mirror of https://github.com/docker/docs.git
Return an error if unable to encrypt a key as a valid PEM file
Also address review comments and fix semantic conflict after rebase. Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
Ying Li
parent
fa788cb2a9
commit
0465365fb6
|
|
@ -1588,19 +1588,12 @@ func TestPublishDelegations(t *testing.T) {
|
||||||
// this is just a sanity test to make sure Publish calls it correctly and
|
// this is just a sanity test to make sure Publish calls it correctly and
|
||||||
// no fallback happens.
|
// no fallback happens.
|
||||||
func TestPublishDelegationsX509(t *testing.T) {
|
func TestPublishDelegationsX509(t *testing.T) {
|
||||||
var tempDirs [2]string
|
|
||||||
for i := 0; i < 2; i++ {
|
|
||||||
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
|
|
||||||
assert.NoError(t, err, "failed to create a temporary directory: %s", err)
|
|
||||||
defer os.RemoveAll(tempBaseDir)
|
|
||||||
tempDirs[i] = tempBaseDir
|
|
||||||
}
|
|
||||||
|
|
||||||
gun := "docker.com/notary"
|
|
||||||
ts := fullTestServer(t)
|
ts := fullTestServer(t)
|
||||||
defer ts.Close()
|
defer ts.Close()
|
||||||
|
|
||||||
repo1, _ := initializeRepo(t, data.ECDSAKey, tempDirs[0], gun, ts.URL, false)
|
repo1, _ := initializeRepo(t, data.ECDSAKey, "docker.com/notary", ts.URL, false)
|
||||||
|
defer os.RemoveAll(repo1.baseDir)
|
||||||
|
|
||||||
delgKey, err := repo1.CryptoService.Create("targets/a", data.ECDSAKey)
|
delgKey, err := repo1.CryptoService.Create("targets/a", data.ECDSAKey)
|
||||||
assert.NoError(t, err, "error creating delegation key")
|
assert.NoError(t, err, "error creating delegation key")
|
||||||
|
|
||||||
|
|
@ -1633,9 +1626,8 @@ func TestPublishDelegationsX509(t *testing.T) {
|
||||||
assert.Len(t, getChanges(t, repo1), 1, "wrong number of changelist files found")
|
assert.Len(t, getChanges(t, repo1), 1, "wrong number of changelist files found")
|
||||||
|
|
||||||
// Create a new repo and pull from the server
|
// Create a new repo and pull from the server
|
||||||
repo2, err := NewNotaryRepository(tempDirs[1], gun, ts.URL,
|
repo2 := newRepoToTestRepo(t, repo1)
|
||||||
http.DefaultTransport, passphraseRetriever)
|
defer os.RemoveAll(repo2.baseDir)
|
||||||
assert.NoError(t, err, "error creating repository: %s", err)
|
|
||||||
|
|
||||||
// pull
|
// pull
|
||||||
_, err = repo2.ListTargets()
|
_, err = repo2.ListTargets()
|
||||||
|
|
|
||||||
|
|
@ -254,7 +254,6 @@ func listKeys(s LimitedFileStore) map[string]string {
|
||||||
// read it as a PEM
|
// read it as a PEM
|
||||||
underscoreIndex := strings.LastIndex(keyIDFull, "_")
|
underscoreIndex := strings.LastIndex(keyIDFull, "_")
|
||||||
if underscoreIndex == -1 {
|
if underscoreIndex == -1 {
|
||||||
keyID := keyIDFull
|
|
||||||
d, err := s.Get(f)
|
d, err := s.Get(f)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.Error(err)
|
logrus.Error(err)
|
||||||
|
|
@ -265,7 +264,7 @@ func listKeys(s LimitedFileStore) map[string]string {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
if role, ok := block.Headers["role"]; ok {
|
if role, ok := block.Headers["role"]; ok {
|
||||||
keyIDMap[keyID] = role
|
keyIDMap[keyIDFull] = role
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// The keyID is the first part of the keyname
|
// The keyID is the first part of the keyname
|
||||||
|
|
|
||||||
|
|
@ -452,7 +452,7 @@ func EncryptPrivateKey(key data.PrivateKey, role, passphrase string) ([]byte, er
|
||||||
}
|
}
|
||||||
|
|
||||||
if encryptedPEMBlock.Headers == nil {
|
if encryptedPEMBlock.Headers == nil {
|
||||||
encryptedPEMBlock.Headers = make(map[string]string)
|
return nil, fmt.Errorf("unable to encrypt key - invalid PEM file produced")
|
||||||
}
|
}
|
||||||
encryptedPEMBlock.Headers["role"] = role
|
encryptedPEMBlock.Headers["role"] = role
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue