diff --git a/tuf/builder.go b/tuf/builder.go index f1ac5cfcef..b08b2ecb2b 100644 --- a/tuf/builder.go +++ b/tuf/builder.go @@ -254,7 +254,7 @@ func (rb *repoBuilder) GenerateSnapshot(prev *data.SignedSnapshot) ([]byte, int, return nil, 0, err } } else { - rb.repo.SetSnapshot(prev) + rb.repo.Snapshot = prev } sgnd, err := rb.repo.SignSnapshot(data.DefaultExpires(data.CanonicalSnapshotRole)) @@ -310,7 +310,7 @@ func (rb *repoBuilder) GenerateTimestamp(prev *data.SignedTimestamp) ([]byte, in return nil, 0, err } } else { - rb.repo.SetTimestamp(prev) + rb.repo.Timestamp = prev } sgnd, err := rb.repo.SignTimestamp(data.DefaultExpires(data.CanonicalTimestampRole)) @@ -371,7 +371,13 @@ func (rb *repoBuilder) loadRoot(content []byte, minVersion int, allowExpired boo } } - rb.repo.SetRoot(signedRoot) + rootRole, err := signedRoot.BuildBaseRole(data.CanonicalRootRole) + if err != nil { // this should never happen since the root has been validated + return err + } + + rb.repo.Root = signedRoot + rb.repo.originalRootRole = rootRole return nil } @@ -403,7 +409,7 @@ func (rb *repoBuilder) loadTimestamp(content []byte, minVersion int, allowExpire } } - rb.repo.SetTimestamp(signedTimestamp) + rb.repo.Timestamp = signedTimestamp return rb.validateCachedTimestampChecksums(signedTimestamp) } @@ -435,7 +441,7 @@ func (rb *repoBuilder) loadSnapshot(content []byte, minVersion int, allowExpired } } - rb.repo.SetSnapshot(signedSnapshot) + rb.repo.Snapshot = signedSnapshot return rb.validateCachedSnapshotChecksums(signedSnapshot) } @@ -467,7 +473,7 @@ func (rb *repoBuilder) loadTargets(content []byte, minVersion int, allowExpired } } - rb.repo.SetTargets(roleName, signedTargets) + rb.repo.Targets[roleName] = signedTargets return nil } @@ -497,7 +503,7 @@ func (rb *repoBuilder) loadDelegation(roleName string, content []byte, minVersio } } - rb.repo.SetTargets(roleName, signedTargets) + rb.repo.Targets[roleName] = signedTargets return nil } diff --git a/tuf/testutils/swizzler_test.go b/tuf/testutils/swizzler_test.go index 83ff14f207..f67cab49ab 100644 --- a/tuf/testutils/swizzler_test.go +++ b/tuf/testutils/swizzler_test.go @@ -11,7 +11,6 @@ import ( "testing" "time" - "github.com/docker/notary/tuf" "github.com/docker/notary/tuf/data" "github.com/docker/notary/tuf/signed" "github.com/docker/notary/tuf/store" @@ -387,8 +386,6 @@ func TestSwizzlerChangeRootKey(t *testing.T) { err := f.ChangeRootKey() require.NoError(t, err) - tufRepo := tuf.NewRepo(f.CryptoService) - // we want to test these in a specific order roles := []string{data.CanonicalRootRole, data.CanonicalTargetsRole, data.CanonicalSnapshotRole, data.CanonicalTimestampRole, "targets/a", "targets/a/b"} @@ -408,25 +405,22 @@ func TestSwizzlerChangeRootKey(t *testing.T) { require.NotEqual(t, len(origRoot.Signed.Keys), len(newRoot.Signed.Keys)) - var rootRole data.Role for r, origRole := range origRoot.Signed.Roles { newRole := newRoot.Signed.Roles[r] require.Len(t, origRole.KeyIDs, 1) require.Len(t, newRole.KeyIDs, 1) if r == data.CanonicalRootRole { require.NotEqual(t, origRole.KeyIDs[0], newRole.KeyIDs[0]) - rootRole = data.Role{RootRole: *newRole, Name: data.CanonicalRootRole} } else { require.Equal(t, origRole.KeyIDs[0], newRole.KeyIDs[0]) } } - require.NoError(t, tufRepo.SetRoot(newRoot)) + rootRole, err := newRoot.BuildBaseRole(data.CanonicalRootRole) + require.NoError(t, err) signedThing, err := newRoot.ToSigned() require.NoError(t, err) - newKey := newRoot.Signed.Keys[rootRole.KeyIDs[0]] - require.NoError(t, signed.Verify(signedThing, - data.BaseRole{Name: data.CanonicalRootRole, Keys: map[string]data.PublicKey{newKey.ID(): newKey}, Threshold: 1}, 1)) + require.NoError(t, signed.Verify(signedThing, rootRole, 1)) default: require.True(t, bytes.Equal(origMeta, newMeta), "bytes have changed for role %s", role) } diff --git a/tuf/tuf.go b/tuf/tuf.go index 49c30420a9..ce8077eaf2 100644 --- a/tuf/tuf.go +++ b/tuf/tuf.go @@ -549,37 +549,6 @@ func (tr *Repo) InitTimestamp() error { return nil } -// SetRoot sets the Repo.Root field to the SignedRoot object. -func (tr *Repo) SetRoot(s *data.SignedRoot) error { - tr.Root = s - var err error - // originalRootRole is the root role prior to any mutations that might - // occur on tr.Root. - tr.originalRootRole, err = tr.Root.BuildBaseRole(data.CanonicalRootRole) - return err -} - -// SetTimestamp parses the Signed object into a SignedTimestamp object -// and sets the Repo.Timestamp field. -func (tr *Repo) SetTimestamp(s *data.SignedTimestamp) error { - tr.Timestamp = s - return nil -} - -// SetSnapshot parses the Signed object into a SignedSnapshots object -// and sets the Repo.Snapshot field. -func (tr *Repo) SetSnapshot(s *data.SignedSnapshot) error { - tr.Snapshot = s - return nil -} - -// SetTargets sets the SignedTargets object agaist the role in the -// Repo.Targets map. -func (tr *Repo) SetTargets(role string, s *data.SignedTargets) error { - tr.Targets[role] = s - return nil -} - // TargetMeta returns the FileMeta entry for the given path in the // targets file associated with the given role. This may be nil if // the target isn't found in the targets file. diff --git a/tuf/tuf_test.go b/tuf/tuf_test.go index e7a916202f..99cd1efd24 100644 --- a/tuf/tuf_test.go +++ b/tuf/tuf_test.go @@ -1248,8 +1248,8 @@ func TestSignRootOldKeyCertMissing(t *testing.T) { // Now forget all about the old certificate: drop it from the Root carried keys delete(repo.Root.Signed.Keys, oldRootCertKey.ID()) repo2 := NewRepo(cs) - err = repo2.SetRoot(repo.Root) - require.NoError(t, err) + repo2.Root = repo.Root + repo2.originalRootRole = updatedRootRole // Create a second signature signedRoot, err = repo2.SignRoot(data.DefaultExpires(data.CanonicalRootRole))