docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use 'require' instead of 'assert' in client and TUF client tests 

Signed-off-by: Ying Li <ying.li@docker.com>
This commit is contained in:
Ying Li 2016-03-15 13:52:48 -07:00
parent c74fab9401
commit 4022e97b08
11 changed files with 1167 additions and 1168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
client/client_root_validation_test.go
View File

@ -7,7 +7,7 @@ import (
"github.com/Sirupsen/logrus"
"github.com/docker/notary/certs"
"github.com/docker/notary/tuf/data"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
// TestValidateRoot through the process of initializing a repository and makes
@ -32,12 +32,12 @@ func validateRootSuccessfully(t *testing.T, rootType string) {
// tests need to manually boostrap timestamp as client doesn't generate it
err := repo.tufRepo.InitTimestamp()
assert.NoError(t, err, "error creating repository: %s", err)
require.NoError(t, err, "error creating repository: %s", err)
// Initialize is supposed to have created new certificate for this repository
// Lets check for it and store it for later use
allCerts := repo.CertStore.GetCertificates()
assert.Len(t, allCerts, 1)
require.Len(t, allCerts, 1)
fakeServerData(t, repo, mux, keys)
@ -45,13 +45,13 @@ func validateRootSuccessfully(t *testing.T, rootType string) {
// Test TOFUS logic. We remove all certs and expect a new one to be added after ListTargets
//
err = repo.CertStore.RemoveAll()
assert.NoError(t, err)
assert.Len(t, repo.CertStore.GetCertificates(), 0)
require.NoError(t, err)
require.Len(t, repo.CertStore.GetCertificates(), 0)
// This list targets is expected to succeed and the certificate store to have the new certificate
_, err = repo.ListTargets(data.CanonicalTargetsRole)
assert.NoError(t, err)
assert.Len(t, repo.CertStore.GetCertificates(), 1)
require.NoError(t, err)
require.Len(t, repo.CertStore.GetCertificates(), 1)
//
// Test certificate mismatch logic. We remove all certs, add a different cert to the
@ -60,20 +60,19 @@ func validateRootSuccessfully(t *testing.T, rootType string) {
// First, remove all certs
err = repo.CertStore.RemoveAll()
assert.NoError(t, err)
assert.Len(t, repo.CertStore.GetCertificates(), 0)
require.NoError(t, err)
require.Len(t, repo.CertStore.GetCertificates(), 0)
// Add a previously generated certificate with CN=docker.com/notary
err = repo.CertStore.AddCertFromFile(
"../fixtures/self-signed_docker.com-notary.crt")
assert.NoError(t, err)
require.NoError(t, err)
// This list targets is expected to fail, since there already exists a certificate
// in the store for the dnsName docker.com/notary, so TOFUS doesn't apply
_, err = repo.ListTargets(data.CanonicalTargetsRole)
if assert.Error(t, err, "An error was expected") {
assert.Equal(t, err, &certs.ErrValidationFail{
Reason: "failed to validate data with current trusted certificates",
})
}
require.Error(t, err, "An error was expected")
require.Equal(t, err, &certs.ErrValidationFail{
Reason: "failed to validate data with current trusted certificates",
})
}

