docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Converted tests to testify and EC generation 

Signed-off-by: Diogo Monica <diogo@docker.com>
This commit is contained in:
Diogo Monica 2015-07-20 13:29:26 -07:00
parent 1aced67471
commit 42ded6231c
2 changed files with 63 additions and 156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
client/client_root_validation_test.go
View File

@ -36,7 +36,10 @@ const signedRSARootTemplate = `{"signed":{"_type":"Root","consistent_snapshot":f
// We test this with both an RSA and ECDSA root key // We test this with both an RSA and ECDSA root key
func TestValidateRoot(t *testing.T) { func TestValidateRoot(t *testing.T) {
logrus.SetLevel(logrus.DebugLevel) logrus.SetLevel(logrus.DebugLevel)
validateRootSuccessfully(t, data.RSAKey) validateRootSuccessfully(t, data.ECDSAKey)
if !testing.Short() {
validateRootSuccessfully(t, data.RSAKey)
}
} }
func validateRootSuccessfully(t *testing.T, rootType data.KeyAlgorithm) { func validateRootSuccessfully(t *testing.T, rootType data.KeyAlgorithm) {

214
trustmanager/keyfilestore_test.go
View File

@ -1,15 +1,14 @@
package trustmanager package trustmanager
import ( import (
"bytes"
"crypto/rand" "crypto/rand"
"errors" "errors"
"github.com/docker/notary/Godeps/_workspace/src/github.com/stretchr/testify/assert"
"io/ioutil" "io/ioutil"
"os" "os"
"path/filepath" "path/filepath"
"strings"
"testing" "testing"
"github.com/docker/notary/Godeps/_workspace/src/github.com/stretchr/testify/assert"
) )
var passphraseRetriever = func(keyID string, alias string, createNew bool, numAttempts int) (string, bool, error) { var passphraseRetriever = func(keyID string, alias string, createNew bool, numAttempts int) (string, bool, error) {
@ -27,9 +26,7 @@ func TestAddKey(t *testing.T) {
// Temporary directory where test files will be created // Temporary directory where test files will be created
tempBaseDir, err := ioutil.TempDir("", "notary-test-") tempBaseDir, err := ioutil.TempDir("", "notary-test-")
if err != nil { assert.NoError(t, err, "failed to create a temporary directory")
t.Fatalf("failed to create a temporary directory: %v", err)
}
defer os.RemoveAll(tempBaseDir) defer os.RemoveAll(tempBaseDir)
// Since we're generating this manually we need to add the extension '.' // Since we're generating this manually we need to add the extension '.'
@ -37,30 +34,19 @@ func TestAddKey(t *testing.T) {
// Create our store // Create our store
store, err := NewKeyFileStore(tempBaseDir, passphraseRetriever) store, err := NewKeyFileStore(tempBaseDir, passphraseRetriever)
if err != nil { assert.NoError(t, err, "failed to create new key filestore")
t.Fatalf("failed to create new key filestore: %v", err)
}
privKey, err := GenerateRSAKey(rand.Reader, 512) privKey, err := GenerateECDSAKey(rand.Reader)
if err != nil { assert.NoError(t, err, "could not generate private key")
t.Fatalf("could not generate private key: %v", err)
}
// Call the AddKey function // Call the AddKey function
err = store.AddKey(testName, "root", privKey) err = store.AddKey(testName, "root", privKey)
if err != nil { assert.NoError(t, err, "failed to add key to store")
t.Fatalf("failed to add file to store: %v", err)
}
// Check to see if file exists // Check to see if file exists
b, err := ioutil.ReadFile(expectedFilePath) b, err := ioutil.ReadFile(expectedFilePath)
if err != nil { assert.NoError(t, err, "expected file not found")
t.Fatalf("expected file not found: %v", err) assert.Contains(t, string(b), "-----BEGIN EC PRIVATE KEY-----")
}
if !strings.Contains(string(b), "-----BEGIN RSA PRIVATE KEY-----") {
t.Fatalf("expected private key content in the file: %s", expectedFilePath)
}
} }
func TestGet(t *testing.T) { func TestGet(t *testing.T) {
@ -101,39 +87,27 @@ EMl3eFOJXjIch/wIesRSN+2dGOsl7neercjMh1i9RvpCwHDx/E0=
// Temporary directory where test files will be created // Temporary directory where test files will be created
tempBaseDir, err := ioutil.TempDir("", "notary-test-") tempBaseDir, err := ioutil.TempDir("", "notary-test-")
if err != nil { assert.NoError(t, err, "failed to create a temporary directory")
t.Fatalf("failed to create a temporary directory: %v", err)
}
defer os.RemoveAll(tempBaseDir) defer os.RemoveAll(tempBaseDir)
// Since we're generating this manually we need to add the extension '.' // Since we're generating this manually we need to add the extension '.'
