Change testutils.EmptyRepo() to use a cert as the root.json root key.

This involves making it use ECDSA keys since we can't generate ED25519 certs.

Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
Ying Li 2016-01-15 19:03:07 -08:00
parent c44de7e37a
commit 0bbf979cf4
6 changed files with 192 additions and 94 deletions

View File

@ -12,8 +12,9 @@ import (
)
func TestApplyTargetsChange(t *testing.T) {
_, repo, _ := testutils.EmptyRepo()
_, err := repo.InitTargets(data.CanonicalTargetsRole)
_, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
_, err = repo.InitTargets(data.CanonicalTargetsRole)
assert.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
@ -51,8 +52,9 @@ func TestApplyTargetsChange(t *testing.T) {
// Adding the same target twice doesn't actually add it.
func TestApplyAddTargetTwice(t *testing.T) {
_, repo, _ := testutils.EmptyRepo()
_, err := repo.InitTargets(data.CanonicalTargetsRole)
_, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
_, err = repo.InitTargets(data.CanonicalTargetsRole)
assert.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
@ -96,8 +98,9 @@ func TestApplyAddTargetTwice(t *testing.T) {
}
func TestApplyChangelist(t *testing.T) {
_, repo, _ := testutils.EmptyRepo()
_, err := repo.InitTargets(data.CanonicalTargetsRole)
_, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
_, err = repo.InitTargets(data.CanonicalTargetsRole)
assert.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
@ -139,8 +142,9 @@ func TestApplyChangelist(t *testing.T) {
}
func TestApplyChangelistMulti(t *testing.T) {
_, repo, _ := testutils.EmptyRepo()
_, err := repo.InitTargets(data.CanonicalTargetsRole)
_, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
_, err = repo.InitTargets(data.CanonicalTargetsRole)
assert.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
@ -179,7 +183,8 @@ func TestApplyChangelistMulti(t *testing.T) {
}
func TestApplyTargetsDelegationCreateDelete(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
@ -236,7 +241,8 @@ func TestApplyTargetsDelegationCreateDelete(t *testing.T) {
}
func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
@ -333,7 +339,8 @@ func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) {
}
func TestApplyTargetsDelegationCreateEdit(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
@ -400,7 +407,8 @@ func TestApplyTargetsDelegationCreateEdit(t *testing.T) {
}
func TestApplyTargetsDelegationEditNonExisting(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
@ -430,7 +438,8 @@ func TestApplyTargetsDelegationEditNonExisting(t *testing.T) {
}
func TestApplyTargetsDelegationCreateAlreadyExisting(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
@ -467,7 +476,8 @@ func TestApplyTargetsDelegationCreateAlreadyExisting(t *testing.T) {
}
func TestApplyTargetsDelegationInvalidRole(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
@ -496,7 +506,8 @@ func TestApplyTargetsDelegationInvalidRole(t *testing.T) {
}
func TestApplyTargetsDelegationInvalidJSONContent(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
@ -525,7 +536,8 @@ func TestApplyTargetsDelegationInvalidJSONContent(t *testing.T) {
}
func TestApplyTargetsDelegationInvalidAction(t *testing.T) {
_, repo, _ := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
ch := changelist.NewTufChange(
"bad action",
@ -535,12 +547,13 @@ func TestApplyTargetsDelegationInvalidAction(t *testing.T) {
nil,
)
err := applyTargetsChange(repo, ch)
err = applyTargetsChange(repo, ch)
assert.Error(t, err)
}
func TestApplyTargetsChangeInvalidType(t *testing.T) {
_, repo, _ := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
ch := changelist.NewTufChange(
changelist.ActionCreate,
@ -550,7 +563,7 @@ func TestApplyTargetsChangeInvalidType(t *testing.T) {
nil,
)
err := applyTargetsChange(repo, ch)
err = applyTargetsChange(repo, ch)
assert.Error(t, err)
}
@ -558,7 +571,8 @@ func TestApplyTargetsChangeInvalidType(t *testing.T) {
// These next 2 tests check that attempting to edit an existing role to
// create an invalid role errors in both possible combinations.
func TestApplyTargetsDelegationConflictPathsPrefixes(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
@ -604,7 +618,8 @@ func TestApplyTargetsDelegationConflictPathsPrefixes(t *testing.T) {
}
func TestApplyTargetsDelegationConflictPrefixesPaths(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
@ -650,7 +665,8 @@ func TestApplyTargetsDelegationConflictPrefixesPaths(t *testing.T) {
}
func TestApplyTargetsDelegationCreateInvalid(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
@ -680,7 +696,8 @@ func TestApplyTargetsDelegationCreateInvalid(t *testing.T) {
}
func TestApplyTargetsDelegationCreate2Deep(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
@ -760,11 +777,12 @@ func TestApplyTargetsDelegationCreate2Deep(t *testing.T) {
// Applying a delegation whose parent doesn't exist fails.
func TestApplyTargetsDelegationParentDoesntExist(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
// make sure a key exists for the previous level, so it's not a missing
// key error, but we don't care about this key
_, err := cs.Create("targets/level1", data.ED25519Key)
_, err = cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1/level2", data.ED25519Key)
@ -795,7 +813,8 @@ func TestApplyTargetsDelegationParentDoesntExist(t *testing.T) {
// If there is no delegation target, ApplyTargets creates it
func TestApplyChangelistCreatesDelegation(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
@ -833,7 +852,8 @@ func TestApplyChangelistCreatesDelegation(t *testing.T) {
// Each change applies only to the role specified
func TestApplyChangelistTargetsToMultipleRoles(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
@ -881,7 +901,8 @@ func TestApplyChangelistTargetsToMultipleRoles(t *testing.T) {
// ApplyTargets falls back to role that exists when adding or deleting a change
func TestApplyChangelistTargetsFallbackRoles(t *testing.T) {
_, repo, _ := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
@ -922,7 +943,8 @@ func TestApplyChangelistTargetsFallbackRoles(t *testing.T) {
// changeTargetMeta fallback fails with ErrInvalidRole if role is invalid
func TestChangeTargetMetaFallbackFailsInvalidRole(t *testing.T) {
_, repo, _ := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
@ -948,7 +970,8 @@ func TestChangeTargetMetaFallbackFailsInvalidRole(t *testing.T) {
// If applying a change fails due to a prefix error, it does not fall back
// on the parent.
func TestChangeTargetMetaDoesntFallbackIfPrefixError(t *testing.T) {
_, repo, cs := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)

