mirror of https://github.com/docker/docs.git
Change testutils.EmptyRepo() to use a cert as the root.json root key.
This involves making it use ECDSA keys since we can't generate ED25519 certs. Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
parent
c44de7e37a
commit
0bbf979cf4
|
@ -12,8 +12,9 @@ import (
|
|||
)
|
||||
|
||||
func TestApplyTargetsChange(t *testing.T) {
|
||||
_, repo, _ := testutils.EmptyRepo()
|
||||
_, err := repo.InitTargets(data.CanonicalTargetsRole)
|
||||
_, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
_, err = repo.InitTargets(data.CanonicalTargetsRole)
|
||||
assert.NoError(t, err)
|
||||
hash := sha256.Sum256([]byte{})
|
||||
f := &data.FileMeta{
|
||||
|
@ -51,8 +52,9 @@ func TestApplyTargetsChange(t *testing.T) {
|
|||
|
||||
// Adding the same target twice doesn't actually add it.
|
||||
func TestApplyAddTargetTwice(t *testing.T) {
|
||||
_, repo, _ := testutils.EmptyRepo()
|
||||
_, err := repo.InitTargets(data.CanonicalTargetsRole)
|
||||
_, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
_, err = repo.InitTargets(data.CanonicalTargetsRole)
|
||||
assert.NoError(t, err)
|
||||
hash := sha256.Sum256([]byte{})
|
||||
f := &data.FileMeta{
|
||||
|
@ -96,8 +98,9 @@ func TestApplyAddTargetTwice(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestApplyChangelist(t *testing.T) {
|
||||
_, repo, _ := testutils.EmptyRepo()
|
||||
_, err := repo.InitTargets(data.CanonicalTargetsRole)
|
||||
_, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
_, err = repo.InitTargets(data.CanonicalTargetsRole)
|
||||
assert.NoError(t, err)
|
||||
hash := sha256.Sum256([]byte{})
|
||||
f := &data.FileMeta{
|
||||
|
@ -139,8 +142,9 @@ func TestApplyChangelist(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestApplyChangelistMulti(t *testing.T) {
|
||||
_, repo, _ := testutils.EmptyRepo()
|
||||
_, err := repo.InitTargets(data.CanonicalTargetsRole)
|
||||
_, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
_, err = repo.InitTargets(data.CanonicalTargetsRole)
|
||||
assert.NoError(t, err)
|
||||
hash := sha256.Sum256([]byte{})
|
||||
f := &data.FileMeta{
|
||||
|
@ -179,7 +183,8 @@ func TestApplyChangelistMulti(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestApplyTargetsDelegationCreateDelete(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
@ -236,7 +241,8 @@ func TestApplyTargetsDelegationCreateDelete(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
@ -333,7 +339,8 @@ func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestApplyTargetsDelegationCreateEdit(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
@ -400,7 +407,8 @@ func TestApplyTargetsDelegationCreateEdit(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestApplyTargetsDelegationEditNonExisting(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
@ -430,7 +438,8 @@ func TestApplyTargetsDelegationEditNonExisting(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestApplyTargetsDelegationCreateAlreadyExisting(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
@ -467,7 +476,8 @@ func TestApplyTargetsDelegationCreateAlreadyExisting(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestApplyTargetsDelegationInvalidRole(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
@ -496,7 +506,8 @@ func TestApplyTargetsDelegationInvalidRole(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestApplyTargetsDelegationInvalidJSONContent(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
@ -525,7 +536,8 @@ func TestApplyTargetsDelegationInvalidJSONContent(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestApplyTargetsDelegationInvalidAction(t *testing.T) {
|
||||
_, repo, _ := testutils.EmptyRepo()
|
||||
_, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
ch := changelist.NewTufChange(
|
||||
"bad action",
|
||||
|
@ -535,12 +547,13 @@ func TestApplyTargetsDelegationInvalidAction(t *testing.T) {
|
|||
nil,
|
||||
)
|
||||
|
||||
err := applyTargetsChange(repo, ch)
|
||||
err = applyTargetsChange(repo, ch)
|
||||
assert.Error(t, err)
|
||||
}
|
||||
|
||||
func TestApplyTargetsChangeInvalidType(t *testing.T) {
|
||||
_, repo, _ := testutils.EmptyRepo()
|
||||
_, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
ch := changelist.NewTufChange(
|
||||
changelist.ActionCreate,
|
||||
|
@ -550,7 +563,7 @@ func TestApplyTargetsChangeInvalidType(t *testing.T) {
|
|||
nil,
|
||||
)
|
||||
|
||||
err := applyTargetsChange(repo, ch)
|
||||
err = applyTargetsChange(repo, ch)
|
||||
assert.Error(t, err)
|
||||
}
|
||||
|
||||
|
@ -558,7 +571,8 @@ func TestApplyTargetsChangeInvalidType(t *testing.T) {
|
|||
// These next 2 tests check that attempting to edit an existing role to
|
||||
// create an invalid role errors in both possible combinations.
|
||||
func TestApplyTargetsDelegationConflictPathsPrefixes(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
@ -604,7 +618,8 @@ func TestApplyTargetsDelegationConflictPathsPrefixes(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestApplyTargetsDelegationConflictPrefixesPaths(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
@ -650,7 +665,8 @@ func TestApplyTargetsDelegationConflictPrefixesPaths(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestApplyTargetsDelegationCreateInvalid(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
@ -680,7 +696,8 @@ func TestApplyTargetsDelegationCreateInvalid(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestApplyTargetsDelegationCreate2Deep(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
@ -760,11 +777,12 @@ func TestApplyTargetsDelegationCreate2Deep(t *testing.T) {
|
|||
|
||||
// Applying a delegation whose parent doesn't exist fails.
|
||||
func TestApplyTargetsDelegationParentDoesntExist(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
// make sure a key exists for the previous level, so it's not a missing
|
||||
// key error, but we don't care about this key
|
||||
_, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
_, err = cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1/level2", data.ED25519Key)
|
||||
|
@ -795,7 +813,8 @@ func TestApplyTargetsDelegationParentDoesntExist(t *testing.T) {
|
|||
|
||||
// If there is no delegation target, ApplyTargets creates it
|
||||
func TestApplyChangelistCreatesDelegation(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
@ -833,7 +852,8 @@ func TestApplyChangelistCreatesDelegation(t *testing.T) {
|
|||
|
||||
// Each change applies only to the role specified
|
||||
func TestApplyChangelistTargetsToMultipleRoles(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
@ -881,7 +901,8 @@ func TestApplyChangelistTargetsToMultipleRoles(t *testing.T) {
|
|||
|
||||
// ApplyTargets falls back to role that exists when adding or deleting a change
|
||||
func TestApplyChangelistTargetsFallbackRoles(t *testing.T) {
|
||||
_, repo, _ := testutils.EmptyRepo()
|
||||
_, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
hash := sha256.Sum256([]byte{})
|
||||
f := &data.FileMeta{
|
||||
|
@ -922,7 +943,8 @@ func TestApplyChangelistTargetsFallbackRoles(t *testing.T) {
|
|||
|
||||
// changeTargetMeta fallback fails with ErrInvalidRole if role is invalid
|
||||
func TestChangeTargetMetaFallbackFailsInvalidRole(t *testing.T) {
|
||||
_, repo, _ := testutils.EmptyRepo()
|
||||
_, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
hash := sha256.Sum256([]byte{})
|
||||
f := &data.FileMeta{
|
||||
|
@ -948,7 +970,8 @@ func TestChangeTargetMetaFallbackFailsInvalidRole(t *testing.T) {
|
|||
// If applying a change fails due to a prefix error, it does not fall back
|
||||
// on the parent.
