本文整理汇总了Golang中github.com/docker/notary/tuf/data.NewPublicKey函数的典型用法代码示例。如果您正苦于以下问题:Golang NewPublicKey函数的具体用法?Golang NewPublicKey怎么用?Golang NewPublicKey使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了NewPublicKey函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。
示例1: GetOrCreateTimestampKey
// GetOrCreateTimestampKey returns the timestamp key for the gun. It uses the store to
// lookup an existing timestamp key and the crypto to generate a new one if none is
// found. It attempts to handle the race condition that may occur if 2 servers try to
// create the key at the same time by simply querying the store a second time if it
// receives a conflict when writing.
func GetOrCreateTimestampKey(gun string, store storage.MetaStore, crypto signed.CryptoService, fallBackAlgorithm string) (data.PublicKey, error) {
keyAlgorithm, public, err := store.GetTimestampKey(gun)
if err == nil {
return data.NewPublicKey(keyAlgorithm, public), nil
}
if _, ok := err.(*storage.ErrNoKey); ok {
key, err := crypto.Create("timestamp", fallBackAlgorithm)
if err != nil {
return nil, err
}
logrus.Debug("Creating new timestamp key for ", gun, ". With algo: ", key.Algorithm())
err = store.SetTimestampKey(gun, key.Algorithm(), key.Public())
if err == nil {
return key, nil
}
if _, ok := err.(*storage.ErrTimestampKeyExists); ok {
keyAlgorithm, public, err = store.GetTimestampKey(gun)
if err != nil {
return nil, err
}
return data.NewPublicKey(keyAlgorithm, public), nil
}
return nil, err
}
return nil, err
}
开发者ID:rogaha,项目名称:notary,代码行数:33,代码来源:timestamp.go
示例2: GetOrCreateSnapshotKey
// GetOrCreateSnapshotKey either creates a new snapshot key, or returns
// the existing one. Only the PublicKey is returned. The private part
// is held by the CryptoService.
func GetOrCreateSnapshotKey(gun string, store storage.KeyStore, crypto signed.CryptoService, createAlgorithm string) (data.PublicKey, error) {
keyAlgorithm, public, err := store.GetKey(gun, data.CanonicalSnapshotRole)
if err == nil {
return data.NewPublicKey(keyAlgorithm, public), nil
}
if _, ok := err.(*storage.ErrNoKey); ok {
key, err := crypto.Create("snapshot", createAlgorithm)
if err != nil {
return nil, err
}
logrus.Debug("Creating new snapshot key for ", gun, ". With algo: ", key.Algorithm())
err = store.SetKey(gun, data.CanonicalSnapshotRole, key.Algorithm(), key.Public())
if err == nil {
return key, nil
}
if _, ok := err.(*storage.ErrKeyExists); ok {
keyAlgorithm, public, err = store.GetKey(gun, data.CanonicalSnapshotRole)
if err != nil {
return nil, err
}
return data.NewPublicKey(keyAlgorithm, public), nil
}
return nil, err
}
return nil, err
}
开发者ID:NathanMcCauley,项目名称:notary,代码行数:31,代码来源:snapshot.go
示例3: testValidateSuccessfulRootRotation
func testValidateSuccessfulRootRotation(t *testing.T, keyAlg, rootKeyType string) {
// The gun to test
gun := "docker.com/notary"
tempBaseDir, keyStoreManager, certs := filestoreWithTwoCerts(t, gun, keyAlg)
defer os.RemoveAll(tempBaseDir)
origRootCert := certs[0]
replRootCert := certs[1]
// Add the old root cert part of trustedCertificates
keyStoreManager.AddTrustedCert(origRootCert)
// We need the PEM representation of the replacement key to put it into the TUF data
origRootPEMCert := trustmanager.CertToPEM(origRootCert)
replRootPEMCert := trustmanager.CertToPEM(replRootCert)
// Tuf key with PEM-encoded x509 certificate
origRootKey := data.NewPublicKey(rootKeyType, origRootPEMCert)
replRootKey := data.NewPublicKey(rootKeyType, replRootPEMCert)
rootRole, err := data.NewRole("root", 1, []string{replRootKey.ID()}, nil, nil)
assert.NoError(t, err)
testRoot, err := data.NewRoot(
map[string]data.PublicKey{replRootKey.ID(): replRootKey},
