From 402c704798ca16ff2c14a284f34e493f573ea451 Mon Sep 17 00:00:00 2001 From: Ying Li Date: Wed, 21 Oct 2015 14:21:10 -0700 Subject: [PATCH] Remove symlinks from notary-client repo creation Signed-off-by: Ying Li --- client/client.go | 21 +++++++++++---------- client/client_test.go | 7 ------- 2 files changed, 11 insertions(+), 17 deletions(-) diff --git a/client/client.go b/client/client.go index a154180979..2d8643d073 100644 --- a/client/client.go +++ b/client/client.go @@ -23,6 +23,7 @@ import ( "github.com/endophage/gotuf/keys" "github.com/endophage/gotuf/signed" "github.com/endophage/gotuf/store" + tufutils "github.com/endophage/gotuf/utils" ) const maxSize = 5 << 20 @@ -162,15 +163,6 @@ func (r *NotaryRepository) Initialize(uCryptoService *cryptoservice.UnlockedCryp // Generate a x509Key using the rootCert as the public key rootKey := data.NewPublicKey(algorithmType, trustmanager.CertToPEM(rootCert)) - // Creates a symlink between the certificate ID and the real public key it - // is associated with. This is used to be able to retrieve the root private key - // associated with a particular certificate - logrus.Debugf("Linking %s to %s.", rootKey.ID(), uCryptoService.ID()) - err = r.KeyStoreManager.RootKeyStore().Link(uCryptoService.ID()+"_root", rootKey.ID()+"_root") - if err != nil { - return err - } - // All the timestamp keys are generated by the remote server. remote, err := getRemoteStore(r.baseURL, r.gun, r.roundTrip) if err != nil { @@ -400,7 +392,16 @@ func (r *NotaryRepository) Publish() error { return err } rootKeyID := r.tufRepo.Root.Signed.Roles["root"].KeyIDs[0] - rootCryptoService, err := r.KeyStoreManager.GetRootCryptoService(rootKeyID) + rootKey, ok := r.tufRepo.Root.Signed.Keys[rootKeyID] + if !ok { + return errors.New( + "Root was signed with %s, which is not in its list of keys.") + } + canonicalRootID, err := tufutils.CanonicalKeyID(rootKey) + if err != nil { + return err + } + rootCryptoService, err := r.KeyStoreManager.GetRootCryptoService(canonicalRootID) if err != nil { return err } diff --git a/client/client_test.go b/client/client_test.go index d18e8825b6..3e94e10f07 100644 --- a/client/client_test.go +++ b/client/client_test.go @@ -108,19 +108,12 @@ func testInitRepo(t *testing.T, rootType data.KeyAlgorithm) { _, err = os.Stat(filepath.Join(tempBaseDir, "private", "root_keys", rootKeyFilename)) assert.NoError(t, err, "missing root key") - // Also expect a symlink from the key ID of the certificate key to this - // root key certificates := repo.KeyStoreManager.TrustedCertificateStore().GetCertificates() assert.Len(t, certificates, 1, "unexpected number of certificates") certID, err := trustmanager.FingerprintCert(certificates[0]) assert.NoError(t, err, "unable to fingerprint the certificate") - actualDest, err := os.Readlink(filepath.Join(tempBaseDir, "private", "root_keys", certID+"_root"+".key")) - assert.NoError(t, err, "missing symlink to root key") - - assert.Equal(t, rootKeyFilename, actualDest, "symlink to root key has wrong destination") - // There should be a trusted certificate _, err = os.Stat(filepath.Join(tempBaseDir, "trusted_certificates", filepath.FromSlash(gun), certID+".crt")) assert.NoError(t, err, "missing trusted certificate")