|
||||
func TestChangeTargetMetaDoesntFallbackIfPrefixError(t *testing.T) {
|
||||
_, repo, cs := testutils.EmptyRepo()
|
||||
_, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
newKey, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
assert.NoError(t, err)
|
||||
|
|
|
@ -173,7 +173,8 @@ func TestGetKeyHandlerCreatesOnce(t *testing.T) {
|
|||
|
||||
func TestGetHandlerRoot(t *testing.T) {
|
||||
metaStore := storage.NewMemStorage()
|
||||
_, repo, _ := testutils.EmptyRepo()
|
||||
_, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
ctx := context.Background()
|
||||
ctx = context.WithValue(ctx, "metaStore", metaStore)
|
||||
|
@ -200,7 +201,8 @@ func TestGetHandlerRoot(t *testing.T) {
|
|||
|
||||
func TestGetHandlerTimestamp(t *testing.T) {
|
||||
metaStore := storage.NewMemStorage()
|
||||
_, repo, crypto := testutils.EmptyRepo()
|
||||
_, repo, crypto, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
ctx := getContext(handlerState{store: metaStore, crypto: crypto})
|
||||
|
||||
|
@ -233,7 +235,8 @@ func TestGetHandlerTimestamp(t *testing.T) {
|
|||
|
||||
func TestGetHandlerSnapshot(t *testing.T) {
|
||||
metaStore := storage.NewMemStorage()
|
||||
_, repo, crypto := testutils.EmptyRepo()
|
||||
_, repo, crypto, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
ctx := getContext(handlerState{store: metaStore, crypto: crypto})
|
||||
|
||||
|
@ -320,7 +323,8 @@ func TestAtomicUpdateValidationFailurePropagated(t *testing.T) {
|
|||
gun := "testGUN"
|
||||
vars := map[string]string{"imageName": gun}
|
||||
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
copyTimestampKey(t, kdb, metaStore, gun)
|
||||
state := handlerState{store: metaStore, crypto: cs}
|
||||
|
||||
|
@ -361,7 +365,8 @@ func TestAtomicUpdateNonValidationFailureNotPropagated(t *testing.T) {
|
|||
gun := "testGUN"
|
||||
vars := map[string]string{"imageName": gun}
|
||||
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
copyTimestampKey(t, kdb, metaStore, gun)
|
||||
state := handlerState{store: &failStore{*metaStore}, crypto: cs}
|
||||
|
||||
|
@ -401,7 +406,8 @@ func TestAtomicUpdateVersionErrorPropagated(t *testing.T) {
|
|||
gun := "testGUN"
|
||||
vars := map[string]string{"imageName": gun}
|
||||
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
copyTimestampKey(t, kdb, metaStore, gun)
|
||||
state := handlerState{store: &invalidVersionStore{*metaStore}, crypto: cs}
|
||||
|
||||
|
|
|
@ -69,7 +69,8 @@ func getUpdates(r, tg, sn, ts *data.Signed) (
|
|||
}
|
||||
|
||||
func TestValidateEmptyNew(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -85,7 +86,8 @@ func TestValidateEmptyNew(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateNoNewRoot(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -102,7 +104,8 @@ func TestValidateNoNewRoot(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateNoNewTargets(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -119,7 +122,8 @@ func TestValidateNoNewTargets(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateOnlySnapshot(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -138,7 +142,8 @@ func TestValidateOnlySnapshot(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateOldRoot(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -155,7 +160,8 @@ func TestValidateOldRoot(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateRootRotation(t *testing.T) {
|
||||
kdb, repo, crypto := testutils.EmptyRepo()
|
||||
kdb, repo, crypto, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -200,7 +206,8 @@ func TestValidateRootRotation(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateNoRoot(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -217,7 +224,8 @@ func TestValidateNoRoot(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateSnapshotMissing(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -234,7 +242,8 @@ func TestValidateSnapshotMissing(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateSnapshotGenerateNoPrev(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
|
||||
|
||||
|
@ -258,7 +267,8 @@ func TestValidateSnapshotGenerateNoPrev(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateSnapshotGenerateWithPrev(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
|
||||
|
||||
|
@ -298,7 +308,8 @@ func TestValidateSnapshotGenerateWithPrev(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateSnapshotGeneratePrevCorrupt(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
|
||||
|
||||
|
@ -328,7 +339,8 @@ func TestValidateSnapshotGeneratePrevCorrupt(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateSnapshotGenerateNoTargets(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
|
||||
|
||||
|
@ -352,7 +364,8 @@ func TestValidateSnapshotGenerateNoTargets(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateSnapshotGenerate(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
|
||||
|
||||
|
@ -381,7 +394,8 @@ func TestValidateSnapshotGenerate(t *testing.T) {
|
|||
// happen if pushing an existing repository from one server to another that
|
||||
// does not have the repo.
|
||||
func TestValidateRootNoTimestampKey(t *testing.T) {
|
||||
_, oldRepo, cs := testutils.EmptyRepo()
|
||||
_, oldRepo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(oldRepo)
|
||||
assert.NoError(t, err)
|
||||
|
@ -412,7 +426,8 @@ func TestValidateRootNoTimestampKey(t *testing.T) {
|
|||
// repository from one server to another that had already initialized the same
|
||||
// repo.
