Add explicit startTime and endTime parameters to
cryptoservice.GenerateCertificate and trustmanager.NewCertificate.
trustmanager.NewCertificate as a low-level data manipulation function
should not be hard-coding policy (10-year expiration); that policy
belongs to its callers, or one more level higher to callers of
cryptoservice.GenerateCertificate.
These places hard-coding policy now also have an explict comment to
that effect.
In addition to conceptual cleanliness, this will allow writing tests
of certificate expiry by generating appropriate expired or nearly-expired
certificates.
Tests which don't care about the policy much will continue to use the
just added cryptoservice.GenerateTestingCertificate.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
1. It is on a path where those errors can never happen
2. The specific error handling would silently ignore the error, which
can’t be right anyway.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
When the user insists on an invalid passphrase (or aborts the
operation), CryptoService.GetPrivateKey will try the correct root
location first, correctly failing, and then try to look for the root key
in the $gun subdirectory, and so will return the last error, a confusing
”open $path: no such file or directory”.
So, recognize the passphrase-related errors and fail with them directly.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Also, eliminate the timestamp JSON constant and just generate a new
one for the tests.
The client test now also uses KeyFileStore and certs.Manager to
verify the keys and certs on disk, rather than directly manipulating
the files themselves. This way, if the exact implementation of
KeyFileStore or certs.Manager changes, this test won't fail so long
as KeyFileStore and certs.Manager are self-consistent.
Signed-off-by: Ying Li <ying.li@docker.com>
Currently, when listing, publishing, or getting a particular target,
if the remote server errors, the client attempts to load it from a
local cache. However, if there is no local cache, it just returns
Metadata Not Found for listing and getting. Have it report the
remote the original remote error instead of Metadata Not Found
locally.
Signed-off-by: Ying Li <ying.li@docker.com>
Start running without the pkcs11 buildtag in CI, and generate coverage.
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
add verification to yubikey signatures. Attempt to generate sig up to…
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Diogo Mónica <diogo.monica@gmail.com> (github: endophage)
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
Move common code out into helper functions, and split up the bigger tests
into tests that specifically test adding targets, getting changelists,
publishing, and listing, as opposed to having two giant tests instead.
Also depend more on existing functions in the code (such as
NotaryRepository.GetChangelists and the server ServerMux), rather than
reimplementing them in the tests.
Signed-off-by: Ying Li <ying.li@docker.com>
Signed-off-by: David Lawrence <david.lawrence@docker.com>
Signed-off-by: Ying Li <ying.li@docker.com> (github: endophage)
over the root keys directory from non-root keys directory from keystoremanager
to keystore, since we're eliminating keystoremanager.
Maintain the two separate directories, though, because one can't tell whether
there is an old-style separate-directories structure, or if someone has a GUN
that starts with tuf_keys.
Signed-off-by: Ying Li <ying.li@docker.com>
David Lawrence