filePath := filepath.Join(tempBaseDir, testName+"_"+testAlias+"."+testExt) filePath := filepath.Join(tempBaseDir, testName+"_"+testAlias+"."+testExt)
os.MkdirAll(filepath.Dir(filePath), perms) os.MkdirAll(filepath.Dir(filePath), perms)
if err = ioutil.WriteFile(filePath, testData, perms); err != nil { err = ioutil.WriteFile(filePath, testData, perms)
t.Fatalf("Failed to write test file: %v", err) assert.NoError(t, err, "failed to write test file")
}
// Create our store // Create our store
store, err := NewKeyFileStore(tempBaseDir, emptyPassphraseRetriever) store, err := NewKeyFileStore(tempBaseDir, emptyPassphraseRetriever)
if err != nil { assert.NoError(t, err, "failed to create new key filestore")
t.Fatalf("failed to create new key filestore: %v", err)
}
// Call the GetKey function // Call the GetKey function
privKey, _, err := store.GetKey(testName) privKey, _, err := store.GetKey(testName)
if err != nil { assert.NoError(t, err, "failed to get key from store")
t.Fatalf("failed to get file from store: %v", err)
}
pemPrivKey, err := KeyToPEM(privKey) pemPrivKey, err := KeyToPEM(privKey)
if err != nil { assert.NoError(t, err, "failed to convert key to PEM")
t.Fatalf("failed to convert key to PEM: %v", err) assert.Equal(t, testData, pemPrivKey)
}
if !bytes.Equal(testData, pemPrivKey) {
t.Fatalf("unexpected content in the file: %s", filePath)
}
} }
func TestAddGetKeyMemStore(t *testing.T) { func TestAddGetKeyMemStore(t *testing.T) {
@ -143,31 +117,20 @@ func TestAddGetKeyMemStore(t *testing.T) {
// Create our store // Create our store
store := NewKeyMemoryStore(passphraseRetriever) store := NewKeyMemoryStore(passphraseRetriever)
privKey, err := GenerateRSAKey(rand.Reader, 512) privKey, err := GenerateECDSAKey(rand.Reader)
if err != nil { assert.NoError(t, err, "could not generate private key")
t.Fatalf("could not generate private key: %v", err)
}
// Call the AddKey function // Call the AddKey function
err = store.AddKey(testName, testAlias, privKey) err = store.AddKey(testName, testAlias, privKey)
if err != nil { assert.NoError(t, err, "failed to add key to store")
t.Fatalf("failed to add file to store: %v", err)
}
// Check to see if file exists // Check to see if file exists
retrievedKey, retrievedAlias, err := store.GetKey(testName) retrievedKey, retrievedAlias, err := store.GetKey(testName)
if err != nil { assert.NoError(t, err, "failed to get key from store")
t.Fatalf("failed to get key from store: %v", err)
}
if retrievedAlias != testAlias { assert.Equal(t, retrievedAlias, testAlias)
t.Fatalf("retrievedAlias differs getAlias") assert.Equal(t, retrievedKey.Public(), privKey.Public())
} assert.Equal(t, retrievedKey.Private(), privKey.Private())
if !bytes.Equal(retrievedKey.Public(), privKey.Public()) ||
!bytes.Equal(retrievedKey.Private(), privKey.Private()) {
t.Fatalf("key contents differs after add/get")
}
} }
func TestGetDecryptedWithTamperedCipherText(t *testing.T) { func TestGetDecryptedWithTamperedCipherText(t *testing.T) {
testExt := "key" testExt := "key"
@ -175,49 +138,38 @@ func TestGetDecryptedWithTamperedCipherText(t *testing.T) {
// Temporary directory where test files will be created // Temporary directory where test files will be created
tempBaseDir, err := ioutil.TempDir("", "notary-test-") tempBaseDir, err := ioutil.TempDir("", "notary-test-")
if err != nil { assert.NoError(t, err, "failed to create a temporary directory")
t.Fatalf("failed to create a temporary directory: %v", err)
}
defer os.RemoveAll(tempBaseDir) defer os.RemoveAll(tempBaseDir)
// Create our FileStore // Create our FileStore
store, err := NewKeyFileStore(tempBaseDir, passphraseRetriever) store, err := NewKeyFileStore(tempBaseDir, passphraseRetriever)
if err != nil { assert.NoError(t, err, "failed to create new key filestore")
t.Fatalf("failed to create new key filestore: %v", err)
}
// Generate a new Private Key // Generate a new Private Key
privKey, err := GenerateRSAKey(rand.Reader, 512) privKey, err := GenerateECDSAKey(rand.Reader)
if err != nil { assert.NoError(t, err, "could not generate private key")
t.Fatalf("could not generate private key: %v", err)
}
// Call the AddEncryptedKey function // Call the AddEncryptedKey function
err = store.AddKey(privKey.ID(), testAlias, privKey) err = store.AddKey(privKey.ID(), testAlias, privKey)
if err != nil { assert.NoError(t, err, "failed to add key to store")
t.Fatalf("failed to add file to store: %v", err)
}
// Since we're generating this manually we need to add the extension '.' // Since we're generating this manually we need to add the extension '.'
