mirror of https://github.com/docker/docs.git
Remove softhsm keys and tests.
Signed-off-by: Ying Li <ying.li@docker.com> Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
This commit is contained in:
Ying Li
David Lawrence
parent
c82802b800
commit
5fe09ad8e1
|
|
@ -1,117 +0,0 @@
|
|||
// +build pkcs11
|
||||
|
||||
package api_test
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"os"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/docker/notary/signer"
|
||||
"github.com/docker/notary/tuf/data"
|
||||
"github.com/docker/notary/tuf/signed"
|
||||
"github.com/miekg/pkcs11"
|
||||
"github.com/stretchr/testify/assert"
|
||||
|
||||
pb "github.com/docker/notary/proto"
|
||||
)
|
||||
|
||||
func SetupHSMEnv(t *testing.T) (*pkcs11.Ctx, pkcs11.SessionHandle) {
|
||||
var libPath = "/usr/local/lib/softhsm/libsofthsm2.so"
|
||||
if _, err := os.Stat(libPath); err != nil {
|
||||
t.Skipf("Skipping test. Library path: %s does not exist", libPath)
|
||||
}
|
||||
|
||||
p := pkcs11.New(libPath)
|
||||
|
||||
if p == nil {
|
||||
t.Fatalf("Failed to init library")
|
||||
}
|
||||
|
||||
if err := p.Initialize(); err != nil {
|
||||
t.Fatalf("Initialize error %s\n", err.Error())
|
||||
}
|
||||
|
||||
slots, err := p.GetSlotList(true)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to list HSM slots %s", err)
|
||||
}
|
||||
|
||||
session, err := p.OpenSession(slots[0], pkcs11.CKF_SERIAL_SESSION|pkcs11.CKF_RW_SESSION)
|
||||
if err != nil {
|
||||
t.Fatalf("Failed to Start Session with HSM %s", err)
|
||||
}
|
||||
|
||||
if err = p.Login(session, pkcs11.CKU_USER, "1234"); err != nil {
|
||||
t.Fatalf("User PIN %s\n", err.Error())
|
||||
}
|
||||
|
||||
return p, session
|
||||
}
|
||||
|
||||
func TestHSMCreateKeyHandler(t *testing.T) {
|
||||
ctx, session := SetupHSMEnv(t)
|
||||
defer ctx.Destroy()
|
||||
defer ctx.Finalize()
|
||||
defer ctx.CloseSession(session)
|
||||
defer ctx.Logout(session)
|
||||
|
||||
cryptoService := signed.NewEd25519()
|
||||
setup(signer.CryptoServiceIndex{data.RSAKey: cryptoService})
|
||||
|
||||
createKeyURL := fmt.Sprintf("%s/%s", createKeyBaseURL, data.RSAKey)
|
||||
|
||||
request, err := http.NewRequest("POST", createKeyURL, nil)
|
||||
assert.Nil(t, err)
|
||||
|
||||
res, err := http.DefaultClient.Do(request)
|
||||
assert.Nil(t, err)
|
||||
|
||||
jsonBlob, err := ioutil.ReadAll(res.Body)
|
||||
assert.Nil(t, err)
|
||||
|
||||
var keyInfo *pb.PublicKey
|
||||
err = json.Unmarshal(jsonBlob, &keyInfo)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, 200, res.StatusCode)
|
||||
}
|
||||
|
||||
func TestHSMSignHandler(t *testing.T) {
|
||||
ctx, session := SetupHSMEnv(t)
|
||||
defer ctx.Destroy()
|
||||
defer ctx.Finalize()
|
||||
defer ctx.CloseSession(session)
|
||||
defer ctx.Logout(session)
|
||||
|
||||
cryptoService := signed.NewEd25519()
|
||||
setup(signer.CryptoServiceIndex{data.RSAKey: cryptoService})
|
||||
|
||||
tufKey, _ := cryptoService.Create("", data.RSAKey)
|
||||
|
||||
sigRequest := &pb.SignatureRequest{KeyID: &pb.KeyID{ID: tufKey.ID()}, Content: make([]byte, 10)}
|
||||
requestJson, _ := json.Marshal(sigRequest)
|
||||
|
||||
reader = strings.NewReader(string(requestJson))
|
||||
|
||||
request, err := http.NewRequest("POST", signBaseURL, reader)
|
||||
|
||||
assert.Nil(t, err)
|
||||
|
||||
res, err := http.DefaultClient.Do(request)
|
||||
assert.Nil(t, err)
|
||||
|
||||
jsonBlob, err := ioutil.ReadAll(res.Body)
|
||||
assert.Nil(t, err)
|
||||
|
||||
var sig *pb.Signature
|
||||
err = json.Unmarshal(jsonBlob, &sig)
|
||||
assert.Nil(t, err)
|
||||
|
||||
assert.Equal(t, tufKey.ID, sig.KeyInfo.KeyID.ID)
|
||||
assert.Equal(t, 200, res.StatusCode)
|
||||
}
|
||||
|
|
@ -1,54 +0,0 @@
|
|||
// +build pkcs11
|
||||
|
||||
package keys
|
||||
|
||||
import (
|
||||
"github.com/docker/notary/tuf/data"
|
||||
"github.com/miekg/pkcs11"
|
||||
)
|
||||
|
||||
// HSMRSAKey represents the information for an HSMRSAKey with ObjectHandle for private portion
|
||||
type HSMRSAKey struct {
|
||||
id string
|
||||
public []byte
|
||||
private pkcs11.ObjectHandle
|
||||
}
|
||||
|
||||
// NewHSMRSAKey returns a HSMRSAKey
|
||||
func NewHSMRSAKey(public []byte, private pkcs11.ObjectHandle) *HSMRSAKey {
|
||||
return &HSMRSAKey{
|
||||
public: public,
|
||||
private: private,
|
||||
}
|
||||
}
|
||||
|
||||
// Algorithm implements a method of the data.Key interface
|
||||
func (rsa *HSMRSAKey) Algorithm() string {
|
||||
return data.RSAKey
|
||||
}
|
||||
|
||||
// ID implements a method of the data.Key interface
|
||||
func (rsa *HSMRSAKey) ID() string {
|
||||
if rsa.id == "" {
|
||||
pubK := data.NewPublicKey(rsa.Algorithm(), rsa.Public())
|
||||
rsa.id = pubK.ID()
|
||||
}
|
||||
return rsa.id
|
||||
}
|
||||
|
||||
// Public implements a method of the data.Key interface
|
||||
func (rsa *HSMRSAKey) Public() []byte {
|
||||
return rsa.public
|
||||
}
|
||||
|
||||
// Private implements a method of the data.PrivateKey interface
|
||||
func (rsa *HSMRSAKey) Private() []byte {
|
||||
// Not possible to return private key bytes from a hardware device
|
||||
return nil
|
||||
}
|
||||
|
||||
// PKCS11ObjectHandle returns the PKCS11 object handle stored in the HSMRSAKey
|
||||
// structure
|
||||
func (rsa *HSMRSAKey) PKCS11ObjectHandle() pkcs11.ObjectHandle {
|
||||
return rsa.private
|
||||
}
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
# SoftHSM v2 configuration file
|
||||
|
||||
directories.tokendir = /softhsm2/tokens
|
||||
objectstore.backend = db
|
||||
log.level = INFO
|
||||
Loading…
Reference in New Issue