From f5325507427778b4d674af66f6f7a04c3783c620 Mon Sep 17 00:00:00 2001
From: Diogo Monica <diogo@docker.com>
Date: Fri, 17 Jul 2015 14:44:51 -0700
Subject: [PATCH] Rebase works

Signed-off-by: Diogo Monica <diogo@docker.com>
---
 client/client_root_validation_test.go | 29 +++++++++++++--------------
 keystoremanager/keystoremanager.go    | 12 +++++------
 2 files changed, 20 insertions(+), 21 deletions(-)

diff --git a/client/client_root_validation_test.go b/client/client_root_validation_test.go
index 4d0260b18a..e563989521 100644
--- a/client/client_root_validation_test.go
+++ b/client/client_root_validation_test.go
@@ -64,13 +64,12 @@ func validateRootSuccessfully(t *testing.T, rootType data.KeyAlgorithm) {
 
 	// Initialize is supposed to have created new certificate for this repository
 	// Lets check for it and store it for later use
-	allCerts := repo.KeyStoreManager.CertificateStore().GetCertificates()
+	allCerts := repo.KeyStoreManager.TrustedCertificateStore().GetCertificates()
 	assert.Len(t, allCerts, 1)
 
 	// Now test ListTargets. In preparation, we need to expose some signed
 	// metadata files on the internal HTTP server.
-
-	var tempKey data.PrivateKey
+	var tempKey data.TUFKey
 	json.Unmarshal([]byte(timestampECDSAKeyJSON), &tempKey)
 
 	repo.KeyStoreManager.NonRootKeyStore().AddKey(filepath.Join(filepath.FromSlash(gun), tempKey.ID()), &tempKey)
@@ -112,14 +111,14 @@ func validateRootSuccessfully(t *testing.T, rootType data.KeyAlgorithm) {
 	//
 	// Test TOFUS logic. We remove all certs and expect a new one to be added after ListTargets
 	//
-	err = repo.KeyStoreManager.CertificateStore().RemoveAll()
+	err = repo.KeyStoreManager.TrustedCertificateStore().RemoveAll()
 	assert.NoError(t, err)
-	assert.Len(t, repo.KeyStoreManager.CertificateStore().GetCertificates(), 0)
+	assert.Len(t, repo.KeyStoreManager.TrustedCertificateStore().GetCertificates(), 0)
 
 	// This list targets is expected to succeed and the certificate store to have the new certificate
 	_, err = repo.ListTargets()
 	assert.NoError(t, err)
-	assert.Len(t, repo.KeyStoreManager.CertificateStore().GetCertificates(), 1)
+	assert.Len(t, repo.KeyStoreManager.TrustedCertificateStore().GetCertificates(), 1)
 
 	//
 	// Test certificate mismatch logic. We remove all certs, and a different cert to the
@@ -127,12 +126,12 @@ func validateRootSuccessfully(t *testing.T, rootType data.KeyAlgorithm) {
 	//
 
 	// First, remove all certs
-	err = repo.KeyStoreManager.CertificateStore().RemoveAll()
+	err = repo.KeyStoreManager.TrustedCertificateStore().RemoveAll()
 	assert.NoError(t, err)
-	assert.Len(t, repo.KeyStoreManager.CertificateStore().GetCertificates(), 0)
+	assert.Len(t, repo.KeyStoreManager.TrustedCertificateStore().GetCertificates(), 0)
 
 	// Add a previously generated certificate with CN=docker.com/notary
-	err = repo.KeyStoreManager.CertificateStore().AddCertFromFile("../fixtures/self-signed_docker.com-notary.crt")
+	err = repo.KeyStoreManager.TrustedCertificateStore().AddCertFromFile("../fixtures/self-signed_docker.com-notary.crt")
 	assert.NoError(t, err)
 
 	// This list targets is expected to fail, since there already exists a certificate
@@ -150,19 +149,19 @@ func validateRootSuccessfully(t *testing.T, rootType data.KeyAlgorithm) {
 	//
 
 	// First, remove all certs and trusted CAs
-	err = repo.KeyStoreManager.CertificateStore().RemoveAll()
+	err = repo.KeyStoreManager.TrustedCertificateStore().RemoveAll()
 	assert.NoError(t, err)
-	assert.Len(t, repo.KeyStoreManager.CertificateStore().GetCertificates(), 0)
-	err = repo.KeyStoreManager.CAStore().RemoveAll()
+	assert.Len(t, repo.KeyStoreManager.TrustedCertificateStore().GetCertificates(), 0)
+	err = repo.KeyStoreManager.TrustedCAStore().RemoveAll()
 	assert.NoError(t, err)
-	assert.Len(t, repo.KeyStoreManager.CAStore().GetCertificates(), 0)
+	assert.Len(t, repo.KeyStoreManager.TrustedCAStore().GetCertificates(), 0)
 
