docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

EmptyRepo needs to take a GUN in order to generate a valid cert. 

Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
Ying Li 2016-01-18 10:28:06 -08:00
parent 0bbf979cf4
commit 200fefbff8
7 changed files with 87 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
certs/certs.go
View File

@ -153,7 +153,8 @@ func validRootLeafCerts(root *data.SignedRoot, gun string) ([]*x509.Certificate,
for _, cert := range allLeafCerts {
// Validate that this leaf certificate has a CN that matches the exact gun
if cert.Subject.CommonName != gun {
logrus.Debugf("error leaf certificate CN: %s doesn't match the given GUN: %s", cert.Subject.CommonName)
logrus.Debugf("error leaf certificate CN: %s doesn't match the given GUN: %s",
cert.Subject.CommonName, gun)
continue
}
// Make sure the certificate is not expired

46
client/helpers_test.go
View File

@ -12,7 +12,7 @@ import (
)
func TestApplyTargetsChange(t *testing.T) {
_, repo, _, err := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
_, err = repo.InitTargets(data.CanonicalTargetsRole)
assert.NoError(t, err)
@ -52,7 +52,7 @@ func TestApplyTargetsChange(t *testing.T) {
// Adding the same target twice doesn't actually add it.
func TestApplyAddTargetTwice(t *testing.T) {
_, repo, _, err := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
_, err = repo.InitTargets(data.CanonicalTargetsRole)
assert.NoError(t, err)
@ -98,7 +98,7 @@ func TestApplyAddTargetTwice(t *testing.T) {
}
func TestApplyChangelist(t *testing.T) {
_, repo, _, err := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
_, err = repo.InitTargets(data.CanonicalTargetsRole)
assert.NoError(t, err)
@ -142,7 +142,7 @@ func TestApplyChangelist(t *testing.T) {
}
func TestApplyChangelistMulti(t *testing.T) {
_, repo, _, err := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
_, err = repo.InitTargets(data.CanonicalTargetsRole)
assert.NoError(t, err)
@ -183,7 +183,7 @@ func TestApplyChangelistMulti(t *testing.T) {
}
func TestApplyTargetsDelegationCreateDelete(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
@ -241,7 +241,7 @@ func TestApplyTargetsDelegationCreateDelete(t *testing.T) {
}
func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
@ -339,7 +339,7 @@ func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) {
}
func TestApplyTargetsDelegationCreateEdit(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
@ -407,7 +407,7 @@ func TestApplyTargetsDelegationCreateEdit(t *testing.T) {
}
func TestApplyTargetsDelegationEditNonExisting(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
@ -438,7 +438,7 @@ func TestApplyTargetsDelegationEditNonExisting(t *testing.T) {
}
func TestApplyTargetsDelegationCreateAlreadyExisting(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
@ -476,7 +476,7 @@ func TestApplyTargetsDelegationCreateAlreadyExisting(t *testing.T) {
}
func TestApplyTargetsDelegationInvalidRole(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
@ -506,7 +506,7 @@ func TestApplyTargetsDelegationInvalidRole(t *testing.T) {
}
func TestApplyTargetsDelegationInvalidJSONContent(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
@ -536,7 +536,7 @@ func TestApplyTargetsDelegationInvalidJSONContent(t *testing.T) {
}
func TestApplyTargetsDelegationInvalidAction(t *testing.T) {
_, repo, _, err := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
ch := changelist.NewTufChange(
@ -552,7 +552,7 @@ func TestApplyTargetsDelegationInvalidAction(t *testing.T) {
}
func TestApplyTargetsChangeInvalidType(t *testing.T) {
_, repo, _, err := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
ch := changelist.NewTufChange(
@ -571,7 +571,7 @@ func TestApplyTargetsChangeInvalidType(t *testing.T) {
// These next 2 tests check that attempting to edit an existing role to
// create an invalid role errors in both possible combinations.
func TestApplyTargetsDelegationConflictPathsPrefixes(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
@ -618,7 +618,7 @@ func TestApplyTargetsDelegationConflictPathsPrefixes(t *testing.T) {
}
func TestApplyTargetsDelegationConflictPrefixesPaths(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
@ -665,7 +665,7 @@ func TestApplyTargetsDelegationConflictPrefixesPaths(t *testing.T) {
}
func TestApplyTargetsDelegationCreateInvalid(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
@ -696,7 +696,7 @@ func TestApplyTargetsDelegationCreateInvalid(t *testing.T) {
}
func TestApplyTargetsDelegationCreate2Deep(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
@ -777,7 +777,7 @@ func TestApplyTargetsDelegationCreate2Deep(t *testing.T) {
// Applying a delegation whose parent doesn't exist fails.
func TestApplyTargetsDelegationParentDoesntExist(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
// make sure a key exists for the previous level, so it's not a missing
@ -813,7 +813,7 @@ func TestApplyTargetsDelegationParentDoesntExist(t *testing.T) {
// If there is no delegation target, ApplyTargets creates it
func TestApplyChangelistCreatesDelegation(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
@ -852,7 +852,7 @@ func TestApplyChangelistCreatesDelegation(t *testing.T) {
// Each change applies only to the role specified
func TestApplyChangelistTargetsToMultipleRoles(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
@ -901,7 +901,7 @@ func TestApplyChangelistTargetsToMultipleRoles(t *testing.T) {
// ApplyTargets falls back to role that exists when adding or deleting a change
func TestApplyChangelistTargetsFallbackRoles(t *testing.T) {
_, repo, _, err := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
hash := sha256.Sum256([]byte{})
@ -943,7 +943,7 @@ func TestApplyChangelistTargetsFallbackRoles(t *testing.T) {
// changeTargetMeta fallback fails with ErrInvalidRole if role is invalid
func TestChangeTargetMetaFallbackFailsInvalidRole(t *testing.T) {
_, repo, _, err := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
hash := sha256.Sum256([]byte{})
@ -970,7 +970,7 @@ func TestChangeTargetMetaFallbackFailsInvalidRole(t *testing.T) {
// If applying a change fails due to a prefix error, it does not fall back
// on the parent.
func TestChangeTargetMetaDoesntFallbackIfPrefixError(t *testing.T) {
_, repo, cs, err := testutils.EmptyRepo()
_, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)

