Merge pull request #36 from docker/moar-coverage

Moar coverage Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
2015-11-08 17:33:46 -08:00 · 2015-11-08 17:33:46 -08:00 · 61f9466ddf
parent 3398994ae0 53114aabdc
commit 61f9466ddf
6 changed files with 87 additions and 5 deletions
--- a/cmd/notary/integration_test.go
+++ b/cmd/notary/integration_test.go
@ -118,6 +118,11 @@ func TestClientTufInteraction(t *testing.T) {
 	assert.NoError(t, err)
 	assert.True(t, strings.Contains(string(output), target))

+	// lookup target and repo - see target
+	output, err = runCommand(t, tempDir, "-s", server.URL, "lookup", "gun", target)
+	assert.NoError(t, err)
+	assert.True(t, strings.Contains(string(output), target))
+
 	// verify repo - empty file
 	output, err = runCommand(t, tempDir, "verify", "gun", target)
 	assert.NoError(t, err)
--- a/passphrase/passphrase.go
+++ b/passphrase/passphrase.go
@ -182,3 +182,11 @@ func PromptRetrieverWithInOut(in io.Reader, out io.Writer, aliasMap map[string]s
 		return retPass, false, nil
 	}
 }
+
+// ConstantRetriever returns a new Retriever which will return a constant string
+// as a passphrase.
+func ConstantRetriever(constantPassphrase string) Retriever {
+	return func(k, a string, c bool, n int) (string, bool, error) {
+		return constantPassphrase, false, nil
+	}
+}
--- a/trustmanager/yubikeystore.go
+++ b/trustmanager/yubikeystore.go
@ -627,7 +627,11 @@ func (s *YubiKeyStore) RemoveKey(keyID string) error {
 	if !ok {
 		return errors.New("Key not present in yubikey")
 	}
-	return yubiRemoveKey(ctx, session, key.slotID, s.passRetriever, keyID)
+	err = yubiRemoveKey(ctx, session, key.slotID, s.passRetriever, keyID)
+	if err == nil {
+		delete(s.keys, keyID)
+	}
+	return err
 }

 func (s *YubiKeyStore) ExportKey(keyID string) ([]byte, error) {
--- a/trustmanager/yubikeystore_test.go
+++ b/trustmanager/yubikeystore_test.go
@ -0,0 +1,65 @@
+// +build pkcs11
+
+package trustmanager
+
+import (
+	"crypto/rand"
+	"testing"
+
+	"github.com/docker/notary/passphrase"
+	"github.com/docker/notary/tuf/data"
+	"github.com/stretchr/testify/assert"
+)
+
+func clearAllKeys(t *testing.T) {
+	// TODO(cyli): this is creating a new yubikey store because for some reason,
+	// removing and then adding with the same YubiKeyStore causes
+	// non-deterministic failures at least on Mac OS
+	ret := passphrase.ConstantRetriever("passphrase")
+	store, err := NewYubiKeyStore(NewKeyMemoryStore(ret), ret)
+	assert.NoError(t, err)
+
+	for k := range store.ListKeys() {
+		err := store.RemoveKey(k)
+		assert.NoError(t, err)
+	}
+}
+
+func TestAddKeyToNextEmptyYubikeySlot(t *testing.T) {
+	if !YubikeyAccessible() {
+		t.Skip("Must have Yubikey access.")
+	}
+	clearAllKeys(t)
+
+	ret := passphrase.ConstantRetriever("passphrase")
+	store, err := NewYubiKeyStore(NewKeyMemoryStore(ret), ret)
+	assert.NoError(t, err)
+	SetYubikeyKeyMode(KeymodeNone)
+	defer func() {
+		SetYubikeyKeyMode(KeymodeTouch | KeymodePinOnce)
+	}()
+
+	keys := make([]string, 0, numSlots)
+
+	// create the maximum number of keys
+	for i := 0; i < numSlots; i++ {
+		privKey, err := GenerateECDSAKey(rand.Reader)
+		assert.NoError(t, err)
+
+		err = store.AddKey(privKey.ID(), data.CanonicalRootRole, privKey)
+		assert.NoError(t, err)
+
+		keys = append(keys, privKey.ID())
+	}
+
+	listedKeys := store.ListKeys()
+	assert.Len(t, listedKeys, numSlots)
+	for _, k := range keys {
+		r, ok := listedKeys[k]
+		assert.True(t, ok)
+		assert.Equal(t, data.CanonicalRootRole, r)
+	}
+
+	// numSlots is not actually the max - some keys might have more, so do not
+	// test that adding more keys will fail.
+}
--- a/tuf/signed/errors.go
+++ b/tuf/signed/errors.go
@ -8,11 +8,10 @@ import (
 // metadata
 type ErrInsufficientSignatures struct {
 	Name string
-	Err  error
 }

 func (e ErrInsufficientSignatures) Error() string {
-	return fmt.Sprintf("tuf: insufficient signatures for %s: %s", e.Name, e.Err)
+	return fmt.Sprintf("tuf: insufficient signatures: %s", e.Name)
 }

 // ErrExpired indicates a piece of metadata has expired
--- a/tuf/signed/sign.go
+++ b/tuf/signed/sign.go
@ -68,8 +68,9 @@ func Sign(service CryptoService, s *data.Signed, keys ...data.PublicKey) error {
 	}
 	if len(signatures) < 1 {
 		return ErrInsufficientSignatures{
-			Name: fmt.Sprintf("Cryptoservice failed to produce any signatures for keys with IDs: %v", keyIDs),
-			Err:  nil,
+			Name: fmt.Sprintf(
+				"Cryptoservice failed to produce any signatures for keys with IDs: %v",
+				keyIDs),
 		}
 	}
 	for _, sig := range s.Signatures {