mirror of https://github.com/docker/docs.git
Type check on testutil key types
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
This commit is contained in:
Riyaz Faizullabhoy
parent
2a3c301274
commit
60c225b361
|
|
@ -39,7 +39,7 @@ func (err ErrRootRotationFail) Error() string {
|
|||
|
||||
func prettyFormatCertIDs(certs map[string]*x509.Certificate) string {
|
||||
ids := make([]string, 0, len(certs))
|
||||
for id, _ := range certs {
|
||||
for id := range certs {
|
||||
ids = append(ids, id)
|
||||
}
|
||||
return strings.Join(ids, ", ")
|
||||
|
|
|
|||
|
|
@ -785,6 +785,7 @@ func generateExpiredTestingCertificate(rootKey data.PrivateKey, gun string) (*x5
|
|||
return cryptoservice.GenerateCertificate(rootKey, gun, startTime, startTime.AddDate(1, 0, 0))
|
||||
}
|
||||
|
||||
// Helper function for explicitly generating key IDs and unexported fields for equality testing
|
||||
func generateRootKeyIDs(r *data.SignedRoot) {
|
||||
for _, keyID := range r.Signed.Roles[data.CanonicalRootRole].KeyIDs {
|
||||
if k, ok := r.Signed.Keys[keyID]; ok {
|
||||
|
|
|
|||
|
|
@ -68,12 +68,12 @@ func NewTrustPinChecker(trustPinConfig TrustPinConfig, gun string) (CertChecker,
|
|||
func (t trustPinChecker) certsCheck(leafCert *x509.Certificate, intCerts []*x509.Certificate) bool {
|
||||
// reconstruct the leaf + intermediate cert chain, which is bundled as {leaf, intermediates...},
|
||||
// in order to get the matching id in the root file
|
||||
if key, err := trustmanager.CertBundleToKey(leafCert, intCerts); err == nil {
|
||||
return utils.StrSliceContains(t.pinnedCertIDs, key.ID())
|
||||
} else {
|
||||
key, err := trustmanager.CertBundleToKey(leafCert, intCerts)
|
||||
if err != nil {
|
||||
logrus.Debug("error creating cert bundle: ", err.Error())
|
||||
return false
|
||||
}
|
||||
return false
|
||||
return utils.StrSliceContains(t.pinnedCertIDs, key.ID())
|
||||
}
|
||||
|
||||
func (t trustPinChecker) caCheck(leafCert *x509.Certificate, intCerts []*x509.Certificate) bool {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
package testutils
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"math/rand"
|
||||
"sort"
|
||||
"time"
|
||||
|
|
@ -37,10 +38,14 @@ func CreateKey(cs signed.CryptoService, gun, role, keyAlgorithm string) (data.Pu
|
|||
return nil, err
|
||||
}
|
||||
// Keep the x509 key type consistent with the key's algorithm
|
||||
if keyAlgorithm == data.RSAKey {
|
||||
switch keyAlgorithm {
|
||||
case data.RSAKey:
|
||||
key = data.NewRSAx509PublicKey(trustmanager.CertToPEM(cert))
|
||||
} else {
|
||||
case data.ECDSAKey:
|
||||
key = data.NewECDSAx509PublicKey(trustmanager.CertToPEM(cert))
|
||||
default:
|
||||
// This should be impossible because of the Create() call above, but just in case
|
||||
return nil, fmt.Errorf("invalid key algorithm type")
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue