本文整理汇总了Golang中github.com/docker/notary/tuf/testutils.CopyKeys函数的典型用法代码示例。如果您正苦于以下问题:Golang CopyKeys函数的具体用法?Golang CopyKeys怎么用?Golang CopyKeys使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了CopyKeys函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。
示例1: TestValidateOldRootCorruptRootRole
// We cannot validate a new root if the old root is corrupt, because there might
// have been a root key rotation.
func TestValidateOldRootCorruptRootRole(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, snapshot, timestamp, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
// so a valid root, but missing the root role
signedRoot, err := data.RootFromSigned(r)
require.NoError(t, err)
delete(signedRoot.Signed.Roles, data.CanonicalRootRole)
badRootJSON, err := json.Marshal(signedRoot)
require.NoError(t, err)
badRoot := storage.MetaUpdate{
Version: root.Version,
Role: root.Role,
Data: badRootJSON,
}
store.UpdateCurrent(gun, badRoot)
updates := []storage.MetaUpdate{root, targets, snapshot, timestamp}
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.Error(t, err)
require.IsType(t, data.ErrInvalidMetadata{}, err)
}
开发者ID:cyli,项目名称:notary,代码行数:32,代码来源:validation_test.go
示例2: TestValidateSnapshotGeneratePrevCorrupt
func TestValidateSnapshotGeneratePrevCorrupt(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := storage.NewMemStorage()
snapRole, err := repo.GetBaseRole(data.CanonicalSnapshotRole)
require.NoError(t, err)
for _, k := range snapRole.Keys {
err := store.SetKey(gun, data.CanonicalSnapshotRole, k.Algorithm(), k.Public())
require.NoError(t, err)
}
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, snapshot, _, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
updates := []storage.MetaUpdate{root, targets}
// corrupt the JSON structure of prev snapshot
snapshot.Data = snapshot.Data[1:]
// set the current snapshot in the store manually so we find it when generating
// the next version
store.UpdateCurrent(gun, snapshot)
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.Error(t, err)
require.IsType(t, &json.SyntaxError{}, err)
}
开发者ID:cyli,项目名称:notary,代码行数:31,代码来源:validation_test.go
示例3: TestValidatePrevTimestamp
func TestValidatePrevTimestamp(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, snapshot, timestamp, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
updates := []storage.MetaUpdate{root, targets, snapshot}
store := storage.NewMemStorage()
store.UpdateCurrent(gun, timestamp)
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
updates, err = validateUpdate(serverCrypto, gun, updates, store)
require.NoError(t, err)
// we generated our own timestamp, and did not take the other timestamp,
// but all other metadata should come from updates
var foundTimestamp bool
for _, update := range updates {
if update.Role == data.CanonicalTimestampRole {
foundTimestamp = true
oldTimestamp, newTimestamp := &data.SignedTimestamp{}, &data.SignedTimestamp{}
require.NoError(t, json.Unmarshal(timestamp.Data, oldTimestamp))
require.NoError(t, json.Unmarshal(update.Data, newTimestamp))
require.Equal(t, oldTimestamp.Signed.Version+1, newTimestamp.Signed.Version)
}
}
require.True(t, foundTimestamp)
}
开发者ID:cyli,项目名称:notary,代码行数:33,代码来源:validation_test.go
示例4: TestValidateSnapshotGenerateStoreGetCurrentSnapshotBroken
// Store is broken when getting the current snapshot
func TestValidateSnapshotGenerateStoreGetCurrentSnapshotBroken(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := getFailStore{
MetaStore: storage.NewMemStorage(),
errsToReturn: map[string]error{data.CanonicalSnapshotRole: data.ErrNoSuchRole{}},
}
snapRole, err := repo.GetBaseRole(data.CanonicalSnapshotRole)
require.NoError(t, err)
for _, k := range snapRole.Keys {
err := store.SetKey(gun, data.CanonicalSnapshotRole, k.Algorithm(), k.Public())
require.NoError(t, err)
}
