Jennifer Li Johnson
856b98997c
updates copyright 2018 to 2019 ( #1133 )
2019-01-24 15:15:10 -05:00
JT Olio
1faeeb49d5
prepare key generation for launch ( #979 )
...
* pkg/identity: use sha256 instead of sha3 for pow
Change-Id: I9b7a4f2c3e624a6e248a233e3653eaccaf23c6f3
* pkg/identity: restructure key generation a bit
Change-Id: I0061a5cc62f04b0c86ffbf046519d5c0a154e896
* cmd/identity: indefinite key generation command
you can start this command and leave it running and it will fill up your
hard drive with node certificate authority private keys ordered by
difficulty.
Change-Id: I61c7a3438b9ff6656e74b8d74fef61e557e4d95a
* pkg/storj: more node id difficulty testing
Change-Id: Ie56b1859aa14ec6ef5973caf42aacb4c494b87c7
* review comments
Change-Id: Iff019aa8121a7804f10c248bf2e578189e5b829d
2019-01-07 13:02:22 -05:00
Bryan White
249244536a
CSR Service (part 2): cert signing rpc ( #950 )
...
* CSR Service:
+ implement certificate sign rpc method
+ implement certificate signer client/server
+ refactor `AuthorizationDB#Create`
+ refactor `NewTestIdentity`
+ add `AuthorizationDB#Claim`
+ add `Token#Equal`
+ fix `Authorizations#Marshal` when marshaling identities and certificates
+ tweak `Authorization#String` format
+ cert debugging improvements (jsondiff)
+ receive context arg in `NewTestIdentity`
+ misc. fixes
2019-01-02 12:39:17 -05:00
Bryan White
398379b149
CSR service (part 1): authorizations ( #906 )
2018-12-20 19:29:05 +01:00
Bryan White
4eb55017c8
Cert revocation CLI ( #848 )
...
* wip
* allow identity and CA configs to save cert/key separately
* fixes
* linter and default path fixes
* review fixes
* fixes:
+ review fixes
+ bug fixes
+ add extensions command
* linter fixes
* fix ca revoke description
* review fixes
2018-12-18 12:55:55 +01:00
Bill Thorp
c17a6ba584
fixed temp dir issues w/ rev db ( #859 )
2018-12-13 21:24:35 -05:00
Bryan White
2016ce9fd6
Certificate revocation ( #836 )
...
* wip certificate revocation
* refactor tests
* wip testing
* testing
* review fixes
* integration fix attempt #1
* review fixes
* integration fix attempt #2
* linter fixes
* add copywrite
* integration fix attemp #3
* more testing
* more tests
* go mod tidy
* review fixes
* linter fixes
2018-12-13 21:01:43 +01:00
Bryan White
228aa34ff6
TLS extension processing ( #771 )
2018-12-07 14:44:25 +01:00
Bryan White
8b9711cb5e
better waitlist-gating ( #557 )
...
* better waitlist-gating
(cherry picked from commit 490fe02b7c3558da18678dfb651c92ec9c4a75b5)
* fix broken test
* linter fixes
* linter fixes
* make extension verification optional
* add certifcate gating script for captplanet
* fixing tests
* linter fixes
* linter fixes?
* moar linter fixes
* Revert "moar linter fixes"
This reverts commit 8139ccbd73cbbead987b7667567844f50f7df2c8.
* just kill me
* refactor
* refactor tests
* liniter...
* cleanup
2018-11-01 16:48:43 +01:00
Bryan White
df1f7a6214
Wait-list gating ( #534 )
2018-10-26 09:52:37 -04:00
Egon Elbre
0f5a2f4ef5
Enable more linters ( #272 )
...
* enable more linters
* Run gofmt -s
* run goimports
* run unconvert
* fix naked return
* fix misspellings
* fix ineffectual assigments
* fix missing declaration
* don't use deprecated grpc.Errof
* check errors in tests
* run gofmt -w -r "assert.Nil(err) -> assert.NoError(err)"
* fix directory permissions
* don't use nil Context
* simplify boolean expressions
* use bytes.Equal instead of bytes.Compare
* merge variable declarations, remove redundant returns
* fix some golint errors
* run goimports
* handle more errors
* delete empty TestMain
* delete empty TestMain
* ignore examples for now
* fix lint errors
* remove unused values
* more fixes
* run gofmt -w -s .
