// Generates a Manager in a temporary directory and returns the
// manager and certificates for two keys which have been added to the keystore.
// Also returns the temporary directory so it can be cleaned up.
func filestoreWithTwoCerts(t *testing.T, gun, keyAlg string) (
string, *Manager, *cryptoservice.CryptoService, []*x509.Certificate) {
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
assert.NoError(t, err, "failed to create a temporary directory: %s", err)
fileKeyStore, err := trustmanager.NewKeyFileStore(tempBaseDir, passphraseRetriever)
assert.NoError(t, err)
cryptoService := cryptoservice.NewCryptoService(gun, fileKeyStore)
// Create a Manager
certManager, err := NewManager(tempBaseDir)
assert.NoError(t, err)
certificates := make([]*x509.Certificate, 2)
for i := 0; i < 2; i++ {
pubKey, err := cryptoService.Create("root", keyAlg)
assert.NoError(t, err)
key, _, err := fileKeyStore.GetKey(pubKey.ID())
assert.NoError(t, err)
cert, err := cryptoservice.GenerateTestingCertificate(key.CryptoSigner(), gun)
assert.NoError(t, err)
certificates[i] = cert
}
return tempBaseDir, certManager, cryptoService, certificates
}
// generates a multiple-certificate file with both RSA and ECDSA certs and
// returns the filename so that cleanup can be deferred.
func generateMultiCert(t *testing.T) string {
tempFile, err := ioutil.TempFile("/tmp", "cert-test")
defer tempFile.Close()
assert.NoError(t, err)
rsaKey, err := rsa.GenerateKey(rand.Reader, 2048)
assert.NoError(t, err)
ecKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
assert.NoError(t, err)
for _, key := range []crypto.Signer{rsaKey, ecKey} {
cert, err := cryptoservice.GenerateTestingCertificate(key, "gun")
assert.NoError(t, err)
pemBytes := trustmanager.CertToPEM(cert)
nBytes, err := tempFile.Write(pemBytes)
assert.NoError(t, err)
assert.Equal(t, nBytes, len(pemBytes))
}
return tempFile.Name()
}
