
|
||||
// Then truncated to 240 bits and encoded into 12 base32 groups like so:
|
||||
// ABCD:EFGH:IJKL:MNOP:QRST:UVWX:YZ23:4567:ABCD:EFGH:IJKL:MNOP
|
||||
hasher := crypto.SHA256.New()
|
||||
hasher.Write([]byte(k.KeyType()))
|
||||
hasher.Write(k.N.Bytes())
|
||||
hasher.Write(serializeRSAPublicExponentParam(k.E))
|
||||
return keyIDEncode(hasher.Sum(nil)[:30])
|
||||
return keyIDFromCryptoKey(k)
|
||||
}
|
||||
|
||||
func (k *rsaPublicKey) String() string {
|
||||
|
|
|
|||
|
|
@ -201,7 +201,7 @@ func TestCollapseGrants(t *testing.T) {
|
|||
|
||||
collapsedGrants, expiration, err := CollapseStatements(statements, false)
|
||||
if len(collapsedGrants) != 12 {
|
||||
t.Fatalf("Unexpected number of grants\n\tExpected: %d\n\tActual: %s", 12, len(collapsedGrants))
|
||||
t.Fatalf("Unexpected number of grants\n\tExpected: %d\n\tActual: %d", 12, len(collapsedGrants))
|
||||
}
|
||||
if expiration.After(time.Now().Add(time.Hour*5)) || expiration.Before(time.Now()) {
|
||||
t.Fatalf("Unexpected expiration time: %s", expiration.String())
|
||||
|
|
@ -261,7 +261,7 @@ func TestCollapseGrants(t *testing.T) {
|
|||
|
||||
collapsedGrants, expiration, err = CollapseStatements(statements, false)
|
||||
if len(collapsedGrants) != 12 {
|
||||
t.Fatalf("Unexpected number of grants\n\tExpected: %d\n\tActual: %s", 12, len(collapsedGrants))
|
||||
t.Fatalf("Unexpected number of grants\n\tExpected: %d\n\tActual: %d", 12, len(collapsedGrants))
|
||||
}
|
||||
if expiration.After(time.Now().Add(time.Hour*5)) || expiration.Before(time.Now()) {
|
||||
t.Fatalf("Unexpected expiration time: %s", expiration.String())
|
||||
|
|
|
|||
16
vendor/src/github.com/docker/libtrust/util.go
vendored
16
vendor/src/github.com/docker/libtrust/util.go
vendored
|
|
@ -2,6 +2,7 @@ package libtrust
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto"
|
||||
"crypto/elliptic"
|
||||
"crypto/x509"
|
||||
"encoding/base32"
|
||||
|
|
@ -52,6 +53,21 @@ func keyIDEncode(b []byte) string {
|
|||
return buf.String()
|
||||
}
|
||||
|
||||
func keyIDFromCryptoKey(pubKey PublicKey) string {
|
||||
// Generate and return a 'libtrust' fingerprint of the public key.
|
||||
// For an RSA key this should be:
|
||||
// SHA256(DER encoded ASN1)
|
||||
// Then truncated to 240 bits and encoded into 12 base32 groups like so:
|
||||
// ABCD:EFGH:IJKL:MNOP:QRST:UVWX:YZ23:4567:ABCD:EFGH:IJKL:MNOP
|
||||
derBytes, err := x509.MarshalPKIXPublicKey(pubKey.CryptoPublicKey())
|
||||
if err != nil {
|
||||
return ""
|
||||
}
|
||||
hasher := crypto.SHA256.New()
|
||||
hasher.Write(derBytes)
|
||||
return keyIDEncode(hasher.Sum(nil)[:30])
|
||||
}
|
||||
|
||||
func stringFromMap(m map[string]interface{}, key string) (string, error) {
|
||||
val, ok := m[key]
|
||||
if !ok {
|
||||
|
|
|
|||
23
vendor/src/github.com/docker/libtrust/util_test.go
vendored
Normal file
23
vendor/src/github.com/docker/libtrust/util_test.go
vendored
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
package libtrust
|
||||
|
||||
import (
|
||||
"encoding/pem"
|
||||
"reflect"
|
||||
"testing"
|
||||
)
|
||||
|
||||
func TestAddPEMHeadersToKey(t *testing.T) {
|
||||
pk := &rsaPublicKey{nil, map[string]interface{}{}}
|
||||
blk := &pem.Block{Headers: map[string]string{"hosts": "localhost,127.0.0.1"}}
|
||||
addPEMHeadersToKey(blk, pk)
|
||||
|
||||
val := pk.GetExtendedField("hosts")
|
||||
hosts, ok := val.([]string)
|
||||
if !ok {
|
||||
t.Fatalf("hosts type(%v), expected []string", reflect.TypeOf(val))
|
||||
}
|
||||
expected := []string{"localhost", "127.0.0.1"}
|
||||
if !reflect.DeepEqual(hosts, expected) {
|
||||
t.Errorf("hosts(%v), expected %v", hosts, expected)
|
||||
}
|
||||
}
|
||||
Loading…
Reference in a new issue