|
||||
func TestValidateRootInvalidTimestampKey(t *testing.T) {
|
||||
_, oldRepo, cs := testutils.EmptyRepo()
|
||||
_, oldRepo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(oldRepo)
|
||||
assert.NoError(t, err)
|
||||
|
@ -434,7 +449,8 @@ func TestValidateRootInvalidTimestampKey(t *testing.T) {
|
|||
|
||||
// If the timestamp role has a threshold > 1, validation fails.
|
||||
func TestValidateRootInvalidTimestampThreshold(t *testing.T) {
|
||||
kdb, oldRepo, cs := testutils.EmptyRepo()
|
||||
kdb, oldRepo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
tsRole, ok := oldRepo.Root.Signed.Roles[data.CanonicalTimestampRole]
|
||||
assert.True(t, ok)
|
||||
tsRole.Threshold = 2
|
||||
|
@ -456,7 +472,8 @@ func TestValidateRootInvalidTimestampThreshold(t *testing.T) {
|
|||
// If any role has a threshold < 1, validation fails
|
||||
func TestValidateRootInvalidZeroThreshold(t *testing.T) {
|
||||
for _, role := range data.BaseRoles {
|
||||
kdb, oldRepo, cs := testutils.EmptyRepo()
|
||||
kdb, oldRepo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
tsRole, ok := oldRepo.Root.Signed.Roles[role]
|
||||
assert.True(t, ok)
|
||||
tsRole.Threshold = 0
|
||||
|
@ -480,7 +497,8 @@ func TestValidateRootInvalidZeroThreshold(t *testing.T) {
|
|||
// These tests remove a role from the Root file and
|
||||
// check for a validation.ErrBadRoot
|
||||
func TestValidateRootRoleMissing(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
delete(repo.Root.Signed.Roles, "root")
|
||||
|
@ -499,7 +517,8 @@ func TestValidateRootRoleMissing(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateTargetsRoleMissing(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
delete(repo.Root.Signed.Roles, "targets")
|
||||
|
@ -518,7 +537,8 @@ func TestValidateTargetsRoleMissing(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateSnapshotRoleMissing(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
delete(repo.Root.Signed.Roles, "snapshot")
|
||||
|
@ -540,7 +560,8 @@ func TestValidateSnapshotRoleMissing(t *testing.T) {
|
|||
|
||||
// ### Signature missing negative tests ###
|
||||
func TestValidateRootSigMissing(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
delete(repo.Root.Signed.Roles, "snapshot")
|
||||
|
@ -562,7 +583,8 @@ func TestValidateRootSigMissing(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateTargetsSigMissing(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -582,7 +604,8 @@ func TestValidateTargetsSigMissing(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateSnapshotSigMissing(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -605,7 +628,8 @@ func TestValidateSnapshotSigMissing(t *testing.T) {
|
|||
|
||||
// ### Corrupted metadata negative tests ###
|
||||
func TestValidateRootCorrupt(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -625,7 +649,8 @@ func TestValidateRootCorrupt(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateTargetsCorrupt(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -645,7 +670,8 @@ func TestValidateTargetsCorrupt(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateSnapshotCorrupt(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -668,7 +694,8 @@ func TestValidateSnapshotCorrupt(t *testing.T) {
|
|||
|
||||
// ### Snapshot size mismatch negative tests ###
|
||||
func TestValidateRootModifiedSize(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -692,7 +719,8 @@ func TestValidateRootModifiedSize(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateTargetsModifiedSize(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -716,7 +744,8 @@ func TestValidateTargetsModifiedSize(t *testing.T) {
|
|||
|
||||
// ### Snapshot hash mismatch negative tests ###
|
||||
func TestValidateRootModifiedHash(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -741,7 +770,8 @@ func TestValidateRootModifiedHash(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateTargetsModifiedHash(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
|
@ -776,10 +806,11 @@ func TestGenerateSnapshotNoRole(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestGenerateSnapshotNoKey(t *testing.T) {
|
||||
kdb, _, _ := testutils.EmptyRepo()
|
||||
kdb, _, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