View File

@ -173,7 +173,8 @@ func TestGetKeyHandlerCreatesOnce(t *testing.T) {
func TestGetHandlerRoot(t *testing.T) {
metaStore := storage.NewMemStorage()
_, repo, _ := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
ctx := context.Background()
ctx = context.WithValue(ctx, "metaStore", metaStore)
@ -200,7 +201,8 @@ func TestGetHandlerRoot(t *testing.T) {
func TestGetHandlerTimestamp(t *testing.T) {
metaStore := storage.NewMemStorage()
_, repo, crypto := testutils.EmptyRepo()
_, repo, crypto, err := testutils.EmptyRepo()
assert.NoError(t, err)
ctx := getContext(handlerState{store: metaStore, crypto: crypto})
@ -233,7 +235,8 @@ func TestGetHandlerTimestamp(t *testing.T) {
func TestGetHandlerSnapshot(t *testing.T) {
metaStore := storage.NewMemStorage()
_, repo, crypto := testutils.EmptyRepo()
_, repo, crypto, err := testutils.EmptyRepo()
assert.NoError(t, err)
ctx := getContext(handlerState{store: metaStore, crypto: crypto})
@ -320,7 +323,8 @@ func TestAtomicUpdateValidationFailurePropagated(t *testing.T) {
gun := "testGUN"
vars := map[string]string{"imageName": gun}
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
copyTimestampKey(t, kdb, metaStore, gun)
state := handlerState{store: metaStore, crypto: cs}
@ -361,7 +365,8 @@ func TestAtomicUpdateNonValidationFailureNotPropagated(t *testing.T) {
gun := "testGUN"
vars := map[string]string{"imageName": gun}
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
copyTimestampKey(t, kdb, metaStore, gun)
state := handlerState{store: &failStore{*metaStore}, crypto: cs}
@ -401,7 +406,8 @@ func TestAtomicUpdateVersionErrorPropagated(t *testing.T) {
gun := "testGUN"
vars := map[string]string{"imageName": gun}
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
copyTimestampKey(t, kdb, metaStore, gun)
state := handlerState{store: &invalidVersionStore{*metaStore}, crypto: cs}