map[string]*data.RootRole{"root": &rootRole.RootRole},
false,
)
assert.NoError(t, err, "Failed to create new root")
signedTestRoot, err := testRoot.ToSigned()
assert.NoError(t, err)
cs := cryptoservice.NewCryptoService(gun, keyStoreManager.KeyStore)
err = signed.Sign(cs, signedTestRoot, replRootKey)
assert.NoError(t, err)
err = signed.Sign(cs, signedTestRoot, origRootKey)
assert.NoError(t, err)
//
// This call to ValidateRoot will succeed since we are using a valid PEM
// encoded certificate, and have no other certificates for this CN
//
err = keyStoreManager.ValidateRoot(signedTestRoot, gun)
assert.NoError(t, err)
// Finally, validate the only trusted certificate that exists is the new one
certs = keyStoreManager.trustedCertificateStore.GetCertificates()
assert.Len(t, certs, 1)
assert.Equal(t, certs[0], replRootCert)
}
开发者ID:rogaha,项目名称:notary,代码行数:53,代码来源:keystoremanager_test.go
示例4: testValidateRootRotationMissingNewSig
func testValidateRootRotationMissingNewSig(t *testing.T, keyAlg, rootKeyType string) {
gun := "docker.com/notary"
tempBaseDir, certStore, cryptoService, certificates := filestoreWithTwoCerts(
t, gun, keyAlg)
defer os.RemoveAll(tempBaseDir)
origRootCert := certificates[0]
replRootCert := certificates[1]
// Add the old root cert part of trustedCertificates
certStore.AddCert(origRootCert)
// We need the PEM representation of the replacement key to put it into the TUF data
origRootPEMCert := trustmanager.CertToPEM(origRootCert)
replRootPEMCert := trustmanager.CertToPEM(replRootCert)
// Tuf key with PEM-encoded x509 certificate
origRootKey := data.NewPublicKey(rootKeyType, origRootPEMCert)
replRootKey := data.NewPublicKey(rootKeyType, replRootPEMCert)
rootRole, err := data.NewRole(data.CanonicalRootRole, 1, []string{replRootKey.ID()}, nil)
assert.NoError(t, err)
testRoot, err := data.NewRoot(
map[string]data.PublicKey{replRootKey.ID(): replRootKey},
map[string]*data.RootRole{data.CanonicalRootRole: &rootRole.RootRole},
false,
)
assert.NoError(t, err, "Failed to create new root")
signedTestRoot, err := testRoot.ToSigned()
assert.NoError(t, err)
// We only sign with the old key, and not with the new one
err = signed.Sign(cryptoService, signedTestRoot, origRootKey)
assert.NoError(t, err)
// This call to ValidateRoot will succeed since we are using a valid PEM
// encoded certificate, and have no other certificates for this CN
err = ValidateRoot(certStore, signedTestRoot, gun)
assert.Error(t, err, "insuficient signatures on root")
// Finally, validate the only trusted certificate that exists is still
// the old one
certificates = certStore.GetCertificates()
assert.Len(t, certificates, 1)
assert.Equal(t, certificates[0], origRootCert)
}
开发者ID:NathanMcCauley,项目名称:notary,代码行数:48,代码来源:certs_test.go
示例5: ID
// ID implements a method of the data.Key interface
func (rsa *HSMRSAKey) ID() string {
if rsa.id == "" {
pubK := data.NewPublicKey(rsa.Algorithm(), rsa.Public())
rsa.id = pubK.ID()
}
return rsa.id
}
开发者ID:rogaha,项目名称:notary,代码行数:8,代码来源:keys.go
示例6: Create
// Create will attempt to first re-use an inactive key for the same role, gun, and algorithm.
// If one isn't found, it will create a private key and add it to the DB as an inactive key
func (rdb RethinkDBKeyStore) Create(role, gun, algorithm string) (data.PublicKey, error) {
dbPrivateKey := RDBPrivateKey{}
res, err := gorethink.DB(rdb.dbName).Table(dbPrivateKey.TableName()).
Filter(gorethink.Row.Field("gun").Eq(gun)).
Filter(gorethink.Row.Field("role").Eq(role)).
Filter(gorethink.Row.Field("algorithm").Eq(algorithm)).
Filter(gorethink.Row.Field("last_used").Eq(time.Time{})).
OrderBy(gorethink.Row.Field("key_id")).
