mirror of https://github.com/docker/docs.git
Merge pull request #36 from docker/moar-coverage
Moar coverage Signed-off-by: David Lawrence <david.lawrence@docker.com> Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
This commit is contained in:
Diogo Mónica
David Lawrence
commit
61f9466ddf
|
|
@ -118,6 +118,11 @@ func TestClientTufInteraction(t *testing.T) {
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.True(t, strings.Contains(string(output), target))
|
assert.True(t, strings.Contains(string(output), target))
|
||||||
|
|
||||||
|
// lookup target and repo - see target
|
||||||
|
output, err = runCommand(t, tempDir, "-s", server.URL, "lookup", "gun", target)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
assert.True(t, strings.Contains(string(output), target))
|
||||||
|
|
||||||
// verify repo - empty file
|
// verify repo - empty file
|
||||||
output, err = runCommand(t, tempDir, "verify", "gun", target)
|
output, err = runCommand(t, tempDir, "verify", "gun", target)
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
|
|
|
||||||
|
|
@ -182,3 +182,11 @@ func PromptRetrieverWithInOut(in io.Reader, out io.Writer, aliasMap map[string]s
|
||||||
return retPass, false, nil
|
return retPass, false, nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ConstantRetriever returns a new Retriever which will return a constant string
|
||||||
|
// as a passphrase.
|
||||||
|
func ConstantRetriever(constantPassphrase string) Retriever {
|
||||||
|
return func(k, a string, c bool, n int) (string, bool, error) {
|
||||||
|
return constantPassphrase, false, nil
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -627,7 +627,11 @@ func (s *YubiKeyStore) RemoveKey(keyID string) error {
|
||||||
if !ok {
|
if !ok {
|
||||||
return errors.New("Key not present in yubikey")
|
return errors.New("Key not present in yubikey")
|
||||||
}
|
}
|
||||||
return yubiRemoveKey(ctx, session, key.slotID, s.passRetriever, keyID)
|
err = yubiRemoveKey(ctx, session, key.slotID, s.passRetriever, keyID)
|
||||||
|
if err == nil {
|
||||||
|
delete(s.keys, keyID)
|
||||||
|
}
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *YubiKeyStore) ExportKey(keyID string) ([]byte, error) {
|
func (s *YubiKeyStore) ExportKey(keyID string) ([]byte, error) {
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,65 @@
|
||||||
|
// +build pkcs11
|
||||||
|
|
||||||
|
package trustmanager
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/rand"
|
||||||
|
"testing"
|
||||||
|
|
||||||
|
"github.com/docker/notary/passphrase"
|
||||||
|
"github.com/docker/notary/tuf/data"
|
||||||
|
"github.com/stretchr/testify/assert"
|
||||||
|
)
|
||||||
|
|
||||||
|
func clearAllKeys(t *testing.T) {
|
||||||
|
// TODO(cyli): this is creating a new yubikey store because for some reason,
|
||||||
|
// removing and then adding with the same YubiKeyStore causes
|
||||||
|
// non-deterministic failures at least on Mac OS
|
||||||
|
ret := passphrase.ConstantRetriever("passphrase")
|
||||||
|
store, err := NewYubiKeyStore(NewKeyMemoryStore(ret), ret)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
for k := range store.ListKeys() {
|
||||||
|
err := store.RemoveKey(k)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestAddKeyToNextEmptyYubikeySlot(t *testing.T) {
|
||||||
|
if !YubikeyAccessible() {
|
||||||
|
t.Skip("Must have Yubikey access.")
|
||||||
|
}
|
||||||
|
clearAllKeys(t)
|
||||||
|
|
||||||
|
ret := passphrase.ConstantRetriever("passphrase")
|
||||||
|
store, err := NewYubiKeyStore(NewKeyMemoryStore(ret), ret)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
SetYubikeyKeyMode(KeymodeNone)
|
||||||
|
defer func() {
|
||||||
|
SetYubikeyKeyMode(KeymodeTouch | KeymodePinOnce)
|
||||||
|
}()
|
||||||
|
|
||||||
|
keys := make([]string, 0, numSlots)
|
||||||
|
|
||||||
|
// create the maximum number of keys
|
||||||
|
for i := 0; i < numSlots; i++ {
|
||||||
|
privKey, err := GenerateECDSAKey(rand.Reader)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
err = store.AddKey(privKey.ID(), data.CanonicalRootRole, privKey)
|
||||||
|
assert.NoError(t, err)
|
||||||
|
|
||||||
|
keys = append(keys, privKey.ID())
|
||||||
|
}
|
||||||
|
|
||||||
|
listedKeys := store.ListKeys()
|
||||||
|
assert.Len(t, listedKeys, numSlots)
|
||||||
|
for _, k := range keys {
|
||||||
|
r, ok := listedKeys[k]
|
||||||
|
assert.True(t, ok)
|
||||||
|
assert.Equal(t, data.CanonicalRootRole, r)
|
||||||
|
}
|
||||||
|
|
||||||
|
// numSlots is not actually the max - some keys might have more, so do not
|
||||||
|
// test that adding more keys will fail.
|
||||||
|
}
|
||||||
|
|
@ -8,11 +8,10 @@ import (
|
||||||
// metadata
|
// metadata
|
||||||
type ErrInsufficientSignatures struct {
|
type ErrInsufficientSignatures struct {
|
||||||
Name string
|
Name string
|
||||||
Err error
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e ErrInsufficientSignatures) Error() string {
|
func (e ErrInsufficientSignatures) Error() string {
|
||||||
return fmt.Sprintf("tuf: insufficient signatures for %s: %s", e.Name, e.Err)
|
return fmt.Sprintf("tuf: insufficient signatures: %s", e.Name)
|
||||||
}
|
}
|
||||||
|
|
||||||
// ErrExpired indicates a piece of metadata has expired
|
// ErrExpired indicates a piece of metadata has expired
|
||||||
|
|
|
||||||
|
|
@ -68,8 +68,9 @@ func Sign(service CryptoService, s *data.Signed, keys ...data.PublicKey) error {
|
||||||
}
|
}
|
||||||
if len(signatures) < 1 {
|
if len(signatures) < 1 {
|
||||||
return ErrInsufficientSignatures{
|
return ErrInsufficientSignatures{
|
||||||
Name: fmt.Sprintf("Cryptoservice failed to produce any signatures for keys with IDs: %v", keyIDs),
|
Name: fmt.Sprintf(
|
||||||
Err: nil,
|
"Cryptoservice failed to produce any signatures for keys with IDs: %v",
|
||||||
|
keyIDs),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
for _, sig := range s.Signatures {
|
for _, sig := range s.Signatures {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue