From d8bb796ee632b809b34000f4d4e01cd0315e3092 Mon Sep 17 00:00:00 2001 From: Avi Vaid Date: Thu, 11 Aug 2016 15:11:55 -0700 Subject: [PATCH] fixed exports, imports and tests for the flattened KS Signed-off-by: Avi Vaid --- cmd/notary/integration_test.go | 19 +++++++++---------- cmd/notary/keys_test.go | 18 ++++++++++++------ tuf/utils/x509_test.go | 6 +++--- utils/keys.go | 11 ----------- utils/keys_test.go | 6 +++--- 5 files changed, 27 insertions(+), 33 deletions(-) diff --git a/cmd/notary/integration_test.go b/cmd/notary/integration_test.go index 30cc22f35b..30343c6632 100644 --- a/cmd/notary/integration_test.go +++ b/cmd/notary/integration_test.go @@ -2131,7 +2131,7 @@ func TestClientKeyImport(t *testing.T) { // if there is hardware available, root will only be on hardware, and not // on disk assertNumKeys(t, tempDir, 2, 1, !rootOnHardware()) - file, err := os.OpenFile(filepath.Join(tempDir, "private", notary.NonRootKeysSubdir, privKey.ID()+".key"), os.O_RDONLY, notary.PrivKeyPerms) + file, err := os.OpenFile(filepath.Join(tempDir, notary.PrivDir, privKey.ID()+".key"), os.O_RDONLY, notary.PrivKeyPerms) require.NoError(t, err) filebytes, _ := ioutil.ReadAll(file) require.Contains(t, string(filebytes), ("role: " + notary.DefaultImportRole)) @@ -2162,7 +2162,7 @@ func TestClientKeyImport(t *testing.T) { // if there is hardware available, root will only be on hardware, and not // on disk assertNumKeys(t, tempDir, 2, 2, !rootOnHardware()) - _, err = os.Open(filepath.Join(tempDir, "private", notary.NonRootKeysSubdir, newKeyID+".key")) + _, err = os.Open(filepath.Join(tempDir, "private", newKeyID+".key")) require.NoError(t, err) // test 5, no path non root role with canonical role and gun flag with unencrypted key @@ -2191,7 +2191,7 @@ func TestClientKeyImport(t *testing.T) { // if there is hardware available, root will only be on hardware, and not // on disk assertNumKeys(t, tempDir, 2, 3, !rootOnHardware()) - _, err = os.Open(filepath.Join(tempDir, "private", notary.NonRootKeysSubdir, "somegun", newKeyID+".key")) + _, err = os.Open(filepath.Join(tempDir, "private", newKeyID+".key")) require.NoError(t, err) // test6, no path but role=root included with encrypted key, should fail since we don't know what keyid to save to @@ -2246,7 +2246,7 @@ func TestClientKeyImport(t *testing.T) { // if there is hardware available, root will only be on hardware, and not // on disk assertNumKeys(t, tempDir, 2, 4, !rootOnHardware()) - _, err = os.Open(filepath.Join(tempDir, "private", notary.NonRootKeysSubdir, newKeyID+".key")) + _, err = os.Open(filepath.Join(tempDir, "private", newKeyID+".key")) require.NoError(t, err) // test 8, non root canonical key with no gun @@ -2374,8 +2374,7 @@ func TestAddDelImportKeyPublishFlow(t *testing.T) { require.NotContains(t, output, "No delegations present in this repository.") // remove the targets key to demonstrate that delegates don't need this key - keyDir := filepath.Join(tempDir, "private", "tuf_keys") - require.NoError(t, os.Remove(filepath.Join(keyDir, "gun", targetKeyID+".key"))) + require.NoError(t, os.Remove(filepath.Join(tempDir, "private", targetKeyID+".key"))) // we are now set up with the first part, now import the delegation key- add a target- publish @@ -2417,7 +2416,7 @@ func TestAddDelImportKeyPublishFlow(t *testing.T) { // make sure that it has been imported