 	// Add a trusted root-ca
-	err = repo.KeyStoreManager.CAStore().AddCertFromFile("../fixtures/root-ca.crt")
+	err = repo.KeyStoreManager.TrustedCAStore().AddCertFromFile("../fixtures/root-ca.crt")
 	assert.NoError(t, err)
 
 	// Add a previously generated certificate with CN=secure.example.com
-	err = repo.KeyStoreManager.CertificateStore().AddCertFromFile("../fixtures/self-signed_secure.example.com.crt")
+	err = repo.KeyStoreManager.TrustedCertificateStore().AddCertFromFile("../fixtures/self-signed_secure.example.com.crt")
 	assert.NoError(t, err)
 
 	// Create a manual rootSigner with a valid intermediate + leaf cert
diff --git a/keystoremanager/keystoremanager.go b/keystoremanager/keystoremanager.go
index 929ac3d4c2..f90dde1bec 100644
--- a/keystoremanager/keystoremanager.go
+++ b/keystoremanager/keystoremanager.go
@@ -194,7 +194,7 @@ func (km *KeyStoreManager) ValidateRoot(root *data.Signed, dnsName string) error
 
 	// validKeys will store all the keys that were considered valid either by
 	// direct certificate match, or CA chain path
-	validKeys := make(map[string]*data.PublicKey)
+	validKeys := make(map[string]data.PublicKey)
 
 	// allCerts will keep a list of all leafCerts that were found, and is used
 	// to aid on root certificate rotation
@@ -244,7 +244,7 @@ func (km *KeyStoreManager) ValidateRoot(root *data.Signed, dnsName string) error
 		allCerts[leafID] = leafCert
 
 		// Retrieve all the trusted certificates that match this dns Name
-		certsForCN, err := km.certificateStore.GetCertificatesByCN(dnsName)
+		certsForCN, err := km.trustedCertificateStore.GetCertificatesByCN(dnsName)
 		if err != nil {
 			// If the error that we get back is different than ErrNoCertificatesFound
 			// we couldn't check if there are any certificates with this CN already
@@ -258,7 +258,7 @@ func (km *KeyStoreManager) ValidateRoot(root *data.Signed, dnsName string) error
 		// If there are no certificates with this CN, lets TOFUS!
 		// Note that this logic should only exist in docker 1.8
 		if len(certsForCN) == 0 {
-			km.certificateStore.AddCert(leafCert)
+			km.trustedCertificateStore.AddCert(leafCert)
 			certsForCN = append(certsForCN, leafCert)
 			logrus.Debugf("using TOFUS on %s with keyID: %s", dnsName, leafID)
 		}
@@ -275,7 +275,7 @@ func (km *KeyStoreManager) ValidateRoot(root *data.Signed, dnsName string) error
 
 		// Check to see if this leafCertificate has a chain to one of the Root
 		// CAs of our CA Store.
-		err = trustmanager.Verify(km.caStore, dnsName, decodedCerts)
+		err = trustmanager.Verify(km.trustedCAStore, dnsName, decodedCerts)
 		if err == nil {
 			validKeys[keyID] = rootSigned.Signed.Keys[keyID]
 			logrus.Debugf("found a CA path for %s with keyID: %s", dnsName, keyID)
@@ -307,7 +307,7 @@ func (km *KeyStoreManager) ValidateRoot(root *data.Signed, dnsName string) error
 		}
 
 		// Add the new root certificate to our certificate store
-		err := km.certificateStore.AddCert(newRootKeyCert)
+		err := km.trustedCertificateStore.AddCert(newRootKeyCert)
 		if err != nil {
 			// Ignore the error if the certificate already exists
 			if _, ok := err.(*trustmanager.ErrCertExists); !ok {
@@ -324,7 +324,7 @@ func (km *KeyStoreManager) ValidateRoot(root *data.Signed, dnsName string) error
 		// Iterate over all old valid certificates and remove them, essentially
 		// finishing the rotation of the currently trusted root certificate
 		for _, cert := range allCerts {
-			err := km.certificateStore.RemoveCert(cert)
+			err := km.trustedCertificateStore.RemoveCert(cert)
 			if err != nil {
 				logrus.Debugf("error while removing old root certificate: %v", err)
 				return ErrRootRotationFail