mirror of
https://github.com/docker/docs.git
synced 2026-04-05 10:48:55 +07:00
change ks.AddKey to be consistent with CryptoService
Signed-off-by: Riyaz Faizullabhoy <riyaz.faizullabhoy@docker.com>
This commit is contained in:
Riyaz Faizullabhoy
@@ -560,11 +560,14 @@ func (k *keyCommander) keyPassphraseChange(cmd *cobra.Command, args []string) er
|
||||
// unlocking passphrase and reusing that.
|
||||
passChangeRetriever := k.getRetriever()
|
||||
keyStore, err := trustmanager.NewKeyFileStore(config.GetString("trust_dir"), passChangeRetriever)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
keyInfo, err := cs.GetKeyInfo(keyID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = keyStore.AddKey(privKey, keyInfo)
|
||||
err = keyStore.AddKey(keyInfo, privKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
@@ -51,7 +51,7 @@ func TestRemoveOneKeyAbort(t *testing.T) {
|
||||
|
||||
key, err := trustmanager.GenerateED25519Key(rand.Reader)
|
||||
assert.NoError(t, err)
|
||||
err = store.AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""})
|
||||
err = store.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, key)
|
||||
assert.NoError(t, err)
|
||||
|
||||
stores := []trustmanager.KeyStore{store}
|
||||
@@ -83,7 +83,7 @@ func TestRemoveOneKeyConfirm(t *testing.T) {
|
||||
|
||||
key, err := trustmanager.GenerateED25519Key(rand.Reader)
|
||||
assert.NoError(t, err)
|
||||
err = store.AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""})
|
||||
err = store.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, key)
|
||||
assert.NoError(t, err)
|
||||
|
||||
var out bytes.Buffer
|
||||
@@ -117,10 +117,10 @@ func TestRemoveMultikeysInvalidInput(t *testing.T) {
|
||||
trustmanager.NewKeyMemoryStore(ret),
|
||||
}
|
||||
|
||||
err = stores[0].AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""})
|
||||
err = stores[0].AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, key)
|
||||
assert.NoError(t, err)
|
||||
|
||||
err = stores[1].AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalTargetsRole, Gun: "gun"})
|
||||
err = stores[1].AddKey(trustmanager.KeyInfo{Role: data.CanonicalTargetsRole, Gun: "gun"}, key)
|
||||
assert.NoError(t, err)
|
||||
|
||||
var out bytes.Buffer
|
||||
@@ -166,10 +166,10 @@ func TestRemoveMultikeysAbortChoice(t *testing.T) {
|
||||
trustmanager.NewKeyMemoryStore(ret),
|
||||
}
|
||||
|
||||
err = stores[0].AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""})
|
||||
err = stores[0].AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, key)
|
||||
assert.NoError(t, err)
|
||||
|
||||
err = stores[1].AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalTargetsRole, Gun: "gun"})
|
||||
err = stores[1].AddKey(trustmanager.KeyInfo{Role: data.CanonicalTargetsRole, Gun: "gun"}, key)
|
||||
assert.NoError(t, err)
|
||||
|
||||
var out bytes.Buffer
|
||||
@@ -205,10 +205,10 @@ func TestRemoveMultikeysRemoveOnlyChosenKey(t *testing.T) {
|
||||
trustmanager.NewKeyMemoryStore(ret),
|
||||
}
|
||||
|
||||
err = stores[0].AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""})
|
||||
err = stores[0].AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, key)
|
||||
assert.NoError(t, err)
|
||||
|
||||
err = stores[1].AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalTargetsRole, Gun: "gun"})
|
||||
err = stores[1].AddKey(trustmanager.KeyInfo{Role: data.CanonicalTargetsRole, Gun: "gun"}, key)
|
||||
assert.NoError(t, err)
|
||||
|
||||
var out bytes.Buffer
|
||||
|
||||
@@ -103,12 +103,12 @@ func TestPrettyPrintRootAndSigningKeys(t *testing.T) {
|
||||
root := data.CanonicalRootRole
|
||||
|
||||
// add keys to the key stores
|
||||
assert.NoError(t, keyStores[0].AddKey(keys[0], trustmanager.KeyInfo{Role: root, Gun: ""}))
|
||||
assert.NoError(t, keyStores[1].AddKey(keys[0], trustmanager.KeyInfo{Role: root, Gun: ""}))
