mirror of https://github.com/docker/docs.git
Converted tests to testify and EC generation
Signed-off-by: Diogo Monica <diogo@docker.com>
This commit is contained in:
Diogo Monica
parent
1aced67471
commit
42ded6231c
|
|
@ -36,7 +36,10 @@ const signedRSARootTemplate = `{"signed":{"_type":"Root","consistent_snapshot":f
|
|||
// We test this with both an RSA and ECDSA root key
|
||||
func TestValidateRoot(t *testing.T) {
|
||||
logrus.SetLevel(logrus.DebugLevel)
|
||||
validateRootSuccessfully(t, data.RSAKey)
|
||||
validateRootSuccessfully(t, data.ECDSAKey)
|
||||
if !testing.Short() {
|
||||
validateRootSuccessfully(t, data.RSAKey)
|
||||
}
|
||||
}
|
||||
|
||||
func validateRootSuccessfully(t *testing.T, rootType data.KeyAlgorithm) {
|
||||
|
|
|
|||
|
|
@ -1,15 +1,14 @@
|
|||
package trustmanager
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/rand"
|
||||
"errors"
|
||||
"github.com/docker/notary/Godeps/_workspace/src/github.com/stretchr/testify/assert"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/docker/notary/Godeps/_workspace/src/github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
var passphraseRetriever = func(keyID string, alias string, createNew bool, numAttempts int) (string, bool, error) {
|
||||
|
|
@ -27,9 +26,7 @@ func TestAddKey(t *testing.T) {
|
|||
|
||||
// Temporary directory where test files will be created
|
||||
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create a temporary directory: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create a temporary directory")
|
||||
defer os.RemoveAll(tempBaseDir)
|
||||
|
||||
// Since we're generating this manually we need to add the extension '.'
|
||||
|
|
@ -37,30 +34,19 @@ func TestAddKey(t *testing.T) {
|
|||
|
||||
// Create our store
|
||||
store, err := NewKeyFileStore(tempBaseDir, passphraseRetriever)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create new key filestore: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create new key filestore")
|
||||
|
||||
privKey, err := GenerateRSAKey(rand.Reader, 512)
|
||||
if err != nil {
|
||||
t.Fatalf("could not generate private key: %v", err)
|
||||
}
|
||||
privKey, err := GenerateECDSAKey(rand.Reader)
|
||||
assert.NoError(t, err, "could not generate private key")
|
||||
|
||||
// Call the AddKey function
|
||||
err = store.AddKey(testName, "root", privKey)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to add file to store: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Check to see if file exists
|
||||
b, err := ioutil.ReadFile(expectedFilePath)
|
||||
if err != nil {
|
||||
t.Fatalf("expected file not found: %v", err)
|
||||
}
|
||||
|
||||
if !strings.Contains(string(b), "-----BEGIN RSA PRIVATE KEY-----") {
|
||||
t.Fatalf("expected private key content in the file: %s", expectedFilePath)
|
||||
}
|
||||
assert.NoError(t, err, "expected file not found")
|
||||
assert.Contains(t, string(b), "-----BEGIN EC PRIVATE KEY-----")
|
||||
}
|
||||
|
||||
func TestGet(t *testing.T) {
|
||||
|
|
@ -101,39 +87,27 @@ EMl3eFOJXjIch/wIesRSN+2dGOsl7neercjMh1i9RvpCwHDx/E0=
|
|||
|
||||
// Temporary directory where test files will be created
|
||||
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create a temporary directory: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create a temporary directory")
|
||||
defer os.RemoveAll(tempBaseDir)
|
||||
|
||||
// Since we're generating this manually we need to add the extension '.'