View File

@ -69,7 +69,8 @@ func getUpdates(r, tg, sn, ts *data.Signed) (
}
func TestValidateEmptyNew(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -85,7 +86,8 @@ func TestValidateEmptyNew(t *testing.T) {
}
func TestValidateNoNewRoot(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -102,7 +104,8 @@ func TestValidateNoNewRoot(t *testing.T) {
}
func TestValidateNoNewTargets(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -119,7 +122,8 @@ func TestValidateNoNewTargets(t *testing.T) {
}
func TestValidateOnlySnapshot(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -138,7 +142,8 @@ func TestValidateOnlySnapshot(t *testing.T) {
}
func TestValidateOldRoot(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -155,7 +160,8 @@ func TestValidateOldRoot(t *testing.T) {
}
func TestValidateRootRotation(t *testing.T) {
kdb, repo, crypto := testutils.EmptyRepo()
kdb, repo, crypto, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -200,7 +206,8 @@ func TestValidateRootRotation(t *testing.T) {
}
func TestValidateNoRoot(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -217,7 +224,8 @@ func TestValidateNoRoot(t *testing.T) {
}
func TestValidateSnapshotMissing(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -234,7 +242,8 @@ func TestValidateSnapshotMissing(t *testing.T) {
}
func TestValidateSnapshotGenerateNoPrev(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
@ -258,7 +267,8 @@ func TestValidateSnapshotGenerateNoPrev(t *testing.T) {
}
func TestValidateSnapshotGenerateWithPrev(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
@ -298,7 +308,8 @@ func TestValidateSnapshotGenerateWithPrev(t *testing.T) {
}
func TestValidateSnapshotGeneratePrevCorrupt(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
@ -328,7 +339,8 @@ func TestValidateSnapshotGeneratePrevCorrupt(t *testing.T) {
}
func TestValidateSnapshotGenerateNoTargets(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
@ -352,7 +364,8 @@ func TestValidateSnapshotGenerateNoTargets(t *testing.T) {
}
func TestValidateSnapshotGenerate(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
@ -381,7 +394,8 @@ func TestValidateSnapshotGenerate(t *testing.T) {
// happen if pushing an existing repository from one server to another that
// does not have the repo.
func TestValidateRootNoTimestampKey(t *testing.T) {
_, oldRepo, cs := testutils.EmptyRepo()
_, oldRepo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
r, tg, sn, ts, err := testutils.Sign(oldRepo)
assert.NoError(t, err)
@ -412,7 +426,8 @@ func TestValidateRootNoTimestampKey(t *testing.T) {
// repository from one server to another that had already initialized the same
// repo.
func TestValidateRootInvalidTimestampKey(t *testing.T) {
_, oldRepo, cs := testutils.EmptyRepo()
_, oldRepo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
r, tg, sn, ts, err := testutils.Sign(oldRepo)
assert.NoError(t, err)
@ -434,7 +449,8 @@ func TestValidateRootInvalidTimestampKey(t *testing.T) {
// If the timestamp role has a threshold > 1, validation fails.
func TestValidateRootInvalidTimestampThreshold(t *testing.T) {
kdb, oldRepo, cs := testutils.EmptyRepo()
kdb, oldRepo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
tsRole, ok := oldRepo.Root.Signed.Roles[data.CanonicalTimestampRole]
assert.True(t, ok)
tsRole.Threshold = 2
@ -456,7 +472,8 @@ func TestValidateRootInvalidTimestampThreshold(t *testing.T) {
// If any role has a threshold < 1, validation fails
func TestValidateRootInvalidZeroThreshold(t *testing.T) {
for _, role := range data.BaseRoles {
kdb, oldRepo, cs := testutils.EmptyRepo()
kdb, oldRepo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
tsRole, ok := oldRepo.Root.Signed.Roles[role]
assert.True(t, ok)
tsRole.Threshold = 0
@ -480,7 +497,8 @@ func TestValidateRootInvalidZeroThreshold(t *testing.T) {
// These tests remove a role from the Root file and
// check for a validation.ErrBadRoot
func TestValidateRootRoleMissing(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
delete(repo.Root.Signed.Roles, "root")
