2018-03-08 08:35:17 -05:00
|
|
|
package notary
|
2017-09-14 16:16:54 -04:00
|
|
|
|
|
|
|
import (
|
|
|
|
"github.com/docker/cli/cli/trust"
|
2017-10-30 12:21:41 -04:00
|
|
|
"github.com/theupdateframework/notary/client"
|
|
|
|
"github.com/theupdateframework/notary/client/changelist"
|
|
|
|
"github.com/theupdateframework/notary/cryptoservice"
|
|
|
|
"github.com/theupdateframework/notary/passphrase"
|
|
|
|
"github.com/theupdateframework/notary/storage"
|
|
|
|
"github.com/theupdateframework/notary/trustmanager"
|
|
|
|
"github.com/theupdateframework/notary/tuf/data"
|
|
|
|
"github.com/theupdateframework/notary/tuf/signed"
|
2017-09-14 16:16:54 -04:00
|
|
|
)
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetOfflineNotaryRepository returns a OfflineNotaryRepository
|
|
|
|
func GetOfflineNotaryRepository(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (client.Repository, error) {
|
2017-09-14 16:16:54 -04:00
|
|
|
return OfflineNotaryRepository{}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// OfflineNotaryRepository is a mock Notary repository that is offline
|
|
|
|
type OfflineNotaryRepository struct{}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// Initialize creates a new repository by using rootKey as the root Key for the
|
|
|
|
// TUF repository.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) Initialize(rootKeyIDs []string, serverManagedRoles ...data.RoleName) error {
|
|
|
|
return storage.ErrOffline{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// InitializeWithCertificate initializes the repository with root keys and their corresponding certificates
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) InitializeWithCertificate(rootKeyIDs []string, rootCerts []data.PublicKey, serverManagedRoles ...data.RoleName) error {
|
|
|
|
return storage.ErrOffline{}
|
|
|
|
}
|
2018-03-08 08:35:17 -05:00
|
|
|
|
|
|
|
// Publish pushes the local changes in signed material to the remote notary-server
|
|
|
|
// Conceptually it performs an operation similar to a `git rebase`
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) Publish() error {
|
|
|
|
return storage.ErrOffline{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// AddTarget creates new changelist entries to add a target to the given roles
|
|
|
|
// in the repository when the changelist gets applied at publish time.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) AddTarget(target *client.Target, roles ...data.RoleName) error {
|
|
|
|
return nil
|
|
|
|
}
|
2018-03-08 08:35:17 -05:00
|
|
|
|
|
|
|
// RemoveTarget creates new changelist entries to remove a target from the given
|
|
|
|
// roles in the repository when the changelist gets applied at publish time.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) RemoveTarget(targetName string, roles ...data.RoleName) error {
|
|
|
|
return nil
|
|
|
|
}
|
2018-03-08 08:35:17 -05:00
|
|
|
|
|
|
|
// ListTargets lists all targets for the current repository. The list of
|
|
|
|
// roles should be passed in order from highest to lowest priority.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) ListTargets(roles ...data.RoleName) ([]*client.TargetWithRole, error) {
|
|
|
|
return nil, storage.ErrOffline{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetTargetByName returns a target by the given name.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) GetTargetByName(name string, roles ...data.RoleName) (*client.TargetWithRole, error) {
|
|
|
|
return nil, storage.ErrOffline{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetAllTargetMetadataByName searches the entire delegation role tree to find the specified target by name for all
|
|
|
|
// roles, and returns a list of TargetSignedStructs for each time it finds the specified target.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) GetAllTargetMetadataByName(name string) ([]client.TargetSignedStruct, error) {
|
|
|
|
return nil, storage.ErrOffline{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetChangelist returns the list of the repository's unpublished changes