expectedFilePath := filepath.Join(tempBaseDir, privKey.ID()+"_"+testAlias+"."+testExt) expectedFilePath := filepath.Join(tempBaseDir, privKey.ID()+"_"+testAlias+"."+testExt)
// Get file description, open file // Get file description, open file
fp, err := os.OpenFile(expectedFilePath, os.O_WRONLY, 0600) fp, err := os.OpenFile(expectedFilePath, os.O_WRONLY, 0600)
if err != nil { assert.NoError(t, err, "expected file not found")
t.Fatalf("expected file not found: %v", err)
}
// Tamper the file // Tamper the file
fp.WriteAt([]byte("a"), int64(1)) fp.WriteAt([]byte("a"), int64(1))
// Recreate the KeyFileStore to avoid caching // Recreate the KeyFileStore to avoid caching
store, err = NewKeyFileStore(tempBaseDir, passphraseRetriever) store, err = NewKeyFileStore(tempBaseDir, passphraseRetriever)
assert.NoError(t, err, "failed to create new key filestore")
// Try to decrypt the file // Try to decrypt the file
_, _, err = store.GetKey(privKey.ID()) _, _, err = store.GetKey(privKey.ID())
if err == nil { assert.Error(t, err, "expected error while decrypting the content due to invalid cipher text")
t.Fatalf("expected error while decrypting the content due to invalid cipher text")
}
} }
func TestGetDecryptedWithInvalidPassphrase(t *testing.T) { func TestGetDecryptedWithInvalidPassphrase(t *testing.T) {
@ -236,21 +188,15 @@ func TestGetDecryptedWithInvalidPassphrase(t *testing.T) {
// Temporary directory where test files will be created // Temporary directory where test files will be created
tempBaseDir, err := ioutil.TempDir("", "notary-test-") tempBaseDir, err := ioutil.TempDir("", "notary-test-")
if err != nil { assert.NoError(t, err, "failed to create a temporary directory")
t.Fatalf("failed to create a temporary directory: %v", err)
}
defer os.RemoveAll(tempBaseDir) defer os.RemoveAll(tempBaseDir)
// Test with KeyFileStore // Test with KeyFileStore
fileStore, err := NewKeyFileStore(tempBaseDir, invalidPassphraseRetriever) fileStore, err := NewKeyFileStore(tempBaseDir, invalidPassphraseRetriever)
if err != nil { assert.NoError(t, err, "failed to create new key filestore")
t.Fatalf("failed to create new key filestore: %v", err)
}
newFileStore, err := NewKeyFileStore(tempBaseDir, invalidPassphraseRetriever) newFileStore, err := NewKeyFileStore(tempBaseDir, invalidPassphraseRetriever)
if err != nil { assert.NoError(t, err, "failed to create new key filestore")
t.Fatalf("failed to create new key filestore: %v", err)
}
testGetDecryptedWithInvalidPassphrase(t, fileStore, newFileStore) testGetDecryptedWithInvalidPassphrase(t, fileStore, newFileStore)
@ -269,21 +215,15 @@ func TestGetDecryptedWithConsistentlyInvalidPassphrase(t *testing.T) {
// Temporary directory where test files will be created // Temporary directory where test files will be created
tempBaseDir, err := ioutil.TempDir("", "notary-test-") tempBaseDir, err := ioutil.TempDir("", "notary-test-")
if err != nil { assert.NoError(t, err, "failed to create a temporary directory")
t.Fatalf("failed to create a temporary directory: %v", err)
}
defer os.RemoveAll(tempBaseDir) defer os.RemoveAll(tempBaseDir)
// Test with KeyFileStore // Test with KeyFileStore
fileStore, err := NewKeyFileStore(tempBaseDir, consistentlyInvalidPassphraseRetriever) fileStore, err := NewKeyFileStore(tempBaseDir, consistentlyInvalidPassphraseRetriever)
if err != nil { assert.NoError(t, err, "failed to create new key filestore")
t.Fatalf("failed to create new key filestore: %v", err)
}
newFileStore, err := NewKeyFileStore(tempBaseDir, consistentlyInvalidPassphraseRetriever) newFileStore, err := NewKeyFileStore(tempBaseDir, consistentlyInvalidPassphraseRetriever)
if err != nil { assert.NoError(t, err, "failed to create new key filestore")
t.Fatalf("failed to create new key filestore: %v", err)
}