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, _, _, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
updates := []storage.MetaUpdate{root, targets}
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.Error(t, err)
require.IsType(t, data.ErrNoSuchRole{}, err)
}
开发者ID:cyli,项目名称:notary,代码行数:29,代码来源:validation_test.go
示例5: TestValidateSnapshotGenerate
func TestValidateSnapshotGenerate(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := storage.NewMemStorage()
snapRole, err := repo.GetBaseRole(data.CanonicalSnapshotRole)
require.NoError(t, err)
for _, k := range snapRole.Keys {
err := store.SetKey(gun, data.CanonicalSnapshotRole, k.Algorithm(), k.Public())
require.NoError(t, err)
}
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, _, _, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
updates := []storage.MetaUpdate{targets}
store.UpdateCurrent(gun, root)
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.NoError(t, err)
}
开发者ID:cyli,项目名称:notary,代码行数:26,代码来源:validation_test.go
示例6: TestValidateTargetsModifiedHash
func TestValidateTargetsModifiedHash(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
snap, err := data.SnapshotFromSigned(sn)
require.NoError(t, err)
snap.Signed.Meta["targets"].Hashes["sha256"][0] = snap.Signed.Meta["targets"].Hashes["sha256"][0] ^ 0xff
sn, err = snap.ToSigned()
require.NoError(t, err)
root, targets, snapshot, timestamp, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
updates := []storage.MetaUpdate{root, targets, snapshot, timestamp}
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.Error(t, err)
require.IsType(t, validation.ErrBadSnapshot{}, err)
}
开发者ID:cyli,项目名称:notary,代码行数:26,代码来源:validation_test.go
示例7: TestValidateRootCanContainOnlyx509KeysWithRightGun
func TestValidateRootCanContainOnlyx509KeysWithRightGun(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo("wrong/gun")
require.NoError(t, err)
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
// if the root has the wrong gun, the server will fail to validate
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, snapshot, timestamp, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
_, err = validateUpdate(serverCrypto, gun,
[]storage.MetaUpdate{root, targets, snapshot, timestamp},
storage.NewMemStorage())
require.Error(t, err)
require.IsType(t, validation.ErrBadRoot{}, err)
// create regular non-x509 keys - change the root keys to one that is not
// an x509 key - it should also fail to validate
newRootKey, err := cs.Create(data.CanonicalRootRole, gun, data.ECDSAKey)
require.NoError(t, err)
require.NoError(t, repo.ReplaceBaseKeys(data.CanonicalRootRole, newRootKey))
r, tg, sn, ts, err = testutils.Sign(repo)
require.NoError(t, err)
root, targets, snapshot, timestamp, err = getUpdates(r, tg, sn, ts)
require.NoError(t, err)
_, err = validateUpdate(serverCrypto, gun,
[]storage.MetaUpdate{root, targets, snapshot, timestamp},
storage.NewMemStorage())
require.Error(t, err)
require.IsType(t, validation.ErrBadRoot{}, err)
}
开发者ID:cyli,项目名称:notary,代码行数:35,代码来源:validation_test.go
示例8: TestValidateRootModifiedSize
// ### Snapshot size mismatch negative tests ###
func TestValidateRootModifiedSize(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
// add another copy of the signature so the hash is different
r.Signatures = append(r.Signatures, r.Signatures[0])
root, targets, snapshot, timestamp, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
// flip all the bits in the first byte
root.Data[0] = root.Data[0] ^ 0xff
updates := []storage.MetaUpdate{root, targets, snapshot, timestamp}
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.Error(t, err)
require.IsType(t, validation.ErrBadRoot{}, err)
}
开发者ID:cyli,项目名称:notary,代码行数:26,代码来源:validation_test.go
示例9: TestValidateRootInvalidTimestampThreshold
// If the timestamp role has a threshold > 1, validation fails.