fine // if there is hardware available, root will only be on hardware, and not // on disk - _, err = os.Open(filepath.Join(tempDir, "private", notary.NonRootKeysSubdir, privKey.ID()+".key")) + _, err = os.Open(filepath.Join(tempDir, "private", privKey.ID()+".key")) require.NoError(t, err) // now try to publish @@ -2504,7 +2503,7 @@ func TestExportImportFlow(t *testing.T) { if !rootOnHardware() { // validate root is imported correctly - rootKey, err := os.OpenFile(filepath.Join(newTempDir, "private", notary.RootKeysSubdir, root[0]+".key"), os.O_RDONLY, notary.PrivKeyPerms) + rootKey, err := os.OpenFile(filepath.Join(newTempDir, "private", root[0]+".key"), os.O_RDONLY, notary.PrivKeyPerms) require.NoError(t, err) defer rootKey.Close() rootBytes, _ := ioutil.ReadAll(rootKey) @@ -2515,7 +2514,7 @@ func TestExportImportFlow(t *testing.T) { } // validate snapshot is imported correctly - snapKey, err := os.OpenFile(filepath.Join(newTempDir, "private", notary.NonRootKeysSubdir, "gun", signing[0]+".key"), os.O_RDONLY, notary.PrivKeyPerms) + snapKey, err := os.OpenFile(filepath.Join(newTempDir, "private", signing[0]+".key"), os.O_RDONLY, notary.PrivKeyPerms) require.NoError(t, err) defer snapKey.Close() snapBytes, _ := ioutil.ReadAll(snapKey) @@ -2524,7 +2523,7 @@ func TestExportImportFlow(t *testing.T) { require.True(t, strings.Contains(snapString, "role: snapshot") || strings.Contains(snapString, "role: target")) // validate targets is imported correctly - targKey, err := os.OpenFile(filepath.Join(newTempDir, "private", notary.NonRootKeysSubdir, "gun", signing[1]+".key"), os.O_RDONLY, notary.PrivKeyPerms) + targKey, err := os.OpenFile(filepath.Join(newTempDir, "private", signing[1]+".key"), os.O_RDONLY, notary.PrivKeyPerms) require.NoError(t, err) defer targKey.Close() targBytes, _ := ioutil.ReadAll(targKey) diff --git a/cmd/notary/keys_test.go b/cmd/notary/keys_test.go index 271166b1e7..b50b482b6d 100644 --- a/cmd/notary/keys_test.go +++ b/cmd/notary/keys_test.go @@ -556,11 +556,17 @@ func TestExportKeys(t *testing.T) { err = output.Close() // close so export can open require.NoError(t, err) - b := &pem.Block{} + keyHeaders := make(map[string]string) + keyHeaders["gun"] = "discworld" + b := &pem.Block{ + Headers: keyHeaders, + } b.Bytes = make([]byte, 1000) rand.Read(b.Bytes) - c := &pem.Block{} + c := &pem.Block{ + Headers: keyHeaders, + } c.Bytes = make([]byte, 1000) rand.Read(c.Bytes) @@ -569,9 +575,9 @@ func TestExportKeys(t *testing.T) { require.NoError(t, err) fileStore, err := store.NewPrivateKeyFileStorage(tempBaseDir, notary.KeyExtension) - err = fileStore.Set(filepath.Join(notary.NonRootKeysSubdir, "discworld/ankh"), bBytes) + err = fileStore.Set("discworld/ankh", bBytes) require.NoError(t, err) - err = fileStore.Set(filepath.Join(notary.NonRootKeysSubdir, "discworld/morpork"), cBytes) + err = fileStore.Set("discworld/morpork", cBytes) require.NoError(t, err) err = k.exportKeys(&cobra.Command{}, nil) @@ -582,12 +588,12 @@ func TestExportKeys(t *testing.T) { block, rest := pem.Decode(outRes) require.Equal(t, b.Bytes, block.Bytes) - require.Equal(t, filepath.Join(notary.NonRootKeysSubdir, "discworld/ankh"), block.Headers["path"]) + require.Equal(t, "discworld/ankh", block.Headers["path"]) require.Equal(t, "discworld", block.Headers["gun"]) block, rest = pem.Decode(rest) require.Equal(t, c.Bytes, block.Bytes) - require.Equal(t, filepath.Join(notary.NonRootKeysSubdir, "discworld/morpork"), block.Headers["path"]) + require.Equal(t, "discworld/morpork", block.Headers["path"]) require.Equal(t, "discworld", block.Headers["gun"]) require.Len(t, rest, 0) diff --git a/tuf/utils/x509_test.go b/tuf/utils/x509_test.go index 4144035f63..adb671d9a5 100644 --- a/tuf/utils/x509_test.go +++ b/tuf/utils/x509_test.go @@ -125,15 +125,15 @@ func TestKeyOperations(t *testing.T) { require.Equal(t, rsaKey.Private(), decodedRSAKey.Private()) // Encrypt our ED Key - encryptedEDKey, err := EncryptPrivateKey(edKey, data.CanonicalRootRole, "ilove", "ponies") + encryptedEDKey, err := EncryptPrivateKey(edKey, data.CanonicalRootRole, "", "ponies") require.NoError(t, err) // Encrypt our EC Key - encryptedECKey, err := EncryptPrivateKey(ecKey, data.CanonicalRootRole, "ilove", "ponies") + encryptedECKey, err := EncryptPrivateKey(ecKey, data.CanonicalRootRole, "", "ponies") require.NoError(t, err) // Encrypt our RSA Key - encryptedRSAKey, err := EncryptPrivateKey(rsaKey, data.CanonicalRootRole, "ilove", "ponies") + encryptedRSAKey, err := EncryptPrivateKey(rsaKey, data.CanonicalRootRole, "", "ponies") require.NoError(t, err) // Check to see if ED key it is encrypted diff --git a/utils/keys.go b/utils/keys.go index 5598fcddd1..7c6f85bdb0 100644 --- a/utils/keys.go +++ b/utils/keys.go @@ -3,7 +3,6 @@ package utils import ( "encoding/pem" "errors" - "fmt" "github.com/Sirupsen/logrus" "github.com/docker/notary" tufdata "github.com/docker/notary/tuf/data" @@ -67,20 +66,10 @@ func ExportKeys(to io.Writer, s Exporter, from string) error { return err } - gun := "" - if strings.HasPrefix(from, notary.NonRootKeysSubdir) { - // trim subdir - gun = strings.TrimPrefix(from, notary.NonRootKeysSubdir) - // trim filename - gun = filepath.Dir(gun) - // trim leading and trailing path separator - gun = strings.Trim(gun, fmt.Sprintf("%c", filepath.Separator)) - } // parse PEM blocks if there are more than one for block, rest := pem.Decode(k); block != nil; block, rest = pem.Decode(rest) { // add from path in a header for later import block.Headers["path"] = from - block.Headers["gun"] = gun // write serialized PEM err = pem.Encode(to, block) if err != nil { diff --git a/utils/keys_test.go b/utils/keys_test.go index 35fc1ef74f..2d1e98e3c8 100644 --- a/utils/keys_test.go +++ b/utils/keys_test.go @@ -498,11 +498,11 @@ func TestEncryptedKeyImportSuccess(t *testing.T) { originalKey := privKey.Private() require.NoError(t, err) - pemBytes, err := utils.EncryptPrivateKey(privKey, data.CanonicalSnapshotRole, "", cannedPassphrase) + pemBytes, err := utils.EncryptPrivateKey(privKey, data.CanonicalSnapshotRole, "somegun", cannedPassphrase) require.NoError(t, err) b, _ := pem.Decode(pemBytes) - b.Headers["path"] = filepath.Join(notary.NonRootKeysSubdir, "somegun", "encryptedkey") + b.Headers["path"] = privKey.ID() pemBytes = pem.EncodeToMemory(b) in := bytes.NewBuffer(pemBytes) @@ -510,7 +510,7 @@ func TestEncryptedKeyImportSuccess(t *testing.T) { _ = ImportKeys(in, []Importer{s}, "", "", passphraseRetriever) require.Len(t, s.data, 1) - keyBytes := s.data[filepath.Join(notary.NonRootKeysSubdir, "somegun", "encryptedkey")] + keyBytes := s.data[privKey.ID()] bFinal, bRest := pem.Decode(keyBytes) require.Equal(t, "somegun", bFinal.Headers["gun"])