|
||||
filePath := filepath.Join(tempBaseDir, testName+"_"+testAlias+"."+testExt)
|
||||
|
||||
os.MkdirAll(filepath.Dir(filePath), perms)
|
||||
if err = ioutil.WriteFile(filePath, testData, perms); err != nil {
|
||||
t.Fatalf("Failed to write test file: %v", err)
|
||||
}
|
||||
err = ioutil.WriteFile(filePath, testData, perms)
|
||||
assert.NoError(t, err, "failed to write test file")
|
||||
|
||||
// Create our store
|
||||
store, err := NewKeyFileStore(tempBaseDir, emptyPassphraseRetriever)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create new key filestore: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create new key filestore")
|
||||
|
||||
// Call the GetKey function
|
||||
privKey, _, err := store.GetKey(testName)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to get file from store: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to get key from store")
|
||||
|
||||
pemPrivKey, err := KeyToPEM(privKey)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to convert key to PEM: %v", err)
|
||||
}
|
||||
|
||||
if !bytes.Equal(testData, pemPrivKey) {
|
||||
t.Fatalf("unexpected content in the file: %s", filePath)
|
||||
}
|
||||
assert.NoError(t, err, "failed to convert key to PEM")
|
||||
assert.Equal(t, testData, pemPrivKey)
|
||||
}
|
||||
|
||||
func TestAddGetKeyMemStore(t *testing.T) {
|
||||
|
|
@ -143,31 +117,20 @@ func TestAddGetKeyMemStore(t *testing.T) {
|
|||
// Create our store
|
||||
store := NewKeyMemoryStore(passphraseRetriever)
|
||||
|
||||
privKey, err := GenerateRSAKey(rand.Reader, 512)
|
||||
if err != nil {
|
||||
t.Fatalf("could not generate private key: %v", err)
|
||||
}
|
||||
privKey, err := GenerateECDSAKey(rand.Reader)
|
||||
assert.NoError(t, err, "could not generate private key")
|
||||
|
||||
// Call the AddKey function
|
||||
err = store.AddKey(testName, testAlias, privKey)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to add file to store: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Check to see if file exists
|
||||
retrievedKey, retrievedAlias, err := store.GetKey(testName)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to get key from store: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to get key from store")
|
||||
|
||||
if retrievedAlias != testAlias {
|
||||
t.Fatalf("retrievedAlias differs getAlias")
|
||||
}
|
||||
|
||||
if !bytes.Equal(retrievedKey.Public(), privKey.Public()) ||
|
||||
!bytes.Equal(retrievedKey.Private(), privKey.Private()) {
|
||||
t.Fatalf("key contents differs after add/get")
|
||||
}
|
||||
assert.Equal(t, retrievedAlias, testAlias)
|
||||
assert.Equal(t, retrievedKey.Public(), privKey.Public())
|
||||
assert.Equal(t, retrievedKey.Private(), privKey.Private())
|
||||
}
|
||||
func TestGetDecryptedWithTamperedCipherText(t *testing.T) {
|
||||
testExt := "key"
|
||||
|
|
@ -175,49 +138,38 @@ func TestGetDecryptedWithTamperedCipherText(t *testing.T) {
|
|||
|
||||
// Temporary directory where test files will be created
|
||||
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create a temporary directory: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create a temporary directory")
|
||||
defer os.RemoveAll(tempBaseDir)
|
||||
|
||||
// Create our FileStore
|
||||
store, err := NewKeyFileStore(tempBaseDir, passphraseRetriever)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create new key filestore: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create new key filestore")
|
||||
|
||||
// Generate a new Private Key
|
||||
privKey, err := GenerateRSAKey(rand.Reader, 512)
|
||||
if err != nil {
|
||||
t.Fatalf("could not generate private key: %v", err)
|
||||
}
|
||||
privKey, err := GenerateECDSAKey(rand.Reader)
|
||||
assert.NoError(t, err, "could not generate private key")
|
||||
|
||||
// Call the AddEncryptedKey function
|
||||
err = store.AddKey(privKey.ID(), testAlias, privKey)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to add file to store: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Since we're generating this manually we need to add the extension '.'