1268
client/client_test.go
View File

File diff suppressed because it is too large Load Diff

376
client/helpers_test.go
View File

@ -8,14 +8,14 @@ import (
"github.com/docker/notary/client/changelist"
"github.com/docker/notary/tuf/data"
"github.com/docker/notary/tuf/testutils"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestApplyTargetsChange(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
_, err = repo.InitTargets(data.CanonicalTargetsRole)
assert.NoError(t, err)
require.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
Length: 1,
@ -24,7 +24,7 @@ func TestApplyTargetsChange(t *testing.T) {
},
}
fjson, err := json.Marshal(f)
assert.NoError(t, err)
require.NoError(t, err)
addChange := &changelist.TufChange{
Actn: changelist.ActionCreate,
@ -34,8 +34,8 @@ func TestApplyTargetsChange(t *testing.T) {
Data: fjson,
}
err = applyTargetsChange(repo, addChange)
assert.NoError(t, err)
assert.NotNil(t, repo.Targets["targets"].Signed.Targets["latest"])
require.NoError(t, err)
require.NotNil(t, repo.Targets["targets"].Signed.Targets["latest"])
removeChange := &changelist.TufChange{
Actn: changelist.ActionDelete,
@ -45,17 +45,17 @@ func TestApplyTargetsChange(t *testing.T) {
Data: nil,
}
err = applyTargetsChange(repo, removeChange)
assert.NoError(t, err)
require.NoError(t, err)
_, ok := repo.Targets["targets"].Signed.Targets["latest"]
assert.False(t, ok)
require.False(t, ok)
}
// Adding the same target twice doesn't actually add it.
func TestApplyAddTargetTwice(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
_, err = repo.InitTargets(data.CanonicalTargetsRole)
assert.NoError(t, err)
require.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
Length: 1,
@ -64,17 +64,17 @@ func TestApplyAddTargetTwice(t *testing.T) {
},
}
fjson, err := json.Marshal(f)
assert.NoError(t, err)
require.NoError(t, err)
cl := changelist.NewMemChangelist()
assert.NoError(t, cl.Add(&changelist.TufChange{
require.NoError(t, cl.Add(&changelist.TufChange{
Actn: changelist.ActionCreate,
Role: changelist.ScopeTargets,
ChangeType: "target",
ChangePath: "latest",
Data: fjson,
}))
assert.NoError(t, cl.Add(&changelist.TufChange{
require.NoError(t, cl.Add(&changelist.TufChange{
Actn: changelist.ActionCreate,
Role: changelist.ScopeTargets,
ChangeType: "target",
@ -82,26 +82,26 @@ func TestApplyAddTargetTwice(t *testing.T) {
Data: fjson,
}))
assert.NoError(t, applyChangelist(repo, cl))
assert.Len(t, repo.Targets["targets"].Signed.Targets, 1)
assert.NotEmpty(t, repo.Targets["targets"].Signed.Targets["latest"])
require.NoError(t, applyChangelist(repo, cl))
require.Len(t, repo.Targets["targets"].Signed.Targets, 1)
require.NotEmpty(t, repo.Targets["targets"].Signed.Targets["latest"])
assert.NoError(t, applyTargetsChange(repo, &changelist.TufChange{
require.NoError(t, applyTargetsChange(repo, &changelist.TufChange{
Actn: changelist.ActionCreate,
Role: changelist.ScopeTargets,
ChangeType: "target",
ChangePath: "latest",
Data: fjson,
}))
assert.Len(t, repo.Targets["targets"].Signed.Targets, 1)
assert.NotEmpty(t, repo.Targets["targets"].Signed.Targets["latest"])
require.Len(t, repo.Targets["targets"].Signed.Targets, 1)
require.NotEmpty(t, repo.Targets["targets"].Signed.Targets["latest"])
}
func TestApplyChangelist(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
_, err = repo.InitTargets(data.CanonicalTargetsRole)
assert.NoError(t, err)
require.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
Length: 1,
@ -110,7 +110,7 @@ func TestApplyChangelist(t *testing.T) {
},
}
fjson, err := json.Marshal(f)
assert.NoError(t, err)
require.NoError(t, err)
cl := changelist.NewMemChangelist()
addChange := &changelist.TufChange{
@ -122,8 +122,8 @@ func TestApplyChangelist(t *testing.T) {
}
cl.Add(addChange)
err = applyChangelist(repo, cl)
assert.NoError(t, err)
assert.NotNil(t, repo.Targets["targets"].Signed.Targets["latest"])
require.NoError(t, err)
require.NotNil(t, repo.Targets["targets"].Signed.Targets["latest"])
cl.Clear("")
@ -136,16 +136,16 @@ func TestApplyChangelist(t *testing.T) {
}
cl.Add(removeChange)
err = applyChangelist(repo, cl)
assert.NoError(t, err)
require.NoError(t, err)
_, ok := repo.Targets["targets"].Signed.Targets["latest"]
assert.False(t, ok)
require.False(t, ok)
}
func TestApplyChangelistMulti(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
_, err = repo.InitTargets(data.CanonicalTargetsRole)
assert.NoError(t, err)
require.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
Length: 1,
@ -154,7 +154,7 @@ func TestApplyChangelistMulti(t *testing.T) {
},
}
fjson, err := json.Marshal(f)
assert.NoError(t, err)
require.NoError(t, err)
cl := changelist.NewMemChangelist()
addChange := &changelist.TufChange{
@ -177,17 +177,17 @@ func TestApplyChangelistMulti(t *testing.T) {
cl.Add(removeChange)
err = applyChangelist(repo, cl)
assert.NoError(t, err)
require.NoError(t, err)
_, ok := repo.Targets["targets"].Signed.Targets["latest"]
assert.False(t, ok)
require.False(t, ok)
}
func TestApplyTargetsDelegationCreateDelete(t *testing.T) {
repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
// create delegation
kl := data.KeyList{newKey}
@ -198,7 +198,7 @@ func TestApplyTargetsDelegationCreateDelete(t *testing.T) {
}
tdJSON, err := json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch := changelist.NewTufChange(
changelist.ActionCreate,
@ -209,20 +209,20 @@ func TestApplyTargetsDelegationCreateDelete(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.NoError(t, err)
require.NoError(t, err)
tgts := repo.Targets[data.CanonicalTargetsRole]
assert.Len(t, tgts.Signed.Delegations.Roles, 1)
assert.Len(t, tgts.Signed.Delegations.Keys, 1)
require.Len(t, tgts.Signed.Delegations.Roles, 1)
require.Len(t, tgts.Signed.Delegations.Keys, 1)
_, ok := tgts.Signed.Delegations.Keys[newKey.ID()]
assert.True(t, ok)
require.True(t, ok)
role := tgts.Signed.Delegations.Roles[0]
assert.Len(t, role.KeyIDs, 1)
assert.Equal(t, newKey.ID(), role.KeyIDs[0])
assert.Equal(t, "targets/level1", role.Name)
assert.Equal(t, "level1", role.Paths[0])
require.Len(t, role.KeyIDs, 1)
require.Equal(t, newKey.ID(), role.KeyIDs[0])
require.Equal(t, "targets/level1", role.Name)
require.Equal(t, "level1", role.Paths[0])
// delete delegation
td = &changelist.TufDelegation{
@ -230,7 +230,7 @@ func TestApplyTargetsDelegationCreateDelete(t *testing.T) {
}
tdJSON, err = json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch = changelist.NewTufChange(
changelist.ActionDelete,
"targets/level1",
@ -240,18 +240,18 @@ func TestApplyTargetsDelegationCreateDelete(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, tgts.Signed.Delegations.Roles, 0)
assert.Len(t, tgts.Signed.Delegations.Keys, 0)
require.Len(t, tgts.Signed.Delegations.Roles, 0)
require.Len(t, tgts.Signed.Delegations.Keys, 0)
}
func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) {
repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
// create first delegation
kl := data.KeyList{newKey}
@ -262,7 +262,7 @@ func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) {
}
tdJSON, err := json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch := changelist.NewTufChange(
changelist.ActionCreate,
@ -273,7 +273,7 @@ func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.NoError(t, err)
require.NoError(t, err)
// create second delegation
kl = data.KeyList{newKey}
@ -284,7 +284,7 @@ func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) {
}
tdJSON, err = json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch = changelist.NewTufChange(
changelist.ActionCreate,
@ -295,30 +295,30 @@ func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.NoError(t, err)
require.NoError(t, err)
tgts := repo.Targets[data.CanonicalTargetsRole]
assert.Len(t, tgts.Signed.Delegations.Roles, 2)
assert.Len(t, tgts.Signed.Delegations.Keys, 1)
require.Len(t, tgts.Signed.Delegations.Roles, 2)
require.Len(t, tgts.Signed.Delegations.Keys, 1)
role1 := tgts.Signed.Delegations.Roles[0]
assert.Len(t, role1.KeyIDs, 1)
assert.Equal(t, newKey.ID(), role1.KeyIDs[0])
assert.Equal(t, "targets/level1", role1.Name)
assert.Equal(t, "level1", role1.Paths[0])
require.Len(t, role1.KeyIDs, 1)
require.Equal(t, newKey.ID(), role1.KeyIDs[0])
require.Equal(t, "targets/level1", role1.Name)
require.Equal(t, "level1", role1.Paths[0])
role2 := tgts.Signed.Delegations.Roles[1]
assert.Len(t, role2.KeyIDs, 1)
assert.Equal(t, newKey.ID(), role2.KeyIDs[0])
assert.Equal(t, "targets/level2", role2.Name)
assert.Equal(t, "level2", role2.Paths[0])
require.Len(t, role2.KeyIDs, 1)
require.Equal(t, newKey.ID(), role2.KeyIDs[0])
require.Equal(t, "targets/level2", role2.Name)
require.Equal(t, "level2", role2.Paths[0])
// delete one delegation, ensure shared key remains
td = &changelist.TufDelegation{
RemoveKeys: []string{newKey.ID()},
}
tdJSON, err = json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch = changelist.NewTufChange(
changelist.ActionDelete,
"targets/level1",
@ -328,10 +328,10 @@ func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, tgts.Signed.Delegations.Roles, 1)
assert.Len(t, tgts.Signed.Delegations.Keys, 1)
require.Len(t, tgts.Signed.Delegations.Roles, 1)
require.Len(t, tgts.Signed.Delegations.Keys, 1)
// delete other delegation, ensure key cleaned up
ch = changelist.NewTufChange(
@ -343,18 +343,18 @@ func TestApplyTargetsDelegationCreate2SharedKey(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, tgts.Signed.Delegations.Roles, 0)
assert.Len(t, tgts.Signed.Delegations.Keys, 0)
require.Len(t, tgts.Signed.Delegations.Roles, 0)
require.Len(t, tgts.Signed.Delegations.Keys, 0)
}
func TestApplyTargetsDelegationCreateEdit(t *testing.T) {
repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
// create delegation
kl := data.KeyList{newKey}
@ -365,7 +365,7 @@ func TestApplyTargetsDelegationCreateEdit(t *testing.T) {
}
tdJSON, err := json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch := changelist.NewTufChange(
changelist.ActionCreate,
@ -376,11 +376,11 @@ func TestApplyTargetsDelegationCreateEdit(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.NoError(t, err)
require.NoError(t, err)
// edit delegation
newKey2, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
kl = data.KeyList{newKey2}
td = &changelist.TufDelegation{
@ -390,7 +390,7 @@ func TestApplyTargetsDelegationCreateEdit(t *testing.T) {
}
tdJSON, err = json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch = changelist.NewTufChange(
changelist.ActionUpdate,
@ -401,28 +401,28 @@ func TestApplyTargetsDelegationCreateEdit(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.NoError(t, err)
require.NoError(t, err)
tgts := repo.Targets[data.CanonicalTargetsRole]
assert.Len(t, tgts.Signed.Delegations.Roles, 1)
assert.Len(t, tgts.Signed.Delegations.Keys, 1)
require.Len(t, tgts.Signed.Delegations.Roles, 1)
require.Len(t, tgts.Signed.Delegations.Keys, 1)
_, ok := tgts.Signed.Delegations.Keys[newKey2.ID()]
assert.True(t, ok)
require.True(t, ok)
role := tgts.Signed.Delegations.Roles[0]
assert.Len(t, role.KeyIDs, 1)
assert.Equal(t, newKey2.ID(), role.KeyIDs[0])
assert.Equal(t, "targets/level1", role.Name)
assert.Equal(t, "level1", role.Paths[0])
require.Len(t, role.KeyIDs, 1)
require.Equal(t, newKey2.ID(), role.KeyIDs[0])
require.Equal(t, "targets/level1", role.Name)
require.Equal(t, "level1", role.Paths[0])
}
func TestApplyTargetsDelegationEditNonExisting(t *testing.T) {
repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
// create delegation
kl := data.KeyList{newKey}
@ -433,7 +433,7 @@ func TestApplyTargetsDelegationEditNonExisting(t *testing.T) {
}
tdJSON, err := json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch := changelist.NewTufChange(
changelist.ActionUpdate,
@ -444,16 +444,16 @@ func TestApplyTargetsDelegationEditNonExisting(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.Error(t, err)
assert.IsType(t, data.ErrInvalidRole{}, err)
require.Error(t, err)
require.IsType(t, data.ErrInvalidRole{}, err)
}
func TestApplyTargetsDelegationCreateAlreadyExisting(t *testing.T) {
repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
// create delegation
kl := data.KeyList{newKey}
@ -464,7 +464,7 @@ func TestApplyTargetsDelegationCreateAlreadyExisting(t *testing.T) {
}
tdJSON, err := json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch := changelist.NewTufChange(
changelist.ActionCreate,
@ -475,12 +475,12 @@ func TestApplyTargetsDelegationCreateAlreadyExisting(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.NoError(t, err)
require.NoError(t, err)
// we have sufficient checks elsewhere we don't need to confirm that
// creating fresh works here via more asserts.
// creating fresh works here via more requires.
extraKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
// create delegation
kl = data.KeyList{extraKey}
@ -491,7 +491,7 @@ func TestApplyTargetsDelegationCreateAlreadyExisting(t *testing.T) {
}
tdJSON, err = json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch = changelist.NewTufChange(
changelist.ActionCreate,
@ -503,19 +503,19 @@ func TestApplyTargetsDelegationCreateAlreadyExisting(t *testing.T) {
// when attempting to create the same role again, check that we added a key
err = applyTargetsChange(repo, ch)
assert.NoError(t, err)
require.NoError(t, err)
delegation, err := repo.GetDelegationRole("targets/level1")
assert.NoError(t, err)
assert.Contains(t, delegation.Paths, "level1")
assert.Equal(t, len(delegation.ListKeyIDs()), 2)
require.NoError(t, err)
require.Contains(t, delegation.Paths, "level1")
require.Equal(t, len(delegation.ListKeyIDs()), 2)
}
func TestApplyTargetsDelegationAlreadyExistingMergePaths(t *testing.T) {
repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
// create delegation
kl := data.KeyList{newKey}
@ -526,7 +526,7 @@ func TestApplyTargetsDelegationAlreadyExistingMergePaths(t *testing.T) {
}
tdJSON, err := json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch := changelist.NewTufChange(
changelist.ActionCreate,
@ -537,15 +537,15 @@ func TestApplyTargetsDelegationAlreadyExistingMergePaths(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.NoError(t, err)
require.NoError(t, err)
// we have sufficient checks elsewhere we don't need to confirm that
// creating fresh works here via more asserts.
// creating fresh works here via more requires.
// Use different path for this changelist
td.AddPaths = []string{"level2"}
tdJSON, err = json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch = changelist.NewTufChange(
changelist.ActionCreate,
@ -558,20 +558,20 @@ func TestApplyTargetsDelegationAlreadyExistingMergePaths(t *testing.T) {
// when attempting to create the same role again, check that we
// merged with previous details
err = applyTargetsChange(repo, ch)
assert.NoError(t, err)
require.NoError(t, err)
delegation, err := repo.GetDelegationRole("targets/level1")
assert.NoError(t, err)
require.NoError(t, err)
// Assert we have both paths
assert.Contains(t, delegation.Paths, "level2")
assert.Contains(t, delegation.Paths, "level1")
require.Contains(t, delegation.Paths, "level2")
require.Contains(t, delegation.Paths, "level1")
}
func TestApplyTargetsDelegationInvalidRole(t *testing.T) {
repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
// create delegation
kl := data.KeyList{newKey}
@ -582,7 +582,7 @@ func TestApplyTargetsDelegationInvalidRole(t *testing.T) {
}
tdJSON, err := json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch := changelist.NewTufChange(
changelist.ActionCreate,
@ -593,15 +593,15 @@ func TestApplyTargetsDelegationInvalidRole(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.Error(t, err)
require.Error(t, err)
}
func TestApplyTargetsDelegationInvalidJSONContent(t *testing.T) {
repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
// create delegation
kl := data.KeyList{newKey}
@ -612,7 +612,7 @@ func TestApplyTargetsDelegationInvalidJSONContent(t *testing.T) {
}
tdJSON, err := json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch := changelist.NewTufChange(
changelist.ActionCreate,
@ -623,12 +623,12 @@ func TestApplyTargetsDelegationInvalidJSONContent(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.Error(t, err)
require.Error(t, err)
}
func TestApplyTargetsDelegationInvalidAction(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
ch := changelist.NewTufChange(
"bad action",
@ -639,12 +639,12 @@ func TestApplyTargetsDelegationInvalidAction(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.Error(t, err)
require.Error(t, err)
}
func TestApplyTargetsChangeInvalidType(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
ch := changelist.NewTufChange(
changelist.ActionCreate,
@ -655,15 +655,15 @@ func TestApplyTargetsChangeInvalidType(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.Error(t, err)
require.Error(t, err)
}
func TestApplyTargetsDelegationCreate2Deep(t *testing.T) {
repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
// create delegation
kl := data.KeyList{newKey}
@ -674,7 +674,7 @@ func TestApplyTargetsDelegationCreate2Deep(t *testing.T) {
}
tdJSON, err := json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch := changelist.NewTufChange(
changelist.ActionCreate,
@ -685,20 +685,20 @@ func TestApplyTargetsDelegationCreate2Deep(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.NoError(t, err)
require.NoError(t, err)
tgts := repo.Targets[data.CanonicalTargetsRole]
assert.Len(t, tgts.Signed.Delegations.Roles, 1)
assert.Len(t, tgts.Signed.Delegations.Keys, 1)
require.Len(t, tgts.Signed.Delegations.Roles, 1)
require.Len(t, tgts.Signed.Delegations.Keys, 1)
_, ok := tgts.Signed.Delegations.Keys[newKey.ID()]
assert.True(t, ok)
require.True(t, ok)
role := tgts.Signed.Delegations.Roles[0]
assert.Len(t, role.KeyIDs, 1)
assert.Equal(t, newKey.ID(), role.KeyIDs[0])
assert.Equal(t, "targets/level1", role.Name)
assert.Equal(t, "level1", role.Paths[0])
require.Len(t, role.KeyIDs, 1)
require.Equal(t, newKey.ID(), role.KeyIDs[0])
require.Equal(t, "targets/level1", role.Name)
require.Equal(t, "level1", role.Paths[0])
// init delegations targets file. This would be done as part of a publish
// operation
@ -711,7 +711,7 @@ func TestApplyTargetsDelegationCreate2Deep(t *testing.T) {
}
tdJSON, err = json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch = changelist.NewTufChange(
changelist.ActionCreate,
@ -722,34 +722,34 @@ func TestApplyTargetsDelegationCreate2Deep(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.NoError(t, err)
require.NoError(t, err)
tgts = repo.Targets["targets/level1"]
assert.Len(t, tgts.Signed.Delegations.Roles, 1)
assert.Len(t, tgts.Signed.Delegations.Keys, 1)
require.Len(t, tgts.Signed.Delegations.Roles, 1)
require.Len(t, tgts.Signed.Delegations.Keys, 1)
_, ok = tgts.Signed.Delegations.Keys[newKey.ID()]
assert.True(t, ok)
require.True(t, ok)
role = tgts.Signed.Delegations.Roles[0]
assert.Len(t, role.KeyIDs, 1)
assert.Equal(t, newKey.ID(), role.KeyIDs[0])
assert.Equal(t, "targets/level1/level2", role.Name)
assert.Equal(t, "level1/level2", role.Paths[0])
require.Len(t, role.KeyIDs, 1)
require.Equal(t, newKey.ID(), role.KeyIDs[0])
require.Equal(t, "targets/level1/level2", role.Name)
require.Equal(t, "level1/level2", role.Paths[0])
}
// Applying a delegation whose parent doesn't exist fails.
func TestApplyTargetsDelegationParentDoesntExist(t *testing.T) {
repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
// make sure a key exists for the previous level, so it's not a missing
// key error, but we don't care about this key
_, err = cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
newKey, err := cs.Create("targets/level1/level2", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
// create delegation
kl := data.KeyList{newKey}
@ -759,7 +759,7 @@ func TestApplyTargetsDelegationParentDoesntExist(t *testing.T) {
}
tdJSON, err := json.Marshal(td)
assert.NoError(t, err)
require.NoError(t, err)
ch := changelist.NewTufChange(
changelist.ActionCreate,
@ -770,20 +770,20 @@ func TestApplyTargetsDelegationParentDoesntExist(t *testing.T) {
)
err = applyTargetsChange(repo, ch)
assert.Error(t, err)
assert.IsType(t, data.ErrInvalidRole{}, err)
require.Error(t, err)
require.IsType(t, data.ErrInvalidRole{}, err)
}
// If there is no delegation target, ApplyTargets creates it
func TestApplyChangelistCreatesDelegation(t *testing.T) {
repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
err = repo.UpdateDelegationKeys("targets/level1", []data.PublicKey{newKey}, []string{}, 1)
assert.NoError(t, err)
require.NoError(t, err)
err = repo.UpdateDelegationPaths("targets/level1", []string{""}, []string{}, false)
delete(repo.Targets, "targets/level1")
@ -795,10 +795,10 @@ func TestApplyChangelistCreatesDelegation(t *testing.T) {
},
}
fjson, err := json.Marshal(f)
assert.NoError(t, err)
require.NoError(t, err)
cl := changelist.NewMemChangelist()
assert.NoError(t, cl.Add(&changelist.TufChange{
require.NoError(t, cl.Add(&changelist.TufChange{
Actn: changelist.ActionCreate,
Role: "targets/level1",
ChangeType: "target",
@ -806,30 +806,30 @@ func TestApplyChangelistCreatesDelegation(t *testing.T) {
Data: fjson,
}))
assert.NoError(t, applyChangelist(repo, cl))
require.NoError(t, applyChangelist(repo, cl))
_, ok := repo.Targets["targets/level1"]
assert.True(t, ok, "Failed to create the delegation target")
require.True(t, ok, "Failed to create the delegation target")
_, ok = repo.Targets["targets/level1"].Signed.Targets["latest"]
assert.True(t, ok, "Failed to write change to delegation target")
require.True(t, ok, "Failed to write change to delegation target")
}
// Each change applies only to the role specified
func TestApplyChangelistTargetsToMultipleRoles(t *testing.T) {
repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
err = repo.UpdateDelegationKeys("targets/level1", []data.PublicKey{newKey}, []string{}, 1)
assert.NoError(t, err)
require.NoError(t, err)
err = repo.UpdateDelegationPaths("targets/level1", []string{""}, []string{}, false)
assert.NoError(t, err)
require.NoError(t, err)
err = repo.UpdateDelegationKeys("targets/level2", []data.PublicKey{newKey}, []string{}, 1)
assert.NoError(t, err)
require.NoError(t, err)
err = repo.UpdateDelegationPaths("targets/level2", []string{""}, []string{}, false)
assert.NoError(t, err)
require.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
@ -839,17 +839,17 @@ func TestApplyChangelistTargetsToMultipleRoles(t *testing.T) {
},
}
fjson, err := json.Marshal(f)
assert.NoError(t, err)
require.NoError(t, err)
cl := changelist.NewMemChangelist()
assert.NoError(t, cl.Add(&changelist.TufChange{
require.NoError(t, cl.Add(&changelist.TufChange{
Actn: changelist.ActionCreate,
Role: "targets/level1",
ChangeType: "target",
ChangePath: "latest",
Data: fjson,
}))
assert.NoError(t, cl.Add(&changelist.TufChange{
require.NoError(t, cl.Add(&changelist.TufChange{
Actn: changelist.ActionDelete,
Role: "targets/level2",
ChangeType: "target",
@ -857,17 +857,17 @@ func TestApplyChangelistTargetsToMultipleRoles(t *testing.T) {
Data: nil,
}))
assert.NoError(t, applyChangelist(repo, cl))
require.NoError(t, applyChangelist(repo, cl))
_, ok := repo.Targets["targets/level1"].Signed.Targets["latest"]
assert.True(t, ok)
require.True(t, ok)
_, ok = repo.Targets["targets/level2"]
assert.False(t, ok, "no change to targets/level2, so metadata not created")
require.False(t, ok, "no change to targets/level2, so metadata not created")
}
// ApplyTargets falls back to role that exists when adding or deleting a change
func TestApplyChangelistTargetsFallbackRoles(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
@ -877,10 +877,10 @@ func TestApplyChangelistTargetsFallbackRoles(t *testing.T) {
},
}
fjson, err := json.Marshal(f)
assert.NoError(t, err)
require.NoError(t, err)
cl := changelist.NewMemChangelist()
assert.NoError(t, cl.Add(&changelist.TufChange{
require.NoError(t, cl.Add(&changelist.TufChange{
Actn: changelist.ActionCreate,
Role: "targets/level1/level2/level3/level4",
ChangeType: "target",
@ -888,13 +888,13 @@ func TestApplyChangelistTargetsFallbackRoles(t *testing.T) {
Data: fjson,
}))
assert.NoError(t, applyChangelist(repo, cl))
require.NoError(t, applyChangelist(repo, cl))
_, ok := repo.Targets[data.CanonicalTargetsRole].Signed.Targets["latest"]
assert.True(t, ok)
require.True(t, ok)
// now delete and assert it applies to
// now delete and require it applies to
cl = changelist.NewMemChangelist()
assert.NoError(t, cl.Add(&changelist.TufChange{
require.NoError(t, cl.Add(&changelist.TufChange{
Actn: changelist.ActionDelete,
Role: "targets/level1/level2/level3/level4",
ChangeType: "target",
@ -902,14 +902,14 @@ func TestApplyChangelistTargetsFallbackRoles(t *testing.T) {
Data: nil,
}))
assert.NoError(t, applyChangelist(repo, cl))
assert.Empty(t, repo.Targets[data.CanonicalTargetsRole].Signed.Targets)
require.NoError(t, applyChangelist(repo, cl))
require.Empty(t, repo.Targets[data.CanonicalTargetsRole].Signed.Targets)
}
// changeTargetMeta fallback fails with ErrInvalidRole if role is invalid
func TestChangeTargetMetaFallbackFailsInvalidRole(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
@ -919,7 +919,7 @@ func TestChangeTargetMetaFallbackFailsInvalidRole(t *testing.T) {
},
}
fjson, err := json.Marshal(f)
assert.NoError(t, err)
require.NoError(t, err)
err = changeTargetMeta(repo, &changelist.TufChange{
Actn: changelist.ActionCreate,
@ -928,23 +928,23 @@ func TestChangeTargetMetaFallbackFailsInvalidRole(t *testing.T) {
ChangePath: "latest",
Data: fjson,
})
assert.Error(t, err)
assert.IsType(t, data.ErrInvalidRole{}, err)
require.Error(t, err)
require.IsType(t, data.ErrInvalidRole{}, err)
}
// If applying a change fails due to a prefix error, it does not fall back
// on the parent.
func TestChangeTargetMetaDoesntFallbackIfPrefixError(t *testing.T) {
repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
newKey, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
err = repo.UpdateDelegationKeys("targets/level1", []data.PublicKey{newKey}, []string{}, 1)
assert.NoError(t, err)
require.NoError(t, err)
err = repo.UpdateDelegationPaths("targets/level1", []string{"pathprefix"}, []string{}, false)
assert.NoError(t, err)
require.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
@ -954,7 +954,7 @@ func TestChangeTargetMetaDoesntFallbackIfPrefixError(t *testing.T) {
},
}
fjson, err := json.Marshal(f)
assert.NoError(t, err)
require.NoError(t, err)
err = changeTargetMeta(repo, &changelist.TufChange{
Actn: changelist.ActionCreate,
@ -963,9 +963,9 @@ func TestChangeTargetMetaDoesntFallbackIfPrefixError(t *testing.T) {
ChangePath: "notPathPrefix",
Data: fjson,
})
assert.Error(t, err)
require.Error(t, err)
// no target in targets or targets/latest
assert.Empty(t, repo.Targets[data.CanonicalTargetsRole].Signed.Targets)
assert.Empty(t, repo.Targets["targets/level1"].Signed.Targets)
require.Empty(t, repo.Targets[data.CanonicalTargetsRole].Signed.Targets)
require.Empty(t, repo.Targets["targets/level1"].Signed.Targets)
}