|
||||
assert.NoError(t, keyStores[0].AddKey(keys[1], trustmanager.KeyInfo{Role: "targets", Gun: strings.Repeat("/a", 30)}))
|
||||
assert.NoError(t, keyStores[1].AddKey(keys[1], trustmanager.KeyInfo{Role: "snapshot", Gun: "short/gun"}))
|
||||
assert.NoError(t, keyStores[0].AddKey(keys[3], trustmanager.KeyInfo{Role: "targets/a", Gun: ""}))
|
||||
assert.NoError(t, keyStores[0].AddKey(keys[2], trustmanager.KeyInfo{Role: "invalidRole", Gun: ""}))
|
||||
assert.NoError(t, keyStores[0].AddKey(trustmanager.KeyInfo{Role: root, Gun: ""}, keys[0]))
|
||||
assert.NoError(t, keyStores[1].AddKey(trustmanager.KeyInfo{Role: root, Gun: ""}, keys[0]))
|
||||
assert.NoError(t, keyStores[0].AddKey(trustmanager.KeyInfo{Role: "targets", Gun: strings.Repeat("/a", 30)}, keys[1]))
|
||||
assert.NoError(t, keyStores[1].AddKey(trustmanager.KeyInfo{Role: "snapshot", Gun: "short/gun"}, keys[1]))
|
||||
assert.NoError(t, keyStores[0].AddKey(trustmanager.KeyInfo{Role: "targets/a", Gun: ""}, keys[3]))
|
||||
assert.NoError(t, keyStores[0].AddKey(trustmanager.KeyInfo{Role: "invalidRole", Gun: ""}, keys[2]))
|
||||
|
||||
expected := [][]string{
|
||||
// root always comes first
|
||||
|
||||
@@ -17,7 +17,7 @@ func TestGenerateCertificate(t *testing.T) {
|
||||
|
||||
keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
|
||||
|
||||
err = keyStore.AddKey(privKey, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""})
|
||||
err = keyStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, privKey)
|
||||
assert.NoError(t, err, "could not add key to store")
|
||||
|
||||
// Check GenerateCertificate method
|
||||
|
||||
@@ -52,7 +52,7 @@ func (cs *CryptoService) Create(role, gun, algorithm string) (data.PublicKey, er
|
||||
|
||||
// Store the private key into our keystore
|
||||
for _, ks := range cs.keyStores {
|
||||
err = ks.AddKey(privKey, trustmanager.KeyInfo{Role: role, Gun: gun})
|
||||
err = ks.AddKey(trustmanager.KeyInfo{Role: role, Gun: gun}, privKey)
|
||||
if err == nil {
|
||||
return data.PublicKeyFromPrivate(privKey), nil
|
||||
}
|
||||
@@ -67,8 +67,7 @@ func (cs *CryptoService) Create(role, gun, algorithm string) (data.PublicKey, er
|
||||
// GetPrivateKey returns a private key and role if present by ID.
|
||||
func (cs *CryptoService) GetPrivateKey(keyID string) (k data.PrivateKey, role string, err error) {
|
||||
for _, ks := range cs.keyStores {
|
||||
k, role, err = ks.GetKey(keyID)
|
||||
if err == nil {
|
||||
if k, role, err = ks.GetKey(keyID); err == nil {
|
||||
return
|
||||
}
|
||||
switch err.(type) {
|
||||
@@ -124,7 +123,7 @@ func (cs *CryptoService) AddKey(role, gun string, key data.PrivateKey) (err erro
|
||||
// If the key didn't exist in any of our keystores, add and return on the first successful keystore
|
||||
for _, ks := range cs.keyStores {
|
||||
// Try to add to this keystore, return if successful
|
||||
if err = ks.AddKey(key, trustmanager.KeyInfo{Role: role, Gun: gun}); err == nil {
|
||||
if err = ks.AddKey(trustmanager.KeyInfo{Role: role, Gun: gun}, key); err == nil {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
|
||||
@@ -147,7 +147,7 @@ func (c CryptoServiceTester) TestGetPrivateKeyMultipleKeystores(t *testing.T) {
|
||||
assert.NoError(t, err, c.errorMsg("error creating key"))
|
||||
|
||||
for _, store := range cryptoService.keyStores {
|
||||
err := store.AddKey(privKey, trustmanager.KeyInfo{Role: c.role, Gun: c.gun})
|
||||
err := store.AddKey(trustmanager.KeyInfo{Role: c.role, Gun: c.gun}, privKey)
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
@@ -237,7 +237,7 @@ func (c CryptoServiceTester) TestRemoveFromMultipleKeystores(t *testing.T) {
|
||||
assert.NoError(t, err, c.errorMsg("error creating key"))
|
||||
|
||||
for _, store := range cryptoService.keyStores {
|