@ -499,7 +517,8 @@ func TestValidateRootRoleMissing(t *testing.T) {
}
func TestValidateTargetsRoleMissing(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
delete(repo.Root.Signed.Roles, "targets")
@ -518,7 +537,8 @@ func TestValidateTargetsRoleMissing(t *testing.T) {
}
func TestValidateSnapshotRoleMissing(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
delete(repo.Root.Signed.Roles, "snapshot")
@ -540,7 +560,8 @@ func TestValidateSnapshotRoleMissing(t *testing.T) {
// ### Signature missing negative tests ###
func TestValidateRootSigMissing(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
delete(repo.Root.Signed.Roles, "snapshot")
@ -562,7 +583,8 @@ func TestValidateRootSigMissing(t *testing.T) {
}
func TestValidateTargetsSigMissing(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -582,7 +604,8 @@ func TestValidateTargetsSigMissing(t *testing.T) {
}
func TestValidateSnapshotSigMissing(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -605,7 +628,8 @@ func TestValidateSnapshotSigMissing(t *testing.T) {
// ### Corrupted metadata negative tests ###
func TestValidateRootCorrupt(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -625,7 +649,8 @@ func TestValidateRootCorrupt(t *testing.T) {
}
func TestValidateTargetsCorrupt(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -645,7 +670,8 @@ func TestValidateTargetsCorrupt(t *testing.T) {
}
func TestValidateSnapshotCorrupt(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -668,7 +694,8 @@ func TestValidateSnapshotCorrupt(t *testing.T) {
// ### Snapshot size mismatch negative tests ###
func TestValidateRootModifiedSize(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -692,7 +719,8 @@ func TestValidateRootModifiedSize(t *testing.T) {
}
func TestValidateTargetsModifiedSize(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -716,7 +744,8 @@ func TestValidateTargetsModifiedSize(t *testing.T) {
// ### Snapshot hash mismatch negative tests ###
func TestValidateRootModifiedHash(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -741,7 +770,8 @@ func TestValidateRootModifiedHash(t *testing.T) {
}
func TestValidateTargetsModifiedHash(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
@ -776,10 +806,11 @@ func TestGenerateSnapshotNoRole(t *testing.T) {
}
func TestGenerateSnapshotNoKey(t *testing.T) {
kdb, _, _ := testutils.EmptyRepo()
kdb, _, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
_, err := generateSnapshot("gun", kdb, nil, store)
_, err = generateSnapshot("gun", kdb, nil, store)
assert.Error(t, err)
assert.IsType(t, validation.ErrBadHierarchy{}, err)
}
@ -788,7 +819,8 @@ func TestGenerateSnapshotNoKey(t *testing.T) {
// ### Target validation with delegations tests
func TestLoadTargetsFromStore(t *testing.T) {
_, repo, _ := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
st, err := repo.SignTargets(
@ -828,7 +860,8 @@ func TestLoadTargetsFromStore(t *testing.T) {
}
func TestValidateTargetsLoadParent(t *testing.T) {
_, baseRepo, cs := testutils.EmptyRepo()
_, baseRepo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
k, err := cs.Create("targets/level1", data.ED25519Key)
@ -879,7 +912,8 @@ func TestValidateTargetsLoadParent(t *testing.T) {
}
func TestValidateTargetsParentInUpdate(t *testing.T) {
_, baseRepo, cs := testutils.EmptyRepo()
_, baseRepo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
k, err := cs.Create("targets/level1", data.ED25519Key)
@ -936,7 +970,8 @@ func TestValidateTargetsParentInUpdate(t *testing.T) {
}
func TestValidateTargetsParentNotFound(t *testing.T) {
_, baseRepo, cs := testutils.EmptyRepo()
_, baseRepo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
k, err := cs.Create("targets/level1", data.ED25519Key)
@ -973,7 +1008,8 @@ func TestValidateTargetsParentNotFound(t *testing.T) {
}
func TestValidateTargetsRoleNotInParent(t *testing.T) {
kdb, baseRepo, cs := testutils.EmptyRepo()
kdb, baseRepo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
store := storage.NewMemStorage()
k, err := cs.Create("targets/level1", data.ED25519Key)