Run(rdb.sess)
if err != nil {
return nil, err
}
defer res.Close()
err = res.One(&dbPrivateKey)
if err == nil {
return data.NewPublicKey(dbPrivateKey.Algorithm, dbPrivateKey.Public), nil
}
privKey, err := generatePrivateKey(algorithm)
if err != nil {
return nil, err
}
if err = rdb.AddKey(role, gun, privKey); err != nil {
return nil, fmt.Errorf("failed to store key: %v", err)
}
return privKey, nil
}
开发者ID:jfrazelle,项目名称:notary,代码行数:31,代码来源:rethink_keydbstore.go
示例7: CreateTimestamp
// CreateTimestamp creates a new timestamp. If a prev timestamp is provided, it
// is assumed this is the immediately previous one, and the new one will have a
// version number one higher than prev. The store is used to lookup the current
// snapshot, this function does not save the newly generated timestamp.
func CreateTimestamp(gun string, prev *data.SignedTimestamp, snapshot []byte, store storage.MetaStore, cryptoService signed.CryptoService) (*data.Signed, int, error) {
algorithm, public, err := store.GetKey(gun, data.CanonicalTimestampRole)
if err != nil {
// owner of gun must have generated a timestamp key otherwise
// we won't proceed with generating everything.
return nil, 0, err
}
key := data.NewPublicKey(algorithm, public)
sn := &data.Signed{}
err = json.Unmarshal(snapshot, sn)
if err != nil {
// couldn't parse snapshot
return nil, 0, err
}
ts, err := data.NewTimestamp(sn)
if err != nil {
return nil, 0, err
}
if prev != nil {
ts.Signed.Version = prev.Signed.Version + 1
}
sgndTs, err := json.MarshalCanonical(ts.Signed)
if err != nil {
return nil, 0, err
}
out := &data.Signed{
Signatures: ts.Signatures,
Signed: sgndTs,
}
err = signed.Sign(cryptoService, out, key)
if err != nil {
return nil, 0, err
}
return out, ts.Signed.Version, nil
}
开发者ID:useidel,项目名称:notary,代码行数:39,代码来源:timestamp.go
示例8: GetKey
// GetKey retrieves a key
func (trust *NotarySigner) GetKey(keyid string) data.PublicKey {
publicKey, err := trust.kmClient.GetKeyInfo(context.Background(), &pb.KeyID{ID: keyid})
if err != nil {
return nil
}
return data.NewPublicKey(publicKey.KeyInfo.Algorithm.Algorithm, publicKey.PublicKey)
}
开发者ID:runcom,项目名称:notary,代码行数:8,代码来源:signer_trust.go
示例9: TestRSAPyCryptoVerifierInvalidKeyType
func TestRSAPyCryptoVerifierInvalidKeyType(t *testing.T) {
key := data.NewPublicKey("bad_type", nil)
v := RSAPyCryptoVerifier{}
err := v.Verify(key, nil, nil)
assert.Error(t, err)
assert.IsType(t, ErrInvalidKeyType{}, err)
}
开发者ID:useidel,项目名称:notary,代码行数:7,代码来源:verifiers_test.go
示例10: TestED25519VerifierInvalidKeyType
func TestED25519VerifierInvalidKeyType(t *testing.T) {
key := data.NewPublicKey("bad_type", nil)
v := Ed25519Verifier{}
err := v.Verify(key, nil, nil)
require.Error(t, err)
require.IsType(t, ErrInvalidKeyType{}, err)
}
开发者ID:mbentley,项目名称:notary,代码行数:7,代码来源:verifiers_test.go
示例11: GetKey
// GetKey performs the same get as GetPrivateKey, but does not mark the as active and only returns the public bytes
func (s *SQLKeyDBStore) GetKey(keyID string) data.PublicKey {
privKey, _, err := s.getKey(keyID, false)
if err != nil {
return nil
}
return data.NewPublicKey(privKey.Algorithm, []byte(privKey.Public))
}
开发者ID:jfrazelle,项目名称:notary,代码行数:8,代码来源:sql_keydbstore.go
示例12: getKeyInfo
func (trust *NotarySigner) getKeyInfo(keyid string) (data.PublicKey, string, error) {
keyInfo, err := trust.kmClient.GetKeyInfo(context.Background(), &pb.KeyID{ID: keyid})
if err != nil {
return nil, "", err
}
return data.NewPublicKey(keyInfo.KeyInfo.Algorithm.Algorithm, keyInfo.PublicKey), keyInfo.Role, nil
}
开发者ID:jfrazelle,项目名称:notary,代码行数:7,代码来源:signer_trust.go
示例13: ParsePEMPublicKey
// ParsePEMPublicKey returns a data.PublicKey from a PEM encoded public key or certificate.