12
server/handlers/default_test.go
View File

@ -173,7 +173,7 @@ func TestGetKeyHandlerCreatesOnce(t *testing.T) {
func TestGetHandlerRoot(t *testing.T) {
metaStore := storage.NewMemStorage()
_, repo, _, err := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo("gun")
assert.NoError(t, err)
ctx := context.Background()
@ -201,7 +201,7 @@ func TestGetHandlerRoot(t *testing.T) {
func TestGetHandlerTimestamp(t *testing.T) {
metaStore := storage.NewMemStorage()
_, repo, crypto, err := testutils.EmptyRepo()
_, repo, crypto, err := testutils.EmptyRepo("gun")
assert.NoError(t, err)
ctx := getContext(handlerState{store: metaStore, crypto: crypto})
@ -235,7 +235,7 @@ func TestGetHandlerTimestamp(t *testing.T) {
func TestGetHandlerSnapshot(t *testing.T) {
metaStore := storage.NewMemStorage()
_, repo, crypto, err := testutils.EmptyRepo()
_, repo, crypto, err := testutils.EmptyRepo("gun")
assert.NoError(t, err)
ctx := getContext(handlerState{store: metaStore, crypto: crypto})
@ -323,7 +323,7 @@ func TestAtomicUpdateValidationFailurePropagated(t *testing.T) {
gun := "testGUN"
vars := map[string]string{"imageName": gun}
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo(gun)
assert.NoError(t, err)
copyTimestampKey(t, kdb, metaStore, gun)
state := handlerState{store: metaStore, crypto: cs}
@ -365,7 +365,7 @@ func TestAtomicUpdateNonValidationFailureNotPropagated(t *testing.T) {
gun := "testGUN"
vars := map[string]string{"imageName": gun}
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo(gun)
assert.NoError(t, err)
copyTimestampKey(t, kdb, metaStore, gun)
state := handlerState{store: &failStore{*metaStore}, crypto: cs}
@ -406,7 +406,7 @@ func TestAtomicUpdateVersionErrorPropagated(t *testing.T) {
gun := "testGUN"
vars := map[string]string{"imageName": gun}
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo(gun)
assert.NoError(t, err)
copyTimestampKey(t, kdb, metaStore, gun)
state := handlerState{store: &invalidVersionStore{*metaStore}, crypto: cs}

