mirror of https://github.com/docker/docs.git
aliases removed from file names
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
This commit is contained in:
David Lawrence
Ying Li
parent
6d5b8ff54a
commit
f2ec72b5b6
|
|
@ -223,7 +223,7 @@ func assertNumKeys(t *testing.T, tempDir string, numRoot, numSigning int,
|
|||
assert.Len(t, signing, numSigning)
|
||||
for _, rootKeyID := range root {
|
||||
_, err := os.Stat(filepath.Join(
|
||||
tempDir, "private", "root_keys", rootKeyID+"_root.key"))
|
||||
tempDir, "private", "root_keys", rootKeyID+".key"))
|
||||
// os.IsExist checks to see if the error is because a file already
|
||||
// exist, and hence doesn't actually the right funciton to use here
|
||||
assert.Equal(t, rootOnDisk, !os.IsNotExist(err))
|
||||
|
|
|
|||
|
|
@ -80,13 +80,13 @@ func TestImportExportZip(t *testing.T) {
|
|||
if alias == "root" {
|
||||
continue
|
||||
}
|
||||
relKeyPath := filepath.Join("tuf_keys", privKeyName+"_"+alias+".key")
|
||||
relKeyPath := filepath.Join("tuf_keys", privKeyName+".key")
|
||||
passphraseByFile[relKeyPath] = exportPassphrase
|
||||
}
|
||||
|
||||
// Add root key to the map. This will use the export passphrase because it
|
||||
// will be reencrypted.
|
||||
relRootKey := filepath.Join("root_keys", rootKeyID+"_root.key")
|
||||
relRootKey := filepath.Join("root_keys", rootKeyID+".key")
|
||||
passphraseByFile[relRootKey] = exportPassphrase
|
||||
|
||||
// Iterate through the files in the archive, checking that the files
|
||||
|
|
@ -145,7 +145,7 @@ func TestImportExportZip(t *testing.T) {
|
|||
if alias == "root" {
|
||||
continue
|
||||
}
|
||||
relKeyPath := filepath.Join("tuf_keys", privKeyName+"_"+alias+".key")
|
||||
relKeyPath := filepath.Join("tuf_keys", privKeyName+".key")
|
||||
privKeyFileName := filepath.Join(tempBaseDir2, "private", relKeyPath)
|
||||
_, err = os.Stat(privKeyFileName)
|
||||
assert.NoError(t, err, "missing private key for role %s: %s", alias, privKeyName)
|
||||
|
|
@ -154,7 +154,7 @@ func TestImportExportZip(t *testing.T) {
|
|||
// Look for keys in root_keys
|
||||
// There should be a file named after the key ID of the root key we
|
||||
// passed in.
|
||||
rootKeyFilename := rootKeyID + "_root.key"
|
||||
rootKeyFilename := rootKeyID + ".key"
|
||||
_, err = os.Stat(filepath.Join(tempBaseDir2, "private", "root_keys", rootKeyFilename))
|
||||
assert.NoError(t, err, "missing root key")
|
||||
}
|
||||
|
|
@ -205,7 +205,7 @@ func TestImportExportGUN(t *testing.T) {
|
|||
if alias == "root" {
|
||||
continue
|
||||
}
|
||||
relKeyPath := filepath.Join("tuf_keys", privKeyName+"_"+alias+".key")
|
||||
relKeyPath := filepath.Join("tuf_keys", privKeyName+".key")
|
||||
|
||||
passphraseByFile[relKeyPath] = exportPassphrase
|
||||
}
|
||||
|
|
@ -270,7 +270,7 @@ func TestImportExportGUN(t *testing.T) {
|
|||
if alias == "root" {
|
||||
continue
|
||||
}
|
||||
relKeyPath := filepath.Join("tuf_keys", privKeyName+"_"+alias+".key")
|
||||
relKeyPath := filepath.Join("tuf_keys", privKeyName+".key")
|
||||
privKeyFileName := filepath.Join(tempBaseDir2, "private", relKeyPath)
|
||||
_, err = os.Stat(privKeyFileName)
|
||||
assert.NoError(t, err)
|
||||
|
|
@ -318,7 +318,7 @@ func TestImportExportRootKey(t *testing.T) {
|
|||
// Look for repo's root key in repo2
|
||||
// There should be a file named after the key ID of the root key we
|
||||
// imported.
|
||||
rootKeyFilename := rootKeyID + "_root.key"
|
||||
rootKeyFilename := rootKeyID + ".key"
|
||||
_, err = os.Stat(filepath.Join(tempBaseDir2, "private", "root_keys", rootKeyFilename))
|
||||
assert.NoError(t, err, "missing root key")
|
||||
|
||||
|
|
@ -386,7 +386,7 @@ func TestImportExportRootKeyReencrypt(t *testing.T) {
|
|||
// Look for repo's root key in repo2
|
||||
// There should be a file named after the key ID of the root key we
|
||||
// imported.