func ParsePEMPublicKey(pubKeyBytes []byte) (data.PublicKey, error) {
pemBlock, _ := pem.Decode(pubKeyBytes)
if pemBlock == nil {
return nil, errors.New("no valid public key found")
}
switch pemBlock.Type {
case "CERTIFICATE":
cert, err := x509.ParseCertificate(pemBlock.Bytes)
if err != nil {
return nil, fmt.Errorf("could not parse provided certificate: %v", err)
}
err = ValidateCertificate(cert, true)
if err != nil {
return nil, fmt.Errorf("invalid certificate: %v", err)
}
return CertToKey(cert), nil
case "PUBLIC KEY":
keyType, err := keyTypeForPublicKey(pemBlock.Bytes)
if err != nil {
return nil, err
}
return data.NewPublicKey(keyType, pemBlock.Bytes), nil
default:
return nil, fmt.Errorf("unsupported PEM block type %q, expected CERTIFICATE or PUBLIC KEY", pemBlock.Type)
}
}
开发者ID:jfrazelle,项目名称:notary,代码行数:28,代码来源:x509.go
示例14: GetKey
// GetKey returns the PublicKey given a KeyID, and does not activate the key
func (rdb *RethinkDBKeyStore) GetKey(keyID string) data.PublicKey {
dbPrivateKey, _, err := rdb.getKey(keyID)
if err != nil {
return nil
}
return data.NewPublicKey(dbPrivateKey.Algorithm, dbPrivateKey.Public)
}
开发者ID:jfrazelle,项目名称:notary,代码行数:9,代码来源:rethink_keydbstore.go
示例15: Create
// Create creates a remote key and returns the PublicKey associated with the remote private key
func (trust *NotarySigner) Create(role, algorithm string) (data.PublicKey, error) {
publicKey, err := trust.kmClient.CreateKey(context.Background(), &pb.Algorithm{Algorithm: algorithm})
if err != nil {
return nil, err
}
public := data.NewPublicKey(publicKey.KeyInfo.Algorithm.Algorithm, publicKey.PublicKey)
return public, nil
}
开发者ID:runcom,项目名称:notary,代码行数:9,代码来源:signer_trust.go
示例16: TestHTTPStoreGetMeta
func TestHTTPStoreGetMeta(t *testing.T) {
handler := func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte(testRoot))
}
server := httptest.NewServer(http.HandlerFunc(handler))
defer server.Close()
store, err := NewHTTPStore(
server.URL,
"metadata",
"txt",
"targets",
"key",
&http.Transport{},
)
if err != nil {
t.Fatal(err)
}
j, err := store.GetMeta("root", 4801)
if err != nil {
t.Fatal(err)
}
p := &data.Signed{}
err = json.Unmarshal(j, p)
if err != nil {
t.Fatal(err)
}
rootKey, err := base64.StdEncoding.DecodeString(testRootKey)
assert.NoError(t, err)
k := data.NewPublicKey("ecdsa-x509", rootKey)
sigBytes := p.Signatures[0].Signature
if err != nil {
t.Fatal(err)
}
var decoded map[string]interface{}
if err := json.Unmarshal(p.Signed, &decoded); err != nil {
t.Fatal(err)
}
msg, err := json.MarshalCanonical(decoded)
if err != nil {
t.Fatal(err)
}
method := p.Signatures[0].Method
err = signed.Verifiers[method].Verify(k, sigBytes, msg)
if err != nil {
t.Fatal(err)
}
}
开发者ID:useidel,项目名称:notary,代码行数:49,代码来源:httpstore_test.go
示例17: TestPyNaCled25519Compat
func TestPyNaCled25519Compat(t *testing.T) {
pubHex := "846612b43cef909a0e4ea9c818379bca4723a2020619f95e7a0ccc6f0850b7dc"
testStr := "The quick brown fox jumps over the lazy dog."
sigHex := "166e7013e48f26dccb4e68fe4cf558d1cd3af902f8395534336a7f8b4c56588694aa3ac671767246298a59d5ef4224f02c854f41bfcfe70241db4be1546d6a00"
pub, _ := hex.DecodeString(pubHex)
k := data.NewPublicKey(data.ED25519Key, pub)
sigBytes, _ := hex.DecodeString(sigHex)
err := Verifiers[data.EDDSASignature].Verify(k, sigBytes, []byte(testStr))
if err != nil {
t.Fatal(err)
}
}
开发者ID:jfrazelle,项目名称:notary,代码行数:15,代码来源:verifiers_test.go
示例18: TestPyCryptoRSAPSSCompat
func TestPyCryptoRSAPSSCompat(t *testing.T) {
pubPem := "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAnKuXZeefa2LmgxaL5NsM\nzKOHNe+x/nL6ik+lDBCTV6OdcwAhHQS+PONGhrChIUVR6Vth3hUCrreLzPO73Oo5\nVSCuRJ53UronENl6lsa5mFKP8StYLvIDITNvkoT3j52BJIjyNUK9UKY9As2TNqDf\nBEPIRp28ev/NViwGOEkBu2UAbwCIdnDXm8JQErCZA0Ydm7PKGgjLbFsFGrVzqXHK\n6pdzJXlhr9yap3UpgQ/iO9JtoEYB2EXsnSrPc9JRjR30bNHHtnVql3fvinXrAEwq\n3xmN4p+R4VGzfdQN+8Kl/IPjqWB535twhFYEG/B7Ze8IwbygBjK3co/KnOPqMUrM\nBI8ztvPiogz+MvXb8WvarZ6TMTh8ifZI96r7zzqyzjR1hJulEy3IsMGvz8XS2J0X\n7sXoaqszEtXdq5ef5zKVxkiyIQZcbPgmpHLq4MgfdryuVVc/RPASoRIXG4lKaTJj\n1ANMFPxDQpHudCLxwCzjCb+sVa20HBRPTnzo8LSZkI6jAgMBAAE=\n-----END PUBLIC KEY-----"
testStr := "The quick brown fox jumps over the lazy dog."