72
server/handlers/validation_test.go
View File

@ -69,7 +69,7 @@ func getUpdates(r, tg, sn, ts *data.Signed) (
}
func TestValidateEmptyNew(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -86,7 +86,7 @@ func TestValidateEmptyNew(t *testing.T) {
}
func TestValidateNoNewRoot(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -104,7 +104,7 @@ func TestValidateNoNewRoot(t *testing.T) {
}
func TestValidateNoNewTargets(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -122,7 +122,7 @@ func TestValidateNoNewTargets(t *testing.T) {
}
func TestValidateOnlySnapshot(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -142,7 +142,7 @@ func TestValidateOnlySnapshot(t *testing.T) {
}
func TestValidateOldRoot(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -160,7 +160,7 @@ func TestValidateOldRoot(t *testing.T) {
}
func TestValidateRootRotation(t *testing.T) {
kdb, repo, crypto, err := testutils.EmptyRepo()
kdb, repo, crypto, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -206,7 +206,7 @@ func TestValidateRootRotation(t *testing.T) {
}
func TestValidateNoRoot(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -224,7 +224,7 @@ func TestValidateNoRoot(t *testing.T) {
}
func TestValidateSnapshotMissing(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -242,7 +242,7 @@ func TestValidateSnapshotMissing(t *testing.T) {
}
func TestValidateSnapshotGenerateNoPrev(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
@ -267,7 +267,7 @@ func TestValidateSnapshotGenerateNoPrev(t *testing.T) {
}
func TestValidateSnapshotGenerateWithPrev(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
@ -308,7 +308,7 @@ func TestValidateSnapshotGenerateWithPrev(t *testing.T) {
}
func TestValidateSnapshotGeneratePrevCorrupt(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
@ -339,7 +339,7 @@ func TestValidateSnapshotGeneratePrevCorrupt(t *testing.T) {
}
func TestValidateSnapshotGenerateNoTargets(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
@ -364,7 +364,7 @@ func TestValidateSnapshotGenerateNoTargets(t *testing.T) {
}
func TestValidateSnapshotGenerate(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
snapRole := kdb.GetRole(data.CanonicalSnapshotRole)
@ -394,7 +394,7 @@ func TestValidateSnapshotGenerate(t *testing.T) {
// happen if pushing an existing repository from one server to another that
// does not have the repo.
func TestValidateRootNoTimestampKey(t *testing.T) {
_, oldRepo, cs, err := testutils.EmptyRepo()
_, oldRepo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
r, tg, sn, ts, err := testutils.Sign(oldRepo)
@ -426,7 +426,7 @@ func TestValidateRootNoTimestampKey(t *testing.T) {
// repository from one server to another that had already initialized the same
// repo.
func TestValidateRootInvalidTimestampKey(t *testing.T) {
_, oldRepo, cs, err := testutils.EmptyRepo()
_, oldRepo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
r, tg, sn, ts, err := testutils.Sign(oldRepo)
@ -449,7 +449,7 @@ func TestValidateRootInvalidTimestampKey(t *testing.T) {
// If the timestamp role has a threshold > 1, validation fails.
func TestValidateRootInvalidTimestampThreshold(t *testing.T) {
kdb, oldRepo, cs, err := testutils.EmptyRepo()
kdb, oldRepo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
tsRole, ok := oldRepo.Root.Signed.Roles[data.CanonicalTimestampRole]
assert.True(t, ok)
@ -472,7 +472,7 @@ func TestValidateRootInvalidTimestampThreshold(t *testing.T) {
// If any role has a threshold < 1, validation fails
func TestValidateRootInvalidZeroThreshold(t *testing.T) {
for _, role := range data.BaseRoles {
kdb, oldRepo, cs, err := testutils.EmptyRepo()
kdb, oldRepo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
tsRole, ok := oldRepo.Root.Signed.Roles[role]