336
tuf/client/client_test.go
View File

@ -12,7 +12,7 @@ import (
"github.com/Sirupsen/logrus"
tuf "github.com/docker/notary/tuf"
"github.com/docker/notary/tuf/testutils"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/docker/notary/tuf/data"
"github.com/docker/notary/tuf/signed"
@ -27,9 +27,9 @@ func TestRotation(t *testing.T) {
// Generate initial root key and role and add to key DB
rootKey, err := signer.Create("root", data.ED25519Key)
assert.NoError(t, err, "Error creating root key")
require.NoError(t, err, "Error creating root key")
rootRole, err := data.NewRole("root", 1, []string{rootKey.ID()}, nil)
assert.NoError(t, err, "Error creating root role")
require.NoError(t, err, "Error creating root role")
originalRoot, err := data.NewRoot(
map[string]data.PublicKey{rootKey.ID(): rootKey},
@ -41,9 +41,9 @@ func TestRotation(t *testing.T) {
// Generate new key and role.
replacementKey, err := signer.Create("root", data.ED25519Key)
assert.NoError(t, err, "Error creating replacement root key")
require.NoError(t, err, "Error creating replacement root key")
replacementRole, err := data.NewRole("root", 1, []string{replacementKey.ID()}, nil)
assert.NoError(t, err, "Error creating replacement root role")
require.NoError(t, err, "Error creating replacement root role")
// Generate a new root with the replacement key and role
testRoot, err := data.NewRoot(
@ -56,12 +56,12 @@ func TestRotation(t *testing.T) {
},
false,
)
assert.NoError(t, err, "Failed to create new root")
require.NoError(t, err, "Failed to create new root")
// Sign testRoot with both old and new keys
signedRoot, err := testRoot.ToSigned()
err = signed.Sign(signer, signedRoot, rootKey, replacementKey)
assert.NoError(t, err, "Failed to sign root")
require.NoError(t, err, "Failed to sign root")
var origKeySig bool
var replKeySig bool
for _, sig := range signedRoot.Signatures {
@ -71,13 +71,13 @@ func TestRotation(t *testing.T) {
replKeySig = true
}
}
assert.True(t, origKeySig, "Original root key signature not present")
assert.True(t, replKeySig, "Replacement root key signature not present")
require.True(t, origKeySig, "Original root key signature not present")
require.True(t, replKeySig, "Replacement root key signature not present")
client := NewClient(repo, remote, cache)
err = client.verifyRoot("root", signedRoot, 0)
assert.NoError(t, err, "Failed to verify key rotated root")
require.NoError(t, err, "Failed to verify key rotated root")
}
func TestRotationNewSigMissing(t *testing.T) {
@ -89,9 +89,9 @@ func TestRotationNewSigMissing(t *testing.T) {
// Generate initial root key and role and add to key DB
rootKey, err := signer.Create("root", data.ED25519Key)
assert.NoError(t, err, "Error creating root key")
require.NoError(t, err, "Error creating root key")
rootRole, err := data.NewRole("root", 1, []string{rootKey.ID()}, nil)
assert.NoError(t, err, "Error creating root role")
require.NoError(t, err, "Error creating root role")
originalRoot, err := data.NewRoot(
map[string]data.PublicKey{rootKey.ID(): rootKey},
@ -103,11 +103,11 @@ func TestRotationNewSigMissing(t *testing.T) {
// Generate new key and role.
replacementKey, err := signer.Create("root", data.ED25519Key)
assert.NoError(t, err, "Error creating replacement root key")
require.NoError(t, err, "Error creating replacement root key")
replacementRole, err := data.NewRole("root", 1, []string{replacementKey.ID()}, nil)
assert.NoError(t, err, "Error creating replacement root role")
require.NoError(t, err, "Error creating replacement root role")
assert.NotEqual(t, rootKey.ID(), replacementKey.ID(), "Key IDs are the same")
require.NotEqual(t, rootKey.ID(), replacementKey.ID(), "Key IDs are the same")
// Generate a new root with the replacement key and role
testRoot, err := data.NewRoot(
@ -115,15 +115,15 @@ func TestRotationNewSigMissing(t *testing.T) {
map[string]*data.RootRole{"root": &replacementRole.RootRole},
false,
)
assert.NoError(t, err, "Failed to create new root")
require.NoError(t, err, "Failed to create new root")
_, ok := testRoot.Signed.Keys[rootKey.ID()]
assert.False(t, ok, "Old root key appeared in test root")
require.False(t, ok, "Old root key appeared in test root")
// Sign testRoot with both old and new keys
signedRoot, err := testRoot.ToSigned()
err = signed.Sign(signer, signedRoot, rootKey)
assert.NoError(t, err, "Failed to sign root")
require.NoError(t, err, "Failed to sign root")
var origKeySig bool
var replKeySig bool
for _, sig := range signedRoot.Signatures {
@ -133,13 +133,13 @@ func TestRotationNewSigMissing(t *testing.T) {
replKeySig = true
}
}
assert.True(t, origKeySig, "Original root key signature not present")
assert.False(t, replKeySig, "Replacement root key signature was present and shouldn't be")
require.True(t, origKeySig, "Original root key signature not present")
require.False(t, replKeySig, "Replacement root key signature was present and shouldn't be")
client := NewClient(repo, remote, cache)
err = client.verifyRoot("root", signedRoot, 0)
assert.Error(t, err, "Should have errored on verify as replacement signature was missing.")
require.Error(t, err, "Should have errored on verify as replacement signature was missing.")
}
@ -152,9 +152,9 @@ func TestRotationOldSigMissing(t *testing.T) {
// Generate initial root key and role and add to key DB
rootKey, err := signer.Create("root", data.ED25519Key)
assert.NoError(t, err, "Error creating root key")
require.NoError(t, err, "Error creating root key")
rootRole, err := data.NewRole("root", 1, []string{rootKey.ID()}, nil)
assert.NoError(t, err, "Error creating root role")
require.NoError(t, err, "Error creating root role")
originalRoot, err := data.NewRoot(
map[string]data.PublicKey{rootKey.ID(): rootKey},
@ -166,11 +166,11 @@ func TestRotationOldSigMissing(t *testing.T) {
// Generate new key and role.
replacementKey, err := signer.Create("root", data.ED25519Key)
assert.NoError(t, err, "Error creating replacement root key")
require.NoError(t, err, "Error creating replacement root key")
replacementRole, err := data.NewRole("root", 1, []string{replacementKey.ID()}, nil)
assert.NoError(t, err, "Error creating replacement root role")
require.NoError(t, err, "Error creating replacement root role")
assert.NotEqual(t, rootKey.ID(), replacementKey.ID(), "Key IDs are the same")
require.NotEqual(t, rootKey.ID(), replacementKey.ID(), "Key IDs are the same")
// Generate a new root with the replacement key and role
testRoot, err := data.NewRoot(
@ -178,15 +178,15 @@ func TestRotationOldSigMissing(t *testing.T) {
map[string]*data.RootRole{"root": &replacementRole.RootRole},
false,
)
assert.NoError(t, err, "Failed to create new root")
require.NoError(t, err, "Failed to create new root")
_, ok := testRoot.Signed.Keys[rootKey.ID()]
assert.False(t, ok, "Old root key appeared in test root")
require.False(t, ok, "Old root key appeared in test root")
// Sign testRoot with both old and new keys
signedRoot, err := testRoot.ToSigned()
err = signed.Sign(signer, signedRoot, replacementKey)
assert.NoError(t, err, "Failed to sign root")
require.NoError(t, err, "Failed to sign root")
var origKeySig bool
var replKeySig bool
for _, sig := range signedRoot.Signatures {
@ -196,13 +196,13 @@ func TestRotationOldSigMissing(t *testing.T) {
replKeySig = true
}
}
assert.False(t, origKeySig, "Original root key signature was present and shouldn't be")
assert.True(t, replKeySig, "Replacement root key signature was not present")
require.False(t, origKeySig, "Original root key signature was present and shouldn't be")
require.True(t, replKeySig, "Replacement root key signature was not present")
client := NewClient(repo, remote, cache)
err = client.verifyRoot("root", signedRoot, 0)
assert.Error(t, err, "Should have errored on verify as replacement signature was missing.")
require.Error(t, err, "Should have errored on verify as replacement signature was missing.")
}
@ -215,9 +215,9 @@ func TestCheckRootExpired(t *testing.T) {
root.Signed.Expires = time.Now().AddDate(-1, 0, 0)
signedRoot, err := root.ToSigned()
assert.NoError(t, err)
require.NoError(t, err)
rootJSON, err := json.Marshal(signedRoot)
assert.NoError(t, err)
require.NoError(t, err)
rootHash := sha256.Sum256(rootJSON)
@ -239,8 +239,8 @@ func TestCheckRootExpired(t *testing.T) {
storage.SetMeta("root", rootJSON)
err = client.checkRoot()
assert.Error(t, err)
assert.IsType(t, tuf.ErrLocalRootExpired{}, err)
require.Error(t, err)
require.IsType(t, tuf.ErrLocalRootExpired{}, err)
}
func TestChecksumMismatch(t *testing.T) {
@ -251,15 +251,15 @@ func TestChecksumMismatch(t *testing.T) {
sampleTargets := data.NewTargets()
orig, err := json.Marshal(sampleTargets)
assert.NoError(t, err)
require.NoError(t, err)
origHashes, err := GetSupportedHashes(orig)
assert.NoError(t, err)
require.NoError(t, err)
remoteStorage.SetMeta("targets", orig)
_, _, err = client.downloadSigned("targets", int64(len(orig)), origHashes)
assert.IsType(t, ErrChecksumMismatch{}, err)
require.IsType(t, ErrChecksumMismatch{}, err)
}
func TestChecksumMatch(t *testing.T) {
@ -270,15 +270,15 @@ func TestChecksumMatch(t *testing.T) {
sampleTargets := data.NewTargets()
orig, err := json.Marshal(sampleTargets)
assert.NoError(t, err)
require.NoError(t, err)
origHashes, err := GetSupportedHashes(orig)
assert.NoError(t, err)
require.NoError(t, err)
remoteStorage.SetMeta("targets", orig)
_, _, err = client.downloadSigned("targets", int64(len(orig)), origHashes)
assert.NoError(t, err)
require.NoError(t, err)
}
func TestSizeMismatchLong(t *testing.T) {
@ -289,18 +289,18 @@ func TestSizeMismatchLong(t *testing.T) {
sampleTargets := data.NewTargets()
orig, err := json.Marshal(sampleTargets)
assert.NoError(t, err)
require.NoError(t, err)
l := int64(len(orig))
origHashes, err := GetSupportedHashes(orig)
assert.NoError(t, err)
require.NoError(t, err)
remoteStorage.SetMeta("targets", orig)
_, _, err = client.downloadSigned("targets", l, origHashes)
// size just limits the data received, the error is caught
// either during checksum verification or during json deserialization
assert.IsType(t, ErrChecksumMismatch{}, err)
require.IsType(t, ErrChecksumMismatch{}, err)
}
func TestSizeMismatchShort(t *testing.T) {
@ -311,39 +311,39 @@ func TestSizeMismatchShort(t *testing.T) {
sampleTargets := data.NewTargets()
orig, err := json.Marshal(sampleTargets)
assert.NoError(t, err)
require.NoError(t, err)
l := int64(len(orig))
origHashes, err := GetSupportedHashes(orig)
assert.NoError(t, err)
require.NoError(t, err)
remoteStorage.SetMeta("targets", orig)
_, _, err = client.downloadSigned("targets", l, origHashes)
// size just limits the data received, the error is caught
// either during checksum verification or during json deserialization
assert.IsType(t, ErrChecksumMismatch{}, err)
require.IsType(t, ErrChecksumMismatch{}, err)
}
func TestDownloadTargetsHappy(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
signedOrig, err := repo.SignTargets("targets", data.DefaultExpires("targets"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("targets", orig)
assert.NoError(t, err)
require.NoError(t, err)
// call repo.SignSnapshot to update the targets role in the snapshot
repo.SignSnapshot(data.DefaultExpires("snapshot"))
err = client.downloadTargets("targets")
assert.NoError(t, err)
require.NoError(t, err)
}
// TestDownloadTargetsLarge: Check that we can download very large targets metadata files,
@ -355,7 +355,7 @@ func TestDownloadTargetsLarge(t *testing.T) {
}
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
@ -371,15 +371,15 @@ func TestDownloadTargetsLarge(t *testing.T) {
// 75,000 targets results in > 5MB (~6.5MB on recent runs)
for i := 0; i < 75000; i++ {
_, err = repo.AddTargets(data.CanonicalTargetsRole, data.Files{strconv.Itoa(i): f})
assert.NoError(t, err)
require.NoError(t, err)
}
signedOrig, err := repo.SignTargets("targets", data.DefaultExpires("targets"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("targets", orig)
assert.NoError(t, err)
require.NoError(t, err)
// call repo.SignSnapshot to update the targets role in the snapshot
repo.SignSnapshot(data.DefaultExpires("snapshot"))
@ -388,12 +388,12 @@ func TestDownloadTargetsLarge(t *testing.T) {
client.cache.RemoveAll()
err = client.downloadTargets("targets")
assert.NoError(t, err)
require.NoError(t, err)
}
func TestDownloadTargetsDeepHappy(t *testing.T) {
repo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
@ -416,13 +416,13 @@ func TestDownloadTargetsDeepHappy(t *testing.T) {
for _, r := range delegations {
// create role
k, err := cs.Create(r, data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
// add role to repo
err = repo.UpdateDelegationKeys(r, []data.PublicKey{k}, []string{}, 1)
assert.NoError(t, err)
require.NoError(t, err)
err = repo.UpdateDelegationPaths(r, []string{""}, []string{}, false)
assert.NoError(t, err)
require.NoError(t, err)
repo.InitTargets(r)
}
@ -430,20 +430,20 @@ func TestDownloadTargetsDeepHappy(t *testing.T) {
for _, r := range delegations {
// serialize and store role
signedOrig, err := repo.SignTargets(r, data.DefaultExpires("targets"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta(r, orig)