func TestValidateRootInvalidTimestampThreshold(t *testing.T) {
gun := "docker.com/notary"
oldRepo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
tsKey2, err := testutils.CreateKey(cs, gun, "timestamp2", data.ECDSAKey)
require.NoError(t, err)
oldRepo.AddBaseKeys(data.CanonicalTimestampRole, tsKey2)
tsRole, ok := oldRepo.Root.Signed.Roles[data.CanonicalTimestampRole]
require.True(t, ok)
tsRole.Threshold = 2
r, tg, sn, ts, err := testutils.Sign(oldRepo)
require.NoError(t, err)
root, targets, snapshot, _, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
store := storage.NewMemStorage()
updates := []storage.MetaUpdate{root, targets, snapshot}
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.Error(t, err)
require.IsType(t, validation.ErrBadRoot{}, err)
}
开发者ID:cyli,项目名称:notary,代码行数:26,代码来源:validation_test.go
示例10: TestValidateOldRoot
func TestValidateOldRoot(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, snapshot, timestamp, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
store.UpdateCurrent(gun, root)
updates := []storage.MetaUpdate{root, targets, snapshot, timestamp}
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.NoError(t, err)
}
开发者ID:cyli,项目名称:notary,代码行数:18,代码来源:validation_test.go
示例11: TestValidateSnapshotMissingNoSnapshotKey
func TestValidateSnapshotMissingNoSnapshotKey(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, _, _, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
updates := []storage.MetaUpdate{root, targets}
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.Error(t, err)
require.IsType(t, validation.ErrBadHierarchy{}, err)
}
开发者ID:cyli,项目名称:notary,代码行数:18,代码来源:validation_test.go
示例12: TestValidateTargetsRoleMissing
func TestValidateTargetsRoleMissing(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := storage.NewMemStorage()
delete(repo.Root.Signed.Roles, "targets")
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, snapshot, timestamp, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
updates := []storage.MetaUpdate{root, targets, snapshot, timestamp}
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.Error(t, err)
require.IsType(t, validation.ErrBadRoot{}, err)
}
开发者ID:cyli,项目名称:notary,代码行数:20,代码来源:validation_test.go
示例13: TestValidateSnapshotGenerateWithPrev
func TestValidateSnapshotGenerateWithPrev(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := storage.NewMemStorage()
snapRole, err := repo.GetBaseRole(data.CanonicalSnapshotRole)
require.NoError(t, err)
for _, k := range snapRole.Keys {
err := store.SetKey(gun, data.CanonicalSnapshotRole, k.Algorithm(), k.Public())
require.NoError(t, err)
}
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, snapshot, _, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
updates := []storage.MetaUpdate{root, targets}
// set the current snapshot in the store manually so we find it when generating
// the next version
store.UpdateCurrent(gun, snapshot)
prev, err := data.SnapshotFromSigned(sn)
require.NoError(t, err)
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole, data.CanonicalSnapshotRole)
updates, err = validateUpdate(serverCrypto, gun, updates, store)
require.NoError(t, err)
for _, u := range updates {
if u.Role == data.CanonicalSnapshotRole {
curr := &data.SignedSnapshot{}
err = json.Unmarshal(u.Data, curr)
require.NoError(t, err)
require.Equal(t, prev.Signed.Version+1, curr.Signed.Version)
require.Equal(t, u.Version, curr.Signed.Version)
}
}
}
开发者ID:cyli,项目名称:notary,代码行数:41,代码来源:validation_test.go
示例14: TestValidateRootGetCurrentRootBroken
// We cannot validate a new root if we cannot get the old root from the DB (
// and cannot detect whether there was an old root or not), because there might
// have been an old root and we can't determine if the new root represents a
// root key rotation.
