Add a test to test adding multiple keys to a yubikey.

If there are existing keys on the Yubikey, the YubiKeyStore should add a key to the next available slot. Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
2015-11-08 16:36:35 -08:00 · 2015-11-08 16:36:35 -08:00 · 53114aabdc
parent 9a01cf091d
commit 53114aabdc
3 changed files with 78 additions and 1 deletions
--- a/passphrase/passphrase.go
+++ b/passphrase/passphrase.go
@ -182,3 +182,11 @@ func PromptRetrieverWithInOut(in io.Reader, out io.Writer, aliasMap map[string]s
 		return retPass, false, nil
 	}
 }
 // ConstantRetriever returns a new Retriever which will return a constant string
 // as a passphrase.
 func ConstantRetriever(constantPassphrase string) Retriever {
 	return func(k, a string, c bool, n int) (string, bool, error) {
 		return constantPassphrase, false, nil
 	}
 }
--- a/trustmanager/yubikeystore.go
+++ b/trustmanager/yubikeystore.go
@ -627,7 +627,11 @@ func (s *YubiKeyStore) RemoveKey(keyID string) error {
 	if !ok {
 		return errors.New("Key not present in yubikey")
 	}
-	return yubiRemoveKey(ctx, session, key.slotID, s.passRetriever, keyID)
+	err = yubiRemoveKey(ctx, session, key.slotID, s.passRetriever, keyID)
 	if err == nil {
 		delete(s.keys, keyID)
 	}
 	return err
 }
 func (s *YubiKeyStore) ExportKey(keyID string) ([]byte, error) {
--- a/trustmanager/yubikeystore_test.go
+++ b/trustmanager/yubikeystore_test.go
@ -0,0 +1,65 @@
 // +build pkcs11
 package trustmanager
 import (
 	"crypto/rand"
 	"testing"
 	"github.com/docker/notary/passphrase"
 	"github.com/docker/notary/tuf/data"
 	"github.com/stretchr/testify/assert"
 )
 func clearAllKeys(t *testing.T) {
 	// TODO(cyli): this is creating a new yubikey store because for some reason,
 	// removing and then adding with the same YubiKeyStore causes
 	// non-deterministic failures at least on Mac OS
 	ret := passphrase.ConstantRetriever("passphrase")
 	store, err := NewYubiKeyStore(NewKeyMemoryStore(ret), ret)
 	assert.NoError(t, err)
 	for k := range store.ListKeys() {
 		err := store.RemoveKey(k)
 		assert.NoError(t, err)
 	}
 }
 func TestAddKeyToNextEmptyYubikeySlot(t *testing.T) {
 	if !YubikeyAccessible() {
 		t.Skip("Must have Yubikey access.")
 	}
 	clearAllKeys(t)
 	ret := passphrase.ConstantRetriever("passphrase")
 	store, err := NewYubiKeyStore(NewKeyMemoryStore(ret), ret)
 	assert.NoError(t, err)
 	SetYubikeyKeyMode(KeymodeNone)
 	defer func() {
 		SetYubikeyKeyMode(KeymodeTouch | KeymodePinOnce)
 	}()
 	keys := make([]string, 0, numSlots)
 	// create the maximum number of keys
 	for i := 0; i < numSlots; i++ {
 		privKey, err := GenerateECDSAKey(rand.Reader)
 		assert.NoError(t, err)
 		err = store.AddKey(privKey.ID(), data.CanonicalRootRole, privKey)
 		assert.NoError(t, err)
 		keys = append(keys, privKey.ID())
 	}
 	listedKeys := store.ListKeys()
 	assert.Len(t, listedKeys, numSlots)
 	for _, k := range keys {
 		r, ok := listedKeys[k]
 		assert.True(t, ok)
 		assert.Equal(t, data.CanonicalRootRole, r)
 	}
 	// numSlots is not actually the max - some keys might have more, so do not
 	// test that adding more keys will fail.
 }