assert.NoError(t, err)
require.NoError(t, err)
}
// serialize and store targets after adding all delegations
signedOrig, err := repo.SignTargets("targets", data.DefaultExpires("targets"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("targets", orig)
assert.NoError(t, err)
require.NoError(t, err)
// call repo.SignSnapshot to update the targets role in the snapshot
repo.SignSnapshot(data.DefaultExpires("snapshot"))
@ -452,36 +452,36 @@ func TestDownloadTargetsDeepHappy(t *testing.T) {
for _, r := range delegations {
delete(repo.Targets, r)
_, ok := repo.Targets[r]
assert.False(t, ok)
require.False(t, ok)
}
err = client.downloadTargets("targets")
assert.NoError(t, err)
require.NoError(t, err)
_, ok := repo.Targets["targets"]
assert.True(t, ok)
require.True(t, ok)
for _, r := range delegations {
_, ok = repo.Targets[r]
assert.True(t, ok)
require.True(t, ok)
}
}
func TestDownloadTargetChecksumMismatch(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := testutils.NewCorruptingMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
// create and "upload" sample targets
signedOrig, err := repo.SignTargets("targets", data.DefaultExpires("targets"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
origSha256 := sha256.Sum256(orig)
err = remoteStorage.SetMeta("targets", orig)
assert.NoError(t, err)
require.NoError(t, err)
// create local snapshot with targets file
snap := data.SignedSnapshot{
@ -500,192 +500,192 @@ func TestDownloadTargetChecksumMismatch(t *testing.T) {
repo.Snapshot = &snap
err = client.downloadTargets("targets")
assert.IsType(t, ErrChecksumMismatch{}, err)
require.IsType(t, ErrChecksumMismatch{}, err)
}
// TestDownloadTargetsNoChecksum: it's never valid to download any targets
// role (incl. delegations) when a checksum is not available.
func TestDownloadTargetsNoChecksum(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
// create and "upload" sample targets
signedOrig, err := repo.SignTargets("targets", data.DefaultExpires("targets"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("targets", orig)
assert.NoError(t, err)
require.NoError(t, err)
delete(repo.Snapshot.Signed.Meta["targets"].Hashes, "sha256")
delete(repo.Snapshot.Signed.Meta["targets"].Hashes, "sha512")
err = client.downloadTargets("targets")
assert.IsType(t, data.ErrMissingMeta{}, err)
require.IsType(t, data.ErrMissingMeta{}, err)
}
// TestDownloadTargetsNoSnapshot: it's never valid to download any targets
// role (incl. delegations) when a checksum is not available.
func TestDownloadTargetsNoSnapshot(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
// create and "upload" sample targets
signedOrig, err := repo.SignTargets("targets", data.DefaultExpires("targets"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("targets", orig)
assert.NoError(t, err)
require.NoError(t, err)
repo.Snapshot = nil
err = client.downloadTargets("targets")
assert.IsType(t, tuf.ErrNotLoaded{}, err)
require.IsType(t, tuf.ErrNotLoaded{}, err)
}
func TestBootstrapDownloadRootHappy(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
// create and "upload" sample root
signedOrig, err := repo.SignRoot(data.DefaultExpires("root"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("root", orig)
assert.NoError(t, err)
require.NoError(t, err)
// unset snapshot as if we're bootstrapping from nothing
repo.Snapshot = nil
err = client.downloadRoot()
assert.NoError(t, err)
require.NoError(t, err)
}
func TestUpdateDownloadRootHappy(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
// create and "upload" sample root, snapshot, and timestamp
signedOrig, err := repo.SignRoot(data.DefaultExpires("root"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("root", orig)
assert.NoError(t, err)
require.NoError(t, err)
// sign snapshot to make root meta in snapshot get updated
signedOrig, err = repo.SignSnapshot(data.DefaultExpires("snapshot"))
err = client.downloadRoot()
assert.NoError(t, err)
require.NoError(t, err)
}
func TestUpdateDownloadRootBadChecksum(t *testing.T) {
remoteStore := testutils.NewCorruptingMemoryStore(nil)
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStore, localStorage)
// sign and "upload" sample root
signedOrig, err := repo.SignRoot(data.DefaultExpires("root"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStore.SetMeta("root", orig)
assert.NoError(t, err)
require.NoError(t, err)
// sign snapshot to make sure we have current checksum for root
_, err = repo.SignSnapshot(data.DefaultExpires("snapshot"))
assert.NoError(t, err)
require.NoError(t, err)
err = client.downloadRoot()
assert.IsType(t, ErrChecksumMismatch{}, err)
require.IsType(t, ErrChecksumMismatch{}, err)
}
func TestUpdateDownloadRootChecksumNotFound(t *testing.T) {
remoteStore := store.NewMemoryStore(nil)
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStore, localStorage)
// sign snapshot to make sure we have current checksum for root
_, err = repo.SignSnapshot(data.DefaultExpires("snapshot"))
assert.NoError(t, err)
require.NoError(t, err)
// sign and "upload" sample root
signedOrig, err := repo.SignRoot(data.DefaultExpires("root"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStore.SetMeta("root", orig)
assert.NoError(t, err)
require.NoError(t, err)
// don't sign snapshot again to ensure checksum is out of date (bad)
err = client.downloadRoot()
assert.IsType(t, store.ErrMetaNotFound{}, err)
require.IsType(t, store.ErrMetaNotFound{}, err)
}
func TestDownloadTimestampHappy(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
// create and "upload" sample timestamp
signedOrig, err := repo.SignTimestamp(data.DefaultExpires("timestamp"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("timestamp", orig)
assert.NoError(t, err)
require.NoError(t, err)
err = client.downloadTimestamp()
assert.NoError(t, err)
require.NoError(t, err)
}
func TestDownloadSnapshotHappy(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
// create and "upload" sample snapshot and timestamp
signedOrig, err := repo.SignSnapshot(data.DefaultExpires("snapshot"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("snapshot", orig)
assert.NoError(t, err)
require.NoError(t, err)
signedOrig, err = repo.SignTimestamp(data.DefaultExpires("timestamp"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err = json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("timestamp", orig)
assert.NoError(t, err)
require.NoError(t, err)
err = client.downloadSnapshot()
assert.NoError(t, err)
require.NoError(t, err)
}
// TestDownloadSnapshotLarge: Check that we can download very large snapshot metadata files,
@ -696,7 +696,7 @@ func TestDownloadSnapshotLarge(t *testing.T) {
t.Skip("skipping test in short mode")
}
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
@ -711,187 +711,187 @@ func TestDownloadSnapshotLarge(t *testing.T) {
// create and "upload" sample snapshot and timestamp
signedOrig, err := repo.SignSnapshot(data.DefaultExpires("snapshot"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("snapshot", orig)
assert.NoError(t, err)
require.NoError(t, err)
signedOrig, err = repo.SignTimestamp(data.DefaultExpires("timestamp"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err = json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("timestamp", orig)
assert.NoError(t, err)
require.NoError(t, err)
// Clear the cache to force an online download
client.cache.RemoveAll()
err = client.downloadSnapshot()
assert.NoError(t, err)
require.NoError(t, err)
}
func TestDownloadSnapshotNoTimestamp(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
// create and "upload" sample snapshot and timestamp
signedOrig, err := repo.SignSnapshot(data.DefaultExpires("snapshot"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("snapshot", orig)
assert.NoError(t, err)
require.NoError(t, err)
repo.Timestamp = nil
err = client.downloadSnapshot()
assert.IsType(t, tuf.ErrNotLoaded{}, err)
require.IsType(t, tuf.ErrNotLoaded{}, err)
}
// TestDownloadSnapshotNoChecksum: It should never be valid to download a
// snapshot if we don't have a checksum
func TestDownloadSnapshotNoChecksum(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
// create and "upload" sample snapshot and timestamp
signedOrig, err := repo.SignSnapshot(data.DefaultExpires("snapshot"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("snapshot", orig)
assert.NoError(t, err)
require.NoError(t, err)
delete(repo.Timestamp.Signed.Meta["snapshot"].Hashes, "sha256")
delete(repo.Timestamp.Signed.Meta["snapshot"].Hashes, "sha512")
err = client.downloadSnapshot()
assert.IsType(t, data.ErrMissingMeta{}, err)
require.IsType(t, data.ErrMissingMeta{}, err)
}
func TestDownloadSnapshotChecksumNotFound(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
// sign timestamp to ensure it has a checksum for snapshot
_, err = repo.SignTimestamp(data.DefaultExpires("timestamp"))
assert.NoError(t, err)
require.NoError(t, err)
// create and "upload" sample snapshot and timestamp
signedOrig, err := repo.SignSnapshot(data.DefaultExpires("snapshot"))
assert.NoError(t, err)
require.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
require.NoError(t, err)
err = remoteStorage.SetMeta("snapshot", orig)
assert.NoError(t, err)
require.NoError(t, err)
// by not signing timestamp again we ensure it has the wrong checksum
err = client.downloadSnapshot()
assert.IsType(t, store.ErrMetaNotFound{}, err)
require.IsType(t, store.ErrMetaNotFound{}, err)
}
// If there is no local cache and also no remote timestamp, downloading the timestamp
// fails with a store.ErrMetaNotFound
func TestDownloadTimestampNoTimestamps(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
err = client.downloadTimestamp()
assert.Error(t, err)
require.Error(t, err)
notFoundErr, ok := err.(store.ErrMetaNotFound)
assert.True(t, ok)
assert.Equal(t, data.CanonicalTimestampRole, notFoundErr.Resource)
require.True(t, ok)
require.Equal(t, data.CanonicalTimestampRole, notFoundErr.Resource)
}
// If there is no local cache and the remote timestamp is empty, downloading the timestamp
// fails with a store.ErrMetaNotFound
func TestDownloadTimestampNoLocalTimestampRemoteTimestampEmpty(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(map[string][]byte{data.CanonicalTimestampRole: {}})
client := NewClient(repo, remoteStorage, localStorage)
err = client.downloadTimestamp()
assert.Error(t, err)
assert.IsType(t, &json.SyntaxError{}, err)
require.Error(t, err)
require.IsType(t, &json.SyntaxError{}, err)
}
// If there is no local cache and the remote timestamp is invalid, downloading the timestamp
// fails with a store.ErrMetaNotFound
func TestDownloadTimestampNoLocalTimestampRemoteTimestampInvalid(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
// add a timestamp to the remote cache
tsSigned, err := repo.SignTimestamp(data.DefaultExpires("timestamp"))
assert.NoError(t, err)
require.NoError(t, err)
tsSigned.Signatures[0].Signature = []byte("12345") // invalidate the signature
ts, err := json.Marshal(tsSigned)
assert.NoError(t, err)
require.NoError(t, err)
remoteStorage := store.NewMemoryStore(map[string][]byte{data.CanonicalTimestampRole: ts})
client := NewClient(repo, remoteStorage, localStorage)
err = client.downloadTimestamp()
assert.Error(t, err)
assert.IsType(t, signed.ErrRoleThreshold{}, err)
require.Error(t, err)
require.IsType(t, signed.ErrRoleThreshold{}, err)
}
// If there is is a local cache and no remote timestamp, we fall back on the cached timestamp
func TestDownloadTimestampLocalTimestampNoRemoteTimestamp(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
// add a timestamp to the local cache
tsSigned, err := repo.SignTimestamp(data.DefaultExpires("timestamp"))
assert.NoError(t, err)
require.NoError(t, err)
ts, err := json.Marshal(tsSigned)
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(map[string][]byte{data.CanonicalTimestampRole: ts})
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
err = client.downloadTimestamp()
assert.NoError(t, err)
require.NoError(t, err)
}
// If there is is a local cache and the remote timestamp is invalid, we fall back on the cached timestamp
func TestDownloadTimestampLocalTimestampInvalidRemoteTimestamp(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
require.NoError(t, err)
// add a timestamp to the local cache
tsSigned, err := repo.SignTimestamp(data.DefaultExpires("timestamp"))
assert.NoError(t, err)
require.NoError(t, err)
ts, err := json.Marshal(tsSigned)
assert.NoError(t, err)
require.NoError(t, err)
localStorage := store.NewMemoryStore(map[string][]byte{data.CanonicalTimestampRole: ts})
// add a timestamp to the remote cache
tsSigned.Signatures[0].Signature = []byte("12345") // invalidate the signature
ts, err = json.Marshal(tsSigned)
assert.NoError(t, err)
require.NoError(t, err)
remoteStorage := store.NewMemoryStore(map[string][]byte{data.CanonicalTimestampRole: ts})
client := NewClient(repo, remoteStorage, localStorage)
err = client.downloadTimestamp()
assert.NoError(t, err)
require.NoError(t, err)
}
// GetSupportedHashes is a helper function that returns