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) GetChangelist() (changelist.Changelist, error) {
|
|
|
|
return changelist.NewMemChangelist(), nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// ListRoles returns a list of RoleWithSignatures objects for this repo
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) ListRoles() ([]client.RoleWithSignatures, error) {
|
|
|
|
return nil, storage.ErrOffline{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetDelegationRoles returns the keys and roles of the repository's delegations
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) GetDelegationRoles() ([]data.Role, error) {
|
|
|
|
return nil, storage.ErrOffline{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// AddDelegation creates changelist entries to add provided delegation public keys and paths.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) AddDelegation(name data.RoleName, delegationKeys []data.PublicKey, paths []string) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// AddDelegationRoleAndKeys creates a changelist entry to add provided delegation public keys.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) AddDelegationRoleAndKeys(name data.RoleName, delegationKeys []data.PublicKey) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// AddDelegationPaths creates a changelist entry to add provided paths to an existing delegation.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) AddDelegationPaths(name data.RoleName, paths []string) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// RemoveDelegationKeysAndPaths creates changelist entries to remove provided delegation key IDs and paths.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) RemoveDelegationKeysAndPaths(name data.RoleName, keyIDs, paths []string) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// RemoveDelegationRole creates a changelist to remove all paths and keys from a role, and delete the role in its entirety.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) RemoveDelegationRole(name data.RoleName) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// RemoveDelegationPaths creates a changelist entry to remove provided paths from an existing delegation.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) RemoveDelegationPaths(name data.RoleName, paths []string) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// RemoveDelegationKeys creates a changelist entry to remove provided keys from an existing delegation.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) RemoveDelegationKeys(name data.RoleName, keyIDs []string) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// ClearDelegationPaths creates a changelist entry to remove all paths from an existing delegation.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) ClearDelegationPaths(name data.RoleName) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// Witness creates change objects to witness (i.e. re-sign) the given
|
|
|
|
// roles on the next publish. One change is created per role
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) Witness(roles ...data.RoleName) ([]data.RoleName, error) {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// RotateKey rotates a private key and returns the public component from the remote server
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) RotateKey(role data.RoleName, serverManagesKey bool, keyList []string) error {
|
|
|
|
return storage.ErrOffline{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetCryptoService is the getter for the repository's CryptoService
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) GetCryptoService() signed.CryptoService {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// SetLegacyVersions allows the number of legacy versions of the root
|
|
|
|
// to be inspected for old signing keys to be configured.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) SetLegacyVersions(version int) {}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetGUN is a getter for the GUN object from a Repository