* add more comments
* fix naming
* more lint fixes
* try switching travis to go1.11
* fix unnecessary conversions
* fix deprecated methods
* use go1.10 and disable gofmt/goimports for now
* switch to 1.10
* don't re-enable gofmt and goimports
* switch covermode to atomic because of -race
* gofmt
2018-08-27 11:28:16 -06:00
Bryan White
0e2fd97029
Identity fixes+: ( #270 )
...
* identity fixes+:
+ fix `peertls.NewCert` public key issue
+ fix `peertls.verfiyChain` issue
+ fix identity dial option
+ rename `GenerateCA` to `NewCA` and `generateCAWorker` to `newCAWorker` for better consistency/convention
2018-08-23 16:08:26 +02:00
Bryan White
5d20cf8829
Node Identity ( #193 )
...
* peertls: don't log errors for double close
understood that this part of the code is undergoing heavy change
right now, but just want to make sure this fix gets incorporated
somewhere
* git cleanup: node-id stuff
* cleanup
* rename identity_util.go
* wip `CertificateAuthority` refactor
* refactoring
* gitignore update
* wip
* Merge remote-tracking branch 'storj/doubleclose' into node-id3
* storj/doubleclose:
peertls: don't log errors for double close
* add peertls tests & gomports
* wip:
+ refactor
+ style changes
+ cleanup
+ [wip] add version to CA and identity configs
+ [wip] heavy client setup
* refactor
* wip:
+ refactor
+ style changes
+ add `CAConfig.Load`
+ add `CAConfig.Save`
* wip:
+ add `LoadOrCreate` and `Create` to CA and Identity configs
+ add overwrite to CA and identity configs
+ heavy client setup
+ refactor
+ style changes
+ cleanup
* wip
* fixing things
* fixing things
* wip hc setup
* hc setup:
+ refactor
+ bugfixing
* improvements based on reveiw feedback
* goimports
* improvements:
+ responding to review feedback
+ refactor
* feedback-based improvements
* feedback-based improvements
* feedback-based improvements
* feedback-based improvements
* feedback-based improvements
* feedback-based improvements
* cleanup
* refactoring CA and Identity structs
* Merge branch 'master' into node-id3
* move version field to setup config structs for CA and identity
* fix typo
* responding to revieiw feedback
* responding to revieiw feedback
* responding to revieiw feedback
* responding to revieiw feedback
* responding to revieiw feedback
* responding to revieiw feedback
* Merge branch 'master' into node-id3
* fix gateway setup finally
* go imports
* fix `FullCertificateAuthority.GenerateIdentity`
* cleanup overlay tests
* bugfixing
* update ca/identity setup
* go imports
* fix peertls test copy/paste fail
* responding to review feedback
* setup tweaking
* update farmer setup
2018-08-13 10:39:45 +02:00
Bryan White
5b913c45b9
Transport security ( #63 )
...
* wip initial transport security
* wip: transport security (add tests / refactor)
* wip tests
* refactoring - still wip
* refactor, improve tests
* wip tls testing
* fix typo
* wip testing
* wip testing
* wip
* tls_test passing
* code-style improvemente / refactor; service and tls tests passing!
* code-style auto-format
* add TestNewServer_LoadTLS
* refactor; test improvements
* refactor
* add client cert
* port changes
* Merge remote-tracking branch 'upstream/master'
* Merge remote-tracking branch 'upstream/master'
* Merge remote-tracking branch 'upstream/master'
* files created
* Merge remote-tracking branch 'upstream/master' into coyle/kad-tests
* wip
* add separate `Process` tests for bolt and redis-backed overlay
* more testing
* fix gitignore
* fix linter error
* goimports goimports GOIMPORTS GoImPortS!!!!