122
tuf/data/roles_test.go
View File

@ -5,7 +5,7 @@ import (
"strings"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestMergeStrSlicesExclusive(t *testing.T) {
@ -13,9 +13,9 @@ func TestMergeStrSlicesExclusive(t *testing.T) {
new := []string{"b"}
res := mergeStrSlices(orig, new)
assert.Len(t, res, 2)
assert.Equal(t, "a", res[0])
assert.Equal(t, "b", res[1])
require.Len(t, res, 2)
require.Equal(t, "a", res[0])
require.Equal(t, "b", res[1])
}
func TestMergeStrSlicesOverlap(t *testing.T) {
@ -23,9 +23,9 @@ func TestMergeStrSlicesOverlap(t *testing.T) {
new := []string{"a", "b"}
res := mergeStrSlices(orig, new)
assert.Len(t, res, 2)
assert.Equal(t, "a", res[0])
assert.Equal(t, "b", res[1])
require.Len(t, res, 2)
require.Equal(t, "a", res[0])
require.Equal(t, "b", res[1])
}
func TestMergeStrSlicesEqual(t *testing.T) {
@ -33,8 +33,8 @@ func TestMergeStrSlicesEqual(t *testing.T) {
new := []string{"a"}
res := mergeStrSlices(orig, new)
assert.Len(t, res, 1)
assert.Equal(t, "a", res[0])
require.Len(t, res, 1)
require.Equal(t, "a", res[0])
}
func TestSubtractStrSlicesExclusive(t *testing.T) {
@ -42,8 +42,8 @@ func TestSubtractStrSlicesExclusive(t *testing.T) {
new := []string{"b"}
res := subtractStrSlices(orig, new)
assert.Len(t, res, 1)
assert.Equal(t, "a", res[0])
require.Len(t, res, 1)
require.Equal(t, "a", res[0])
}
func TestSubtractStrSlicesOverlap(t *testing.T) {
@ -51,8 +51,8 @@ func TestSubtractStrSlicesOverlap(t *testing.T) {
new := []string{"a"}
res := subtractStrSlices(orig, new)
assert.Len(t, res, 1)
assert.Equal(t, "b", res[0])
require.Len(t, res, 1)
require.Equal(t, "b", res[0])
}
func TestSubtractStrSlicesEqual(t *testing.T) {
@ -60,107 +60,107 @@ func TestSubtractStrSlicesEqual(t *testing.T) {
new := []string{"a"}
res := subtractStrSlices(orig, new)
assert.Len(t, res, 0)
require.Len(t, res, 0)
}
func TestAddRemoveKeys(t *testing.T) {
role, err := NewRole("targets", 1, []string{"abc"}, []string{""})
assert.NoError(t, err)
require.NoError(t, err)
role.AddKeys([]string{"abc"})
assert.Equal(t, []string{"abc"}, role.KeyIDs)
require.Equal(t, []string{"abc"}, role.KeyIDs)
role.AddKeys([]string{"def"})
assert.Equal(t, []string{"abc", "def"}, role.KeyIDs)
require.Equal(t, []string{"abc", "def"}, role.KeyIDs)
role.RemoveKeys([]string{"abc"})
assert.Equal(t, []string{"def"}, role.KeyIDs)
require.Equal(t, []string{"def"}, role.KeyIDs)
}
func TestAddRemovePaths(t *testing.T) {
role, err := NewRole("targets", 1, []string{"abc"}, []string{"123"})
assert.NoError(t, err)
require.NoError(t, err)
err = role.AddPaths([]string{"123"})
assert.NoError(t, err)
assert.Equal(t, []string{"123"}, role.Paths)
require.NoError(t, err)
require.Equal(t, []string{"123"}, role.Paths)
err = role.AddPaths([]string{"456"})
assert.NoError(t, err)
assert.Equal(t, []string{"123", "456"}, role.Paths)
require.NoError(t, err)
require.Equal(t, []string{"123", "456"}, role.Paths)
role.RemovePaths([]string{"123"})
assert.Equal(t, []string{"456"}, role.Paths)
require.Equal(t, []string{"456"}, role.Paths)
}
func TestAddPathNil(t *testing.T) {
role, err := NewRole("targets", 1, []string{"abc"}, nil)
assert.NoError(t, err)
require.NoError(t, err)
err = role.AddPaths(nil)
assert.NoError(t, err)
require.NoError(t, err)
}
func TestErrNoSuchRole(t *testing.T) {
var err error = ErrNoSuchRole{Role: "test"}
assert.True(t, strings.HasSuffix(err.Error(), "test"))
require.True(t, strings.HasSuffix(err.Error(), "test"))
}
func TestErrInvalidRole(t *testing.T) {
var err error = ErrInvalidRole{Role: "test"}
assert.False(t, strings.Contains(err.Error(), "Reason"))
require.False(t, strings.Contains(err.Error(), "Reason"))
}
func TestIsDelegation(t *testing.T) {
assert.True(t, IsDelegation(path.Join(CanonicalTargetsRole, "level1")))
assert.True(t, IsDelegation(
require.True(t, IsDelegation(path.Join(CanonicalTargetsRole, "level1")))
require.True(t, IsDelegation(
path.Join(CanonicalTargetsRole, "level1", "level2", "level3")))
assert.True(t, IsDelegation(path.Join(CanonicalTargetsRole, "under_score")))
assert.True(t, IsDelegation(path.Join(CanonicalTargetsRole, "hyphen-hyphen")))
assert.False(t, IsDelegation(
require.True(t, IsDelegation(path.Join(CanonicalTargetsRole, "under_score")))
require.True(t, IsDelegation(path.Join(CanonicalTargetsRole, "hyphen-hyphen")))
require.False(t, IsDelegation(
path.Join(CanonicalTargetsRole, strings.Repeat("x", 255-len(CanonicalTargetsRole)))))
assert.False(t, IsDelegation(""))
assert.False(t, IsDelegation(CanonicalRootRole))
assert.False(t, IsDelegation(path.Join(CanonicalRootRole, "level1")))
require.False(t, IsDelegation(""))
require.False(t, IsDelegation(CanonicalRootRole))
require.False(t, IsDelegation(path.Join(CanonicalRootRole, "level1")))
assert.False(t, IsDelegation(CanonicalTargetsRole))
assert.False(t, IsDelegation(CanonicalTargetsRole+"/"))
assert.False(t, IsDelegation(path.Join(CanonicalTargetsRole, "level1")+"/"))
assert.False(t, IsDelegation(path.Join(CanonicalTargetsRole, "UpperCase")))
require.False(t, IsDelegation(CanonicalTargetsRole))
require.False(t, IsDelegation(CanonicalTargetsRole+"/"))
require.False(t, IsDelegation(path.Join(CanonicalTargetsRole, "level1")+"/"))
require.False(t, IsDelegation(path.Join(CanonicalTargetsRole, "UpperCase")))
assert.False(t, IsDelegation(
require.False(t, IsDelegation(
path.Join(CanonicalTargetsRole, "directory")+"/../../traversal"))
assert.False(t, IsDelegation(CanonicalTargetsRole+"///test/middle/slashes"))
require.False(t, IsDelegation(CanonicalTargetsRole+"///test/middle/slashes"))
assert.False(t, IsDelegation(CanonicalTargetsRole+"/./././"))
require.False(t, IsDelegation(CanonicalTargetsRole+"/./././"))
assert.False(t, IsDelegation(
require.False(t, IsDelegation(
path.Join(" ", CanonicalTargetsRole, "level1")))
assert.False(t, IsDelegation(
require.False(t, IsDelegation(
path.Join(" "+CanonicalTargetsRole, "level1")))
assert.False(t, IsDelegation(
require.False(t, IsDelegation(
path.Join(CanonicalTargetsRole, "level1"+" ")))
assert.False(t, IsDelegation(
require.False(t, IsDelegation(
path.Join(CanonicalTargetsRole, "white space"+"level2")))
assert.False(t, IsDelegation(
require.False(t, IsDelegation(
path.Join(CanonicalTargetsRole, strings.Repeat("x", 256-len(CanonicalTargetsRole)))))
}
func TestValidRoleFunction(t *testing.T) {
assert.True(t, ValidRole(CanonicalRootRole))
assert.True(t, ValidRole(CanonicalTimestampRole))
assert.True(t, ValidRole(CanonicalSnapshotRole))
assert.True(t, ValidRole(CanonicalTargetsRole))
assert.True(t, ValidRole(path.Join(CanonicalTargetsRole, "level1")))
assert.True(t, ValidRole(
require.True(t, ValidRole(CanonicalRootRole))
require.True(t, ValidRole(CanonicalTimestampRole))
require.True(t, ValidRole(CanonicalSnapshotRole))
require.True(t, ValidRole(CanonicalTargetsRole))
require.True(t, ValidRole(path.Join(CanonicalTargetsRole, "level1")))
require.True(t, ValidRole(
path.Join(CanonicalTargetsRole, "level1", "level2", "level3")))
assert.False(t, ValidRole(""))
assert.False(t, ValidRole(CanonicalRootRole+"/"))
assert.False(t, ValidRole(CanonicalTimestampRole+"/"))
assert.False(t, ValidRole(CanonicalSnapshotRole+"/"))
assert.False(t, ValidRole(CanonicalTargetsRole+"/"))
require.False(t, ValidRole(""))
require.False(t, ValidRole(CanonicalRootRole+"/"))
require.False(t, ValidRole(CanonicalTimestampRole+"/"))
require.False(t, ValidRole(CanonicalSnapshotRole+"/"))
require.False(t, ValidRole(CanonicalTargetsRole+"/"))
assert.False(t, ValidRole(path.Join(CanonicalRootRole, "level1")))
require.False(t, ValidRole(path.Join(CanonicalRootRole, "level1")))
assert.False(t, ValidRole(path.Join("role")))
require.False(t, ValidRole(path.Join("role")))
}