|
2017-09-14 16:16:54 -04:00
|
|
|
func (o OfflineNotaryRepository) GetGUN() data.GUN {
|
|
|
|
return data.GUN("gun")
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetUninitializedNotaryRepository returns an UninitializedNotaryRepository
|
|
|
|
func GetUninitializedNotaryRepository(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (client.Repository, error) {
|
2017-09-14 16:16:54 -04:00
|
|
|
return UninitializedNotaryRepository{}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// UninitializedNotaryRepository is a mock Notary repository that is uninintialized
|
|
|
|
// it builds on top of the OfflineNotaryRepository, instead returning ErrRepositoryNotExist
|
|
|
|
// for any online operation
|
|
|
|
type UninitializedNotaryRepository struct {
|
|
|
|
OfflineNotaryRepository
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// Initialize creates a new repository by using rootKey as the root Key for the
|
|
|
|
// TUF repository.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (u UninitializedNotaryRepository) Initialize(rootKeyIDs []string, serverManagedRoles ...data.RoleName) error {
|
|
|
|
return client.ErrRepositoryNotExist{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// InitializeWithCertificate initializes the repository with root keys and their corresponding certificates
|
2017-09-14 16:16:54 -04:00
|
|
|
func (u UninitializedNotaryRepository) InitializeWithCertificate(rootKeyIDs []string, rootCerts []data.PublicKey, serverManagedRoles ...data.RoleName) error {
|
|
|
|
return client.ErrRepositoryNotExist{}
|
|
|
|
}
|
2018-03-08 08:35:17 -05:00
|
|
|
|
|
|
|
// Publish pushes the local changes in signed material to the remote notary-server
|
|
|
|
// Conceptually it performs an operation similar to a `git rebase`
|
2017-09-14 16:16:54 -04:00
|
|
|
func (u UninitializedNotaryRepository) Publish() error {
|
|
|
|
return client.ErrRepositoryNotExist{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// ListTargets lists all targets for the current repository. The list of
|
|
|
|
// roles should be passed in order from highest to lowest priority.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (u UninitializedNotaryRepository) ListTargets(roles ...data.RoleName) ([]*client.TargetWithRole, error) {
|
|
|
|
return nil, client.ErrRepositoryNotExist{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetTargetByName returns a target by the given name.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (u UninitializedNotaryRepository) GetTargetByName(name string, roles ...data.RoleName) (*client.TargetWithRole, error) {
|
|
|
|
return nil, client.ErrRepositoryNotExist{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetAllTargetMetadataByName searches the entire delegation role tree to find the specified target by name for all
|
|
|
|
// roles, and returns a list of TargetSignedStructs for each time it finds the specified target.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (u UninitializedNotaryRepository) GetAllTargetMetadataByName(name string) ([]client.TargetSignedStruct, error) {
|
|
|
|
return nil, client.ErrRepositoryNotExist{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// ListRoles returns a list of RoleWithSignatures objects for this repo
|
2017-09-14 16:16:54 -04:00
|
|
|
func (u UninitializedNotaryRepository) ListRoles() ([]client.RoleWithSignatures, error) {
|
|
|
|
return nil, client.ErrRepositoryNotExist{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetDelegationRoles returns the keys and roles of the repository's delegations
|
2017-09-14 16:16:54 -04:00
|
|
|
func (u UninitializedNotaryRepository) GetDelegationRoles() ([]data.Role, error) {
|
|
|
|
return nil, client.ErrRepositoryNotExist{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// RotateKey rotates a private key and returns the public component from the remote server
|
2017-09-14 16:16:54 -04:00
|
|
|
