From 3a313b1dc96bc82bf5f54bb619d2e20c7a1b1bc4 Mon Sep 17 00:00:00 2001 From: Ying Li Date: Wed, 27 Apr 2016 14:14:39 -0700 Subject: [PATCH] Convert all use of copyKeys to testutils.CopyKeys Signed-off-by: Ying Li --- server/handlers/default_test.go | 6 +- server/handlers/validation_test.go | 91 +++++++++++++----------------- 2 files changed, 41 insertions(+), 56 deletions(-) diff --git a/server/handlers/default_test.go b/server/handlers/default_test.go index ab6b716be2..06824a64d0 100644 --- a/server/handlers/default_test.go +++ b/server/handlers/default_test.go @@ -334,7 +334,7 @@ func TestAtomicUpdateValidationFailurePropagated(t *testing.T) { repo, cs, err := testutils.EmptyRepo(gun) require.NoError(t, err) - state := handlerState{store: metaStore, crypto: copyKeys(t, cs, data.CanonicalTimestampRole)} + state := handlerState{store: metaStore, crypto: testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)} r, tg, sn, ts, err := testutils.Sign(repo) require.NoError(t, err) @@ -376,7 +376,7 @@ func TestAtomicUpdateNonValidationFailureNotPropagated(t *testing.T) { repo, cs, err := testutils.EmptyRepo(gun) require.NoError(t, err) - state := handlerState{store: &failStore{*metaStore}, crypto: copyKeys(t, cs, data.CanonicalTimestampRole)} + state := handlerState{store: &failStore{*metaStore}, crypto: testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)} r, tg, sn, ts, err := testutils.Sign(repo) require.NoError(t, err) @@ -418,7 +418,7 @@ func TestAtomicUpdateVersionErrorPropagated(t *testing.T) { require.NoError(t, err) state := handlerState{ - store: &invalidVersionStore{*metaStore}, crypto: copyKeys(t, cs, data.CanonicalTimestampRole)} + store: &invalidVersionStore{*metaStore}, crypto: testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)} r, tg, sn, ts, err := testutils.Sign(repo) require.NoError(t, err) diff --git a/server/handlers/validation_test.go b/server/handlers/validation_test.go index 89c4cc14b8..906fcb44c9 100644 --- a/server/handlers/validation_test.go +++ b/server/handlers/validation_test.go @@ -8,10 +8,7 @@ import ( "github.com/docker/go/canonical/json" - "github.com/docker/notary/cryptoservice" - "github.com/docker/notary/passphrase" "github.com/docker/notary/server/storage" - "github.com/docker/notary/trustmanager" "github.com/docker/notary/trustpinning" "github.com/docker/notary/tuf" "github.com/docker/notary/tuf/data" @@ -47,18 +44,6 @@ func (f getFailStore) GetChecksum(gun, tufRole, checksum string) (*time.Time, [] return nil, nil, err } -func copyKeys(t *testing.T, from signed.CryptoService, roles ...string) signed.CryptoService { - memKeyStore := trustmanager.NewKeyMemoryStore(passphrase.ConstantRetriever("pass")) - for _, role := range roles { - for _, keyID := range from.ListKeys(role) { - key, _, err := from.GetPrivateKey(keyID) - require.NoError(t, err) - memKeyStore.AddKey(trustmanager.KeyInfo{Role: role}, key) - } - } - return cryptoservice.NewCryptoService(memKeyStore) -} - // Returns a mapping of role name to `MetaUpdate` objects func getUpdates(r, tg, sn, ts *data.Signed) ( root, targets, snapshot, timestamp storage.MetaUpdate, err error) { @@ -104,7 +89,7 @@ func TestValidateEmptyNew(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) updates, err = validateUpdate(serverCrypto, gun, updates, store) require.NoError(t, err) @@ -134,7 +119,7 @@ func TestValidateRootCanContainOnlyx509KeysWithRightGun(t *testing.T) { gun := "docker.com/notary" repo, cs, err := testutils.EmptyRepo("wrong/gun") require.NoError(t, err) - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) // if the root has the wrong gun, the server will fail to validate r, tg, sn, ts, err := testutils.Sign(repo) @@ -181,7 +166,7 @@ func TestValidatePrevTimestamp(t *testing.T) { store := storage.NewMemStorage() store.UpdateCurrent(gun, timestamp) - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) updates, err = validateUpdate(serverCrypto, gun, updates, store) require.NoError(t, err) @@ -217,7 +202,7 @@ func TestValidatePreviousTimestampCorrupt(t *testing.T) { timestamp.Data = timestamp.Data[1:] store.UpdateCurrent(gun, timestamp) - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, &json.SyntaxError{}, err) @@ -240,7 +225,7 @@ func TestValidateGetCurrentTimestampBroken(t *testing.T) { errsToReturn: map[string]error{data.CanonicalTimestampRole: data.ErrNoSuchRole{}}, } - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) updates, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, data.ErrNoSuchRole{}, err) @@ -260,7 +245,7 @@ func TestValidateNoNewRoot(t *testing.T) { store.UpdateCurrent(gun, root) updates := []storage.MetaUpdate{targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.NoError(t, err) } @@ -279,7 +264,7 @@ func TestValidateNoNewTargets(t *testing.T) { store.UpdateCurrent(gun, targets) updates := []storage.MetaUpdate{root, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.NoError(t, err) } @@ -300,7 +285,7 @@ func TestValidateOnlySnapshot(t *testing.T) { updates := []storage.MetaUpdate{snapshot} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.NoError(t, err) } @@ -319,7 +304,7 @@ func TestValidateOldRoot(t *testing.T) { store.UpdateCurrent(gun, root) updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.NoError(t, err) } @@ -343,7 +328,7 @@ func TestValidateOldRootCorrupt(t *testing.T) { store.UpdateCurrent(gun, badRoot) updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, &json.SyntaxError{}, err) @@ -376,7 +361,7 @@ func TestValidateOldRootCorruptRootRole(t *testing.T) { store.UpdateCurrent(gun, badRoot) updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, data.ErrInvalidMetadata{}, err) @@ -402,7 +387,7 @@ func TestValidateRootGetCurrentRootBroken(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, data.ErrNoSuchRole{}, err) @@ -414,7 +399,7 @@ func TestValidateRootRotationWithOldSigs(t *testing.T) { gun := "docker.com/notary" repo, crypto, err := testutils.EmptyRepo(gun) require.NoError(t, err) - serverCrypto := copyKeys(t, crypto, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, crypto, data.CanonicalTimestampRole) store := storage.NewMemStorage() r, tg, sn, ts, err := testutils.Sign(repo) @@ -507,7 +492,7 @@ func TestValidateRootRotationMultipleKeysThreshold1(t *testing.T) { gun := "docker.com/notary" repo, crypto, err := testutils.EmptyRepo(gun) require.NoError(t, err) - serverCrypto := copyKeys(t, crypto, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, crypto, data.CanonicalTimestampRole) store := storage.NewMemStorage() // add a new root key to the root so that either can sign have to sign @@ -575,7 +560,7 @@ func TestRootRotationNotSignedWithOldKeysForOldRole(t *testing.T) { repo, crypto, err := testutils.EmptyRepo(gun) require.NoError(t, err) store := storage.NewMemStorage() - serverCrypto := copyKeys(t, crypto, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, crypto, data.CanonicalTimestampRole) oldRootKeyID := repo.Root.Signed.Roles[data.CanonicalRootRole].KeyIDs[0] @@ -660,7 +645,7 @@ func TestValidateNoRoot(t *testing.T) { updates := []storage.MetaUpdate{targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrValidation{}, err) @@ -679,7 +664,7 @@ func TestValidateSnapshotMissingNoSnapshotKey(t *testing.T) { updates := []storage.MetaUpdate{root, targets} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadHierarchy{}, err) @@ -705,7 +690,7 @@ func TestValidateSnapshotGenerateNoPrev(t *testing.T) { updates := []storage.MetaUpdate{root, targets} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.NoError(t, err) } @@ -737,7 +722,7 @@ func TestValidateSnapshotGenerateWithPrev(t *testing.T) { prev, err := data.SnapshotFromSigned(sn) require.NoError(t, err) - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole) updates, err = validateUpdate(serverCrypto, gun, updates, store) require.NoError(t, err) @@ -777,7 +762,7 @@ func TestValidateSnapshotGeneratePrevCorrupt(t *testing.T) { // the next version store.UpdateCurrent(gun, snapshot) - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole) updates, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, &json.SyntaxError{}, err) @@ -807,7 +792,7 @@ func TestValidateSnapshotGenerateStoreGetCurrentSnapshotBroken(t *testing.T) { updates := []storage.MetaUpdate{root, targets} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, data.ErrNoSuchRole{}, err) @@ -833,7 +818,7 @@ func TestValidateSnapshotGenerateNoTargets(t *testing.T) { updates := []storage.MetaUpdate{root} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole) updates, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) } @@ -860,7 +845,7 @@ func TestValidateSnapshotGenerate(t *testing.T) { store.UpdateCurrent(gun, root) - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole) updates, err = validateUpdate(serverCrypto, gun, updates, store) require.NoError(t, err) } @@ -939,7 +924,7 @@ func TestValidateRootInvalidTimestampThreshold(t *testing.T) { store := storage.NewMemStorage() updates := []storage.MetaUpdate{root, targets, snapshot} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadRoot{}, err) @@ -963,7 +948,7 @@ func TestValidateRootInvalidZeroThreshold(t *testing.T) { store := storage.NewMemStorage() updates := []storage.MetaUpdate{root, targets, snapshot} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.Contains(t, err.Error(), "invalid threshold") @@ -988,7 +973,7 @@ func TestValidateRootRoleMissing(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadRoot{}, err) @@ -1009,7 +994,7 @@ func TestValidateTargetsRoleMissing(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadRoot{}, err) @@ -1030,7 +1015,7 @@ func TestValidateSnapshotRoleMissing(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadRoot{}, err) @@ -1057,7 +1042,7 @@ func TestValidateRootSigMissing(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadRoot{}, err) @@ -1079,7 +1064,7 @@ func TestValidateTargetsSigMissing(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadTargets{}, err) @@ -1101,7 +1086,7 @@ func TestValidateSnapshotSigMissing(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadSnapshot{}, err) @@ -1126,7 +1111,7 @@ func TestValidateRootCorrupt(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadRoot{}, err) @@ -1148,7 +1133,7 @@ func TestValidateTargetsCorrupt(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadTargets{}, err) @@ -1170,7 +1155,7 @@ func TestValidateSnapshotCorrupt(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadSnapshot{}, err) @@ -1199,7 +1184,7 @@ func TestValidateRootModifiedSize(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadRoot{}, err) @@ -1222,7 +1207,7 @@ func TestValidateTargetsModifiedSize(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadSnapshot{}, err) @@ -1252,7 +1237,7 @@ func TestValidateRootModifiedHash(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadSnapshot{}, err) @@ -1279,7 +1264,7 @@ func TestValidateTargetsModifiedHash(t *testing.T) { updates := []storage.MetaUpdate{root, targets, snapshot, timestamp} - serverCrypto := copyKeys(t, cs, data.CanonicalTimestampRole) + serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole) _, err = validateUpdate(serverCrypto, gun, updates, store) require.Error(t, err) require.IsType(t, validation.ErrBadSnapshot{}, err)