testGetDecryptedWithInvalidPassphrase(t, fileStore, newFileStore) testGetDecryptedWithInvalidPassphrase(t, fileStore, newFileStore)
@ -297,22 +237,16 @@ func testGetDecryptedWithInvalidPassphrase(t *testing.T, store KeyStore, newStor
testAlias := "root" testAlias := "root"
// Generate a new random RSA Key // Generate a new random RSA Key
privKey, err := GenerateRSAKey(rand.Reader, 512) privKey, err := GenerateECDSAKey(rand.Reader)
if err != nil { assert.NoError(t, err, "could not generate private key")
t.Fatalf("could not generate private key: %v", err)
}
// Call the AddKey function // Call the AddKey function
err = store.AddKey(privKey.ID(), testAlias, privKey) err = store.AddKey(privKey.ID(), testAlias, privKey)
if err != nil { assert.NoError(t, err, "failed to add key to store")
t.Fatalf("failed to add file to store: %v", err)
}
// Try to decrypt the file with an invalid passphrase // Try to decrypt the file with an invalid passphrase
_, _, err = newStore.GetKey(privKey.ID()) _, _, err = newStore.GetKey(privKey.ID())
if err == nil { assert.Error(t, err, "expected error while decrypting the content due to invalid passphrase")
t.Fatalf("expected error while decrypting the content due to invalid passphrase")
}
} }
func TestRemoveKey(t *testing.T) { func TestRemoveKey(t *testing.T) {
@ -322,9 +256,7 @@ func TestRemoveKey(t *testing.T) {
// Temporary directory where test files will be created // Temporary directory where test files will be created
tempBaseDir, err := ioutil.TempDir("", "notary-test-") tempBaseDir, err := ioutil.TempDir("", "notary-test-")
if err != nil { assert.NoError(t, err, "failed to create a temporary directory")
t.Fatalf("failed to create a temporary directory: %v", err)
}
defer os.RemoveAll(tempBaseDir) defer os.RemoveAll(tempBaseDir)
// Since we're generating this manually we need to add the extension '.' // Since we're generating this manually we need to add the extension '.'
@ -332,38 +264,26 @@ func TestRemoveKey(t *testing.T) {
// Create our store // Create our store
store, err := NewKeyFileStore(tempBaseDir, passphraseRetriever) store, err := NewKeyFileStore(tempBaseDir, passphraseRetriever)
if err != nil { assert.NoError(t, err, "failed to create new key filestore")
t.Fatalf("failed to create new key filestore: %v", err)
}
privKey, err := GenerateRSAKey(rand.Reader, 512) privKey, err := GenerateECDSAKey(rand.Reader)
if err != nil { assert.NoError(t, err, "could not generate private key")
t.Fatalf("could not generate private key: %v", err)
}
// Call the AddKey function // Call the AddKey function
err = store.AddKey(testName, testAlias, privKey) err = store.AddKey(testName, testAlias, privKey)
if err != nil { assert.NoError(t, err, "failed to add key to store")
t.Fatalf("failed to add file to store: %v", err)
}
// Check to see if file exists // Check to see if file exists
_, err = ioutil.ReadFile(expectedFilePath) _, err = ioutil.ReadFile(expectedFilePath)
if err != nil { assert.NoError(t, err, "expected file not found")
t.Fatalf("expected file not found: %v", err)
}
// Call remove key // Call remove key
err = store.RemoveKey(testName) err = store.RemoveKey(testName)
if err != nil { assert.NoError(t, err, "unable to remove key")
t.Fatalf("unable to remove key: %v", err)
}
// Check to see if file still exists // Check to see if file still exists
_, err = ioutil.ReadFile(expectedFilePath) _, err = ioutil.ReadFile(expectedFilePath)
if err == nil { assert.Error(t, err, "file should not exist")
t.Fatalf("file should not exist %s", expectedFilePath)
}
} }
func TestKeysAreCached(t *testing.T) { func TestKeysAreCached(t *testing.T) {
@ -372,9 +292,7 @@ func TestKeysAreCached(t *testing.T) {
// Temporary directory where test files will be created // Temporary directory where test files will be created
tempBaseDir, err := ioutil.TempDir("", "notary-test-") tempBaseDir, err := ioutil.TempDir("", "notary-test-")
