// NewMetadataSwizzler returns a new swizzler when given a gun,
// mapping of roles to initial metadata bytes, and a cryptoservice
func NewMetadataSwizzler(gun string, initialMetadata map[string][]byte,
cryptoService signed.CryptoService) *MetadataSwizzler {
var roles []string
for roleName := range initialMetadata {
roles = append(roles, roleName)
}
return &MetadataSwizzler{
Gun: gun,
MetadataCache: store.NewMemoryStore(initialMetadata),
CryptoService: cryptoService,
Roles: roles,
}
}
// NewKeyMemoryStore returns a new KeyMemoryStore which holds keys in memory
func NewKeyMemoryStore(p notary.PassRetriever) *GenericKeyStore {
memStore := store.NewMemoryStore(nil)
return NewGenericKeyStore(memStore, p)
}
func TestImportWithYubikey(t *testing.T) {
if !yubikey.IsAccessible() {
t.Skip("Must have Yubikey access.")
}
setUp(t)
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
require.NoError(t, err)
defer os.RemoveAll(tempBaseDir)
input, err := ioutil.TempFile("", "notary-test-import-")
require.NoError(t, err)
defer os.RemoveAll(input.Name())
k := &keyCommander{
configGetter: func() (*viper.Viper, error) {
v := viper.New()
v.SetDefault("trust_dir", tempBaseDir)
return v, nil
},
getRetriever: func() notary.PassRetriever { return passphrase.ConstantRetriever("pass") },
}
memStore := store.NewMemoryStore(nil)
ks := trustmanager.NewGenericKeyStore(memStore, k.getRetriever())
cs := cryptoservice.NewCryptoService(ks)
pubK, err := cs.Create(data.CanonicalRootRole, "ankh", data.ECDSAKey)
require.NoError(t, err)
bID := pubK.ID() // need to check presence in yubikey later
bytes, err := memStore.Get(pubK.ID())
require.NoError(t, err)
b, _ := pem.Decode(bytes)
b.Headers["path"] = "ankh"
require.Equal(t, "root", b.Headers["role"])
pubK, err = cs.Create(data.CanonicalTargetsRole, "morpork", data.ECDSAKey)
require.NoError(t, err)
cID := pubK.ID()
bytes, err = memStore.Get(pubK.ID())
require.NoError(t, err)
c, _ := pem.Decode(bytes)
c.Headers["path"] = "morpork"
bBytes := pem.EncodeToMemory(b)
cBytes := pem.EncodeToMemory(c)
input.Write(bBytes)
input.Write(cBytes)
file := input.Name()
err = input.Close() // close so import can open
require.NoError(t, err)
err = k.importKeys(&cobra.Command{}, []string{file})
require.NoError(t, err)
yks, err := yubikey.NewYubiStore(nil, k.getRetriever())
require.NoError(t, err)
_, _, err = yks.GetKey(bID)
require.NoError(t, err)
_, _, err = yks.GetKey(cID)
require.Error(t, err) // c is non-root, should not be in yubikey
fileStore, err := store.NewPrivateKeyFileStorage(tempBaseDir, notary.KeyExtension)
require.NoError(t, err)
_, err = fileStore.Get("ankh")
require.Error(t, err) // b should only be in yubikey, not in filestore
cResult, err := fileStore.Get("morpork")
require.NoError(t, err)
block, rest := pem.Decode(cResult)
require.Equal(t, c.Bytes, block.Bytes)
require.Len(t, rest, 0)
}
// NewShortMemoryStore returns a new instance of memory store that
// returns one byte too little data on any request to GetMeta
func NewShortMemoryStore(meta map[string][]byte) *ShortMemoryStore {
s := store.NewMemoryStore(meta)
return &ShortMemoryStore{MemoryStore: *s}
}
// NewLongMemoryStore returns a new instance of memory store that
// returns one byte too much data on any request to GetMeta
func NewLongMemoryStore(meta map[string][]byte) *LongMemoryStore {
s := store.NewMemoryStore(meta)
return &LongMemoryStore{MemoryStore: *s}
}
// NewCorruptingMemoryStore returns a new instance of memory store that
// corrupts all data requested from it.
func NewCorruptingMemoryStore(meta map[string][]byte) *CorruptingMemoryStore {
s := store.NewMemoryStore(meta)
return &CorruptingMemoryStore{MemoryStore: *s}
}
func TestImportKeysNoYubikey(t *testing.T) {
setUp(t)
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
require.NoError(t, err)
defer os.RemoveAll(tempBaseDir)
input, err := ioutil.TempFile("", "notary-test-import-")
require.NoError(t, err)
defer os.RemoveAll(input.Name())
k := &keyCommander{
configGetter: func() (*viper.Viper, error) {
v := viper.New()
v.SetDefault("trust_dir", tempBaseDir)
return v, nil
},
getRetriever: func() notary.PassRetriever { return passphrase.ConstantRetriever("pass") },
}
memStore := store.NewMemoryStore(nil)
ks := trustmanager.NewGenericKeyStore(memStore, k.getRetriever())
cs := cryptoservice.NewCryptoService(ks)
pubK, err := cs.Create(data.CanonicalRootRole, "ankh", data.ECDSAKey)
require.NoError(t, err)
bytes, err := memStore.Get(pubK.ID())
require.NoError(t, err)
b, _ := pem.Decode(bytes)
b.Headers["path"] = "ankh"
pubK, err = cs.Create(data.CanonicalTargetsRole, "morpork", data.ECDSAKey)
require.NoError(t, err)
bytes, err = memStore.Get(pubK.ID())
require.NoError(t, err)
c, _ := pem.Decode(bytes)
c.Headers["path"] = "morpork"
bBytes := pem.EncodeToMemory(b)
cBytes := pem.EncodeToMemory(c)
input.Write(bBytes)
input.Write(cBytes)
file := input.Name()
err = input.Close() // close so import can open
require.NoError(t, err)
err = k.importKeys(&cobra.Command{}, []string{file})
require.NoError(t, err)
fileStore, err := store.NewPrivateKeyFileStorage(tempBaseDir, notary.KeyExtension)
require.NoError(t, err)
bResult, err := fileStore.Get("ankh")
require.NoError(t, err)
cResult, err := fileStore.Get("morpork")
require.NoError(t, err)
block, rest := pem.Decode(bResult)
require.Equal(t, b.Bytes, block.Bytes)
require.Len(t, rest, 0)
block, rest = pem.Decode(cResult)
require.Equal(t, c.Bytes, block.Bytes)
require.Len(t, rest, 0)
}