10 "github.com/docker/docker/pkg/ioutils"
11 "github.com/docker/docker/pkg/system"
12 "github.com/docker/libtrust"
15 // Common constants for daemon and client.
17 // DefaultVersion of Current REST API
18 DefaultVersion string = "1.31"
20 // NoBaseImageSpecifier is the symbol used by the FROM
21 // command to specify that no base image is to be used.
22 NoBaseImageSpecifier string = "scratch"
25 // LoadOrCreateTrustKey attempts to load the libtrust key at the given path,
26 // otherwise generates a new one
27 func LoadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
28 err := system.MkdirAll(filepath.Dir(trustKeyPath), 0700, "")
32 trustKey, err := libtrust.LoadKeyFile(trustKeyPath)
33 if err == libtrust.ErrKeyFileDoesNotExist {
34 trustKey, err = libtrust.GenerateECP256PrivateKey()
36 return nil, fmt.Errorf("Error generating key: %s", err)
38 encodedKey, err := serializePrivateKey(trustKey, filepath.Ext(trustKeyPath))
40 return nil, fmt.Errorf("Error serializing key: %s", err)
42 if err := ioutils.AtomicWriteFile(trustKeyPath, encodedKey, os.FileMode(0600)); err != nil {
43 return nil, fmt.Errorf("Error saving key file: %s", err)
45 } else if err != nil {
46 return nil, fmt.Errorf("Error loading key file %s: %s", trustKeyPath, err)
51 func serializePrivateKey(key libtrust.PrivateKey, ext string) (encoded []byte, err error) {
52 if ext == ".json" || ext == ".jwk" {
53 encoded, err = json.Marshal(key)
55 return nil, fmt.Errorf("unable to encode private key JWK: %s", err)
58 pemBlock, err := key.PEMBlock()
60 return nil, fmt.Errorf("unable to encode private key PEM: %s", err)
62 encoded = pem.EncodeToMemory(pemBlock)