func (u UninitializedNotaryRepository) RotateKey(role data.RoleName, serverManagesKey bool, keyList []string) error {
|
|
|
|
return client.ErrRepositoryNotExist{}
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetEmptyTargetsNotaryRepository returns an EmptyTargetsNotaryRepository
|
|
|
|
func GetEmptyTargetsNotaryRepository(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (client.Repository, error) {
|
2017-09-14 16:16:54 -04:00
|
|
|
return EmptyTargetsNotaryRepository{}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// EmptyTargetsNotaryRepository is a mock Notary repository that is initialized
|
|
|
|
// but does not have any signed targets
|
|
|
|
type EmptyTargetsNotaryRepository struct {
|
|
|
|
OfflineNotaryRepository
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// Initialize creates a new repository by using rootKey as the root Key for the
|
|
|
|
// TUF repository.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (e EmptyTargetsNotaryRepository) Initialize(rootKeyIDs []string, serverManagedRoles ...data.RoleName) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// InitializeWithCertificate initializes the repository with root keys and their corresponding certificates
|
2017-09-14 16:16:54 -04:00
|
|
|
func (e EmptyTargetsNotaryRepository) InitializeWithCertificate(rootKeyIDs []string, rootCerts []data.PublicKey, serverManagedRoles ...data.RoleName) error {
|
|
|
|
return nil
|
|
|
|
}
|
2018-03-08 08:35:17 -05:00
|
|
|
|
|
|
|
// Publish pushes the local changes in signed material to the remote notary-server
|
|
|
|
// Conceptually it performs an operation similar to a `git rebase`
|
2017-09-14 16:16:54 -04:00
|
|
|
func (e EmptyTargetsNotaryRepository) Publish() error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// ListTargets lists all targets for the current repository. The list of
|
|
|
|
// roles should be passed in order from highest to lowest priority.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (e EmptyTargetsNotaryRepository) ListTargets(roles ...data.RoleName) ([]*client.TargetWithRole, error) {
|
|
|
|
return []*client.TargetWithRole{}, nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetTargetByName returns a target by the given name.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (e EmptyTargetsNotaryRepository) GetTargetByName(name string, roles ...data.RoleName) (*client.TargetWithRole, error) {
|
|
|
|
return nil, client.ErrNoSuchTarget(name)
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetAllTargetMetadataByName searches the entire delegation role tree to find the specified target by name for all
|
|
|
|
// roles, and returns a list of TargetSignedStructs for each time it finds the specified target.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (e EmptyTargetsNotaryRepository) GetAllTargetMetadataByName(name string) ([]client.TargetSignedStruct, error) {
|
|
|
|
return nil, client.ErrNoSuchTarget(name)
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// ListRoles returns a list of RoleWithSignatures objects for this repo
|
2017-09-14 16:16:54 -04:00
|
|
|
func (e EmptyTargetsNotaryRepository) ListRoles() ([]client.RoleWithSignatures, error) {
|
2017-11-16 13:09:57 -05:00
|
|
|
rootRole := data.Role{
|
|
|
|
RootRole: data.RootRole{
|
|
|
|
KeyIDs: []string{"rootID"},
|
|
|
|
Threshold: 1,
|
|
|
|
},
|
|
|
|
Name: data.CanonicalRootRole,
|
|
|
|
}
|
|
|
|
|
|
|
|
targetsRole := data.Role{
|
|
|
|
RootRole: data.RootRole{
|
|
|
|
KeyIDs: []string{"targetsID"},
|
|
|
|
Threshold: 1,
|
|
|
|
},
|
|
|
|
Name: data.CanonicalTargetsRole,
|
|
|
|
}
|
|
|
|
return []client.RoleWithSignatures{
|
|
|
|
{Role: rootRole},
|
2022-09-29 11:21:51 -04:00
|
|
|
{Role: targetsRole},
|
|
|
|
}, nil
|
2017-09-14 16:16:54 -04:00
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetDelegationRoles returns the keys and roles of the repository's delegations
|
2017-09-14 16:16:54 -04:00
|
|
|
func (e EmptyTargetsNotaryRepository) GetDelegationRoles() ([]data.Role, error) {
|
|
|
|
