// Ensures that the httpstore can interpret the errors returned from the server func TestValidationErrorFormat(t *testing.T) { ctx := context.WithValue( context.Background(), notary.CtxKeyMetaStore, storage.NewMemStorage()) ctx = context.WithValue(ctx, notary.CtxKeyKeyAlgo, data.ED25519Key) handler := RootHandler(ctx, nil, signed.NewEd25519(), nil, nil, nil) server := httptest.NewServer(handler) defer server.Close() client, err := store.NewHTTPStore( fmt.Sprintf("%s/v2/docker.com/notary/_trust/tuf/", server.URL), "", "json", "key", http.DefaultTransport, ) require.NoError(t, err) repo, _, err := testutils.EmptyRepo("docker.com/notary") require.NoError(t, err) r, tg, sn, ts, err := testutils.Sign(repo) require.NoError(t, err) rs, rt, _, _, err := testutils.Serialize(r, tg, sn, ts) require.NoError(t, err) // No snapshot is passed, and the server doesn't have the snapshot key, // so ErrBadHierarchy err = client.SetMulti(map[string][]byte{ data.CanonicalRootRole: rs, data.CanonicalTargetsRole: rt, }) require.Error(t, err) require.IsType(t, validation.ErrBadHierarchy{}, err) }
// Use this to initialize remote HTTPStores from the config settings func getRemoteStore(baseURL, gun string, rt http.RoundTripper) (store.RemoteStore, error) { s, err := store.NewHTTPStore( baseURL+"/v2/"+gun+"/_trust/tuf/", "", "json", "key", rt, ) if err != nil { return store.OfflineStore{}, err } return s, err }
func TestRepoPrefixDoesNotMatch(t *testing.T) { gun := "docker.io/notary" meta, cs, err := testutils.NewRepoMetadata(gun) require.NoError(t, err) s := storage.NewMemStorage() ctx := context.WithValue(context.Background(), notary.CtxKeyMetaStore, s) ctx = context.WithValue(ctx, notary.CtxKeyKeyAlgo, data.ED25519Key) snChecksumBytes := sha256.Sum256(meta[data.CanonicalSnapshotRole]) // successful gets handler := RootHandler(ctx, nil, cs, nil, nil, []string{"nope"}) ts := httptest.NewServer(handler) url := fmt.Sprintf("%s/v2/%s/_trust/tuf/", ts.URL, gun) uploader, err := store.NewHTTPStore(url, "", "json", "key", http.DefaultTransport) require.NoError(t, err) require.Error(t, uploader.SetMulti(meta)) // update the storage so we don't fail just because the metadata is missing for _, roleName := range data.BaseRoles { require.NoError(t, s.UpdateCurrent(gun, storage.MetaUpdate{ Role: roleName, Data: meta[roleName], Version: 1, })) } _, err = uploader.GetSized(data.CanonicalSnapshotRole, notary.MaxDownloadSize) require.Error(t, err) _, err = uploader.GetSized( tufutils.ConsistentName(data.CanonicalSnapshotRole, snChecksumBytes[:]), notary.MaxDownloadSize) require.Error(t, err) _, err = uploader.GetKey(data.CanonicalTimestampRole) require.Error(t, err) // the httpstore doesn't actually delete all, so we do it manually req, err := http.NewRequest("DELETE", url, nil) require.NoError(t, err) res, err := http.DefaultTransport.RoundTrip(req) require.NoError(t, err) defer res.Body.Close() require.Equal(t, http.StatusNotFound, res.StatusCode) }
func TestRepoPrefixMatches(t *testing.T) { gun := "docker.io/notary" meta, cs, err := testutils.NewRepoMetadata(gun) require.NoError(t, err) ctx := context.WithValue(context.Background(), notary.CtxKeyMetaStore, storage.NewMemStorage()) ctx = context.WithValue(ctx, notary.CtxKeyKeyAlgo, data.ED25519Key) snChecksumBytes := sha256.Sum256(meta[data.CanonicalSnapshotRole]) // successful gets handler := RootHandler(ctx, nil, cs, nil, nil, []string{"docker.io"}) ts := httptest.NewServer(handler) url := fmt.Sprintf("%s/v2/%s/_trust/tuf/", ts.URL, gun) uploader, err := store.NewHTTPStore(url, "", "json", "key", http.DefaultTransport) require.NoError(t, err) // uploading is cool require.NoError(t, uploader.SetMulti(meta)) // getting is cool _, err = uploader.GetSized(data.CanonicalSnapshotRole, notary.MaxDownloadSize) require.NoError(t, err) _, err = uploader.GetSized( tufutils.ConsistentName(data.CanonicalSnapshotRole, snChecksumBytes[:]), notary.MaxDownloadSize) require.NoError(t, err) _, err = uploader.GetKey(data.CanonicalTimestampRole) require.NoError(t, err) // the httpstore doesn't actually delete all, so we do it manually req, err := http.NewRequest("DELETE", url, nil) require.NoError(t, err) res, err := http.DefaultTransport.RoundTrip(req) require.NoError(t, err) defer res.Body.Close() require.Equal(t, http.StatusOK, res.StatusCode) }