sigHex := "4e05ee9e435653549ac4eddbc43e1a6868636e8ea6dbec2564435afcb0de47e0824cddbd88776ddb20728c53ecc90b5d543d5c37575fda8bd0317025fc07de62ee8084b1a75203b1a23d1ef4ac285da3d1fc63317d5b2cf1aafa3e522acedd366ccd5fe4a7f02a42922237426ca3dc154c57408638b9bfaf0d0213855d4e9ee621db204151bcb13d4dbb18f930ec601469c992c84b14e9e0b6f91ac9517bb3b749dd117e1cbac2e4acb0e549f44558a2005898a226d5b6c8b9291d7abae0d9e0a16858b89662a085f74a202deb867acab792bdbd2c36731217caea8b17bd210c29b890472f11e5afdd1dd7b69004db070e04201778f2c49f5758643881403d45a58d08f51b5c63910c6185892f0b590f191d760b669eff2464456f130239bba94acf54a0cb98f6939ff84ae26a37f9b890be259d9b5d636f6eb367b53e895227d7d79a3a88afd6d28c198ee80f6527437c5fbf63accb81709925c4e03d1c9eaee86f58e4bd1c669d6af042dbd412de0d13b98b1111e2fadbe34b45de52125e9a"
k := data.NewPublicKey(data.RSAKey, []byte(pubPem))
sigBytes, err := hex.DecodeString(sigHex)
if err != nil {
t.Fatal(err)
}
v := RSAPyCryptoVerifier{}
err = v.Verify(k, sigBytes, []byte(testStr))
if err != nil {
t.Fatal(err)
}
}
开发者ID:jfrazelle,项目名称:notary,代码行数:16,代码来源:verifiers_test.go
示例19: GetPrivateKey
// GetPrivateKey returns the PrivateKey given a KeyID
func (s *SQLKeyDBStore) GetPrivateKey(keyID string) (data.PrivateKey, string, error) {
// Retrieve the GORM private key from the database
dbPrivateKey, decryptedPrivKey, err := s.getKey(keyID, true)
if err != nil {
return nil, "", err
}
pubKey := data.NewPublicKey(dbPrivateKey.Algorithm, []byte(dbPrivateKey.Public))
// Create a new PrivateKey with unencrypted bytes
privKey, err := data.NewPrivateKey(pubKey, []byte(decryptedPrivKey))
if err != nil {
return nil, "", err
}
return activatingPrivateKey{PrivateKey: privKey, activationFunc: s.markActive}, dbPrivateKey.Role, nil
}
开发者ID:jfrazelle,项目名称:notary,代码行数:17,代码来源:sql_keydbstore.go
示例20: GetPrivateKey
// GetPrivateKey returns the PrivateKey given a KeyID
func (rdb *RethinkDBKeyStore) GetPrivateKey(keyID string) (data.PrivateKey, string, error) {
dbPrivateKey, decryptedPrivKey, err := rdb.getKey(keyID)
if err != nil {
return nil, "", err
}
pubKey := data.NewPublicKey(dbPrivateKey.Algorithm, dbPrivateKey.Public)
// Create a new PrivateKey with unencrypted bytes
privKey, err := data.NewPrivateKey(pubKey, []byte(decryptedPrivKey))
if err != nil {
return nil, "", err
}
return activatingPrivateKey{PrivateKey: privKey, activationFunc: rdb.markActive}, dbPrivateKey.Role, nil
}
开发者ID:jfrazelle,项目名称:notary,代码行数:17,代码来源:rethink_keydbstore.go
注:本文中的github.com/docker/notary/tuf/data.NewPublicKey函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论