return []data.Role{}, nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// RotateKey rotates a private key and returns the public component from the remote server
|
2017-09-14 16:16:54 -04:00
|
|
|
func (e EmptyTargetsNotaryRepository) RotateKey(role data.RoleName, serverManagesKey bool, keyList []string) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetLoadedNotaryRepository returns a LoadedNotaryRepository
|
|
|
|
func GetLoadedNotaryRepository(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (client.Repository, error) {
|
2017-09-14 16:16:54 -04:00
|
|
|
return LoadedNotaryRepository{}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// LoadedNotaryRepository is a mock Notary repository that is loaded with targets, delegations, and keys
|
|
|
|
type LoadedNotaryRepository struct {
|
|
|
|
EmptyTargetsNotaryRepository
|
|
|
|
statefulCryptoService signed.CryptoService
|
|
|
|
}
|
|
|
|
|
|
|
|
// LoadedNotaryRepository has three delegations:
|
|
|
|
// - targets/releases: includes keys A and B
|
|
|
|
// - targets/alice: includes key A
|
|
|
|
// - targets/bob: includes key B
|
|
|
|
var loadedReleasesRole = data.DelegationRole{
|
|
|
|
BaseRole: data.BaseRole{
|
|
|
|
Name: "targets/releases",
|
|
|
|
Keys: map[string]data.PublicKey{"A": nil, "B": nil},
|
|
|
|
Threshold: 1,
|
|
|
|
},
|
|
|
|
}
|
2022-09-29 11:21:51 -04:00
|
|
|
|
2017-09-14 16:16:54 -04:00
|
|
|
var loadedAliceRole = data.DelegationRole{
|
|
|
|
BaseRole: data.BaseRole{
|
|
|
|
Name: "targets/alice",
|
|
|
|
Keys: map[string]data.PublicKey{"A": nil},
|
|
|
|
Threshold: 1,
|
|
|
|
},
|
|
|
|
}
|
2022-09-29 11:21:51 -04:00
|
|
|
|
2017-09-14 16:16:54 -04:00
|
|
|
var loadedBobRole = data.DelegationRole{
|
|
|
|
BaseRole: data.BaseRole{
|
|
|
|
Name: "targets/bob",
|
|
|
|
Keys: map[string]data.PublicKey{"B": nil},
|
|
|
|
Threshold: 1,
|
|
|
|
},
|
|
|
|
}
|
2022-09-29 11:21:51 -04:00
|
|
|
|
2017-09-14 16:16:54 -04:00
|
|
|
var loadedDelegationRoles = []data.Role{
|
|
|
|
{
|
|
|
|
Name: loadedReleasesRole.Name,
|
|
|
|
RootRole: data.RootRole{
|
|
|
|
KeyIDs: []string{"A", "B"},
|
|
|
|
Threshold: 1,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: loadedAliceRole.Name,
|
|
|
|
RootRole: data.RootRole{
|
|
|
|
KeyIDs: []string{"A"},
|
|
|
|
Threshold: 1,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: loadedBobRole.Name,
|
|
|
|
RootRole: data.RootRole{
|
|
|
|
KeyIDs: []string{"B"},
|
|
|
|
Threshold: 1,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
2022-09-29 11:21:51 -04:00
|
|
|
|
2017-09-14 16:16:54 -04:00
|
|
|
var loadedTargetsRole = data.DelegationRole{
|
|
|
|
BaseRole: data.BaseRole{
|
|
|
|
Name: data.CanonicalTargetsRole,
|
|
|
|
Keys: map[string]data.PublicKey{"C": nil},
|
|
|
|
Threshold: 1,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
// LoadedNotaryRepository has three targets:
|
|
|
|
// - red: signed by targets/releases, targets/alice, targets/bob
|
|
|
|
// - blue: signed by targets/releases, targets/alice
|
|
|
|
// - green: signed by targets/releases
|
|
|
|
var loadedRedTarget = client.Target{
|
|
|
|
Name: "red",
|
|
|
|
Hashes: data.Hashes{"sha256": []byte("red-digest")},
|
|
|
|
}
|
2022-09-29 11:21:51 -04:00
|
|
|
|
2017-09-14 16:16:54 -04:00
|
|
|
var loadedBlueTarget = client.Target{
|
|
|
|
Name: "blue",
|
|
|
|
Hashes: data.Hashes{"sha256": []byte("blue-digest")},
|
|
|
|
}
|
2022-09-29 11:21:51 -04:00
|
|
|
|
2017-09-14 16:16:54 -04:00
|
|
|
var loadedGreenTarget = client.Target{
|
|
|
|
Name: "green",
|
|
|
|
Hashes: data.Hashes{"sha256": []byte("green-digest")},
|
|
|
|
}
|
2022-09-29 11:21:51 -04:00
|
|
|
|
2017-09-14 16:16:54 -04:00
|
|
|
var loadedTargets = []client.TargetSignedStruct{
|
|
|
|
// red is signed by all three delegations
|
|
|
|
{Target: loadedRedTarget, Role: loadedReleasesRole},
|
|
|
|
{Target: loadedRedTarget, Role: loadedAliceRole},
|
|
|
|
{Target: loadedRedTarget, Role: loadedBobRole},
|
|
|
|
|
|
|
|
// blue is signed by targets/releases, targets/alice
|
|
|
|
