docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fixing integrations tests for new list keys layout 

Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
This commit is contained in:
David Lawrence 2015-11-10 16:39:01 -08:00
parent 5c064e204b
commit ee270b6a2b
8 changed files with 38 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
cmd/notary/integration_test.go
View File

@ -23,6 +23,7 @@ import (
"github.com/docker/notary/server" "github.com/docker/notary/server"
"github.com/docker/notary/server/storage" "github.com/docker/notary/server/storage"
"github.com/docker/notary/trustmanager" "github.com/docker/notary/trustmanager"
"github.com/docker/notary/tuf/data"
"github.com/spf13/cobra" "github.com/spf13/cobra"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"golang.org/x/net/context" "golang.org/x/net/context"
@ -50,10 +51,7 @@ func setupServer() *httptest.Server {
ctx := context.WithValue( ctx := context.WithValue(
context.Background(), "metaStore", storage.NewMemStorage()) context.Background(), "metaStore", storage.NewMemStorage())
// Do not pass one of the const KeyAlgorithms here as the value! Passing a ctx = context.WithValue(ctx, "keyAlgorithm", data.ECDSAKey)
// string is in itself good test that we are handling it correctly as we
// will be receiving a string from the configuration.
ctx = context.WithValue(ctx, "keyAlgorithm", "ecdsa")
// Eat the logs instead of spewing them out // Eat the logs instead of spewing them out
var b bytes.Buffer var b bytes.Buffer
@ -181,19 +179,24 @@ func GetKeys(t *testing.T, tempDir string) ([]string, []string) {
func assertNumKeys(t *testing.T, tempDir string, numRoot, numSigning int, func assertNumKeys(t *testing.T, tempDir string, numRoot, numSigning int,
rootOnDisk bool) ([]string, []string) { rootOnDisk bool) ([]string, []string) {
uniqueKeys := make(map[string]struct{})
root, signing := GetKeys(t, tempDir) root, signing := GetKeys(t, tempDir)
assert.Len(t, root, numRoot)
assert.Len(t, signing, numSigning) assert.Len(t, signing, numSigning)
for _, rootKeyID := range root { for i, rootKeyLine := range root {
keyID := strings.Split(rootKeyLine, "-")[0]
keyID = strings.TrimSpace(keyID)
root[i] = keyID
uniqueKeys[keyID] = struct{}{}
_, err := os.Stat(filepath.Join( _, err := os.Stat(filepath.Join(
tempDir, "private", "root_keys", rootKeyID+"_root.key")) tempDir, "private", "root_keys", keyID+"_root.key"))
// os.IsExist checks to see if the error is because a file already // os.IsExist checks to see if the error is because a file already
// exist, and hence doesn't actually the right funciton to use here // exist, and hence doesn't actually the right funciton to use here
assert.Equal(t, rootOnDisk, !os.IsNotExist(err)) assert.Equal(t, rootOnDisk, !os.IsNotExist(err))
// this function is declared is in the build-tagged setup files // this function is declared is in the build-tagged setup files
verifyRootKeyOnHardware(t, rootKeyID) verifyRootKeyOnHardware(t, keyID)
} }
assert.Len(t, uniqueKeys, numRoot)
return root, signing return root, signing
} }
@ -245,7 +248,7 @@ func TestClientKeyGenerationRotation(t *testing.T) {
assertNumKeys(t, tempDir, 0, 0, true) assertNumKeys(t, tempDir, 0, 0, true)
// generate root key produces a single root key and no other keys // generate root key produces a single root key and no other keys
_, err = runCommand(t, tempDir, "key", "generate", "ecdsa") _, err = runCommand(t, tempDir, "key", "generate", data.ECDSAKey)
assert.NoError(t, err) assert.NoError(t, err)
assertNumKeys(t, tempDir, 1, 0, true) assertNumKeys(t, tempDir, 1, 0, true)
@ -345,7 +348,7 @@ func TestClientKeyImportExportRootAndSigning(t *testing.T) {
_, err = runCommand(t, dirs[1], "key", "import", zipfile) _, err = runCommand(t, dirs[1], "key", "import", zipfile)
assert.NoError(t, err) assert.NoError(t, err)
assertNumKeys(t, dirs[1], 1, 4, true) // all keys should be there assertNumKeys(t, dirs[1], 1, 4, !rootOnHardware()) // all keys should be there
// can list and publish to both repos using imported keys // can list and publish to both repos using imported keys
for _, gun := range []string{"gun1", "gun2"} { for _, gun := range []string{"gun1", "gun2"} {
@ -383,7 +386,7 @@ func exportRoot(t *testing.T, exportTo string) string {
defer os.RemoveAll(tempDir) defer os.RemoveAll(tempDir)
// generate root key produces a single root key and no other keys // generate root key produces a single root key and no other keys
_, err = runCommand(t, tempDir, "key", "generate", "ecdsa") _, err = runCommand(t, tempDir, "key", "generate", data.ECDSAKey)
assert.NoError(t, err) assert.NoError(t, err)
oldRoot, _ := assertNumKeys(t, tempDir, 1, 0, true) oldRoot, _ := assertNumKeys(t, tempDir, 1, 0, true)
@ -505,7 +508,6 @@ func TestClientCertInteraction(t *testing.T) {
_, err = runCommand(t, tempDir, "cert", "remove", certID, "-y", "-g", "") _, err = runCommand(t, tempDir, "cert", "remove", certID, "-y", "-g", "")
assert.NoError(t, err) assert.NoError(t, err)
assertNumCerts(t, tempDir, 0) assertNumCerts(t, tempDir, 0)
} }
func TestMain(m *testing.M) { func TestMain(m *testing.M) {

