// Ensures that the httpstore can interpret the errors returned from the server
func TestValidationErrorFormat(t *testing.T) {
ctx := context.WithValue(
context.Background(), "metaStore", storage.NewMemStorage())
ctx = context.WithValue(ctx, "keyAlgorithm", data.ED25519Key)
handler := RootHandler(nil, ctx, signed.NewEd25519())
server := httptest.NewServer(handler)
defer server.Close()
client, err := store.NewHTTPStore(
fmt.Sprintf("%s/v2/gun/_trust/tuf/", server.URL),
"",
"json",
"",
"key",
http.DefaultTransport,
)
_, repo, _ := testutils.EmptyRepo()
r, tg, sn, ts, err := testutils.Sign(repo)
assert.NoError(t, err)
rs, _, _, _, err := testutils.Serialize(r, tg, sn, ts)
assert.NoError(t, err)
err = client.SetMultiMeta(map[string][]byte{data.CanonicalRootRole: rs})
assert.Error(t, err)
assert.IsType(t, validation.ErrBadRoot{}, err)
}
// Ensures that the httpstore can interpret the errors returned from the server
func TestValidationErrorFormat(t *testing.T) {
ctx := context.WithValue(
context.Background(), "metaStore", storage.NewMemStorage())
ctx = context.WithValue(ctx, "keyAlgorithm", data.ED25519Key)
handler := RootHandler(nil, ctx, signed.NewEd25519(), nil, nil, nil)
server := httptest.NewServer(handler)
defer server.Close()
client, err := store.NewHTTPStore(
fmt.Sprintf("%s/v2/docker.com/notary/_trust/tuf/", server.URL),
"",
"json",
"key",
http.DefaultTransport,
)
repo, _, err := testutils.EmptyRepo("docker.com/notary")
require.NoError(t, err)
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
rs, rt, _, _, err := testutils.Serialize(r, tg, sn, ts)
require.NoError(t, err)
// No snapshot is passed, and the server doesn't have the snapshot key,
// so ErrBadHierarchy
err = client.SetMultiMeta(map[string][]byte{
data.CanonicalRootRole: rs,
data.CanonicalTargetsRole: rt,
})
require.Error(t, err)
require.IsType(t, validation.ErrBadHierarchy{}, err)
}
// Use this to initialize remote HTTPStores from the config settings
func getRemoteStore(baseURL, gun string, rt http.RoundTripper) (store.RemoteStore, error) {
return store.NewHTTPStore(
baseURL+"/v2/"+gun+"/_trust/tuf/",
"",
"json",
"",
"key",
rt,
)
}
// Use this to initialize remote HTTPStores from the config settings
func getRemoteStore(baseURL, gun string, rt http.RoundTripper) (store.RemoteStore, error) {
s, err := store.NewHTTPStore(
baseURL+"/v2/"+gun+"/_trust/tuf/",
"",
"json",
"key",
rt,
)
if err != nil {
return store.OfflineStore{}, err
}
return s, err
}
func TestRepoPrefixDoesNotMatch(t *testing.T) {
gun := "docker.io/notary"
meta, cs, err := testutils.NewRepoMetadata(gun)
require.NoError(t, err)
s := storage.NewMemStorage()
ctx := context.WithValue(context.Background(), "metaStore", s)
ctx = context.WithValue(ctx, "keyAlgorithm", data.ED25519Key)
snChecksumBytes := sha256.Sum256(meta[data.CanonicalSnapshotRole])
// successful gets
handler := RootHandler(nil, ctx, cs, nil, nil, []string{"nope"})
ts := httptest.NewServer(handler)
url := fmt.Sprintf("%s/v2/%s/_trust/tuf/", ts.URL, gun)
uploader, err := store.NewHTTPStore(url, "", "json", "key", http.DefaultTransport)
require.NoError(t, err)
require.Error(t, uploader.SetMultiMeta(meta))
// update the storage so we don't fail just because the metadata is missing
for _, roleName := range data.BaseRoles {
require.NoError(t, s.UpdateCurrent(gun, storage.MetaUpdate{
Role: roleName,
Data: meta[roleName],
Version: 1,
}))
}
_, err = uploader.GetMeta(data.CanonicalSnapshotRole, notary.MaxDownloadSize)
require.Error(t, err)
_, err = uploader.GetMeta(
tufutils.ConsistentName(data.CanonicalSnapshotRole, snChecksumBytes[:]), notary.MaxDownloadSize)
require.Error(t, err)
_, err = uploader.GetKey(data.CanonicalTimestampRole)
require.Error(t, err)
// the httpstore doesn't actually delete all, so we do it manually
req, err := http.NewRequest("DELETE", url, nil)
require.NoError(t, err)
res, err := http.DefaultTransport.RoundTrip(req)
require.NoError(t, err)
defer res.Body.Close()
require.Equal(t, http.StatusNotFound, res.StatusCode)
}
func TestRepoPrefixMatches(t *testing.T) {
gun := "docker.io/notary"
meta, cs, err := testutils.NewRepoMetadata(gun)
require.NoError(t, err)
ctx := context.WithValue(context.Background(), "metaStore", storage.NewMemStorage())
ctx = context.WithValue(ctx, "keyAlgorithm", data.ED25519Key)
snChecksumBytes := sha256.Sum256(meta[data.CanonicalSnapshotRole])
// successful gets
handler := RootHandler(nil, ctx, cs, nil, nil, []string{"docker.io"})
ts := httptest.NewServer(handler)
url := fmt.Sprintf("%s/v2/%s/_trust/tuf/", ts.URL, gun)
uploader, err := store.NewHTTPStore(url, "", "json", "key", http.DefaultTransport)
require.NoError(t, err)
// uploading is cool
require.NoError(t, uploader.SetMultiMeta(meta))
// getting is cool
_, err = uploader.GetMeta(data.CanonicalSnapshotRole, notary.MaxDownloadSize)
require.NoError(t, err)
_, err = uploader.GetMeta(
tufutils.ConsistentName(data.CanonicalSnapshotRole, snChecksumBytes[:]), notary.MaxDownloadSize)
require.NoError(t, err)
_, err = uploader.GetKey(data.CanonicalTimestampRole)
require.NoError(t, err)
// the httpstore doesn't actually delete all, so we do it manually
req, err := http.NewRequest("DELETE", url, nil)
require.NoError(t, err)
res, err := http.DefaultTransport.RoundTrip(req)
require.NoError(t, err)
defer res.Body.Close()
require.Equal(t, http.StatusOK, res.StatusCode)
}