View File

@ -37,7 +37,8 @@ func TestValidationErrorFormat(t *testing.T) {
http.DefaultTransport,
)
_, repo, _ := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
r, tg, sn, ts, err := testutils.Sign(repo)
assert.NoError(t, err)
rs, _, _, _, err := testutils.Serialize(r, tg, sn, ts)

View File

@ -312,7 +312,8 @@ func TestSizeMismatchShort(t *testing.T) {
}
func TestDownloadTargetsHappy(t *testing.T) {
kdb, repo, _ := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, kdb, localStorage)
@ -332,7 +333,8 @@ func TestDownloadTargetsHappy(t *testing.T) {
}
func TestDownloadTargetsDeepHappy(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, kdb, localStorage)
@ -406,7 +408,8 @@ func TestDownloadTargetsDeepHappy(t *testing.T) {
}
func TestDownloadTargetChecksumMismatch(t *testing.T) {
kdb, repo, _ := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, kdb, localStorage)
@ -446,7 +449,8 @@ func TestDownloadTargetChecksumMismatch(t *testing.T) {
// TestDownloadTargetsNoChecksum: it's never valid to download any targets
// role (incl. delegations) when a checksum is not available.
func TestDownloadTargetsNoChecksum(t *testing.T) {
kdb, repo, _ := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, kdb, localStorage)
@ -468,7 +472,8 @@ func TestDownloadTargetsNoChecksum(t *testing.T) {
// TestDownloadTargetsNoSnapshot: it's never valid to download any targets
// role (incl. delegations) when a checksum is not available.
func TestDownloadTargetsNoSnapshot(t *testing.T) {
kdb, repo, _ := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, kdb, localStorage)
@ -488,7 +493,8 @@ func TestDownloadTargetsNoSnapshot(t *testing.T) {
}
func TestBootstrapDownloadRootHappy(t *testing.T) {
kdb, repo, _ := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, kdb, localStorage)
@ -509,7 +515,8 @@ func TestBootstrapDownloadRootHappy(t *testing.T) {
}
func TestUpdateDownloadRootHappy(t *testing.T) {
kdb, repo, _ := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, kdb, localStorage)
@ -530,13 +537,14 @@ func TestUpdateDownloadRootHappy(t *testing.T) {
}
func TestUpdateDownloadRootBadChecksum(t *testing.T) {
kdb, repo, _ := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, kdb, localStorage)
// sign snapshot to make sure we have a checksum for root
_, err := repo.SignSnapshot(data.DefaultExpires("snapshot"))
_, err = repo.SignSnapshot(data.DefaultExpires("snapshot"))
assert.NoError(t, err)
// create and "upload" sample root, snapshot, and timestamp
@ -554,7 +562,8 @@ func TestUpdateDownloadRootBadChecksum(t *testing.T) {
}
func TestDownloadTimestampHappy(t *testing.T) {
kdb, repo, _ := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, kdb, localStorage)
@ -572,7 +581,8 @@ func TestDownloadTimestampHappy(t *testing.T) {
}
func TestDownloadSnapshotHappy(t *testing.T) {
kdb, repo, _ := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, kdb, localStorage)
@ -599,7 +609,8 @@ func TestDownloadSnapshotHappy(t *testing.T) {
// TestDownloadSnapshotNoChecksum: It should never be valid to download a
// snapshot if we don't have a checksum
func TestDownloadSnapshotNoTimestamp(t *testing.T) {
kdb, repo, _ := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, kdb, localStorage)
@ -619,7 +630,8 @@ func TestDownloadSnapshotNoTimestamp(t *testing.T) {
}
func TestDownloadSnapshotNoChecksum(t *testing.T) {
kdb, repo, _ := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, kdb, localStorage)
@ -639,13 +651,14 @@ func TestDownloadSnapshotNoChecksum(t *testing.T) {
}
func TestDownloadSnapshotBadChecksum(t *testing.T) {
kdb, repo, _ := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo()
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, kdb, localStorage)
// sign timestamp to ensure it has a checksum for snapshot
_, err := repo.SignTimestamp(data.DefaultExpires("timestamp"))
_, err = repo.SignTimestamp(data.DefaultExpires("timestamp"))
assert.NoError(t, err)
// create and "upload" sample snapshot and timestamp
@ -667,7 +680,8 @@ func TestDownloadSnapshotBadChecksum(t *testing.T) {
// was found. If the path doesn't exist in that role subtree, returns
// nil and an empty string.
func TestTargetMeta(t *testing.T) {
kdb, repo, cs := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo()
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, nil, kdb, localStorage)