{Target: loadedBlueTarget, Role: loadedReleasesRole},
|
|
|
|
{Target: loadedBlueTarget, Role: loadedAliceRole},
|
|
|
|
|
|
|
|
// green is signed by targets/releases
|
|
|
|
{Target: loadedGreenTarget, Role: loadedReleasesRole},
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// ListRoles returns a list of RoleWithSignatures objects for this repo
|
2017-09-14 17:58:28 -04:00
|
|
|
func (l LoadedNotaryRepository) ListRoles() ([]client.RoleWithSignatures, error) {
|
|
|
|
rootRole := data.Role{
|
|
|
|
RootRole: data.RootRole{
|
|
|
|
KeyIDs: []string{"rootID"},
|
|
|
|
Threshold: 1,
|
|
|
|
},
|
|
|
|
Name: data.CanonicalRootRole,
|
|
|
|
}
|
|
|
|
|
|
|
|
targetsRole := data.Role{
|
|
|
|
RootRole: data.RootRole{
|
|
|
|
KeyIDs: []string{"targetsID"},
|
|
|
|
Threshold: 1,
|
|
|
|
},
|
|
|
|
Name: data.CanonicalTargetsRole,
|
|
|
|
}
|
|
|
|
|
2017-09-26 14:43:52 -04:00
|
|
|
aliceRole := data.Role{
|
|
|
|
RootRole: data.RootRole{
|
|
|
|
KeyIDs: []string{"A"},
|
|
|
|
Threshold: 1,
|
|
|
|
},
|
|
|
|
Name: data.RoleName("targets/alice"),
|
|
|
|
}
|
|
|
|
|
|
|
|
bobRole := data.Role{
|
|
|
|
RootRole: data.RootRole{
|
|
|
|
KeyIDs: []string{"B"},
|
|
|
|
Threshold: 1,
|
|
|
|
},
|
|
|
|
Name: data.RoleName("targets/bob"),
|
|
|
|
}
|
|
|
|
|
|
|
|
releasesRole := data.Role{
|
|
|
|
RootRole: data.RootRole{
|
|
|
|
KeyIDs: []string{"A", "B"},
|
|
|
|
Threshold: 1,
|
|
|
|
},
|
|
|
|
Name: data.RoleName("targets/releases"),
|
|
|
|
}
|
|
|
|
// have releases only signed off by Alice last
|
|
|
|
releasesSig := []data.Signature{{KeyID: "A"}}
|
|
|
|
|
|
|
|
return []client.RoleWithSignatures{
|
|
|
|
{Role: rootRole},
|
|
|
|
{Role: targetsRole},
|
|
|
|
{Role: aliceRole},
|
|
|
|
{Role: bobRole},
|
|
|
|
{Role: releasesRole, Signatures: releasesSig},
|
|
|
|
}, nil
|
2017-09-14 17:58:28 -04:00
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// ListTargets lists all targets for the current repository. The list of
|
|
|
|
// roles should be passed in order from highest to lowest priority.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (l LoadedNotaryRepository) ListTargets(roles ...data.RoleName) ([]*client.TargetWithRole, error) {
|
|
|
|
filteredTargets := []*client.TargetWithRole{}
|
|
|
|
for _, tgt := range loadedTargets {
|
|
|
|
if len(roles) == 0 || (len(roles) > 0 && roles[0] == tgt.Role.Name) {
|
|
|
|
filteredTargets = append(filteredTargets, &client.TargetWithRole{Target: tgt.Target, Role: tgt.Role.Name})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return filteredTargets, nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetTargetByName returns a target by the given name.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (l LoadedNotaryRepository) GetTargetByName(name string, roles ...data.RoleName) (*client.TargetWithRole, error) {
|
|
|
|
for _, tgt := range loadedTargets {
|
|
|
|
if name == tgt.Target.Name {
|
|
|
|
if len(roles) == 0 || (len(roles) > 0 && roles[0] == tgt.Role.Name) {
|
|
|
|
return &client.TargetWithRole{Target: tgt.Target, Role: tgt.Role.Name}, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil, client.ErrNoSuchTarget(name)
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetAllTargetMetadataByName searches the entire delegation role tree to find the specified target by name for all
|
|
|
|
// roles, and returns a list of TargetSignedStructs for each time it finds the specified target.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (l LoadedNotaryRepository) GetAllTargetMetadataByName(name string) ([]client.TargetSignedStruct, error) {
|
|
|
|
if name == "" {
|
|
|
|
return loadedTargets, nil
|
|
|
|
}
|
|
|
|
filteredTargets := []client.TargetSignedStruct{}
|
|
|
|
for _, tgt := range loadedTargets {
|
|
|
|
if name == tgt.Target.Name {
|
|
|
|
filteredTargets = append(filteredTargets, tgt)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if len(filteredTargets) == 0 {
|
|
|
|
return nil, client.ErrNoSuchTarget(name)
|
|
|
|
}
|
|
|
|
