mirror of https://github.com/docker/docs.git
163 lines
4.3 KiB
Go
163 lines
4.3 KiB
Go
package trustmanager
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"database/sql"
|
|
"errors"
|
|
"io/ioutil"
|
|
"os"
|
|
"testing"
|
|
|
|
_ "github.com/mattn/go-sqlite3"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
var retriever = func(string, string, bool, int) (string, bool, error) {
|
|
return "passphrase-1", false, nil
|
|
}
|
|
|
|
var anotherRetriever = func(keyName, alias string, createNew bool, attempts int) (string, bool, error) {
|
|
switch alias {
|
|
case "alias-1":
|
|
return "passphrase-1", false, nil
|
|
case "alias-2":
|
|
return "passphrase-2", false, nil
|
|
}
|
|
return "", false, errors.New("password alias no found")
|
|
}
|
|
|
|
func TestCreateRead(t *testing.T) {
|
|
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
|
|
defer os.RemoveAll(tempBaseDir)
|
|
|
|
testKey, err := GenerateECDSAKey(rand.Reader)
|
|
assert.NoError(t, err)
|
|
|
|
// We are using SQLite for the tests
|
|
db, err := sql.Open("sqlite3", tempBaseDir+"test_db")
|
|
assert.NoError(t, err)
|
|
|
|
// Create a new KeyDB store
|
|
dbStore, err := NewKeyDBStore(retriever, "", "sqlite3", db)
|
|
assert.NoError(t, err)
|
|
|
|
// Ensure that the private_key table exists
|
|
dbStore.db.CreateTable(&GormPrivateKey{})
|
|
|
|
// Test writing new key in database/cache
|
|
err = dbStore.AddKey("", "", testKey)
|
|
assert.NoError(t, err)
|
|
|
|
// Test retrieval of key from DB
|
|
delete(dbStore.cachedKeys, testKey.ID())
|
|
|
|
retrKey, _, err := dbStore.GetKey(testKey.ID())
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, retrKey, testKey)
|
|
|
|
// Tests retrieval of key from Cache
|
|
// Close database connection
|
|
err = dbStore.db.Close()
|
|
assert.NoError(t, err)
|
|
|
|
retrKey, _, err = dbStore.GetKey(testKey.ID())
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, retrKey, testKey)
|
|
}
|
|
|
|
func TestDoubleCreate(t *testing.T) {
|
|
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
|
|
defer os.RemoveAll(tempBaseDir)
|
|
|
|
testKey, err := GenerateECDSAKey(rand.Reader)
|
|
assert.NoError(t, err)
|
|
|
|
anotherTestKey, err := GenerateECDSAKey(rand.Reader)
|
|
assert.NoError(t, err)
|
|
|
|
// We are using SQLite for the tests
|
|
db, err := sql.Open("sqlite3", tempBaseDir+"test_db")
|
|
assert.NoError(t, err)
|
|
|
|
// Create a new KeyDB store
|
|
dbStore, err := NewKeyDBStore(retriever, "", "sqlite3", db)
|
|
assert.NoError(t, err)
|
|
|
|
// Ensure that the private_key table exists
|
|
dbStore.db.CreateTable(&GormPrivateKey{})
|
|
|
|
// Test writing new key in database/cache
|
|
err = dbStore.AddKey("", "", testKey)
|
|
assert.NoError(t, err)
|
|
|
|
// Test writing the same key in the database. Should fail.
|
|
err = dbStore.AddKey("", "", testKey)
|
|
assert.Error(t, err, "failed to add private key to database:")
|
|
|
|
// Test writing new key succeeds
|
|
err = dbStore.AddKey("", "", anotherTestKey)
|
|
assert.NoError(t, err)
|
|
}
|
|
|
|
func TestCreateDelete(t *testing.T) {
|
|
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
|
|
defer os.RemoveAll(tempBaseDir)
|
|
|
|
testKey, err := GenerateECDSAKey(rand.Reader)
|
|
assert.NoError(t, err)
|
|
|
|
// We are using SQLite for the tests
|
|
db, err := sql.Open("sqlite3", tempBaseDir+"test_db")
|
|
assert.NoError(t, err)
|
|
|
|
// Create a new KeyDB store
|
|
dbStore, err := NewKeyDBStore(retriever, "", "sqlite3", db)
|
|
assert.NoError(t, err)
|
|
|
|
// Ensure that the private_key table exists
|
|
dbStore.db.CreateTable(&GormPrivateKey{})
|
|
|
|
// Test writing new key in database/cache
|
|
err = dbStore.AddKey("", "", testKey)
|
|
assert.NoError(t, err)
|
|
|
|
// Test deleting the key from the db
|
|
err = dbStore.RemoveKey(testKey.ID())
|
|
assert.NoError(t, err)
|
|
|
|
// This should fail
|
|
_, _, err = dbStore.GetKey(testKey.ID())
|
|
assert.Error(t, err, "signing key not found:")
|
|
}
|
|
|
|
func TestKeyRotation(t *testing.T) {
|
|
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
|
|
defer os.RemoveAll(tempBaseDir)
|
|
|
|
testKey, err := GenerateECDSAKey(rand.Reader)
|
|
assert.NoError(t, err)
|
|
|
|
// We are using SQLite for the tests
|
|
db, err := sql.Open("sqlite3", tempBaseDir+"test_db")
|
|
assert.NoError(t, err)
|
|
|
|
// Create a new KeyDB store
|
|
dbStore, err := NewKeyDBStore(anotherRetriever, "alias-1", "sqlite3", db)
|
|
assert.NoError(t, err)
|
|
|
|
// Ensure that the private_key table exists
|
|
dbStore.db.CreateTable(&GormPrivateKey{})
|
|
|
|
// Test writing new key in database/cache
|
|
err = dbStore.AddKey("", "", testKey)
|
|
assert.NoError(t, err)
|
|
|
|
// Try rotating the key to alias-2
|
|
err = dbStore.RotateKeyPassphrase(testKey.ID(), "alias-2")
|
|
assert.NoError(t, err)
|
|
|
|
// Try rotating the key to alias-3
|
|
err = dbStore.RotateKeyPassphrase(testKey.ID(), "alias-3")
|
|
assert.Error(t, err, "password alias no found")
|
|
}
|