_, err := generateSnapshot("gun", kdb, nil, store)
|
||||
_, err = generateSnapshot("gun", kdb, nil, store)
|
||||
assert.Error(t, err)
|
||||
assert.IsType(t, validation.ErrBadHierarchy{}, err)
|
||||
}
|
||||
|
@ -788,7 +819,8 @@ func TestGenerateSnapshotNoKey(t *testing.T) {
|
|||
|
||||
// ### Target validation with delegations tests
|
||||
func TestLoadTargetsFromStore(t *testing.T) {
|
||||
_, repo, _ := testutils.EmptyRepo()
|
||||
_, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
st, err := repo.SignTargets(
|
||||
|
@ -828,7 +860,8 @@ func TestLoadTargetsFromStore(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateTargetsLoadParent(t *testing.T) {
|
||||
_, baseRepo, cs := testutils.EmptyRepo()
|
||||
_, baseRepo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
k, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
|
@ -879,7 +912,8 @@ func TestValidateTargetsLoadParent(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateTargetsParentInUpdate(t *testing.T) {
|
||||
_, baseRepo, cs := testutils.EmptyRepo()
|
||||
_, baseRepo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
k, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
|
@ -936,7 +970,8 @@ func TestValidateTargetsParentInUpdate(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateTargetsParentNotFound(t *testing.T) {
|
||||
_, baseRepo, cs := testutils.EmptyRepo()
|
||||
_, baseRepo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
k, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
|
@ -973,7 +1008,8 @@ func TestValidateTargetsParentNotFound(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestValidateTargetsRoleNotInParent(t *testing.T) {
|
||||
kdb, baseRepo, cs := testutils.EmptyRepo()
|
||||
kdb, baseRepo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
store := storage.NewMemStorage()
|
||||
|
||||
k, err := cs.Create("targets/level1", data.ED25519Key)
|
||||
|
|
|
@ -37,7 +37,8 @@ func TestValidationErrorFormat(t *testing.T) {
|
|||
http.DefaultTransport,
|
||||
)
|
||||
|
||||
_, repo, _ := testutils.EmptyRepo()
|
||||
_, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
r, tg, sn, ts, err := testutils.Sign(repo)
|
||||
assert.NoError(t, err)
|
||||
rs, _, _, _, err := testutils.Serialize(r, tg, sn, ts)
|
||||
|
|
|
@ -312,7 +312,8 @@ func TestSizeMismatchShort(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDownloadTargetsHappy(t *testing.T) {
|
||||
kdb, repo, _ := testutils.EmptyRepo()
|
||||
kdb, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
localStorage := store.NewMemoryStore(nil, nil)
|
||||
remoteStorage := store.NewMemoryStore(nil, nil)
|
||||
client := NewClient(repo, remoteStorage, kdb, localStorage)
|
||||
|
@ -332,7 +333,8 @@ func TestDownloadTargetsHappy(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDownloadTargetsDeepHappy(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
localStorage := store.NewMemoryStore(nil, nil)
|
||||
remoteStorage := store.NewMemoryStore(nil, nil)
|
||||
client := NewClient(repo, remoteStorage, kdb, localStorage)
|
||||
|
@ -406,7 +408,8 @@ func TestDownloadTargetsDeepHappy(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDownloadTargetChecksumMismatch(t *testing.T) {
|
||||
kdb, repo, _ := testutils.EmptyRepo()
|
||||
kdb, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
localStorage := store.NewMemoryStore(nil, nil)
|
||||
remoteStorage := store.NewMemoryStore(nil, nil)
|
||||
client := NewClient(repo, remoteStorage, kdb, localStorage)
|
||||
|
@ -446,7 +449,8 @@ func TestDownloadTargetChecksumMismatch(t *testing.T) {
|
|||
// TestDownloadTargetsNoChecksum: it's never valid to download any targets
|
||||
// role (incl. delegations) when a checksum is not available.
|
||||
func TestDownloadTargetsNoChecksum(t *testing.T) {
|
||||
kdb, repo, _ := testutils.EmptyRepo()
|
||||
kdb, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
localStorage := store.NewMemoryStore(nil, nil)
|
||||
remoteStorage := store.NewMemoryStore(nil, nil)
|
||||
client := NewClient(repo, remoteStorage, kdb, localStorage)
|
||||
|
@ -468,7 +472,8 @@ func TestDownloadTargetsNoChecksum(t *testing.T) {
|
|||
// TestDownloadTargetsNoSnapshot: it's never valid to download any targets
|
||||
// role (incl. delegations) when a checksum is not available.