assert.True(t, ok)
@ -497,7 +497,7 @@ func TestValidateRootInvalidZeroThreshold(t *testing.T) {
// These tests remove a role from the Root file and
// check for a validation.ErrBadRoot
func TestValidateRootRoleMissing(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -517,7 +517,7 @@ func TestValidateRootRoleMissing(t *testing.T) {
}
func TestValidateTargetsRoleMissing(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -537,7 +537,7 @@ func TestValidateTargetsRoleMissing(t *testing.T) {
}
func TestValidateSnapshotRoleMissing(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -560,7 +560,7 @@ func TestValidateSnapshotRoleMissing(t *testing.T) {
// ### Signature missing negative tests ###
func TestValidateRootSigMissing(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -583,7 +583,7 @@ func TestValidateRootSigMissing(t *testing.T) {
}
func TestValidateTargetsSigMissing(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -604,7 +604,7 @@ func TestValidateTargetsSigMissing(t *testing.T) {
}
func TestValidateSnapshotSigMissing(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -628,7 +628,7 @@ func TestValidateSnapshotSigMissing(t *testing.T) {
// ### Corrupted metadata negative tests ###
func TestValidateRootCorrupt(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -649,7 +649,7 @@ func TestValidateRootCorrupt(t *testing.T) {
}
func TestValidateTargetsCorrupt(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -670,7 +670,7 @@ func TestValidateTargetsCorrupt(t *testing.T) {
}
func TestValidateSnapshotCorrupt(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -694,7 +694,7 @@ func TestValidateSnapshotCorrupt(t *testing.T) {
// ### Snapshot size mismatch negative tests ###
func TestValidateRootModifiedSize(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -719,7 +719,7 @@ func TestValidateRootModifiedSize(t *testing.T) {
}
func TestValidateTargetsModifiedSize(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -744,7 +744,7 @@ func TestValidateTargetsModifiedSize(t *testing.T) {
// ### Snapshot hash mismatch negative tests ###
func TestValidateRootModifiedHash(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -770,7 +770,7 @@ func TestValidateRootModifiedHash(t *testing.T) {
}
func TestValidateTargetsModifiedHash(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -806,7 +806,7 @@ func TestGenerateSnapshotNoRole(t *testing.T) {
}
func TestGenerateSnapshotNoKey(t *testing.T) {
kdb, _, _, err := testutils.EmptyRepo()
kdb, _, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -819,7 +819,7 @@ func TestGenerateSnapshotNoKey(t *testing.T) {
// ### Target validation with delegations tests
func TestLoadTargetsFromStore(t *testing.T) {
_, repo, _, err := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -860,7 +860,7 @@ func TestLoadTargetsFromStore(t *testing.T) {
}
func TestValidateTargetsLoadParent(t *testing.T) {
_, baseRepo, cs, err := testutils.EmptyRepo()
_, baseRepo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -912,7 +912,7 @@ func TestValidateTargetsLoadParent(t *testing.T) {
}
func TestValidateTargetsParentInUpdate(t *testing.T) {
_, baseRepo, cs, err := testutils.EmptyRepo()
_, baseRepo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -970,7 +970,7 @@ func TestValidateTargetsParentInUpdate(t *testing.T) {
}
func TestValidateTargetsParentNotFound(t *testing.T) {
_, baseRepo, cs, err := testutils.EmptyRepo()
_, baseRepo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
@ -1008,7 +1008,7 @@ func TestValidateTargetsParentNotFound(t *testing.T) {
}
func TestValidateTargetsRoleNotInParent(t *testing.T) {
kdb, baseRepo, cs, err := testutils.EmptyRepo()
kdb, baseRepo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()

2
server/integration_test.go
View File

@ -37,7 +37,7 @@ func TestValidationErrorFormat(t *testing.T) {
http.DefaultTransport,
)
_, repo, _, err := testutils.EmptyRepo()
_, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
r, tg, sn, ts, err := testutils.Sign(repo)
assert.NoError(t, err)

28
tuf/client/client_test.go
View File

@ -312,7 +312,7 @@ func TestSizeMismatchShort(t *testing.T) {
}
func TestDownloadTargetsHappy(t *testing.T) {
kdb, repo, _, err := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
@ -333,7 +333,7 @@ func TestDownloadTargetsHappy(t *testing.T) {
}
func TestDownloadTargetsDeepHappy(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
@ -408,7 +408,7 @@ func TestDownloadTargetsDeepHappy(t *testing.T) {
}
func TestDownloadTargetChecksumMismatch(t *testing.T) {
kdb, repo, _, err := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
@ -449,7 +449,7 @@ func TestDownloadTargetChecksumMismatch(t *testing.T) {
// TestDownloadTargetsNoChecksum: it's never valid to download any targets
// role (incl. delegations) when a checksum is not available.
func TestDownloadTargetsNoChecksum(t *testing.T) {
kdb, repo, _, err := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
@ -472,7 +472,7 @@ func TestDownloadTargetsNoChecksum(t *testing.T) {
// TestDownloadTargetsNoSnapshot: it's never valid to download any targets
// role (incl. delegations) when a checksum is not available.
func TestDownloadTargetsNoSnapshot(t *testing.T) {
kdb, repo, _, err := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
@ -493,7 +493,7 @@ func TestDownloadTargetsNoSnapshot(t *testing.T) {
}
func TestBootstrapDownloadRootHappy(t *testing.T) {
kdb, repo, _, err := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
@ -515,7 +515,7 @@ func TestBootstrapDownloadRootHappy(t *testing.T) {
}
func TestUpdateDownloadRootHappy(t *testing.T) {
kdb, repo, _, err := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
@ -537,7 +537,7 @@ func TestUpdateDownloadRootHappy(t *testing.T) {
}
func TestUpdateDownloadRootBadChecksum(t *testing.T) {
kdb, repo, _, err := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
@ -562,7 +562,7 @@ func TestUpdateDownloadRootBadChecksum(t *testing.T) {
}
func TestDownloadTimestampHappy(t *testing.T) {
kdb, repo, _, err := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
@ -581,7 +581,7 @@ func TestDownloadTimestampHappy(t *testing.T) {
}
func TestDownloadSnapshotHappy(t *testing.T) {
kdb, repo, _, err := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
@ -609,7 +609,7 @@ func TestDownloadSnapshotHappy(t *testing.T) {
// TestDownloadSnapshotNoChecksum: It should never be valid to download a
// snapshot if we don't have a checksum
func TestDownloadSnapshotNoTimestamp(t *testing.T) {
kdb, repo, _, err := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
@ -630,7 +630,7 @@ func TestDownloadSnapshotNoTimestamp(t *testing.T) {
}
func TestDownloadSnapshotNoChecksum(t *testing.T) {
kdb, repo, _, err := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
@ -651,7 +651,7 @@ func TestDownloadSnapshotNoChecksum(t *testing.T) {
}
func TestDownloadSnapshotBadChecksum(t *testing.T) {
kdb, repo, _, err := testutils.EmptyRepo()
kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
@ -680,7 +680,7 @@ func TestDownloadSnapshotBadChecksum(t *testing.T) {
// was found. If the path doesn't exist in that role subtree, returns
// nil and an empty string.
func TestTargetMeta(t *testing.T) {
kdb, repo, cs, err := testutils.EmptyRepo()
kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, nil, kdb, localStorage)

10
tuf/testutils/repo.go
View File

@ -19,22 +19,22 @@ import (
// EmptyRepo creates an in memory key database, crypto service
// and initializes a repo with no targets or delegations.
func EmptyRepo() (*keys.KeyDB, *tuf.Repo, signed.CryptoService, error) {
func EmptyRepo(gun string) (*keys.KeyDB, *tuf.Repo, signed.CryptoService, error) {
c := cryptoservice.NewCryptoService(
"", trustmanager.NewKeyMemoryStore(passphrase.ConstantRetriever("")))
gun, trustmanager.NewKeyMemoryStore(passphrase.ConstantRetriever("")))
kdb := keys.NewDB()
r := tuf.NewRepo(kdb, c)
for _, role := range []string{"root", "targets", "snapshot", "timestamp"} {
for _, role := range data.BaseRoles {
key, _ := c.Create(role, data.ECDSAKey)
if role == "root" {
if role == data.CanonicalRootRole {
start := time.Now().AddDate(0, 0, -1)
privKey, _, err := c.GetPrivateKey(key.ID())
if err != nil {
return nil, nil, nil, err
}
cert, err := cryptoservice.GenerateCertificate(
privKey, role, start, start.AddDate(1, 0, 0),
privKey, gun, start, start.AddDate(1, 0, 0),
)
if err != nil {
return nil, nil, nil, err