Return an error if unable to encrypt a key as a valid PEM file

Also address review comments and fix semantic conflict after rebase. Signed-off-by: Ying Li <ying.li@docker.com>
2015-12-23 09:44:48 -08:00 · 2015-12-23 09:44:48 -08:00 · 0465365fb6
parent fa788cb2a9
commit 0465365fb6
3 changed files with 7 additions and 16 deletions
--- a/client/client_test.go
+++ b/client/client_test.go
@ -1588,19 +1588,12 @@ func TestPublishDelegations(t *testing.T) {
 // this is just a sanity test to make sure Publish calls it correctly and
 // no fallback happens.
 func TestPublishDelegationsX509(t *testing.T) {
-	var tempDirs [2]string
-	for i := 0; i < 2; i++ {
-		tempBaseDir, err := ioutil.TempDir("", "notary-test-")
-		assert.NoError(t, err, "failed to create a temporary directory: %s", err)
-		defer os.RemoveAll(tempBaseDir)
-		tempDirs[i] = tempBaseDir
-	}
-
-	gun := "docker.com/notary"
 	ts := fullTestServer(t)
 	defer ts.Close()

-	repo1, _ := initializeRepo(t, data.ECDSAKey, tempDirs[0], gun, ts.URL, false)
+	repo1, _ := initializeRepo(t, data.ECDSAKey, "docker.com/notary", ts.URL, false)
+	defer os.RemoveAll(repo1.baseDir)
+
 	delgKey, err := repo1.CryptoService.Create("targets/a", data.ECDSAKey)
 	assert.NoError(t, err, "error creating delegation key")

@ -1633,9 +1626,8 @@ func TestPublishDelegationsX509(t *testing.T) {
 	assert.Len(t, getChanges(t, repo1), 1, "wrong number of changelist files found")

 	// Create a new repo and pull from the server
-	repo2, err := NewNotaryRepository(tempDirs[1], gun, ts.URL,
-		http.DefaultTransport, passphraseRetriever)
-	assert.NoError(t, err, "error creating repository: %s", err)
+	repo2 := newRepoToTestRepo(t, repo1)
+	defer os.RemoveAll(repo2.baseDir)

 	// pull
 	_, err = repo2.ListTargets()
--- a/trustmanager/keyfilestore.go
+++ b/trustmanager/keyfilestore.go
@ -254,7 +254,6 @@ func listKeys(s LimitedFileStore) map[string]string {
 		// read it as a PEM
 		underscoreIndex := strings.LastIndex(keyIDFull, "_")
 		if underscoreIndex == -1 {
-			keyID := keyIDFull
 			d, err := s.Get(f)
 			if err != nil {
 				logrus.Error(err)
@ -265,7 +264,7 @@ func listKeys(s LimitedFileStore) map[string]string {
 				continue
 			}
 			if role, ok := block.Headers["role"]; ok {
-				keyIDMap[keyID] = role
+				keyIDMap[keyIDFull] = role
 			}
 		} else {
 			// The keyID is the first part of the keyname
--- a/trustmanager/x509utils.go
+++ b/trustmanager/x509utils.go
@ -452,7 +452,7 @@ func EncryptPrivateKey(key data.PrivateKey, role, passphrase string) ([]byte, er
 	}

 	if encryptedPEMBlock.Headers == nil {
-		encryptedPEMBlock.Headers = make(map[string]string)
+		return nil, fmt.Errorf("unable to encrypt key - invalid PEM file produced")
 	}
 	encryptedPEMBlock.Headers["role"] = role