2
cmd/notary/keys.go
View File

@ -109,7 +109,7 @@ func keysList(cmd *cobra.Command, args []string) {
for store, keysMap := range keys { for store, keysMap := range keys {
for k, v := range keysMap { for k, v := range keysMap {
if v == "root" { if v == "root" {
cmd.Println(k, " - ", store.Name()) cmd.Println(k, "-", store.Name())
} }
} }
} }

2
cmd/notary/keys_nonpkcs11.go
View File

@ -3,6 +3,8 @@
package main package main
import ( import (
"errors"
"github.com/docker/notary/passphrase" "github.com/docker/notary/passphrase"
"github.com/docker/notary/trustmanager" "github.com/docker/notary/trustmanager"
) )

6
cmd/notary/keys_pkcs11.go
View File

@ -8,9 +8,5 @@ import (
) )
func getYubiKeyStore(fileKeyStore trustmanager.KeyStore, ret passphrase.Retriever) (trustmanager.KeyStore, error) { func getYubiKeyStore(fileKeyStore trustmanager.KeyStore, ret passphrase.Retriever) (trustmanager.KeyStore, error) {
yubiStore, err := trustmanager.NewYubiKeyStore(fileKeyStore, ret) return trustmanager.NewYubiKeyStore(fileKeyStore, ret)
if err != nil {
return nil, err
}
return yubiStore, nil
} }

11
cryptoservice/import_export.go
View File

@ -197,11 +197,20 @@ func (cs *CryptoService) ImportKeysZip(zipReader zip.Reader) error {
if keyName[len(keyName)-5:] == "_root" { if keyName[len(keyName)-5:] == "_root" {
keyName = "root" keyName = "root"
} }
// try to import the key to all key stores. As long as one of them
// succeeds, consider it a success
var tmpErr error
for _, ks := range cs.keyStores { for _, ks := range cs.keyStores {
if err := ks.ImportKey(pemBytes, keyName); err != nil { if err := ks.ImportKey(pemBytes, keyName); err != nil {
return err tmpErr = err
} else {
tmpErr = nil
break
} }
} }
if tmpErr != nil {
return tmpErr
}
} }
return nil return nil

8
trustmanager/x509utils.go
View File

@ -398,12 +398,12 @@ func ED25519ToPrivateKey(privKeyBytes []byte) (data.PrivateKey, error) {
} }
func blockType(k data.PrivateKey) (string, error) { func blockType(k data.PrivateKey) (string, error) {
switch k.(type) { switch k.Algorithm() {
case *data.RSAPrivateKey: case data.RSAKey, data.RSAx509Key:
return "RSA PRIVATE KEY", nil return "RSA PRIVATE KEY", nil
case *data.ECDSAPrivateKey: case data.ECDSAKey, data.ECDSAx509Key:
return "EC PRIVATE KEY", nil return "EC PRIVATE KEY", nil
case *data.ED25519PrivateKey: case data.ED25519Key:
return "ED25519 PRIVATE KEY", nil return "ED25519 PRIVATE KEY", nil
default: default:
return "", fmt.Errorf("algorithm %s not supported", k.Algorithm()) return "", fmt.Errorf("algorithm %s not supported", k.Algorithm())

7
trustmanager/yubikeystore.go
View File

@ -707,13 +707,16 @@ func (s *YubiKeyStore) ExportKey(keyID string) ([]byte, error) {
} }
// ImportKey imports a root key into a Yubikey // ImportKey imports a root key into a Yubikey
func (s *YubiKeyStore) ImportKey(pemBytes []byte, keyID string) error { func (s *YubiKeyStore) ImportKey(pemBytes []byte, keyPath string) error {
logrus.Debugf("Attempting to import: %s key inside of YubiKeyStore", keyID) logrus.Debugf("Attempting to import: %s key inside of YubiKeyStore", keyPath)
privKey, _, err := GetPasswdDecryptBytes( privKey, _, err := GetPasswdDecryptBytes(
s.passRetriever, pemBytes, "", "imported root") s.passRetriever, pemBytes, "", "imported root")
if err != nil { if err != nil {
return err return err
} }
if keyPath != data.CanonicalRootRole {
return fmt.Errorf("yubikey only supports storing root keys")
}
return s.addKey(privKey.ID(), "root", privKey, false) return s.addKey(privKey.ID(), "root", privKey, false)
} }

2
trustmanager/yubikeystore_test.go
View File

@ -129,7 +129,7 @@ func TestImportKey(t *testing.T) {
pemBytes, err := EncryptPrivateKey(privKey, "passphrase") pemBytes, err := EncryptPrivateKey(privKey, "passphrase")
assert.NoError(t, err) assert.NoError(t, err)
err = store.ImportKey(pemBytes, privKey.ID()) err = store.ImportKey(pemBytes, "root")
assert.NoError(t, err) assert.NoError(t, err)
// key is not in backup store // key is not in backup store