if err != nil { assert.NoError(t, err, "failed to create a temporary directory")
t.Fatalf("failed to create a temporary directory: %v", err)
}
defer os.RemoveAll(tempBaseDir) defer os.RemoveAll(tempBaseDir)
var countingPassphraseRetriever PassphraseRetriever var countingPassphraseRetriever PassphraseRetriever
@ -387,28 +305,20 @@ func TestKeysAreCached(t *testing.T) {
// Create our store // Create our store
store, err := NewKeyFileStore(tempBaseDir, countingPassphraseRetriever) store, err := NewKeyFileStore(tempBaseDir, countingPassphraseRetriever)
if err != nil { assert.NoError(t, err, "failed to create new key filestore")
t.Fatalf("failed to create new key filestore: %v", err)
}
privKey, err := GenerateRSAKey(rand.Reader, 512) privKey, err := GenerateECDSAKey(rand.Reader)
if err != nil { assert.NoError(t, err, "could not generate private key")
t.Fatalf("could not generate private key: %v", err)
}
// Call the AddKey function // Call the AddKey function
err = store.AddKey(testName, testAlias, privKey) err = store.AddKey(testName, testAlias, privKey)
if err != nil { assert.NoError(t, err, "failed to add key to store")
t.Fatalf("failed to add file to store: %v", err)
}
assert.Equal(t, 1, numTimesCalled, "numTimesCalled should have been 1") assert.Equal(t, 1, numTimesCalled, "numTimesCalled should have been 1")
// Call the AddKey function // Call the AddKey function
privKey2, _, err := store.GetKey(testName) privKey2, _, err := store.GetKey(testName)
if err != nil { assert.NoError(t, err, "failed to add key to store")
t.Fatalf("failed to add file to store: %v", err)
}
assert.Equal(t, privKey.Public(), privKey2.Public(), "cachedPrivKey should be the same as the added privKey") assert.Equal(t, privKey.Public(), privKey2.Public(), "cachedPrivKey should be the same as the added privKey")
assert.Equal(t, privKey.Private(), privKey2.Private(), "cachedPrivKey should be the same as the added privKey") assert.Equal(t, privKey.Private(), privKey2.Private(), "cachedPrivKey should be the same as the added privKey")
@ -416,15 +326,11 @@ func TestKeysAreCached(t *testing.T) {
// Create a new store // Create a new store
store2, err := NewKeyFileStore(tempBaseDir, countingPassphraseRetriever) store2, err := NewKeyFileStore(tempBaseDir, countingPassphraseRetriever)
if err != nil { assert.NoError(t, err, "failed to create new key filestore")
t.Fatalf("failed to create new key filestore: %v", err)
}
// Call the AddKey function // Call the GetKey function
privKey3, _, err := store2.GetKey(testName) privKey3, _, err := store2.GetKey(testName)
if err != nil { assert.NoError(t, err, "failed to get key from store")
t.Fatalf("failed to add file to store: %v", err)
}
assert.Equal(t, privKey2.Private(), privKey3.Private(), "privkey from store1 should be the same as privkey from store2") assert.Equal(t, privKey2.Private(), privKey3.Private(), "privkey from store1 should be the same as privkey from store2")
assert.Equal(t, privKey2.Public(), privKey3.Public(), "privkey from store1 should be the same as privkey from store2") assert.Equal(t, privKey2.Public(), privKey3.Public(), "privkey from store1 should be the same as privkey from store2")
@ -433,9 +339,7 @@ func TestKeysAreCached(t *testing.T) {
// Call the GetKey function a bunch of times // Call the GetKey function a bunch of times
for i := 0; i < 10; i++ { for i := 0; i < 10; i++ {
_, _, err := store2.GetKey(testName) _, _, err := store2.GetKey(testName)
if err != nil { assert.NoError(t, err, "failed to get key from store")
t.Fatalf("failed to add file to store: %v", err)
}
} }
assert.Equal(t, 2, numTimesCalled, "numTimesCalled should be 2 -- no additional call to passphraseRetriever") assert.Equal(t, 2, numTimesCalled, "numTimesCalled should be 2 -- no additional call to passphraseRetriever")
} }