From 200fefbff8e91a37e91407b54a38c05b0e9f8a34 Mon Sep 17 00:00:00 2001 From: Ying Li Date: Mon, 18 Jan 2016 10:28:06 -0800 Subject: [PATCH] EmptyRepo needs to take a GUN in order to generate a valid cert. Signed-off-by: Ying Li --- certs/certs.go | 3 +- client/helpers_test.go | 46 +++++++++---------- server/handlers/default_test.go | 12 ++--- server/handlers/validation_test.go | 72 +++++++++++++++--------------- server/integration_test.go | 2 +- tuf/client/client_test.go | 28 ++++++------ tuf/testutils/repo.go | 10 ++--- 7 files changed, 87 insertions(+), 86 deletions(-) diff --git a/certs/certs.go b/certs/certs.go index aeea208e85..92f122645f 100644 --- a/certs/certs.go +++ b/certs/certs.go @@ -153,7 +153,8 @@ func validRootLeafCerts(root *data.SignedRoot, gun string) ([]*x509.Certificate, for _, cert := range allLeafCerts { // Validate that this leaf certificate has a CN that matches the exact gun if cert.Subject.CommonName != gun { - logrus.Debugf("error leaf certificate CN: %s doesn't match the given GUN: %s", cert.Subject.CommonName) + logrus.Debugf("error leaf certificate CN: %s doesn't match the given GUN: %s", + cert.Subject.CommonName, gun) continue } // Make sure the certificate is not expired diff --git a/client/helpers_test.go b/client/helpers_test.go index 114f7746d1..b9c9226a39 100644 --- a/client/helpers_test.go +++ b/client/helpers_test.go @@ -12,7 +12,7 @@ import ( ) func TestApplyTargetsChange(t *testing.T) { - _, repo, _, err := testutils.EmptyRepo() + _, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) _, err = repo.InitTargets(data.CanonicalTargetsRole) assert.NoError(t, err) @@ -52,7 +52,7 @@ func TestApplyTargetsChange(t *testing.T) { // Adding the same target twice doesn't actually add it. func TestApplyAddTargetTwice(t *testing.T) { - _, repo, _, err := testutils.EmptyRepo() + _, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) _, err = repo.InitTargets(data.CanonicalTargetsRole) assert.NoError(t, err) @@ -98,7 +98,7 @@ func TestApplyAddTargetTwice(t *testing.T) { } func TestApplyChangelist(t *testing.T) { - _, repo, _, err := testutils.EmptyRepo() + _, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) _, err = repo.InitTargets(data.CanonicalTargetsRole) assert.NoError(t, err) @@ -142,7 +142,7 @@ func TestApplyChangelist(t *testing.T) { } func TestApplyChangelistMulti(t *testing.T) { - _, repo, _, err := testutils.EmptyRepo() + _, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) _, err = repo.InitTargets(data.CanonicalTargetsRole) assert.NoError(t, err) @@ -183,7 +183,7 @@ func TestApplyChangelistMulti(t *testing.T) { } func TestApplyTargetsDelegationCreateDelete(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) newKey, err := cs.Create("targets/level1", data.ED25519Key) @@ -241,7 +241,7 @@ func TestApplyTargetsDelegationCreateDelete(t *testing.T) { } func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) newKey, err := cs.Create("targets/level1", data.ED25519Key) @@ -339,7 +339,7 @@ func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) { } func TestApplyTargetsDelegationCreateEdit(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) newKey, err := cs.Create("targets/level1", data.ED25519Key) @@ -407,7 +407,7 @@ func TestApplyTargetsDelegationCreateEdit(t *testing.T) { } func TestApplyTargetsDelegationEditNonExisting(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) newKey, err := cs.Create("targets/level1", data.ED25519Key) @@ -438,7 +438,7 @@ func TestApplyTargetsDelegationEditNonExisting(t *testing.T) { } func TestApplyTargetsDelegationCreateAlreadyExisting(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) newKey, err := cs.Create("targets/level1", data.ED25519Key) @@ -476,7 +476,7 @@ func TestApplyTargetsDelegationCreateAlreadyExisting(t *testing.T) { } func TestApplyTargetsDelegationInvalidRole(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) newKey, err := cs.Create("targets/level1", data.ED25519Key) @@ -506,7 +506,7 @@ func TestApplyTargetsDelegationInvalidRole(t *testing.T) { } func TestApplyTargetsDelegationInvalidJSONContent(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) newKey, err := cs.Create("targets/level1", data.ED25519Key) @@ -536,7 +536,7 @@ func TestApplyTargetsDelegationInvalidJSONContent(t *testing.T) { } func TestApplyTargetsDelegationInvalidAction(t *testing.T) { - _, repo, _, err := testutils.EmptyRepo() + _, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) ch := changelist.NewTufChange( @@ -552,7 +552,7 @@ func TestApplyTargetsDelegationInvalidAction(t *testing.T) { } func TestApplyTargetsChangeInvalidType(t *testing.T) { - _, repo, _, err := testutils.EmptyRepo() + _, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) ch := changelist.NewTufChange( @@ -571,7 +571,7 @@ func TestApplyTargetsChangeInvalidType(t *testing.T) { // These next 2 tests check that attempting to edit an existing role to // create an invalid role errors in both possible combinations. func TestApplyTargetsDelegationConflictPathsPrefixes(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) newKey, err := cs.Create("targets/level1", data.ED25519Key) @@ -618,7 +618,7 @@ func TestApplyTargetsDelegationConflictPathsPrefixes(t *testing.T) { } func TestApplyTargetsDelegationConflictPrefixesPaths(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) newKey, err := cs.Create("targets/level1", data.ED25519Key) @@ -665,7 +665,7 @@ func TestApplyTargetsDelegationConflictPrefixesPaths(t *testing.T) { } func TestApplyTargetsDelegationCreateInvalid(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) newKey, err := cs.Create("targets/level1", data.ED25519Key) @@ -696,7 +696,7 @@ func TestApplyTargetsDelegationCreateInvalid(t *testing.T) { } func TestApplyTargetsDelegationCreate2Deep(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) newKey, err := cs.Create("targets/level1", data.ED25519Key) @@ -777,7 +777,7 @@ func TestApplyTargetsDelegationCreate2Deep(t *testing.T) { // Applying a delegation whose parent doesn't exist fails. func TestApplyTargetsDelegationParentDoesntExist(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) // make sure a key exists for the previous level, so it's not a missing @@ -813,7 +813,7 @@ func TestApplyTargetsDelegationParentDoesntExist(t *testing.T) { // If there is no delegation target, ApplyTargets creates it func TestApplyChangelistCreatesDelegation(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) newKey, err := cs.Create("targets/level1", data.ED25519Key) @@ -852,7 +852,7 @@ func TestApplyChangelistCreatesDelegation(t *testing.T) { // Each change applies only to the role specified func TestApplyChangelistTargetsToMultipleRoles(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) newKey, err := cs.Create("targets/level1", data.ED25519Key) @@ -901,7 +901,7 @@ func TestApplyChangelistTargetsToMultipleRoles(t *testing.T) { // ApplyTargets falls back to role that exists when adding or deleting a change func TestApplyChangelistTargetsFallbackRoles(t *testing.T) { - _, repo, _, err := testutils.EmptyRepo() + _, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) hash := sha256.Sum256([]byte{}) @@ -943,7 +943,7 @@ func TestApplyChangelistTargetsFallbackRoles(t *testing.T) { // changeTargetMeta fallback fails with ErrInvalidRole if role is invalid func TestChangeTargetMetaFallbackFailsInvalidRole(t *testing.T) { - _, repo, _, err := testutils.EmptyRepo() + _, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) hash := sha256.Sum256([]byte{}) @@ -970,7 +970,7 @@ func TestChangeTargetMetaFallbackFailsInvalidRole(t *testing.T) { // If applying a change fails due to a prefix error, it does not fall back // on the parent. func TestChangeTargetMetaDoesntFallbackIfPrefixError(t *testing.T) { - _, repo, cs, err := testutils.EmptyRepo() + _, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) newKey, err := cs.Create("targets/level1", data.ED25519Key) diff --git a/server/handlers/default_test.go b/server/handlers/default_test.go index 719b67a3d1..4669b90e8d 100644 --- a/server/handlers/default_test.go +++ b/server/handlers/default_test.go @@ -173,7 +173,7 @@ func TestGetKeyHandlerCreatesOnce(t *testing.T) { func TestGetHandlerRoot(t *testing.T) { metaStore := storage.NewMemStorage() - _, repo, _, err := testutils.EmptyRepo() + _, repo, _, err := testutils.EmptyRepo("gun") assert.NoError(t, err) ctx := context.Background() @@ -201,7 +201,7 @@ func TestGetHandlerRoot(t *testing.T) { func TestGetHandlerTimestamp(t *testing.T) { metaStore := storage.NewMemStorage() - _, repo, crypto, err := testutils.EmptyRepo() + _, repo, crypto, err := testutils.EmptyRepo("gun") assert.NoError(t, err) ctx := getContext(handlerState{store: metaStore, crypto: crypto}) @@ -235,7 +235,7 @@ func TestGetHandlerTimestamp(t *testing.T) { func TestGetHandlerSnapshot(t *testing.T) { metaStore := storage.NewMemStorage() - _, repo, crypto, err := testutils.EmptyRepo() + _, repo, crypto, err := testutils.EmptyRepo("gun") assert.NoError(t, err) ctx := getContext(handlerState{store: metaStore, crypto: crypto}) @@ -323,7 +323,7 @@ func TestAtomicUpdateValidationFailurePropagated(t *testing.T) { gun := "testGUN" vars := map[string]string{"imageName": gun} - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo(gun) assert.NoError(t, err) copyTimestampKey(t, kdb, metaStore, gun) state := handlerState{store: metaStore, crypto: cs} @@ -365,7 +365,7 @@ func TestAtomicUpdateNonValidationFailureNotPropagated(t *testing.T) { gun := "testGUN" vars := map[string]string{"imageName": gun} - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo(gun) assert.NoError(t, err) copyTimestampKey(t, kdb, metaStore, gun) state := handlerState{store: &failStore{*metaStore}, crypto: cs} @@ -406,7 +406,7 @@ func TestAtomicUpdateVersionErrorPropagated(t *testing.T) { gun := "testGUN" vars := map[string]string{"imageName": gun} - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo(gun) assert.NoError(t, err) copyTimestampKey(t, kdb, metaStore, gun) state := handlerState{store: &invalidVersionStore{*metaStore}, crypto: cs} diff --git a/server/handlers/validation_test.go b/server/handlers/validation_test.go index 348e3602b3..ecef1b6fcd 100644 --- a/server/handlers/validation_test.go +++ b/server/handlers/validation_test.go @@ -69,7 +69,7 @@ func getUpdates(r, tg, sn, ts *data.Signed) ( } func TestValidateEmptyNew(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -86,7 +86,7 @@ func TestValidateEmptyNew(t *testing.T) { } func TestValidateNoNewRoot(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -104,7 +104,7 @@ func TestValidateNoNewRoot(t *testing.T) { } func TestValidateNoNewTargets(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -122,7 +122,7 @@ func TestValidateNoNewTargets(t *testing.T) { } func TestValidateOnlySnapshot(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -142,7 +142,7 @@ func TestValidateOnlySnapshot(t *testing.T) { } func TestValidateOldRoot(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -160,7 +160,7 @@ func TestValidateOldRoot(t *testing.T) { } func TestValidateRootRotation(t *testing.T) { - kdb, repo, crypto, err := testutils.EmptyRepo() + kdb, repo, crypto, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -206,7 +206,7 @@ func TestValidateRootRotation(t *testing.T) { } func TestValidateNoRoot(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -224,7 +224,7 @@ func TestValidateNoRoot(t *testing.T) { } func TestValidateSnapshotMissing(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -242,7 +242,7 @@ func TestValidateSnapshotMissing(t *testing.T) { } func TestValidateSnapshotGenerateNoPrev(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() snapRole := kdb.GetRole(data.CanonicalSnapshotRole) @@ -267,7 +267,7 @@ func TestValidateSnapshotGenerateNoPrev(t *testing.T) { } func TestValidateSnapshotGenerateWithPrev(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() snapRole := kdb.GetRole(data.CanonicalSnapshotRole) @@ -308,7 +308,7 @@ func TestValidateSnapshotGenerateWithPrev(t *testing.T) { } func TestValidateSnapshotGeneratePrevCorrupt(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() snapRole := kdb.GetRole(data.CanonicalSnapshotRole) @@ -339,7 +339,7 @@ func TestValidateSnapshotGeneratePrevCorrupt(t *testing.T) { } func TestValidateSnapshotGenerateNoTargets(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() snapRole := kdb.GetRole(data.CanonicalSnapshotRole) @@ -364,7 +364,7 @@ func TestValidateSnapshotGenerateNoTargets(t *testing.T) { } func TestValidateSnapshotGenerate(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() snapRole := kdb.GetRole(data.CanonicalSnapshotRole) @@ -394,7 +394,7 @@ func TestValidateSnapshotGenerate(t *testing.T) { // happen if pushing an existing repository from one server to another that // does not have the repo. func TestValidateRootNoTimestampKey(t *testing.T) { - _, oldRepo, cs, err := testutils.EmptyRepo() + _, oldRepo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) r, tg, sn, ts, err := testutils.Sign(oldRepo) @@ -426,7 +426,7 @@ func TestValidateRootNoTimestampKey(t *testing.T) { // repository from one server to another that had already initialized the same // repo. func TestValidateRootInvalidTimestampKey(t *testing.T) { - _, oldRepo, cs, err := testutils.EmptyRepo() + _, oldRepo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) r, tg, sn, ts, err := testutils.Sign(oldRepo) @@ -449,7 +449,7 @@ func TestValidateRootInvalidTimestampKey(t *testing.T) { // If the timestamp role has a threshold > 1, validation fails. func TestValidateRootInvalidTimestampThreshold(t *testing.T) { - kdb, oldRepo, cs, err := testutils.EmptyRepo() + kdb, oldRepo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) tsRole, ok := oldRepo.Root.Signed.Roles[data.CanonicalTimestampRole] assert.True(t, ok) @@ -472,7 +472,7 @@ func TestValidateRootInvalidTimestampThreshold(t *testing.T) { // If any role has a threshold < 1, validation fails func TestValidateRootInvalidZeroThreshold(t *testing.T) { for _, role := range data.BaseRoles { - kdb, oldRepo, cs, err := testutils.EmptyRepo() + kdb, oldRepo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) tsRole, ok := oldRepo.Root.Signed.Roles[role] assert.True(t, ok) @@ -497,7 +497,7 @@ func TestValidateRootInvalidZeroThreshold(t *testing.T) { // These tests remove a role from the Root file and // check for a validation.ErrBadRoot func TestValidateRootRoleMissing(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -517,7 +517,7 @@ func TestValidateRootRoleMissing(t *testing.T) { } func TestValidateTargetsRoleMissing(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -537,7 +537,7 @@ func TestValidateTargetsRoleMissing(t *testing.T) { } func TestValidateSnapshotRoleMissing(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -560,7 +560,7 @@ func TestValidateSnapshotRoleMissing(t *testing.T) { // ### Signature missing negative tests ### func TestValidateRootSigMissing(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -583,7 +583,7 @@ func TestValidateRootSigMissing(t *testing.T) { } func TestValidateTargetsSigMissing(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -604,7 +604,7 @@ func TestValidateTargetsSigMissing(t *testing.T) { } func TestValidateSnapshotSigMissing(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -628,7 +628,7 @@ func TestValidateSnapshotSigMissing(t *testing.T) { // ### Corrupted metadata negative tests ### func TestValidateRootCorrupt(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -649,7 +649,7 @@ func TestValidateRootCorrupt(t *testing.T) { } func TestValidateTargetsCorrupt(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -670,7 +670,7 @@ func TestValidateTargetsCorrupt(t *testing.T) { } func TestValidateSnapshotCorrupt(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -694,7 +694,7 @@ func TestValidateSnapshotCorrupt(t *testing.T) { // ### Snapshot size mismatch negative tests ### func TestValidateRootModifiedSize(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -719,7 +719,7 @@ func TestValidateRootModifiedSize(t *testing.T) { } func TestValidateTargetsModifiedSize(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -744,7 +744,7 @@ func TestValidateTargetsModifiedSize(t *testing.T) { // ### Snapshot hash mismatch negative tests ### func TestValidateRootModifiedHash(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -770,7 +770,7 @@ func TestValidateRootModifiedHash(t *testing.T) { } func TestValidateTargetsModifiedHash(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -806,7 +806,7 @@ func TestGenerateSnapshotNoRole(t *testing.T) { } func TestGenerateSnapshotNoKey(t *testing.T) { - kdb, _, _, err := testutils.EmptyRepo() + kdb, _, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -819,7 +819,7 @@ func TestGenerateSnapshotNoKey(t *testing.T) { // ### Target validation with delegations tests func TestLoadTargetsFromStore(t *testing.T) { - _, repo, _, err := testutils.EmptyRepo() + _, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -860,7 +860,7 @@ func TestLoadTargetsFromStore(t *testing.T) { } func TestValidateTargetsLoadParent(t *testing.T) { - _, baseRepo, cs, err := testutils.EmptyRepo() + _, baseRepo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -912,7 +912,7 @@ func TestValidateTargetsLoadParent(t *testing.T) { } func TestValidateTargetsParentInUpdate(t *testing.T) { - _, baseRepo, cs, err := testutils.EmptyRepo() + _, baseRepo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -970,7 +970,7 @@ func TestValidateTargetsParentInUpdate(t *testing.T) { } func TestValidateTargetsParentNotFound(t *testing.T) { - _, baseRepo, cs, err := testutils.EmptyRepo() + _, baseRepo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() @@ -1008,7 +1008,7 @@ func TestValidateTargetsParentNotFound(t *testing.T) { } func TestValidateTargetsRoleNotInParent(t *testing.T) { - kdb, baseRepo, cs, err := testutils.EmptyRepo() + kdb, baseRepo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) store := storage.NewMemStorage() diff --git a/server/integration_test.go b/server/integration_test.go index 1833621e95..fca40490c4 100644 --- a/server/integration_test.go +++ b/server/integration_test.go @@ -37,7 +37,7 @@ func TestValidationErrorFormat(t *testing.T) { http.DefaultTransport, ) - _, repo, _, err := testutils.EmptyRepo() + _, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) r, tg, sn, ts, err := testutils.Sign(repo) assert.NoError(t, err) diff --git a/tuf/client/client_test.go b/tuf/client/client_test.go index d4ddb71e73..9cb738e151 100644 --- a/tuf/client/client_test.go +++ b/tuf/client/client_test.go @@ -312,7 +312,7 @@ func TestSizeMismatchShort(t *testing.T) { } func TestDownloadTargetsHappy(t *testing.T) { - kdb, repo, _, err := testutils.EmptyRepo() + kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) localStorage := store.NewMemoryStore(nil, nil) remoteStorage := store.NewMemoryStore(nil, nil) @@ -333,7 +333,7 @@ func TestDownloadTargetsHappy(t *testing.T) { } func TestDownloadTargetsDeepHappy(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) localStorage := store.NewMemoryStore(nil, nil) remoteStorage := store.NewMemoryStore(nil, nil) @@ -408,7 +408,7 @@ func TestDownloadTargetsDeepHappy(t *testing.T) { } func TestDownloadTargetChecksumMismatch(t *testing.T) { - kdb, repo, _, err := testutils.EmptyRepo() + kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) localStorage := store.NewMemoryStore(nil, nil) remoteStorage := store.NewMemoryStore(nil, nil) @@ -449,7 +449,7 @@ func TestDownloadTargetChecksumMismatch(t *testing.T) { // TestDownloadTargetsNoChecksum: it's never valid to download any targets // role (incl. delegations) when a checksum is not available. func TestDownloadTargetsNoChecksum(t *testing.T) { - kdb, repo, _, err := testutils.EmptyRepo() + kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) localStorage := store.NewMemoryStore(nil, nil) remoteStorage := store.NewMemoryStore(nil, nil) @@ -472,7 +472,7 @@ func TestDownloadTargetsNoChecksum(t *testing.T) { // TestDownloadTargetsNoSnapshot: it's never valid to download any targets // role (incl. delegations) when a checksum is not available. func TestDownloadTargetsNoSnapshot(t *testing.T) { - kdb, repo, _, err := testutils.EmptyRepo() + kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) localStorage := store.NewMemoryStore(nil, nil) remoteStorage := store.NewMemoryStore(nil, nil) @@ -493,7 +493,7 @@ func TestDownloadTargetsNoSnapshot(t *testing.T) { } func TestBootstrapDownloadRootHappy(t *testing.T) { - kdb, repo, _, err := testutils.EmptyRepo() + kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) localStorage := store.NewMemoryStore(nil, nil) remoteStorage := store.NewMemoryStore(nil, nil) @@ -515,7 +515,7 @@ func TestBootstrapDownloadRootHappy(t *testing.T) { } func TestUpdateDownloadRootHappy(t *testing.T) { - kdb, repo, _, err := testutils.EmptyRepo() + kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) localStorage := store.NewMemoryStore(nil, nil) remoteStorage := store.NewMemoryStore(nil, nil) @@ -537,7 +537,7 @@ func TestUpdateDownloadRootHappy(t *testing.T) { } func TestUpdateDownloadRootBadChecksum(t *testing.T) { - kdb, repo, _, err := testutils.EmptyRepo() + kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) localStorage := store.NewMemoryStore(nil, nil) remoteStorage := store.NewMemoryStore(nil, nil) @@ -562,7 +562,7 @@ func TestUpdateDownloadRootBadChecksum(t *testing.T) { } func TestDownloadTimestampHappy(t *testing.T) { - kdb, repo, _, err := testutils.EmptyRepo() + kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) localStorage := store.NewMemoryStore(nil, nil) remoteStorage := store.NewMemoryStore(nil, nil) @@ -581,7 +581,7 @@ func TestDownloadTimestampHappy(t *testing.T) { } func TestDownloadSnapshotHappy(t *testing.T) { - kdb, repo, _, err := testutils.EmptyRepo() + kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) localStorage := store.NewMemoryStore(nil, nil) remoteStorage := store.NewMemoryStore(nil, nil) @@ -609,7 +609,7 @@ func TestDownloadSnapshotHappy(t *testing.T) { // TestDownloadSnapshotNoChecksum: It should never be valid to download a // snapshot if we don't have a checksum func TestDownloadSnapshotNoTimestamp(t *testing.T) { - kdb, repo, _, err := testutils.EmptyRepo() + kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) localStorage := store.NewMemoryStore(nil, nil) remoteStorage := store.NewMemoryStore(nil, nil) @@ -630,7 +630,7 @@ func TestDownloadSnapshotNoTimestamp(t *testing.T) { } func TestDownloadSnapshotNoChecksum(t *testing.T) { - kdb, repo, _, err := testutils.EmptyRepo() + kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) localStorage := store.NewMemoryStore(nil, nil) remoteStorage := store.NewMemoryStore(nil, nil) @@ -651,7 +651,7 @@ func TestDownloadSnapshotNoChecksum(t *testing.T) { } func TestDownloadSnapshotBadChecksum(t *testing.T) { - kdb, repo, _, err := testutils.EmptyRepo() + kdb, repo, _, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) localStorage := store.NewMemoryStore(nil, nil) remoteStorage := store.NewMemoryStore(nil, nil) @@ -680,7 +680,7 @@ func TestDownloadSnapshotBadChecksum(t *testing.T) { // was found. If the path doesn't exist in that role subtree, returns // nil and an empty string. func TestTargetMeta(t *testing.T) { - kdb, repo, cs, err := testutils.EmptyRepo() + kdb, repo, cs, err := testutils.EmptyRepo("docker.com/notary") assert.NoError(t, err) localStorage := store.NewMemoryStore(nil, nil) client := NewClient(repo, nil, kdb, localStorage) diff --git a/tuf/testutils/repo.go b/tuf/testutils/repo.go index bd31ed56ef..236d5f5d94 100644 --- a/tuf/testutils/repo.go +++ b/tuf/testutils/repo.go @@ -19,22 +19,22 @@ import ( // EmptyRepo creates an in memory key database, crypto service // and initializes a repo with no targets or delegations. -func EmptyRepo() (*keys.KeyDB, *tuf.Repo, signed.CryptoService, error) { +func EmptyRepo(gun string) (*keys.KeyDB, *tuf.Repo, signed.CryptoService, error) { c := cryptoservice.NewCryptoService( - "", trustmanager.NewKeyMemoryStore(passphrase.ConstantRetriever(""))) + gun, trustmanager.NewKeyMemoryStore(passphrase.ConstantRetriever(""))) kdb := keys.NewDB() r := tuf.NewRepo(kdb, c) - for _, role := range []string{"root", "targets", "snapshot", "timestamp"} { + for _, role := range data.BaseRoles { key, _ := c.Create(role, data.ECDSAKey) - if role == "root" { + if role == data.CanonicalRootRole { start := time.Now().AddDate(0, 0, -1) privKey, _, err := c.GetPrivateKey(key.ID()) if err != nil { return nil, nil, nil, err } cert, err := cryptoservice.GenerateCertificate( - privKey, role, start, start.AddDate(1, 0, 0), + privKey, gun, start, start.AddDate(1, 0, 0), ) if err != nil { return nil, nil, nil, err