* wip
* fix port madness
* forgot to add
* add `mux` as handler and shorten context timeouts
* gofreakingimports
* fix comments
* refactor test & add logger/monkit registry
* debugging travis
* add comment
* Set redisAddress to empty string for bolt-test
* Merge remote-tracking branch 'upstream/master' into coyle/kad-tests
* Merge branch 'tls' into tls-upstream
* tls:
add client cert
refactor
refactor; test improvements
add TestNewServer_LoadTLS
code-style auto-format
code-style improvemente / refactor; service and tls tests passing!
tls_test passing
wip
wip testing
wip testing
fix typo
wip tls testing
refactor, improve tests
refactoring - still wip
wip tests
wip: transport security (add tests / refactor)
wip initial transport security
* fixing linter things
* wip
* remove bkad dependencie from tests
* wip
* wip
* wip
* wip
* wip
* updated coyle/kademlia
* wip
* cleanup
* ports
* overlay upgraded
* linter fixes
* piecestore kademlia newID
* Merge branch 'master' into tls-upstream
* master:
Add error to the return values of Ranger.Range method (#90 )
udp-forwarding: demo week work! (#84 )
* Merge branch 'kad-tests' into tls-upstream
* kad-tests:
piecestore kademlia newID
linter fixes
overlay upgraded
ports
cleanup
wip
updated coyle/kademlia
wip
wip
wip
wip
wip
remove bkad dependencie from tests
wip
wip
files created
port changes
* wip
* finish merging service tests
* add test for different client/server certs
* wip
* Merge branch 'master' into tls-upstream
* master:
Add context to Ranger.Range method (#99 )
Coyle/kad client (#91 )
* wip
* wip; refactoring/cleanup
* wip
* Merge branch 'master' into tls
* master:
Bolt backed overlay cache (#94 )
internal/test: switch errors to error classes (#96 )
* wip - test passing
* cleanup
* remove port.go
* cleanup
* Merge branch 'master' into tls
* master:
hardcode version (#111 )
Coyle/docker fix (#109 )
pkg/kademlia tests and restructuring (#97 )
Use continue instead of return in table tests (#106 )
prepend storjlabs to docker tag (#108 )
Automatically build, tag and push docker images on merge to master (#103 )
* more belated merging
* more belated merging
* more belated merging
* add copyrights
* cleanup
* goimports
* refactoring
* wip
* wip
* implement `TLSFileOptions#loadTLS`, refactoring:
`peertls.TestNewClient_LoadTLS` is the failing holdout; Still trying to figure out why I'm getting ECDSA verification is failing.
* not sure if actually working:
Tests are now passing (no more "ECDSA verification failed"); however,
`len(*tls.Certificates.Certificate) == 1` which I don't think should be
the case if the root and leaf are being created correctly.
* Experimenting/bugfixing?:
I think leaf certs should be properly signed by the parent now but not
entirely certain. It's also unclear to me why in
`VerifyPeerCertificate`, `len(rawCerts) == 1` when the certs should
contain both the root and leaf afaik.
* Properly write/read certificate chain (root/leaf):
I think I'm now properly reading and writing the root and leaf
certificate chain such that they're both being received by
`VerifyPeerCertificate`.
The next step is to parse the certificates with `x509.ParseCertificate`
(or similar) and verify that the public keys and signatures match.
* Add tls certificate chain signature veification (spike):
+ `VerifyPeerCertificate` verifies signatures of certificates using the
key of it's parent if there is one; otherwise, it verifies the
certificate is self-signed
+ TODO: refactor
+ TODO: test
* refactoring `VerifyPeerCertificate`
* cleanup
* refactor
* Merge branch 'master' into tls
* master:
Remove some structural folders we don't seem to be using. (#125 )
license code with agplv3 (#126 )
Update .clabot (#124 )
added team memebers (#123 )
clabot file added (#121 )
ECClient (#110 )
docker image issue fixed (#118 )
Piecestore Farmer CLI (#92 )
Define Path type (#101 )
adds netstate pagination (#95 )
Transport Client (#89 )
Implement psclient interface (#107 )
pkg/process: start replacing pkg/process with cobra helpers (#98 )
protos/netstate: remove stuff we're not using (#100 )
adding coveralls / code coverage (#112 )
* responding to review feedback / cleanup / add copywrite headers
* suggestions
* realitive
* Merge pull request #1 from coyle/coyle/tls
suggestions
* remove unnecessary `_`s
* Merge branch 'tls' of github.com:bryanchriswhite/storj into tls
* 'tls' of github.com:bryanchriswhite/storj:
realitive
suggestions
* Responding to review feedback:
+ refactor `VerifyPeerCertificate`
* remove tls expiration
* remove "hosts" and "clien option" from tls options
* goimports
* linter fixes
2018-07-09 19:43:13 +02:00