|
||||
func TestDownloadTargetsNoSnapshot(t *testing.T) {
|
||||
kdb, repo, _ := testutils.EmptyRepo()
|
||||
kdb, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
localStorage := store.NewMemoryStore(nil, nil)
|
||||
remoteStorage := store.NewMemoryStore(nil, nil)
|
||||
client := NewClient(repo, remoteStorage, kdb, localStorage)
|
||||
|
@ -488,7 +493,8 @@ func TestDownloadTargetsNoSnapshot(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestBootstrapDownloadRootHappy(t *testing.T) {
|
||||
kdb, repo, _ := testutils.EmptyRepo()
|
||||
kdb, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
localStorage := store.NewMemoryStore(nil, nil)
|
||||
remoteStorage := store.NewMemoryStore(nil, nil)
|
||||
client := NewClient(repo, remoteStorage, kdb, localStorage)
|
||||
|
@ -509,7 +515,8 @@ func TestBootstrapDownloadRootHappy(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestUpdateDownloadRootHappy(t *testing.T) {
|
||||
kdb, repo, _ := testutils.EmptyRepo()
|
||||
kdb, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
localStorage := store.NewMemoryStore(nil, nil)
|
||||
remoteStorage := store.NewMemoryStore(nil, nil)
|
||||
client := NewClient(repo, remoteStorage, kdb, localStorage)
|
||||
|
@ -530,13 +537,14 @@ func TestUpdateDownloadRootHappy(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestUpdateDownloadRootBadChecksum(t *testing.T) {
|
||||
kdb, repo, _ := testutils.EmptyRepo()
|
||||
kdb, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
localStorage := store.NewMemoryStore(nil, nil)
|
||||
remoteStorage := store.NewMemoryStore(nil, nil)
|
||||
client := NewClient(repo, remoteStorage, kdb, localStorage)
|
||||
|
||||
// sign snapshot to make sure we have a checksum for root
|
||||
_, err := repo.SignSnapshot(data.DefaultExpires("snapshot"))
|
||||
_, err = repo.SignSnapshot(data.DefaultExpires("snapshot"))
|
||||
assert.NoError(t, err)
|
||||
|
||||
// create and "upload" sample root, snapshot, and timestamp
|
||||
|
@ -554,7 +562,8 @@ func TestUpdateDownloadRootBadChecksum(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDownloadTimestampHappy(t *testing.T) {
|
||||
kdb, repo, _ := testutils.EmptyRepo()
|
||||
kdb, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
localStorage := store.NewMemoryStore(nil, nil)
|
||||
remoteStorage := store.NewMemoryStore(nil, nil)
|
||||
client := NewClient(repo, remoteStorage, kdb, localStorage)
|
||||
|
@ -572,7 +581,8 @@ func TestDownloadTimestampHappy(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDownloadSnapshotHappy(t *testing.T) {
|
||||
kdb, repo, _ := testutils.EmptyRepo()
|
||||
kdb, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
localStorage := store.NewMemoryStore(nil, nil)
|
||||
remoteStorage := store.NewMemoryStore(nil, nil)
|
||||
client := NewClient(repo, remoteStorage, kdb, localStorage)
|
||||
|
@ -599,7 +609,8 @@ func TestDownloadSnapshotHappy(t *testing.T) {
|
|||
// TestDownloadSnapshotNoChecksum: It should never be valid to download a
|
||||
// snapshot if we don't have a checksum
|
||||
func TestDownloadSnapshotNoTimestamp(t *testing.T) {
|
||||
kdb, repo, _ := testutils.EmptyRepo()
|
||||
kdb, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
localStorage := store.NewMemoryStore(nil, nil)
|
||||
remoteStorage := store.NewMemoryStore(nil, nil)
|
||||
client := NewClient(repo, remoteStorage, kdb, localStorage)
|
||||
|