84
tuf/data/types_test.go
View File

@ -6,31 +6,31 @@ import (
"testing"
"github.com/docker/go/canonical/json"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestGenerateFileMetaDefault(t *testing.T) {
// default is sha512
r := bytes.NewReader([]byte("foo"))
meta, err := NewFileMeta(r, "sha512")
assert.NoError(t, err, "Unexpected error.")
assert.Equal(t, meta.Length, int64(3), "Meta did not have expected Length field value")
require.NoError(t, err, "Unexpected error.")
require.Equal(t, meta.Length, int64(3), "Meta did not have expected Length field value")
hashes := meta.Hashes
assert.Len(t, hashes, 1, "Only expected one hash to be present")
require.Len(t, hashes, 1, "Only expected one hash to be present")
hash, ok := hashes["sha512"]
if !ok {
t.Fatal("missing sha512 hash")
}
assert.Equal(t, "f7fbba6e0636f890e56fbbf3283e524c6fa3204ae298382d624741d0dc6638326e282c41be5e4254d8820772c5518a2c5a8c0c7f7eda19594a7eb539453e1ed7", hex.EncodeToString(hash), "Hashes not equal")
require.Equal(t, "f7fbba6e0636f890e56fbbf3283e524c6fa3204ae298382d624741d0dc6638326e282c41be5e4254d8820772c5518a2c5a8c0c7f7eda19594a7eb539453e1ed7", hex.EncodeToString(hash), "Hashes not equal")
}
func TestGenerateFileMetaExplicit(t *testing.T) {
r := bytes.NewReader([]byte("foo"))
meta, err := NewFileMeta(r, "sha256", "sha512")
assert.NoError(t, err)
assert.Equal(t, meta.Length, int64(3))
require.NoError(t, err)
require.Equal(t, meta.Length, int64(3))
hashes := meta.Hashes
assert.Len(t, hashes, 2)
require.Len(t, hashes, 2)
for name, val := range map[string]string{
"sha256": "2c26b46b68ffc68ff99b453c1d30413413422d706483bfa0f98a5e886266e7ae",
"sha512": "f7fbba6e0636f890e56fbbf3283e524c6fa3204ae298382d624741d0dc6638326e282c41be5e4254d8820772c5518a2c5a8c0c7f7eda19594a7eb539453e1ed7",
@ -39,7 +39,7 @@ func TestGenerateFileMetaExplicit(t *testing.T) {
if !ok {
t.Fatalf("missing %s hash", name)
}
assert.Equal(t, hex.EncodeToString(hash), val)
require.Equal(t, hex.EncodeToString(hash), val)
}
}
@ -48,10 +48,10 @@ func TestSignatureUnmarshalJSON(t *testing.T) {
var sig Signature
err := json.Unmarshal([]byte(signatureJSON), &sig)
assert.NoError(t, err)
require.NoError(t, err)
// Check that the method string is lowercased
assert.Equal(t, sig.Method.String(), "rsa")
require.Equal(t, sig.Method.String(), "rsa")
}
func TestCheckHashes(t *testing.T) {
@ -63,65 +63,65 @@ func TestCheckHashes(t *testing.T) {
unSupported := make(Hashes)
unSupported["Arthas"] = []byte("is past away.")
err = CheckHashes(raw, unSupported)
assert.Error(t, err)
assert.Contains(t, err.Error(), "at least one supported hash needed")
require.Error(t, err)
require.Contains(t, err.Error(), "at least one supported hash needed")
// Expected to fail since there is no checksum at all.
hashes := make(Hashes)
err = CheckHashes(raw, hashes)
assert.Error(t, err)
assert.Contains(t, err.Error(), "at least one supported hash needed")
require.Error(t, err)
require.Contains(t, err.Error(), "at least one supported hash needed")
// The most standard one.
hashes["sha256"], err = hex.DecodeString("d13e2b60d74c2e6f4f449b5e536814edf9a4827f5a9f4f957fc92e77609b9c92")
assert.NoError(t, err)
require.NoError(t, err)
hashes["sha512"], err = hex.DecodeString("f2330f50d0f3ee56cf0d7f66aad8205e0cb9972c323208ffaa914ef7b3c240ae4774b5bbd1db2ce226ee967cfa9058173a853944f9b44e2e08abca385e2b7ed4")
assert.NoError(t, err)
require.NoError(t, err)
err = CheckHashes(raw, hashes)
assert.NoError(t, err)
require.NoError(t, err)
// Expected as success since there are already supported hash here,
// just ignore the unsupported one.
hashes["Saar"] = []byte("survives again in CTM.")
err = CheckHashes(raw, hashes)
assert.NoError(t, err)
require.NoError(t, err)
only256 := make(Hashes)
only256["sha256"], err = hex.DecodeString("d13e2b60d74c2e6f4f449b5e536814edf9a4827f5a9f4f957fc92e77609b9c92")
assert.NoError(t, err)
require.NoError(t, err)
err = CheckHashes(raw, only256)
assert.NoError(t, err)
require.NoError(t, err)
only512 := make(Hashes)
only512["sha512"], err = hex.DecodeString("f2330f50d0f3ee56cf0d7f66aad8205e0cb9972c323208ffaa914ef7b3c240ae4774b5bbd1db2ce226ee967cfa9058173a853944f9b44e2e08abca385e2b7ed4")
assert.NoError(t, err)
require.NoError(t, err)
err = CheckHashes(raw, only512)
assert.NoError(t, err)
require.NoError(t, err)
// Expected to fail due to the failure of sha256
malicious256 := make(Hashes)
malicious256["sha256"] = []byte("malicious data")
err = CheckHashes(raw, malicious256)
assert.Error(t, err)
assert.Contains(t, err.Error(), "checksum mismatched")
require.Error(t, err)
require.Contains(t, err.Error(), "checksum mismatched")
// Expected to fail due to the failure of sha512
malicious512 := make(Hashes)
malicious512["sha512"] = []byte("malicious data")
err = CheckHashes(raw, malicious512)
assert.Error(t, err)
assert.Contains(t, err.Error(), "checksum mismatched")
require.Error(t, err)
require.Contains(t, err.Error(), "checksum mismatched")
// Expected to fail because of the failure of sha512
// even though the sha256 is OK.
doubleFace := make(Hashes)
doubleFace["sha256"], err = hex.DecodeString("d13e2b60d74c2e6f4f449b5e536814edf9a4827f5a9f4f957fc92e77609b9c92")
assert.NoError(t, err)
require.NoError(t, err)
doubleFace["sha512"], err = hex.DecodeString("d13e2b60d74c2e6f4f449b5e536814edf9a4827f5a9f4f957fc92e77609b9c92")
assert.NoError(t, err)
require.NoError(t, err)
err = CheckHashes(raw, doubleFace)
assert.Error(t, err)
assert.Contains(t, err.Error(), "checksum mismatched")
require.Error(t, err)
require.Contains(t, err.Error(), "checksum mismatched")
}
func TestCheckValidHashStructures(t *testing.T) {
@ -130,34 +130,34 @@ func TestCheckValidHashStructures(t *testing.T) {
// Expected to fail since there is no checksum at all.
err = CheckValidHashStructures(hashes)
assert.Error(t, err)
assert.Contains(t, err.Error(), "at least one supported hash needed")
require.Error(t, err)
require.Contains(t, err.Error(), "at least one supported hash needed")
// Expected to fail even though the checksum of sha384 is valid,
// because we haven't provided a supported hash algorithm yet (ex: sha256).
hashes["sha384"], err = hex.DecodeString("64becc3c23843942b1040ffd4743d1368d988ddf046d17d448a6e199c02c3044b425a680112b399d4dbe9b35b7ccc989")
err = CheckValidHashStructures(hashes)
assert.Error(t, err)
assert.Contains(t, err.Error(), "at least one supported hash needed")
require.Error(t, err)
require.Contains(t, err.Error(), "at least one supported hash needed")
hashes["sha256"], err = hex.DecodeString("766af0ef090a4f2307e49160fa242db6fb95f071ad81a198eeb7d770e61cd6d8")
assert.NoError(t, err)
require.NoError(t, err)
err = CheckValidHashStructures(hashes)
assert.NoError(t, err)
require.NoError(t, err)
hashes["sha512"], err = hex.DecodeString("795d9e95db099464b6730844f28effddb010b0d5abae5d5892a6ee04deacb09c9e622f89e816458b5a1a81761278d7d3a6a7c269d9707eff8858b16c51de0315")
assert.NoError(t, err)
require.NoError(t, err)
err = CheckValidHashStructures(hashes)
assert.NoError(t, err)
require.NoError(t, err)
// Also should be succeed since only check the length of the checksum.
hashes["sha256"], err = hex.DecodeString("01234567890a4f2307e49160fa242db6fb95f071ad81a198eeb7d770e61cd6d8")
err = CheckValidHashStructures(hashes)
assert.NoError(t, err)
require.NoError(t, err)
// Should failed since the first '0' is missing.
hashes["sha256"], err = hex.DecodeString("1234567890a4f2307e49160fa242db6fb95f071ad81a198eeb7d770e61cd6d8")
err = CheckValidHashStructures(hashes)
assert.Error(t, err)
assert.Contains(t, err.Error(), "invalid")
require.Error(t, err)
require.Contains(t, err.Error(), "invalid")
}

BIN
tuf/db/files.db
View File

Binary file not shown.