||||
err := store.AddKey(privKey, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""})
|
||||
err := store.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, privKey)
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
@@ -271,7 +271,7 @@ func (c CryptoServiceTester) TestListFromMultipleKeystores(t *testing.T) {
|
||||
// both keystores
|
||||
for j, store := range cryptoService.keyStores {
|
||||
if i == j || i == 2 {
|
||||
store.AddKey(privKey, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""})
|
||||
store.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, privKey)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -81,7 +81,7 @@ func (cs *CryptoService) ExportKeyReencrypt(dest io.Writer, keyID string, newPas
|
||||
return err
|
||||
}
|
||||
|
||||
err = tempKeyStore.AddKey(privateKey, keyInfo)
|
||||
err = tempKeyStore.AddKey(keyInfo, privateKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -227,7 +227,7 @@ func moveKeysByGUN(oldKeyStore, newKeyStore trustmanager.KeyStore, gun string) e
|
||||
return err
|
||||
}
|
||||
|
||||
err = newKeyStore.AddKey(privKey, keyInfo)
|
||||
err = newKeyStore.AddKey(keyInfo, privKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -243,7 +243,7 @@ func moveKeys(oldKeyStore, newKeyStore trustmanager.KeyStore) error {
|
||||
return err
|
||||
}
|
||||
|
||||
err = newKeyStore.AddKey(privateKey, keyInfo)
|
||||
err = newKeyStore.AddKey(keyInfo, privateKey)
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
@@ -120,7 +120,7 @@ func TestGetPrivateKeyAndSignWithExistingKey(t *testing.T) {
|
||||
|
||||
store := trustmanager.NewKeyMemoryStore(ret)
|
||||
|
||||
err = store.AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun"})
|
||||
err = store.AddKey(trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun"}, key)
|
||||
assert.NoError(t, err, "could not add key to store")
|
||||
|
||||
signer := setUpSigner(t, store)
|
||||
|
||||
@@ -68,7 +68,7 @@ func (s *KeyDBStore) Name() string {
|
||||
|
||||
// AddKey stores the contents of a private key. Both role and gun are ignored,
|
||||
// we always use Key IDs as name, and don't support aliases
|
||||
func (s *KeyDBStore) AddKey(privKey data.PrivateKey, keyInfo trustmanager.KeyInfo) error {
|
||||
func (s *KeyDBStore) AddKey(keyInfo trustmanager.KeyInfo, privKey data.PrivateKey) error {
|
||||
|
||||
passphrase, _, err := s.retriever(privKey.ID(), s.defaultPassAlias, false, 1)
|
||||
if err != nil {
|
||||
|
||||
@@ -84,7 +84,7 @@ func TestCreateSuccessPopulatesCache(t *testing.T) {
|
||||
assert.NoError(t, err)
|
||||
|
||||
// Test writing new key in database
|
||||
err = dbStore.AddKey(testKey, trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"})
|
||||
err = dbStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}, testKey)
|
||||
assert.NoError(t, err)
|
||||
|
||||
testGetSuccessFromCache(t, dbStore, testKey)
|
||||
@@ -101,7 +101,7 @@ func TestGetSuccessPopulatesCache(t *testing.T) {
|
||||
// Create a new KeyDB store and add a key
|
||||
dbStore, err := NewKeyDBStore(retriever, "ignoredalias", "sqlite3", tmpFilename)
|
||||
assert.NoError(t, err)
|
||||
err = dbStore.AddKey(testKey, trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"})
|
||||
err = dbStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}, testKey)
|
||||
assert.NoError(t, err)
|
||||
|
||||
// delete the cache
|
||||
@@ -126,15 +126,15 @@ func TestDoubleCreate(t *testing.T) {
|
||||
assert.NoError(t, err)
|
||||
|
||||
// Test writing new key in database/cache
|
||||
err = dbStore.AddKey(testKey, trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"})
|
||||
err = dbStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}, testKey)
|
||||
assert.NoError(t, err)
|
||||
|
||||
// Test writing the same key in the database. Should fail.