|
||||
expectedFilePath := filepath.Join(tempBaseDir, privKey.ID()+"_"+testAlias+"."+testExt)
|
||||
|
||||
// Get file description, open file
|
||||
fp, err := os.OpenFile(expectedFilePath, os.O_WRONLY, 0600)
|
||||
if err != nil {
|
||||
t.Fatalf("expected file not found: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "expected file not found")
|
||||
|
||||
// Tamper the file
|
||||
fp.WriteAt([]byte("a"), int64(1))
|
||||
|
||||
// Recreate the KeyFileStore to avoid caching
|
||||
store, err = NewKeyFileStore(tempBaseDir, passphraseRetriever)
|
||||
assert.NoError(t, err, "failed to create new key filestore")
|
||||
|
||||
// Try to decrypt the file
|
||||
_, _, err = store.GetKey(privKey.ID())
|
||||
if err == nil {
|
||||
t.Fatalf("expected error while decrypting the content due to invalid cipher text")
|
||||
}
|
||||
assert.Error(t, err, "expected error while decrypting the content due to invalid cipher text")
|
||||
}
|
||||
|
||||
func TestGetDecryptedWithInvalidPassphrase(t *testing.T) {
|
||||
|
|
@ -236,21 +188,15 @@ func TestGetDecryptedWithInvalidPassphrase(t *testing.T) {
|
|||
|
||||
// Temporary directory where test files will be created
|
||||
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create a temporary directory: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create a temporary directory")
|
||||
defer os.RemoveAll(tempBaseDir)
|
||||
|
||||
// Test with KeyFileStore
|
||||
fileStore, err := NewKeyFileStore(tempBaseDir, invalidPassphraseRetriever)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create new key filestore: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create new key filestore")
|
||||
|
||||
newFileStore, err := NewKeyFileStore(tempBaseDir, invalidPassphraseRetriever)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create new key filestore: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create new key filestore")
|
||||
|
||||
testGetDecryptedWithInvalidPassphrase(t, fileStore, newFileStore)
|
||||
|
||||
|
|
@ -269,21 +215,15 @@ func TestGetDecryptedWithConsistentlyInvalidPassphrase(t *testing.T) {
|
|||
|
||||
// Temporary directory where test files will be created
|
||||
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create a temporary directory: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create a temporary directory")
|
||||
defer os.RemoveAll(tempBaseDir)
|
||||
|
||||
// Test with KeyFileStore
|
||||
fileStore, err := NewKeyFileStore(tempBaseDir, consistentlyInvalidPassphraseRetriever)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create new key filestore: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create new key filestore")
|
||||
|
||||
newFileStore, err := NewKeyFileStore(tempBaseDir, consistentlyInvalidPassphraseRetriever)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create new key filestore: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create new key filestore")
|
||||
|
||||
testGetDecryptedWithInvalidPassphrase(t, fileStore, newFileStore)
|
||||
|
||||
|
|
@ -297,22 +237,16 @@ func testGetDecryptedWithInvalidPassphrase(t *testing.T, store KeyStore, newStor
|
|||
testAlias := "root"
|
||||
|
||||
// Generate a new random RSA Key
|
||||
privKey, err := GenerateRSAKey(rand.Reader, 512)
|
||||
if err != nil {
|
||||
t.Fatalf("could not generate private key: %v", err)
|
||||
}
|
||||
privKey, err := GenerateECDSAKey(rand.Reader)
|
||||
assert.NoError(t, err, "could not generate private key")
|
||||
|
||||
// Call the AddKey function
|
||||
err = store.AddKey(privKey.ID(), testAlias, privKey)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to add file to store: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Try to decrypt the file with an invalid passphrase
|
||||
_, _, err = newStore.GetKey(privKey.ID())
|
||||
if err == nil {
|
||||
t.Fatalf("expected error while decrypting the content due to invalid passphrase")
|
||||
}
|
||||
assert.Error(t, err, "expected error while decrypting the content due to invalid passphrase")
|
||||
}
|
||||
|
||||
func TestRemoveKey(t *testing.T) {
|
||||
|
|
@ -322,9 +256,7 @@ func TestRemoveKey(t *testing.T) {
|
|||
|
||||
// Temporary directory where test files will be created
|
||||
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create a temporary directory: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create a temporary directory")
|
||||
defer os.RemoveAll(tempBaseDir)
|
||||
|
||||
// Since we're generating this manually we need to add the extension '.'
|
||||
|
|
@ -332,38 +264,26 @@ func TestRemoveKey(t *testing.T) {
|
|||
|
||||
// Create our store
|
||||
store, err := NewKeyFileStore(tempBaseDir, passphraseRetriever)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create new key filestore: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create new key filestore")
|
||||
|
||||
privKey, err := GenerateRSAKey(rand.Reader, 512)
|
||||
if err != nil {
|
||||
t.Fatalf("could not generate private key: %v", err)
|
||||
}
|
||||
privKey, err := GenerateECDSAKey(rand.Reader)
|
||||
assert.NoError(t, err, "could not generate private key")
|
||||
|
||||
// Call the AddKey function
|
||||
err = store.AddKey(testName, testAlias, privKey)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to add file to store: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Check to see if file exists
|
||||
_, err = ioutil.ReadFile(expectedFilePath)
|
||||
if err != nil {
|
||||
t.Fatalf("expected file not found: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "expected file not found")
|
||||
|
||||
// Call remove key
|
||||
err = store.RemoveKey(testName)
|
||||
if err != nil {
|
||||
t.Fatalf("unable to remove key: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "unable to remove key")
|
||||
|
||||
// Check to see if file still exists
|
||||
_, err = ioutil.ReadFile(expectedFilePath)
|
||||
if err == nil {
|
||||
t.Fatalf("file should not exist %s", expectedFilePath)
|
||||
}
|
||||
assert.Error(t, err, "file should not exist")
|
||||
}
|
||||
|
||||
func TestKeysAreCached(t *testing.T) {
|
||||
|
|
@ -372,9 +292,7 @@ func TestKeysAreCached(t *testing.T) {
|
|||
|
||||
// Temporary directory where test files will be created
|
||||
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create a temporary directory: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create a temporary directory")
|
||||
defer os.RemoveAll(tempBaseDir)
|
||||
|
||||
var countingPassphraseRetriever PassphraseRetriever
|
||||
|
|
@ -387,28 +305,20 @@ func TestKeysAreCached(t *testing.T) {
|
|||
|
||||
// Create our store
|
||||
store, err := NewKeyFileStore(tempBaseDir, countingPassphraseRetriever)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create new key filestore: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create new key filestore")
|
||||
|
||||
privKey, err := GenerateRSAKey(rand.Reader, 512)
|
||||
if err != nil {
|
||||
t.Fatalf("could not generate private key: %v", err)
|
||||
}
|
||||
privKey, err := GenerateECDSAKey(rand.Reader)
|
||||
assert.NoError(t, err, "could not generate private key")
|
||||
|
||||
// Call the AddKey function
|
||||
err = store.AddKey(testName, testAlias, privKey)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to add file to store: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
assert.Equal(t, 1, numTimesCalled, "numTimesCalled should have been 1")
|
||||
|
||||
// Call the AddKey function
|
||||
privKey2, _, err := store.GetKey(testName)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to add file to store: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
assert.Equal(t, privKey.Public(), privKey2.Public(), "cachedPrivKey should be the same as the added privKey")
|
||||
assert.Equal(t, privKey.Private(), privKey2.Private(), "cachedPrivKey should be the same as the added privKey")
|
||||
|
|
@ -416,15 +326,11 @@ func TestKeysAreCached(t *testing.T) {
|
|||
|
||||
// Create a new store
|
||||
store2, err := NewKeyFileStore(tempBaseDir, countingPassphraseRetriever)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to create new key filestore: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to create new key filestore")
|
||||
|
||||
// Call the AddKey function
|
||||
// Call the GetKey function
|
||||
privKey3, _, err := store2.GetKey(testName)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to add file to store: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to get key from store")
|
||||
|
||||
assert.Equal(t, privKey2.Private(), privKey3.Private(), "privkey from store1 should be the same as privkey from store2")
|
||||
assert.Equal(t, privKey2.Public(), privKey3.Public(), "privkey from store1 should be the same as privkey from store2")
|
||||
|
|
@ -433,9 +339,7 @@ func TestKeysAreCached(t *testing.T) {
|
|||
// Call the GetKey function a bunch of times
|
||||
for i := 0; i < 10; i++ {
|
||||
_, _, err := store2.GetKey(testName)
|
||||
if err != nil {
|
||||
t.Fatalf("failed to add file to store: %v", err)
|
||||
}
|
||||
assert.NoError(t, err, "failed to get key from store")
|
||||
}
|
||||
assert.Equal(t, 2, numTimesCalled, "numTimesCalled should be 2 -- no additional call to passphraseRetriever")
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue