本文整理汇总了Golang中github.com/docker/notary/trustmanager.GenerateECDSAKey函数的典型用法代码示例。如果您正苦于以下问题:Golang GenerateECDSAKey函数的具体用法?Golang GenerateECDSAKey怎么用?Golang GenerateECDSAKey使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了GenerateECDSAKey函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: TestDoubleCreate
func TestDoubleCreate(t *testing.T) {
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
defer os.RemoveAll(tempBaseDir)
testKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err)
anotherTestKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err)
// We are using SQLite for the tests
db, err := sql.Open("sqlite3", tempBaseDir+"test_db")
assert.NoError(t, err)
// Create a new KeyDB store
dbStore, err := NewKeyDBStore(retriever, "", "sqlite3", db)
assert.NoError(t, err)
// Ensure that the private_key table exists
dbStore.db.CreateTable(&GormPrivateKey{})
// Test writing new key in database/cache
err = dbStore.AddKey("", "", testKey)
assert.NoError(t, err)
// Test writing the same key in the database. Should fail.
err = dbStore.AddKey("", "", testKey)
assert.Error(t, err, "failed to add private key to database:")
// Test writing new key succeeds
err = dbStore.AddKey("", "", anotherTestKey)
assert.NoError(t, err)
}
示例2: TestDoubleCreate
func TestDoubleCreate(t *testing.T) {
testKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err)
anotherTestKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err)
tmpFilename := initializeDB(t)
defer os.Remove(tmpFilename)
// Create a new KeyDB store and add a key
dbStore, err := NewKeyDBStore(retriever, "ignoredalias", "sqlite3", tmpFilename)
assert.NoError(t, err)
// Test writing new key in database/cache
err = dbStore.AddKey("gun/ignored", data.CanonicalTimestampRole, testKey)
assert.NoError(t, err)
// Test writing the same key in the database. Should fail.
err = dbStore.AddKey("gun/ignored", data.CanonicalTimestampRole, testKey)
assert.Error(t, err, "failed to add private key to database:")
// Test writing new key succeeds
err = dbStore.AddKey("gun/ignored", data.CanonicalTimestampRole, anotherTestKey)
assert.NoError(t, err)
}
示例3: TestKeyRotation
func TestKeyRotation(t *testing.T) {
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
defer os.RemoveAll(tempBaseDir)
testKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err)
// We are using SQLite for the tests
db, err := sql.Open("sqlite3", tempBaseDir+"test_db")
assert.NoError(t, err)
// Create a new KeyDB store
dbStore, err := NewKeyDBStore(anotherRetriever, "alias_1", "sqlite3", db)
assert.NoError(t, err)
// Ensure that the private_key table exists
dbStore.db.CreateTable(&GormPrivateKey{})
// Test writing new key in database/cache
err = dbStore.AddKey("", "", testKey)
assert.NoError(t, err)
// Try rotating the key to alias-2
err = dbStore.RotateKeyPassphrase(testKey.ID(), "alias_2")
assert.NoError(t, err)
// Try rotating the key to alias-3
err = dbStore.RotateKeyPassphrase(testKey.ID(), "alias_3")
assert.Error(t, err, "password alias no found")
}
示例4: testAddKey
func testAddKey(t *testing.T, store trustmanager.KeyStore) (data.PrivateKey, error) {
privKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
require.NoError(t, err)
err = store.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, privKey)
return privKey, err
}
示例5: setUpRepo
// initialize a repo with keys, so they can be rotated
func setUpRepo(t *testing.T, tempBaseDir, gun string, ret passphrase.Retriever) (
*httptest.Server, map[string]string) {
// server that always returns 200 (and a key)
key, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err)
pubKey := data.PublicKeyFromPrivate(key)
jsonBytes, err := json.MarshalCanonical(&pubKey)
assert.NoError(t, err)
keyJSON := string(jsonBytes)
ts := httptest.NewServer(http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, keyJSON)
}))
repo, err := client.NewNotaryRepository(
tempBaseDir, gun, ts.URL, http.DefaultTransport, ret)
assert.NoError(t, err, "error creating repo: %s", err)
rootPubKey, err := repo.CryptoService.Create("root", data.ECDSAKey)
assert.NoError(t, err, "error generating root key: %s", err)
err = repo.Initialize(rootPubKey.ID())
assert.NoError(t, err)
return ts, repo.CryptoService.ListAllKeys()
}
示例6: AddGetKeyCryptoServiceInterfaceBehaviorTests
// AddGetKeyCryptoServiceInterfaceBehaviorTests tests expected behavior for
// adding keys in a signed.CryptoService and other read operations on the
// crypto service after keys are present
// 1. Adding a key succeeds
// 2. Getting the key should return the same key, without error
// 3. Removing the key succeeds
func AddGetKeyCryptoServiceInterfaceBehaviorTests(t *testing.T, cs signed.CryptoService, algo string) {
expectedRolesToKeys := make(map[string]string)
for i := 0; i < 2; i++ {
var (
addedPrivKey data.PrivateKey
err error
)
role := data.BaseRoles[i+1]
switch algo {
case data.RSAKey:
addedPrivKey, err = trustmanager.GenerateRSAKey(rand.Reader, 2048)
case data.ECDSAKey:
addedPrivKey, err = trustmanager.GenerateECDSAKey(rand.Reader)
case data.ED25519Key:
addedPrivKey, err = trustmanager.GenerateED25519Key(rand.Reader)
default:
require.FailNow(t, "invalid algorithm %s", algo)
}
require.NoError(t, err)
require.NotNil(t, addedPrivKey)
require.NoError(t, cs.AddKey(role, "docker.io/notary", addedPrivKey))
expectedRolesToKeys[role] = addedPrivKey.ID()
}
testGetKey(t, cs, expectedRolesToKeys, algo, true)
}
示例7: TestYubiImportNonRootKey
// Importing a key not as root fails, and it is not added to the backup store
func TestYubiImportNonRootKey(t *testing.T) {
if !YubikeyAccessible() {
t.Skip("Must have Yubikey access.")
}
clearAllKeys(t)
SetYubikeyKeyMode(KeymodeNone)
defer func() {
SetYubikeyKeyMode(KeymodeTouch | KeymodePinOnce)
}()
backup := trustmanager.NewKeyMemoryStore(ret)
store, err := NewYubiKeyStore(backup, ret)
assert.NoError(t, err)
// generate key and import it
privKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err)
pemBytes, err := trustmanager.EncryptPrivateKey(privKey, "passphrase")
assert.NoError(t, err)
err = store.ImportKey(pemBytes, privKey.ID())
assert.Error(t, err)
// key is not in backup store
_, _, err = backup.GetKey(privKey.ID())
assert.Error(t, err)
}
示例8: GenRootKey
// GenRootKey generates a new root key protected by a given passphrase
// TODO(diogo): show not create keys manually, should use a cryptoservice instead
func (km *KeyStoreManager) GenRootKey(algorithm, passphrase string) (string, error) {
var err error
var privKey *data.PrivateKey
// We don't want external API callers to rely on internal TUF data types, so
// the API here should continue to receive a string algorithm, and ensure
// that it is downcased
switch data.KeyAlgorithm(strings.ToLower(algorithm)) {
case data.RSAKey:
privKey, err = trustmanager.GenerateRSAKey(rand.Reader, rsaRootKeySize)
case data.ECDSAKey:
privKey, err = trustmanager.GenerateECDSAKey(rand.Reader)
default:
return "", fmt.Errorf("only RSA or ECDSA keys are currently supported. Found: %s", algorithm)
}
if err != nil {
return "", fmt.Errorf("failed to generate private key: %v", err)
}
// Changing the root
km.rootKeyStore.AddEncryptedKey(privKey.ID(), privKey, passphrase)
return privKey.ID(), nil
}
示例9: testAddKey
func testAddKey(t *testing.T, store trustmanager.KeyStore) (data.PrivateKey, error) {
privKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err)
err = store.AddKey(privKey.ID(), data.CanonicalRootRole, privKey)
return privKey, err
}
示例10: Create
// Create is used to generate keys for targets, snapshots and timestamps
func (ccs *CryptoService) Create(role string, algorithm data.KeyAlgorithm) (data.PublicKey, error) {
var privKey data.PrivateKey
var err error
switch algorithm {
case data.RSAKey:
privKey, err = trustmanager.GenerateRSAKey(rand.Reader, rsaKeySize)
if err != nil {
return nil, fmt.Errorf("failed to generate RSA key: %v", err)
}
case data.ECDSAKey:
privKey, err = trustmanager.GenerateECDSAKey(rand.Reader)
if err != nil {
return nil, fmt.Errorf("failed to generate EC key: %v", err)
}
case data.ED25519Key:
privKey, err = trustmanager.GenerateED25519Key(rand.Reader)
if err != nil {
return nil, fmt.Errorf("failed to generate ED25519 key: %v", err)
}
default:
return nil, fmt.Errorf("private key type not supported for key generation: %s", algorithm)
}
logrus.Debugf("generated new %s key for role: %s and keyID: %s", algorithm, role, privKey.ID())
// Store the private key into our keystore with the name being: /GUN/ID.key with an alias of role
err = ccs.keyStore.AddKey(filepath.Join(ccs.gun, privKey.ID()), role, privKey)
if err != nil {
return nil, fmt.Errorf("failed to add key to filestore: %v", err)
}
return data.PublicKeyFromPrivate(privKey), nil
}
示例11: TestUnlockedSigner
func TestUnlockedSigner(t *testing.T) {
privKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err, "could not generate key")
keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
err = keyStore.AddKey(privKey.ID(), "root", privKey)
assert.NoError(t, err, "could not add key to store")
cryptoService := NewCryptoService("", keyStore)
uCryptoService := NewUnlockedCryptoService(privKey, cryptoService)
// Check ID method
assert.Equal(t, privKey.ID(), uCryptoService.ID())
// Check Public method
assert.Equal(t, privKey.Public(), uCryptoService.PublicKey().Public())
assert.Equal(t, privKey.ID(), uCryptoService.PublicKey().ID())
// Check GenerateCertificate method
gun := "docker.com/notary"
cert, err := uCryptoService.GenerateCertificate(gun)
assert.NoError(t, err, "could not generate certificate")
// Check public key
ecdsaPrivateKey, err := x509.ParseECPrivateKey(privKey.Private())
assert.NoError(t, err)
ecdsaPublicKey := ecdsaPrivateKey.Public()
assert.Equal(t, ecdsaPublicKey, cert.PublicKey)
// Check CommonName
assert.Equal(t, cert.Subject.CommonName, gun)
}
示例12: TestYubiImportKeyCleansUpOnError
func TestYubiImportKeyCleansUpOnError(t *testing.T) {
if !YubikeyAccessible() {
t.Skip("Must have Yubikey access.")
}
clearAllKeys(t)
SetYubikeyKeyMode(KeymodeNone)
defer func() {
SetYubikeyKeyMode(KeymodeTouch | KeymodePinOnce)
}()
store, err := NewYubiKeyStore(trustmanager.NewKeyMemoryStore(ret), ret)
assert.NoError(t, err)
privKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err)
pemBytes, err := trustmanager.EncryptPrivateKey(privKey, "passphrase")
assert.NoError(t, err)
var _importkey = func() error { return store.ImportKey(pemBytes, "root") }
testYubiFunctionCleansUpOnLoginError(t, store, _importkey)
// all the PKCS11 functions ImportKey depends on that aren't the login/logout
testYubiFunctionCleansUpOnSpecifiedErrors(t, store, _importkey,
append(
setupErrors,
"FindObjectsInit",
"FindObjects",
"FindObjectsFinal",
"CreateObject",
), true)
// given that everything should have errored, there should be no keys on
// the yubikey
assert.Len(t, cleanListKeys(t), 0)
// Logout should not cause a function failure - it s a cleanup failure,
// which shouldn't break anything, and it should clean up after itself.