@ -619,7 +630,8 @@ func TestDownloadSnapshotNoTimestamp(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDownloadSnapshotNoChecksum(t *testing.T) {
|
||||
kdb, repo, _ := testutils.EmptyRepo()
|
||||
kdb, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
localStorage := store.NewMemoryStore(nil, nil)
|
||||
remoteStorage := store.NewMemoryStore(nil, nil)
|
||||
client := NewClient(repo, remoteStorage, kdb, localStorage)
|
||||
|
@ -639,13 +651,14 @@ func TestDownloadSnapshotNoChecksum(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestDownloadSnapshotBadChecksum(t *testing.T) {
|
||||
kdb, repo, _ := testutils.EmptyRepo()
|
||||
kdb, repo, _, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
localStorage := store.NewMemoryStore(nil, nil)
|
||||
remoteStorage := store.NewMemoryStore(nil, nil)
|
||||
client := NewClient(repo, remoteStorage, kdb, localStorage)
|
||||
|
||||
// sign timestamp to ensure it has a checksum for snapshot
|
||||
_, err := repo.SignTimestamp(data.DefaultExpires("timestamp"))
|
||||
_, err = repo.SignTimestamp(data.DefaultExpires("timestamp"))
|
||||
assert.NoError(t, err)
|
||||
|
||||
// create and "upload" sample snapshot and timestamp
|
||||
|
@ -667,7 +680,8 @@ func TestDownloadSnapshotBadChecksum(t *testing.T) {
|
|||
// was found. If the path doesn't exist in that role subtree, returns
|
||||
// nil and an empty string.
|
||||
func TestTargetMeta(t *testing.T) {
|
||||
kdb, repo, cs := testutils.EmptyRepo()
|
||||
kdb, repo, cs, err := testutils.EmptyRepo()
|
||||
assert.NoError(t, err)
|
||||
localStorage := store.NewMemoryStore(nil, nil)
|
||||
client := NewClient(repo, nil, kdb, localStorage)
|
||||
|
||||
|
|
|
@ -5,6 +5,9 @@ import (
|
|||
"math/rand"
|
||||
"time"
|
||||
|
||||
"github.com/docker/notary/cryptoservice"
|
||||
"github.com/docker/notary/passphrase"
|
||||
"github.com/docker/notary/trustmanager"
|
||||
"github.com/docker/notary/tuf/data"
|
||||
"github.com/docker/notary/tuf/utils"
|
||||
fuzz "github.com/google/gofuzz"
|
||||
|
@ -16,20 +19,35 @@ import (
|
|||
|
||||
// EmptyRepo creates an in memory key database, crypto service
|
||||
// and initializes a repo with no targets or delegations.
|
||||
func EmptyRepo() (*keys.KeyDB, *tuf.Repo, signed.CryptoService) {
|
||||
c := signed.NewEd25519()
|
||||
func EmptyRepo() (*keys.KeyDB, *tuf.Repo, signed.CryptoService, error) {
|
||||
c := cryptoservice.NewCryptoService(
|
||||
"", trustmanager.NewKeyMemoryStore(passphrase.ConstantRetriever("")))
|
||||
kdb := keys.NewDB()
|
||||
r := tuf.NewRepo(kdb, c)
|
||||
|
||||
for _, role := range []string{"root", "targets", "snapshot", "timestamp"} {
|
||||
key, _ := c.Create(role, data.ED25519Key)
|
||||
key, _ := c.Create(role, data.ECDSAKey)
|
||||
if role == "root" {
|
||||
start := time.Now().AddDate(0, 0, -1)
|
||||
privKey, _, err := c.GetPrivateKey(key.ID())
|
||||
if err != nil {
|
||||
return nil, nil, nil, err
|
||||
}
|
||||
cert, err := cryptoservice.GenerateCertificate(
|
||||
privKey, role, start, start.AddDate(1, 0, 0),
|
||||
)
|
||||
if err != nil {
|
||||
return nil, nil, nil, err
|
||||
}
|
||||
key = data.NewECDSAx509PublicKey(trustmanager.CertToPEM(cert))
|
||||
}
|
||||
role, _ := data.NewRole(role, 1, []string{key.ID()}, nil, nil)
|
||||
kdb.AddKey(key)
|
||||
kdb.AddRole(role)
|
||||
}
|
||||
|
||||
r.InitRepo(false)
|
||||
return kdb, r, c
|
||||
return kdb, r, c, nil
|
||||
}
|
||||
|
||||
// AddTarget generates a fake target and adds it to a repo.
|
||||
|
|
Loading…
Reference in New Issue