View File

@ -5,6 +5,9 @@ import (
"math/rand"
"time"
"github.com/docker/notary/cryptoservice"
"github.com/docker/notary/passphrase"
"github.com/docker/notary/trustmanager"
"github.com/docker/notary/tuf/data"
"github.com/docker/notary/tuf/utils"
fuzz "github.com/google/gofuzz"
@ -16,20 +19,35 @@ import (
// EmptyRepo creates an in memory key database, crypto service
// and initializes a repo with no targets or delegations.
func EmptyRepo() (*keys.KeyDB, *tuf.Repo, signed.CryptoService) {
c := signed.NewEd25519()
func EmptyRepo() (*keys.KeyDB, *tuf.Repo, signed.CryptoService, error) {
c := cryptoservice.NewCryptoService(
"", trustmanager.NewKeyMemoryStore(passphrase.ConstantRetriever("")))
kdb := keys.NewDB()
r := tuf.NewRepo(kdb, c)
for _, role := range []string{"root", "targets", "snapshot", "timestamp"} {
key, _ := c.Create(role, data.ED25519Key)
key, _ := c.Create(role, data.ECDSAKey)
if role == "root" {
start := time.Now().AddDate(0, 0, -1)
privKey, _, err := c.GetPrivateKey(key.ID())
if err != nil {
return nil, nil, nil, err
}
cert, err := cryptoservice.GenerateCertificate(
privKey, role, start, start.AddDate(1, 0, 0),
)
if err != nil {
return nil, nil, nil, err
}
key = data.NewECDSAx509PublicKey(trustmanager.CertToPEM(cert))
}
role, _ := data.NewRole(role, 1, []string{key.ID()}, nil, nil)
kdb.AddKey(key)
kdb.AddRole(role)
}
r.InitRepo(false)
return kdb, r, c
return kdb, r, c, nil
}
// AddTarget generates a fake target and adds it to a repo.