return filteredTargets, nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetGUN is a getter for the GUN object from a Repository
|
2017-09-14 16:16:54 -04:00
|
|
|
func (l LoadedNotaryRepository) GetGUN() data.GUN {
|
|
|
|
return data.GUN("signed-repo")
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetDelegationRoles returns the keys and roles of the repository's delegations
|
2017-09-14 16:16:54 -04:00
|
|
|
func (l LoadedNotaryRepository) GetDelegationRoles() ([]data.Role, error) {
|
|
|
|
return loadedDelegationRoles, nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetCryptoService is the getter for the repository's CryptoService
|
2017-09-14 16:16:54 -04:00
|
|
|
func (l LoadedNotaryRepository) GetCryptoService() signed.CryptoService {
|
|
|
|
if l.statefulCryptoService == nil {
|
|
|
|
// give it an in-memory cryptoservice with a root key and targets key
|
|
|
|
l.statefulCryptoService = cryptoservice.NewCryptoService(trustmanager.NewKeyMemoryStore(passphrase.ConstantRetriever("password")))
|
|
|
|
l.statefulCryptoService.AddKey(data.CanonicalRootRole, l.GetGUN(), nil)
|
|
|
|
l.statefulCryptoService.AddKey(data.CanonicalTargetsRole, l.GetGUN(), nil)
|
|
|
|
}
|
|
|
|
return l.statefulCryptoService
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetLoadedWithNoSignersNotaryRepository returns a LoadedWithNoSignersNotaryRepository
|
|
|
|
func GetLoadedWithNoSignersNotaryRepository(imgRefAndAuth trust.ImageRefAndAuth, actions []string) (client.Repository, error) {
|
2017-09-14 16:16:54 -04:00
|
|
|
return LoadedWithNoSignersNotaryRepository{}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// LoadedWithNoSignersNotaryRepository is a mock Notary repository that is loaded with targets but no delegations
|
|
|
|
// it only contains the green target
|
|
|
|
type LoadedWithNoSignersNotaryRepository struct {
|
|
|
|
LoadedNotaryRepository
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// ListTargets lists all targets for the current repository. The list of
|
|
|
|
// roles should be passed in order from highest to lowest priority.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (l LoadedWithNoSignersNotaryRepository) ListTargets(roles ...data.RoleName) ([]*client.TargetWithRole, error) {
|
|
|
|
filteredTargets := []*client.TargetWithRole{}
|
|
|
|
for _, tgt := range loadedTargets {
|
|
|
|
if len(roles) == 0 || (len(roles) > 0 && roles[0] == tgt.Role.Name) {
|
|
|
|
filteredTargets = append(filteredTargets, &client.TargetWithRole{Target: tgt.Target, Role: tgt.Role.Name})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return filteredTargets, nil
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetTargetByName returns a target by the given name.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (l LoadedWithNoSignersNotaryRepository) GetTargetByName(name string, roles ...data.RoleName) (*client.TargetWithRole, error) {
|
|
|
|
if name == "" || name == loadedGreenTarget.Name {
|
|
|
|
return &client.TargetWithRole{Target: loadedGreenTarget, Role: data.CanonicalTargetsRole}, nil
|
|
|
|
}
|
|
|
|
return nil, client.ErrNoSuchTarget(name)
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetAllTargetMetadataByName searches the entire delegation role tree to find the specified target by name for all
|
|
|
|
// roles, and returns a list of TargetSignedStructs for each time it finds the specified target.
|
2017-09-14 16:16:54 -04:00
|
|
|
func (l LoadedWithNoSignersNotaryRepository) GetAllTargetMetadataByName(name string) ([]client.TargetSignedStruct, error) {
|
|
|
|
if name == "" || name == loadedGreenTarget.Name {
|
|
|
|
return []client.TargetSignedStruct{{Target: loadedGreenTarget, Role: loadedTargetsRole}}, nil
|
|
|
|
}
|
|
|
|
return nil, client.ErrNoSuchTarget(name)
|
|
|
|
}
|
|
|
|
|
2018-03-08 08:35:17 -05:00
|
|
|
// GetDelegationRoles returns the keys and roles of the repository's delegations
|
2017-09-14 16:16:54 -04:00
|
|
|
func (l LoadedWithNoSignersNotaryRepository) GetDelegationRoles() ([]data.Role, error) {
|
|
|
|
return []data.Role{}, nil
|
|
|
|
}
|