|
||||
err = dbStore.AddKey(testKey, trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"})
|
||||
err = dbStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}, testKey)
|
||||
assert.Error(t, err, "failed to add private key to database:")
|
||||
|
||||
// Test writing new key succeeds
|
||||
err = dbStore.AddKey(anotherTestKey, trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"})
|
||||
err = dbStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}, anotherTestKey)
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
|
||||
@@ -150,7 +150,7 @@ func TestCreateDelete(t *testing.T) {
|
||||
assert.NoError(t, err)
|
||||
|
||||
// Test writing new key in database/cache
|
||||
err = dbStore.AddKey(testKey, trustmanager.KeyInfo{Role: "", Gun: ""})
|
||||
err = dbStore.AddKey(trustmanager.KeyInfo{Role: "", Gun: ""}, testKey)
|
||||
assert.NoError(t, err)
|
||||
|
||||
// Test deleting the key from the db
|
||||
@@ -174,7 +174,7 @@ func TestKeyRotation(t *testing.T) {
|
||||
assert.NoError(t, err)
|
||||
|
||||
// Test writing new key in database/cache
|
||||
err = dbStore.AddKey(testKey, trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"})
|
||||
err = dbStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalTimestampRole, Gun: "gun/ignored"}, testKey)
|
||||
assert.NoError(t, err)
|
||||
|
||||
// Try rotating the key to alias-2
|
||||
|
||||
@@ -141,7 +141,7 @@ func (s *KeyFileStore) Name() string {
|
||||
}
|
||||
|
||||
// AddKey stores the contents of a PEM-encoded private key as a PEM block
|
||||
func (s *KeyFileStore) AddKey(privKey data.PrivateKey, keyInfo KeyInfo) error {
|
||||
func (s *KeyFileStore) AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error {
|
||||
s.Lock()
|
||||
defer s.Unlock()
|
||||
if keyInfo.Role == data.CanonicalRootRole || data.IsDelegation(keyInfo.Role) || !data.ValidRole(keyInfo.Role) {
|
||||
@@ -231,7 +231,7 @@ func (s *KeyMemoryStore) Name() string {
|
||||
}
|
||||
|
||||
// AddKey stores the contents of a PEM-encoded private key as a PEM block
|
||||
func (s *KeyMemoryStore) AddKey(privKey data.PrivateKey, keyInfo KeyInfo) error {
|
||||
func (s *KeyMemoryStore) AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error {
|
||||
s.Lock()
|
||||
defer s.Unlock()
|
||||
if keyInfo.Role == data.CanonicalRootRole || data.IsDelegation(keyInfo.Role) || !data.ValidRole(keyInfo.Role) {
|
||||
|
||||
@@ -53,7 +53,7 @@ func testAddKeyWithRole(t *testing.T, role, expectedSubdir string) {
|
||||
expectedFilePath := filepath.Join(tempBaseDir, notary.PrivDir, expectedSubdir, privKey.ID()+"."+testExt)
|
||||
|
||||
// Call the AddKey function
|
||||
err = store.AddKey(privKey, KeyInfo{Role: role, Gun: gun})
|
||||
err = store.AddKey(KeyInfo{Role: role, Gun: gun}, privKey)
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Check to see if file exists
|
||||
@@ -152,7 +152,7 @@ func TestKeyStoreInternalState(t *testing.T) {
|
||||
// Generate a new targets key and add it with its gun, check that the map gets updated back
|
||||
privKey, err := GenerateECDSAKey(rand.Reader)
|
||||
assert.NoError(t, err, "could not generate private key")
|
||||
assert.NoError(t, store.AddKey(privKey, KeyInfo{Role: data.CanonicalTargetsRole, Gun: gun}))
|
||||
assert.NoError(t, store.AddKey(KeyInfo{Role: data.CanonicalTargetsRole, Gun: gun}, privKey))