|
||||
rootKeyFilename := rootKeyID + "_root.key"
|
||||
rootKeyFilename := rootKeyID + ".key"
|
||||
_, err = os.Stat(filepath.Join(tempBaseDir2, "private", "root_keys", rootKeyFilename))
|
||||
assert.NoError(t, err, "missing root key")
|
||||
|
||||
|
|
|
|||
|
|
@ -1,11 +1,13 @@
|
|||
package trustmanager
|
||||
|
||||
import (
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/Sirupsen/logrus"
|
||||
"github.com/docker/notary/passphrase"
|
||||
"github.com/docker/notary/tuf/data"
|
||||
)
|
||||
|
|
@ -179,14 +181,23 @@ func addKey(s LimitedFileStore, passphraseRetriever passphrase.Retriever, cached
|
|||
}
|
||||
|
||||
func getKeyAlias(s LimitedFileStore, keyID string) (string, error) {
|
||||
files := s.ListFiles()
|
||||
|
||||
name := strings.TrimSpace(strings.TrimSuffix(filepath.Base(keyID), filepath.Ext(keyID)))
|
||||
|
||||
for _, file := range files {
|
||||
for _, file := range s.ListFiles() {
|
||||
filename := filepath.Base(file)
|
||||
|
||||
if strings.HasPrefix(filename, name) {
|
||||
d, err := s.Get(file)
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
block, _ := pem.Decode(d)
|
||||
if block != nil {
|
||||
if role, ok := block.Headers["role"]; ok {
|
||||
return role, nil
|
||||
}
|
||||
}
|
||||
|
||||
aliasPlusDotKey := strings.TrimPrefix(filename, name+"_")
|
||||
retVal := strings.TrimSuffix(aliasPlusDotKey, "."+keyExtension)
|
||||
return retVal, nil
|
||||
|
|
@ -208,14 +219,13 @@ func getKey(s LimitedFileStore, passphraseRetriever passphrase.Retriever, cached
|
|||
return nil, "", err
|
||||
}
|
||||
|
||||
var retErr error
|
||||
// See if the key is encrypted. If its encrypted we'll fail to parse the private key
|
||||
privKey, err := ParsePEMPrivateKey(keyBytes, "")
|
||||
if err != nil {
|
||||
privKey, _, retErr = GetPasswdDecryptBytes(passphraseRetriever, keyBytes, name, string(keyAlias))
|
||||
}
|
||||
if retErr != nil {
|
||||
return nil, "", retErr
|
||||
privKey, _, err = GetPasswdDecryptBytes(passphraseRetriever, keyBytes, name, string(keyAlias))
|
||||
if err != nil {
|
||||
return nil, "", err
|
||||
}
|
||||
}
|
||||
cachedKeys[name] = &cachedKey{alias: keyAlias, key: privKey}
|
||||
return privKey, keyAlias, nil
|
||||
|
|
@ -228,26 +238,39 @@ func listKeys(s LimitedFileStore) map[string]string {
|
|||
|
||||
for _, f := range s.ListFiles() {
|
||||
// Remove the prefix of the directory from the filename
|
||||
if f[:len(rootKeysSubdir)] == rootKeysSubdir {
|
||||
f = strings.TrimPrefix(f, rootKeysSubdir+"/")
|
||||
var keyIDFull string
|
||||
if strings.HasPrefix(f, rootKeysSubdir+"/") {
|
||||
keyIDFull = strings.TrimPrefix(f, rootKeysSubdir+"/")
|
||||
} else {
|
||||
f = strings.TrimPrefix(f, nonRootKeysSubdir+"/")
|
||||
keyIDFull = strings.TrimPrefix(f, nonRootKeysSubdir+"/")
|
||||
}
|
||||
|
||||
keyIDFull := strings.TrimSpace(f)
|
||||
keyIDFull = strings.TrimSpace(keyIDFull)
|
||||
|
||||
// If the key does not have a _, it is malformed
|
||||
underscoreIndex := strings.LastIndex(keyIDFull, "_")
|
||||
if underscoreIndex == -1 {
|
||||
continue
|
||||
keyID := keyIDFull
|
||||
d, err := s.Get(f)
|
||||
if err != nil {
|
||||
logrus.Error(err)
|
||||
continue
|
||||
}
|
||||
block, _ := pem.Decode(d)
|
||||
if block == nil {
|
||||
continue
|
||||
}
|
||||
if role, ok := block.Headers["role"]; ok {
|
||||
keyIDMap[keyID] = role
|
||||
}
|
||||
} else {
|
||||
// The keyID is the first part of the keyname
|
||||
// The KeyAlias is the second part of the keyname
|
||||
// in a key named abcde_root, abcde is the keyID and root is the KeyAlias
|
||||
keyID := keyIDFull[:underscoreIndex]
|
||||
keyAlias := keyIDFull[underscoreIndex+1:]
|
||||
keyIDMap[keyID] = keyAlias
|
||||
}
|
||||
|
||||
// The keyID is the first part of the keyname
|
||||
// The KeyAlias is the second part of the keyname
|
||||
// in a key named abcde_root, abcde is the keyID and root is the KeyAlias
|
||||
keyID := keyIDFull[:underscoreIndex]
|
||||
keyAlias := keyIDFull[underscoreIndex+1:]