// The key should be added to both stores
testYubiFunctionCleansUpOnSpecifiedErrors(t, store, _importkey,
[]string{"Logout"}, false)
listedKeys := cleanListKeys(t)
assert.Len(t, listedKeys, 1)
// Currently, if GetAttributeValue fails, the function succeeds, because if
// we can't get the attribute value of an object, we don't know what slot
// it's in, we assume its occupied slot is free (hence this failure will
// cause the previous key to be overwritten). This behavior may need to
// be revisited.
for k := range listedKeys {
err := store.RemoveKey(k)
assert.NoError(t, err)
}
testYubiFunctionCleansUpOnSpecifiedErrors(t, store, _importkey,
[]string{"GetAttributeValue"}, false)
assert.Len(t, cleanListKeys(t), 1)
}
示例13: TestCreateDelete
func TestCreateDelete(t *testing.T) {
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
defer os.RemoveAll(tempBaseDir)
testKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err)
// We are using SQLite for the tests
db, err := sql.Open("sqlite3", tempBaseDir+"test_db")
assert.NoError(t, err)
// Create a new KeyDB store
dbStore, err := NewKeyDBStore(retriever, "", "sqlite3", db)
assert.NoError(t, err)
// Ensure that the private_key table exists
dbStore.db.CreateTable(&GormPrivateKey{})
// Test writing new key in database/cache
err = dbStore.AddKey("", "", testKey)
assert.NoError(t, err)
// Test deleting the key from the db
err = dbStore.RemoveKey(testKey.ID())
assert.NoError(t, err)
// This should fail
_, _, err = dbStore.GetKey(testKey.ID())
assert.Error(t, err, "signing key not found:")
}
示例14: TestClientKeyImportExportRootOnly
// Tests import/export root key only
func TestClientKeyImportExportRootOnly(t *testing.T) {
// -- setup --
cleanup := setUp(t)
defer cleanup()
tempDir := tempDirWithConfig(t, "{}")
defer os.RemoveAll(tempDir)
server := setupServer()
defer server.Close()
var (
target = "sdgkadga"
rootKeyID string
)
tempFile, err := ioutil.TempFile("/tmp", "pemfile")
assert.NoError(t, err)
// close later, because we might need to write to it
defer os.Remove(tempFile.Name())
// -- tests --
if rootOnHardware() {
t.Log("Cannot export a key from hardware. Will generate one to import.")
privKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err)
pemBytes, err := trustmanager.EncryptPrivateKey(privKey, "root", testPassphrase)
assert.NoError(t, err)
nBytes, err := tempFile.Write(pemBytes)
assert.NoError(t, err)
tempFile.Close()
assert.Equal(t, len(pemBytes), nBytes)
rootKeyID = privKey.ID()
} else {
tempFile.Close()
rootKeyID = exportRoot(t, tempFile.Name())
}
// import the key
_, err = runCommand(t, tempDir, "key", "import", tempFile.Name())
assert.NoError(t, err)
// if there is hardware available, root will only be on hardware, and not
// on disk
newRoot, _ := assertNumKeys(t, tempDir, 1, 0, !rootOnHardware())
assert.Equal(t, rootKeyID, newRoot[0])
// Just to make sure, init a repo and publish
_, err = runCommand(t, tempDir, "-s", server.URL, "init", "gun")
assert.NoError(t, err)
assertNumKeys(t, tempDir, 1, 2, !rootOnHardware())
assertSuccessfullyPublish(
t, tempDir, server.URL, "gun", target, tempFile.Name())
}
示例15: generateCertificate
func generateCertificate(t *testing.T, gun string, expireInHours int64) *x509.Certificate {
ecdsaPrivKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err)
startTime := time.Now()
endTime := startTime.Add(time.Hour * time.Duration(expireInHours))
cert, err := cryptoservice.GenerateCertificate(ecdsaPrivKey, gun, startTime, endTime)
assert.NoError(t, err)
return cert
}