|
||||
assert.Equal(t, gun, store.keyInfoMap[privKey.ID()].Gun)
|
||||
assert.Equal(t, data.CanonicalTargetsRole, store.keyInfoMap[privKey.ID()].Role)
|
||||
}
|
||||
@@ -342,7 +342,7 @@ func TestListKeys(t *testing.T) {
|
||||
|
||||
// Call the AddKey function
|
||||
gun := filepath.Dir(testName)
|
||||
err = store.AddKey(privKey, KeyInfo{Role: role, Gun: gun})
|
||||
err = store.AddKey(KeyInfo{Role: role, Gun: gun}, privKey)
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Check to see if the keystore lists this key
|
||||
@@ -384,7 +384,7 @@ func TestAddGetKeyMemStore(t *testing.T) {
|
||||
assert.NoError(t, err, "could not generate private key")
|
||||
|
||||
// Call the AddKey function
|
||||
err = store.AddKey(privKey, KeyInfo{Role: testAlias, Gun: ""})
|
||||
err = store.AddKey(KeyInfo{Role: testAlias, Gun: ""}, privKey)
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Check to see if file exists
|
||||
@@ -406,7 +406,7 @@ func TestAddGetKeyInfoMemStore(t *testing.T) {
|
||||
assert.NoError(t, err, "could not generate private key")
|
||||
|
||||
// Call the AddKey function
|
||||
err = store.AddKey(rootKey, KeyInfo{Role: data.CanonicalRootRole, Gun: ""})
|
||||
err = store.AddKey(KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, rootKey)
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Get and validate key info
|
||||
@@ -419,7 +419,7 @@ func TestAddGetKeyInfoMemStore(t *testing.T) {
|
||||
assert.NoError(t, err, "could not generate private key")
|
||||
|
||||
// Call the AddKey function
|
||||
err = store.AddKey(targetsKey, KeyInfo{Role: data.CanonicalTargetsRole, Gun: gun})
|
||||
err = store.AddKey(KeyInfo{Role: data.CanonicalTargetsRole, Gun: gun}, targetsKey)
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Get and validate key info
|
||||
@@ -432,7 +432,7 @@ func TestAddGetKeyInfoMemStore(t *testing.T) {
|
||||
assert.NoError(t, err, "could not generate private key")
|
||||
|
||||
// Call the AddKey function
|
||||
err = store.AddKey(delgKey, KeyInfo{Role: "targets/delegation", Gun: gun})
|
||||
err = store.AddKey(KeyInfo{Role: "targets/delegation", Gun: gun}, delgKey)
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Get and validate key info
|
||||
@@ -460,7 +460,7 @@ func TestGetDecryptedWithTamperedCipherText(t *testing.T) {
|
||||
assert.NoError(t, err, "could not generate private key")
|
||||
|
||||
// Call the AddEncryptedKey function
|
||||
err = store.AddKey(privKey, KeyInfo{Role: testAlias, Gun: ""})
|
||||
err = store.AddKey(KeyInfo{Role: testAlias, Gun: ""}, privKey)
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Since we're generating this manually we need to add the extension '.'
|
||||
@@ -551,7 +551,7 @@ func testGetDecryptedWithInvalidPassphrase(t *testing.T, store KeyStore, newStor
|
||||
assert.NoError(t, err, "could not generate private key")
|
||||
|
||||
// Call the AddKey function
|
||||
err = store.AddKey(privKey, KeyInfo{Role: testAlias, Gun: ""})
|
||||
err = store.AddKey(KeyInfo{Role: testAlias, Gun: ""}, privKey)
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Try to decrypt the file with an invalid passphrase
|
||||
@@ -588,7 +588,7 @@ func testRemoveKeyWithRole(t *testing.T, role, expectedSubdir string) {
|
||||
// Since we're generating this manually we need to add the extension '.'