|
||||
keyIDMap[keyID] = keyAlias
|
||||
}
|
||||
return keyIDMap
|
||||
}
|
||||
|
|
@ -262,8 +285,7 @@ func removeKey(s LimitedFileStore, cachedKeys map[string]*cachedKey, name string
|
|||
delete(cachedKeys, name)
|
||||
|
||||
// being in a subdirectory is for backwards compatibliity
|
||||
filename := name + "_" + keyAlias
|
||||
err = s.Remove(filepath.Join(getSubdir(keyAlias), filename))
|
||||
err = s.Remove(filepath.Join(getSubdir(keyAlias), name))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -286,9 +308,8 @@ func getRawKey(s LimitedFileStore, name string) ([]byte, string, error) {
|
|||
return nil, "", err
|
||||
}
|
||||
|
||||
filename := name + "_" + keyAlias
|
||||
var keyBytes []byte
|
||||
keyBytes, err = s.Get(filepath.Join(getSubdir(keyAlias), filename))
|
||||
keyBytes, err = s.Get(filepath.Join(getSubdir(keyAlias), name))
|
||||
if err != nil {
|
||||
return nil, "", err
|
||||
}
|
||||
|
|
@ -351,7 +372,7 @@ func encryptAndAddKey(s LimitedFileStore, passwd string, cachedKeys map[string]*
|
|||
}
|
||||
|
||||
cachedKeys[name] = &cachedKey{alias: role, key: privKey}
|
||||
return s.Add(filepath.Join(getSubdir(role), name+"_"+role), pemPrivKey)
|
||||
return s.Add(filepath.Join(getSubdir(role), name), pemPrivKey)
|
||||
}
|
||||
|
||||
func importKey(s LimitedFileStore, passphraseRetriever passphrase.Retriever, cachedKeys map[string]*cachedKey, alias string, pemBytes []byte) error {
|
||||
|
|
|
|||
|
|
@ -26,7 +26,6 @@ var passphraseRetriever = func(keyID string, alias string, createNew bool, numAt
|
|||
func TestAddKey(t *testing.T) {
|
||||
testName := "docker.com/notary/root"
|
||||
testExt := "key"
|
||||
testAlias := "root"
|
||||
|
||||
// Temporary directory where test files will be created
|
||||
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
|
||||
|
|
@ -34,7 +33,7 @@ func TestAddKey(t *testing.T) {
|
|||
defer os.RemoveAll(tempBaseDir)
|
||||
|
||||
// Since we're generating this manually we need to add the extension '.'
|
||||
expectedFilePath := filepath.Join(tempBaseDir, privDir, rootKeysSubdir, testName+"_"+testAlias+"."+testExt)
|
||||
expectedFilePath := filepath.Join(tempBaseDir, privDir, rootKeysSubdir, testName+"."+testExt)
|
||||
|
||||
// Create our store
|
||||
store, err := NewKeyFileStore(tempBaseDir, passphraseRetriever)
|
||||
|
|
@ -97,7 +96,7 @@ EMl3eFOJXjIch/wIesRSN+2dGOsl7neercjMh1i9RvpCwHDx/E0=
|
|||
defer os.RemoveAll(tempBaseDir)
|
||||
|
||||
// Since we're generating this manually we need to add the extension '.'
|
||||
filePath := filepath.Join(tempBaseDir, privDir, rootKeysSubdir, testName+"_"+testAlias+"."+testExt)
|
||||
filePath := filepath.Join(tempBaseDir, privDir, rootKeysSubdir, testName+"."+testExt)
|
||||
|
||||
os.MkdirAll(filepath.Dir(filePath), perms)
|
||||
err = ioutil.WriteFile(filePath, testData, perms)
|
||||
|
|
@ -215,7 +214,7 @@ func TestGetDecryptedWithTamperedCipherText(t *testing.T) {
|
|||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Since we're generating this manually we need to add the extension '.'
|
||||
expectedFilePath := filepath.Join(tempBaseDir, privDir, rootKeysSubdir, privKey.ID()+"_"+testAlias+"."+testExt)
|
||||
expectedFilePath := filepath.Join(tempBaseDir, privDir, rootKeysSubdir, privKey.ID()+"."+testExt)
|
||||
|
||||
// Get file description, open file
|
||||
fp, err := os.OpenFile(expectedFilePath, os.O_WRONLY, 0600)
|
||||
|
|
@ -322,7 +321,7 @@ func TestRemoveKey(t *testing.T) {
|
|||
defer os.RemoveAll(tempBaseDir)
|
||||
|
||||
// Since we're generating this manually we need to add the extension '.'
|
||||
expectedFilePath := filepath.Join(tempBaseDir, privDir, nonRootKeysSubdir, testName+"_"+testAlias+"."+testExt)
|
||||
expectedFilePath := filepath.Join(tempBaseDir, privDir, nonRootKeysSubdir, testName+"."+testExt)
|
||||
|
||||
// Create our store
|
||||
store, err := NewKeyFileStore(tempBaseDir, passphraseRetriever)
|
||||
|
|
|
|||
Loading…
Reference in New Issue