forked from notaryproject/notary
/
keys_nonpkcs11_test.go
154 lines (131 loc) · 4.53 KB
/
keys_nonpkcs11_test.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
//+build !pkcs11
package main
import (
"encoding/pem"
"io/ioutil"
"os"
"testing"
"github.com/spf13/cobra"
"github.com/spf13/viper"
"github.com/stretchr/testify/require"
"github.com/theupdateframework/notary"
"github.com/theupdateframework/notary/cryptoservice"
"github.com/theupdateframework/notary/passphrase"
store "github.com/theupdateframework/notary/storage"
"github.com/theupdateframework/notary/trustmanager"
"github.com/theupdateframework/notary/tuf/data"
)
func TestImportKeysNoYubikey(t *testing.T) {
setUp(t)
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
require.NoError(t, err)
defer os.RemoveAll(tempBaseDir)
input, err := ioutil.TempFile("", "notary-test-import-")
require.NoError(t, err)
defer os.RemoveAll(input.Name())
k := &keyCommander{
configGetter: func() (*viper.Viper, error) {
v := viper.New()
v.SetDefault("trust_dir", tempBaseDir)
return v, nil
},
getRetriever: func() notary.PassRetriever { return passphrase.ConstantRetriever("pass") },
}
memStore := store.NewMemoryStore(nil)
ks := trustmanager.NewGenericKeyStore(memStore, k.getRetriever())
cs := cryptoservice.NewCryptoService(ks)
pubK, err := cs.Create(data.CanonicalRootRole, "ankh", data.ECDSAKey)
require.NoError(t, err)
bytes, err := memStore.Get(pubK.ID())
require.NoError(t, err)
b, _ := pem.Decode(bytes)
b.Headers["path"] = "ankh"
pubK, err = cs.Create(data.CanonicalTargetsRole, "morpork", data.ECDSAKey)
require.NoError(t, err)
bytes, err = memStore.Get(pubK.ID())
require.NoError(t, err)
c, _ := pem.Decode(bytes)
c.Headers["path"] = "morpork"
bBytes := pem.EncodeToMemory(b)
cBytes := pem.EncodeToMemory(c)
input.Write(bBytes)
input.Write(cBytes)
file := input.Name()
err = input.Close() // close so import can open
require.NoError(t, err)
err = k.importKeys(&cobra.Command{}, []string{file})
require.NoError(t, err)
fileStore, err := store.NewPrivateKeyFileStorage(tempBaseDir, notary.KeyExtension)
require.NoError(t, err)
bResult, err := fileStore.Get("ankh")
require.NoError(t, err)
cResult, err := fileStore.Get("morpork")
require.NoError(t, err)
block, rest := pem.Decode(bResult)
require.Equal(t, b.Bytes, block.Bytes)
require.Len(t, rest, 0)
block, rest = pem.Decode(cResult)
require.Equal(t, c.Bytes, block.Bytes)
require.Len(t, rest, 0)
}
func TestExportImportKeysNoYubikey(t *testing.T) {
setUp(t)
exportTempDir, err := ioutil.TempDir("", "notary-test-")
require.NoError(t, err)
defer os.RemoveAll(exportTempDir)
tempfile, err := ioutil.TempFile("", "notary-test-import-")
require.NoError(t, err)
tempfile.Close()
defer os.RemoveAll(tempfile.Name())
exportCommander := &keyCommander{
configGetter: func() (*viper.Viper, error) {
v := viper.New()
v.SetDefault("trust_dir", exportTempDir)
return v, nil
},
getRetriever: func() notary.PassRetriever { return passphrase.ConstantRetriever("pass") },
}
exportCommander.outFile = tempfile.Name()
exportStore, err := store.NewPrivateKeyFileStorage(exportTempDir, notary.KeyExtension)
require.NoError(t, err)
ks := trustmanager.NewGenericKeyStore(exportStore, exportCommander.getRetriever())
cs := cryptoservice.NewCryptoService(ks)
pubK, err := cs.Create(data.CanonicalRootRole, "ankh", data.ECDSAKey)
require.NoError(t, err)
bID := pubK.ID()
bOrigBytes, err := exportStore.Get(bID)
require.NoError(t, err)
bOrig, _ := pem.Decode(bOrigBytes)
pubK, err = cs.Create(data.CanonicalTargetsRole, "morpork", data.ECDSAKey)
require.NoError(t, err)
cID := pubK.ID()
cOrigBytes, err := exportStore.Get(cID)
require.NoError(t, err)
cOrig, _ := pem.Decode(cOrigBytes)
exportCommander.exportKeys(&cobra.Command{}, nil)
importTempDir, err := ioutil.TempDir("", "notary-test-")
require.NoError(t, err)
defer os.RemoveAll(importTempDir)
importCommander := &keyCommander{
configGetter: func() (*viper.Viper, error) {
v := viper.New()
v.SetDefault("trust_dir", importTempDir)
return v, nil
},
getRetriever: func() notary.PassRetriever { return passphrase.ConstantRetriever("pass") },
}
err = importCommander.importKeys(&cobra.Command{}, []string{tempfile.Name()})
require.NoError(t, err)
importStore, err := store.NewPrivateKeyFileStorage(importTempDir, notary.KeyExtension)
require.NoError(t, err)
bResult, err := importStore.Get(bID)
require.NoError(t, err)
cResult, err := importStore.Get(cID)
require.NoError(t, err)
block, rest := pem.Decode(bResult)
require.Equal(t, bOrig.Bytes, block.Bytes)
require.Len(t, rest, 0)
block, rest = pem.Decode(cResult)
require.Equal(t, cOrig.Bytes, block.Bytes)
require.Len(t, rest, 0)
}