12
tuf/signed/ed25519_test.go
View File

@ -4,21 +4,21 @@ import (
"testing"
"github.com/docker/notary/tuf/data"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
// ListKeys only returns the keys for that role
func TestListKeys(t *testing.T) {
c := NewEd25519()
tskey, err := c.Create(data.CanonicalTimestampRole, data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
_, err = c.Create(data.CanonicalRootRole, data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
tsKeys := c.ListKeys(data.CanonicalTimestampRole)
assert.Len(t, tsKeys, 1)
assert.Equal(t, tskey.ID(), tsKeys[0])
require.Len(t, tsKeys, 1)
require.Equal(t, tskey.ID(), tsKeys[0])
assert.Len(t, c.ListKeys(data.CanonicalTargetsRole), 0)
require.Len(t, c.ListKeys(data.CanonicalTargetsRole), 0)
}

26
tuf/signed/sign_test.go
View File

@ -9,7 +9,7 @@ import (
"github.com/docker/notary/cryptoservice"
"github.com/docker/notary/trustmanager"
"github.com/docker/notary/tuf/data"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
const (
@ -157,11 +157,11 @@ func (mts *StrictMockCryptoService) ImportRootKey(r io.Reader) error {
func TestBasicSign(t *testing.T) {
cs := NewEd25519()
key, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
testData := data.Signed{}
err = Sign(cs, &testData, key)
assert.NoError(t, err)
require.NoError(t, err)
if len(testData.Signatures) != 1 {
t.Fatalf("Incorrect number of signatures: %d", len(testData.Signatures))
@ -177,7 +177,7 @@ func TestBasicSign(t *testing.T) {
func TestReSign(t *testing.T) {
cs := NewEd25519()
key, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
testData := data.Signed{}
Sign(cs, &testData, key)
@ -199,7 +199,7 @@ func TestMultiSign(t *testing.T) {
testData := data.Signed{}
key1, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
Sign(cs, &testData, key1)
// reinitializing cs means it won't know about key1. We want
@ -208,7 +208,7 @@ func TestMultiSign(t *testing.T) {
// for key2 is added
cs = NewEd25519()
key2, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
Sign(
cs,
&testData,
@ -228,7 +228,7 @@ func TestMultiSign(t *testing.T) {
t.Fatalf("Got a signature we didn't expect: %s", sig.KeyID)
}
}
assert.Equal(t, 2, count)
require.Equal(t, 2, count)
}
@ -251,22 +251,22 @@ func TestSignReturnsNoSigs(t *testing.T) {
func TestSignWithX509(t *testing.T) {
// generate a key becase we need a cert
privKey, err := trustmanager.GenerateRSAKey(rand.Reader, 1024)
assert.NoError(t, err)
require.NoError(t, err)
// make a RSA x509 key
cert, err := cryptoservice.GenerateTestingCertificate(privKey.CryptoSigner(), "test")
assert.NoError(t, err)
require.NoError(t, err)
tufRSAx509Key := trustmanager.CertToKey(cert)
assert.NoError(t, err)
require.NoError(t, err)
// test signing against a service that only recognizes a RSAKey (not
// RSAx509 key)
mockCryptoService := &StrictMockCryptoService{MockCryptoService{privKey}}
testData := data.Signed{}
err = Sign(mockCryptoService, &testData, tufRSAx509Key)
assert.NoError(t, err)
require.NoError(t, err)
assert.Len(t, testData.Signatures, 1)
assert.Equal(t, tufRSAx509Key.ID(), testData.Signatures[0].KeyID)
require.Len(t, testData.Signatures, 1)
require.Equal(t, tufRSAx509Key.ID(), testData.Signatures[0].KeyID)
}

52
tuf/signed/verify_test.go
View File

@ -6,7 +6,7 @@ import (
"time"
"github.com/docker/go/canonical/json"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/docker/notary/tuf/data"
)
@ -14,90 +14,90 @@ import (
func TestRoleNoKeys(t *testing.T) {
cs := NewEd25519()
k, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
assert.NoError(t, err)
require.NoError(t, err)
require.NoError(t, err)
roleWithKeys := data.BaseRole{Name: "root", Keys: data.Keys{}, Threshold: 1}
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
b, err := json.MarshalCanonical(meta)
assert.NoError(t, err)
require.NoError(t, err)
s := &data.Signed{Signed: b}
Sign(cs, s, k)
err = Verify(s, roleWithKeys, 1)
assert.IsType(t, ErrRoleThreshold{}, err)
require.IsType(t, ErrRoleThreshold{}, err)
}
func TestNotEnoughSigs(t *testing.T) {
cs := NewEd25519()
k, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
assert.NoError(t, err)
require.NoError(t, err)
require.NoError(t, err)
roleWithKeys := data.BaseRole{Name: "root", Keys: data.Keys{k.ID(): k}, Threshold: 2}
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
b, err := json.MarshalCanonical(meta)
assert.NoError(t, err)
require.NoError(t, err)
s := &data.Signed{Signed: b}
Sign(cs, s, k)
err = Verify(s, roleWithKeys, 1)
assert.IsType(t, ErrRoleThreshold{}, err)
require.IsType(t, ErrRoleThreshold{}, err)
}
func TestMoreThanEnoughSigs(t *testing.T) {
cs := NewEd25519()
k1, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
k2, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
roleWithKeys := data.BaseRole{Name: "root", Keys: data.Keys{k1.ID(): k1, k2.ID(): k2}, Threshold: 1}
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
b, err := json.MarshalCanonical(meta)
assert.NoError(t, err)
require.NoError(t, err)
s := &data.Signed{Signed: b}
Sign(cs, s, k1, k2)
assert.Equal(t, 2, len(s.Signatures))
require.Equal(t, 2, len(s.Signatures))
err = Verify(s, roleWithKeys, 1)
assert.NoError(t, err)
require.NoError(t, err)
}
func TestDuplicateSigs(t *testing.T) {
cs := NewEd25519()
k, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
roleWithKeys := data.BaseRole{Name: "root", Keys: data.Keys{k.ID(): k}, Threshold: 2}
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
b, err := json.MarshalCanonical(meta)
assert.NoError(t, err)
require.NoError(t, err)
s := &data.Signed{Signed: b}
Sign(cs, s, k)
s.Signatures = append(s.Signatures, s.Signatures[0])
err = Verify(s, roleWithKeys, 1)
assert.IsType(t, ErrRoleThreshold{}, err)
require.IsType(t, ErrRoleThreshold{}, err)
}
func TestUnknownKeyBelowThreshold(t *testing.T) {
cs := NewEd25519()
k, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
unknown, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
require.NoError(t, err)
roleWithKeys := data.BaseRole{Name: "root", Keys: data.Keys{k.ID(): k}, Threshold: 2}
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
b, err := json.MarshalCanonical(meta)
assert.NoError(t, err)
require.NoError(t, err)
s := &data.Signed{Signed: b}
Sign(cs, s, k, unknown)
s.Signatures = append(s.Signatures)
err = Verify(s, roleWithKeys, 1)
assert.IsType(t, ErrRoleThreshold{}, err)
require.IsType(t, ErrRoleThreshold{}, err)
}
func Test(t *testing.T) {
@ -167,7 +167,7 @@ func Test(t *testing.T) {
meta := &data.SignedCommon{Type: run.typ, Version: run.ver, Expires: *run.exp}
b, err := json.MarshalCanonical(meta)
assert.NoError(t, err)
require.NoError(t, err)
s := &data.Signed{Signed: b}
Sign(cryptoService, s, k)
run.s = s
@ -178,17 +178,17 @@ func Test(t *testing.T) {
err := Verify(run.s, run.roleData, minVer)
if e, ok := run.err.(ErrExpired); ok {
assertErrExpired(t, err, e)
requireErrExpired(t, err, e)
} else {
assert.Equal(t, run.err, err)
require.Equal(t, run.err, err)
}
}
}
func assertErrExpired(t *testing.T, err error, expected ErrExpired) {
func requireErrExpired(t *testing.T, err error, expected ErrExpired) {
actual, ok := err.(ErrExpired)
if !ok {
t.Fatalf("expected err to have type ErrExpired, got %T", err)
}
assert.Equal(t, actual.Expired, expected.Expired)
require.Equal(t, actual.Expired, expected.Expired)
}

30
tuf/validation/errors_test.go
View File

@ -5,22 +5,22 @@ import (
"fmt"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
// NewSerializableError errors if some random error is not returned
func TestNewSerializableErrorNonValidationError(t *testing.T) {
_, err := NewSerializableError(fmt.Errorf("not validation error"))
assert.Error(t, err)
require.Error(t, err)
}
// NewSerializableError succeeds if a validation error is passed to it
func TestNewSerializableErrorValidationError(t *testing.T) {
vError := ErrValidation{"validation error"}
s, err := NewSerializableError(vError)
assert.NoError(t, err)
assert.Equal(t, "ErrValidation", s.Name)
assert.Equal(t, vError, s.Error)
require.NoError(t, err)
require.Equal(t, "ErrValidation", s.Name)
require.Equal(t, vError, s.Error)
}
// We can unmarshal a marshalled SerializableError for all validation errors
@ -35,15 +35,15 @@ func TestUnmarshalSerialiableErrorSuccessfully(t *testing.T) {
for _, validError := range validationErrors {
origS, err := NewSerializableError(validError)
assert.NoError(t, err)
require.NoError(t, err)
jsonBytes, err := json.Marshal(origS)
assert.NoError(t, err)
require.NoError(t, err)
var newS SerializableError
err = json.Unmarshal(jsonBytes, &newS)
assert.NoError(t, err)
require.NoError(t, err)
assert.Equal(t, validError, newS.Error)
require.Equal(t, validError, newS.Error)
}
}
@ -51,11 +51,11 @@ func TestUnmarshalSerialiableErrorSuccessfully(t *testing.T) {
func TestUnmarshalUnknownErrorName(t *testing.T) {
origS := SerializableError{Name: "boop", Error: ErrBadRoot{"bad"}}
b, err := json.Marshal(origS)
assert.NoError(t, err)
require.NoError(t, err)
var newS SerializableError
err = json.Unmarshal(b, &newS)
assert.Error(t, err)
require.Error(t, err)
}
// If the error is unmarshallable, unmarshalling will error even if the name
@ -63,22 +63,22 @@ func TestUnmarshalUnknownErrorName(t *testing.T) {
func TestUnmarshalInvalidError(t *testing.T) {
var newS SerializableError
err := json.Unmarshal([]byte(`{"Name": "ErrBadRoot", "Error": "meh"}`), &newS)
assert.Error(t, err)
require.Error(t, err)
}
// If there is no name, unmarshalling will error even if the error is valid
func TestUnmarshalNoName(t *testing.T) {
origS := SerializableError{Error: ErrBadRoot{"bad"}}
b, err := json.Marshal(origS)
assert.NoError(t, err)
require.NoError(t, err)
var newS SerializableError
err = json.Unmarshal(b, &newS)
assert.Error(t, err)
require.Error(t, err)
}
func TestUnmarshalInvalidJSON(t *testing.T) {
var newS SerializableError
err := json.Unmarshal([]byte("{"), &newS)
assert.Error(t, err)
require.Error(t, err)
}