|
||||
expectedFilePath := filepath.Join(tempBaseDir, notary.PrivDir, expectedSubdir, privKey.ID()+"."+testExt)
|
||||
|
||||
err = store.AddKey(privKey, KeyInfo{Role: role, Gun: gun})
|
||||
err = store.AddKey(KeyInfo{Role: role, Gun: gun}, privKey)
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
// Check to see if file exists
|
||||
@@ -629,7 +629,7 @@ func TestKeysAreCached(t *testing.T) {
|
||||
assert.NoError(t, err, "could not generate private key")
|
||||
|
||||
// Call the AddKey function
|
||||
err = store.AddKey(privKey, KeyInfo{Role: testAlias, Gun: gun})
|
||||
err = store.AddKey(KeyInfo{Role: testAlias, Gun: gun}, privKey)
|
||||
assert.NoError(t, err, "failed to add key to store")
|
||||
|
||||
assert.Equal(t, 1, numTimesCalled, "numTimesCalled should have been 1")
|
||||
@@ -676,7 +676,7 @@ func TestKeyFileStoreExportSuccess(t *testing.T) {
|
||||
// Create our FileStore and add the key
|
||||
store, err := NewKeyFileStore(tempBaseDir, passphraseRetriever)
|
||||
assert.NoError(t, err)
|
||||
err = store.AddKey(privKey, KeyInfo{Role: data.CanonicalRootRole, Gun: ""})
|
||||
err = store.AddKey(KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, privKey)
|
||||
assert.NoError(t, err)
|
||||
|
||||
assertExportKeySuccess(t, store, privKey)
|
||||
@@ -706,7 +706,7 @@ func TestKeyMemoryStoreExportSuccess(t *testing.T) {
|
||||
// Create our MemoryStore and add key to it
|
||||
store := NewKeyMemoryStore(passphraseRetriever)
|
||||
assert.NoError(t, err)
|
||||
err = store.AddKey(privKey, KeyInfo{Role: data.CanonicalRootRole, Gun: ""})
|
||||
err = store.AddKey(KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, privKey)
|
||||
assert.NoError(t, err)
|
||||
|
||||
assertExportKeySuccess(t, store, privKey)
|
||||
|
||||
@@ -40,9 +40,9 @@ const (
|
||||
|
||||
// KeyStore is a generic interface for private key storage
|
||||
type KeyStore interface {
|
||||
// Add Key adds a key to the KeyStore, and if the key already exists,
|
||||
// AddKey adds a key to the KeyStore, and if the key already exists,
|
||||
// succeeds. Otherwise, returns an error if it cannot add.
|
||||
AddKey(privKey data.PrivateKey, keyInfo KeyInfo) error
|
||||
AddKey(keyInfo KeyInfo, privKey data.PrivateKey) error
|
||||
GetKey(name string) (data.PrivateKey, string, error)
|
||||
GetKeyInfo(keyID string) (KeyInfo, error)
|
||||
ListKeys() map[string]KeyInfo
|
||||
|
||||
@@ -639,13 +639,13 @@ func (s *YubiKeyStore) ListKeys() map[string]trustmanager.KeyInfo {
|
||||
}
|
||||
|
||||
// AddKey puts a key inside the Yubikey, as well as writing it to the backup store
|
||||
func (s *YubiKeyStore) AddKey(privKey data.PrivateKey, keyInfo trustmanager.KeyInfo) error {
|
||||
func (s *YubiKeyStore) AddKey(keyInfo trustmanager.KeyInfo, privKey data.PrivateKey) error {
|
||||
added, err := s.addKey(privKey.ID(), keyInfo.Role, privKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if added {
|
||||
err = s.backupStore.AddKey(privKey, keyInfo)
|
||||
err = s.backupStore.AddKey(keyInfo, privKey)
|
||||
if err != nil {
|
||||
defer s.RemoveKey(privKey.ID())
|
||||
return ErrBackupFailed{err: err.Error()}
|
||||
|
||||
@@ -60,7 +60,7 @@ func testAddKey(t *testing.T, store trustmanager.KeyStore) (data.PrivateKey, err
|
||||
privKey, err := trustmanager.GenerateECDSAKey(rand.Reader)
|
||||
assert.NoError(t, err)
|
||||
|
||||
err = store.AddKey(privKey, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""})
|
||||
err = store.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, privKey)
|
||||
return privKey, err
|
||||
}
|
||||
|
||||
@@ -215,7 +215,7 @@ type nonworkingBackup struct {
|
||||
}
|
||||
|
||||
// AddKey stores the contents of a PEM-encoded private key as a PEM block
|
||||
func (s *nonworkingBackup) AddKey(privKey data.PrivateKey, keyInfo trustmanager.KeyInfo) error {
|
||||
func (s *nonworkingBackup) AddKey(keyInfo trustmanager.KeyInfo, privKey data.PrivateKey) error {
|
||||
return errors.New("Nope!")
|
||||
}
|
||||
|
||||
@@ -271,7 +271,7 @@ func TestYubiAddDuplicateKeySucceedsButDoesNotBackup(t *testing.T) {
|
||||
assert.NoError(t, err)
|
||||
assert.Len(t, cleanStore.ListKeys(), 1)
|
||||
|
||||
err = cleanStore.AddKey(key, trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""})
|
||||
err = cleanStore.AddKey(trustmanager.KeyInfo{Role: data.CanonicalRootRole, Gun: ""}, key)
|
||||
assert.NoError(t, err)
|
||||
|
||||
// there should be just 1 key on the yubikey
|
||||
|
||||
Reference in New Issue
Block a user