diff --git a/cryptoservice/crypto_service.go b/cryptoservice/crypto_service.go index 8e7b66e867..193164b768 100644 --- a/cryptoservice/crypto_service.go +++ b/cryptoservice/crypto_service.go @@ -74,9 +74,6 @@ func (cs *CryptoService) Create(role, algorithm string) (data.PublicKey, error) } // GetPrivateKey returns a private key and role if present by ID. -// It tries to get the key first without a GUN (in which case it's a root key). -// If that fails, try to get the key with the GUN (non-root key). -// If that fails, then we don't have the key. func (cs *CryptoService) GetPrivateKey(keyID string) (k data.PrivateKey, role string, err error) { for _, ks := range cs.keyStores { k, role, err = ks.GetKey(keyID) diff --git a/trustmanager/keyfilestore_test.go b/trustmanager/keyfilestore_test.go index 98bdadbc3c..91882dfa96 100644 --- a/trustmanager/keyfilestore_test.go +++ b/trustmanager/keyfilestore_test.go @@ -390,6 +390,52 @@ func TestAddGetKeyMemStore(t *testing.T) { assert.Equal(t, retrievedKey.Private(), privKey.Private()) } +func TestAddGetKeyInfoMemStore(t *testing.T) { + gun := "docker.com/notary" + + // Create our store + store := NewKeyMemoryStore(passphraseRetriever) + + rootKey, err := GenerateECDSAKey(rand.Reader) + assert.NoError(t, err, "could not generate private key") + + // Call the AddKey function + err = store.AddKey(rootKey.ID(), data.CanonicalRootRole, rootKey) + assert.NoError(t, err, "failed to add key to store") + + // Get and validate key info + rootInfo, err := store.GetKeyInfo(rootKey.ID()) + assert.NoError(t, err) + assert.Equal(t, data.CanonicalRootRole, rootInfo.Role) + assert.Equal(t, "", rootInfo.Gun) + + targetsKey, err := GenerateECDSAKey(rand.Reader) + assert.NoError(t, err, "could not generate private key") + + // Call the AddKey function + err = store.AddKey(filepath.Join(gun, targetsKey.ID()), data.CanonicalTargetsRole, targetsKey) + assert.NoError(t, err, "failed to add key to store") + + // Get and validate key info + targetsInfo, err := store.GetKeyInfo(targetsKey.ID()) + assert.NoError(t, err) + assert.Equal(t, data.CanonicalTargetsRole, targetsInfo.Role) + assert.Equal(t, gun, targetsInfo.Gun) + + delgKey, err := GenerateECDSAKey(rand.Reader) + assert.NoError(t, err, "could not generate private key") + + // Call the AddKey function + err = store.AddKey(filepath.Join(gun, delgKey.ID()), "targets/delegation", delgKey) + assert.NoError(t, err, "failed to add key to store") + + // Get and validate key info + delgInfo, err := store.GetKeyInfo(delgKey.ID()) + assert.NoError(t, err) + assert.Equal(t, "targets/delegation", delgInfo.Role) + assert.Equal(t, gun, delgInfo.Gun) +} + func TestGetDecryptedWithTamperedCipherText(t *testing.T) { testExt := "key" testAlias := "root"