func TestValidateRootGetCurrentRootBroken(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := getFailStore{
MetaStore: storage.NewMemStorage(),
errsToReturn: map[string]error{data.CanonicalRootRole: data.ErrNoSuchRole{}},
}
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, snapshot, timestamp, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
updates := []storage.MetaUpdate{root, targets, snapshot, timestamp}
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.Error(t, err)
require.IsType(t, data.ErrNoSuchRole{}, err)
}
开发者ID:cyli,项目名称:notary,代码行数:25,代码来源:validation_test.go
示例15: TestValidateSnapshotCorrupt
func TestValidateSnapshotCorrupt(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, snapshot, timestamp, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
// flip all the bits in the first byte
snapshot.Data[0] = snapshot.Data[0] ^ 0xff
updates := []storage.MetaUpdate{root, targets, snapshot, timestamp}
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.Error(t, err)
require.IsType(t, validation.ErrBadSnapshot{}, err)
}
开发者ID:cyli,项目名称:notary,代码行数:21,代码来源:validation_test.go
示例16: TestValidatePreviousTimestampCorrupt
func TestValidatePreviousTimestampCorrupt(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, snapshot, timestamp, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
updates := []storage.MetaUpdate{root, targets, snapshot}
// have corrupt timestamp data in the storage already
store := storage.NewMemStorage()
timestamp.Data = timestamp.Data[1:]
store.UpdateCurrent(gun, timestamp)
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.Error(t, err)
require.IsType(t, &json.SyntaxError{}, err)
}
开发者ID:cyli,项目名称:notary,代码行数:22,代码来源:validation_test.go
示例17: TestValidateEmptyNew
func TestValidateEmptyNew(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, snapshot, timestamp, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
updates := []storage.MetaUpdate{root, targets, snapshot, timestamp}
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
updates, err = validateUpdate(serverCrypto, gun, updates, store)
require.NoError(t, err)
// we generated our own timestamp, and did not take the other timestamp,
// but all other metadata should come from updates
founds := make(map[string]bool)
for _, update := range updates {
switch update.Role {
case data.CanonicalRootRole:
require.True(t, bytes.Equal(update.Data, root.Data))
founds[data.CanonicalRootRole] = true
case data.CanonicalSnapshotRole:
require.True(t, bytes.Equal(update.Data, snapshot.Data))
founds[data.CanonicalSnapshotRole] = true
case data.CanonicalTargetsRole:
require.True(t, bytes.Equal(update.Data, targets.Data))
founds[data.CanonicalTargetsRole] = true
case data.CanonicalTimestampRole:
require.False(t, bytes.Equal(update.Data, timestamp.Data))
founds[data.CanonicalTimestampRole] = true
}
}
require.Len(t, founds, 4)
}
开发者ID:cyli,项目名称:notary,代码行数:38,代码来源:validation_test.go
示例18: TestValidateRootInvalidZeroThreshold
// If any role has a threshold < 1, validation fails
func TestValidateRootInvalidZeroThreshold(t *testing.T) {
for _, role := range data.BaseRoles {
gun := "docker.com/notary"
oldRepo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
tsRole, ok := oldRepo.Root.Signed.Roles[role]
require.True(t, ok)
tsRole.Threshold = 0
r, tg, sn, ts, err := testutils.Sign(oldRepo)
require.NoError(t, err)
root, targets, snapshot, _, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
store := storage.NewMemStorage()
updates := []storage.MetaUpdate{root, targets, snapshot}
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.Error(t, err)
require.Contains(t, err.Error(), "invalid threshold")
}
}
开发者ID:cyli,项目名称:notary,代码行数:24,代码来源:validation_test.go
示例19: TestValidateOldRootCorrupt
func TestValidateOldRootCorrupt(t *testing.T) {
gun := "docker.com/notary"
repo, cs, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := storage.NewMemStorage()
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
root, targets, snapshot, timestamp, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
badRoot := storage.MetaUpdate{
Version: root.Version,
Role: root.Role,
Data: root.Data[1:],
}
store.UpdateCurrent(gun, badRoot)
updates := []storage.MetaUpdate{root, targets, snapshot, timestamp}
serverCrypto := testutils.CopyKeys(t, cs, data.CanonicalTimestampRole)
_, err = validateUpdate(serverCrypto, gun, updates, store)
require.Error(t, err)
require.IsType(t, &json.SyntaxError{}, err)
}
开发者ID:cyli,项目名称:notary,代码行数:24,代码来源:validation_test.go
示例20: TestRootRotationNotSignedWithOldKeysForOldRole
// A root rotation must be signed with old and new root keys such that it satisfies
// the old and new roles, otherwise the new root fails to validate
func TestRootRotationNotSignedWithOldKeysForOldRole(t *testing.T) {
gun := "docker.com/notary"
repo, crypto, err := testutils.EmptyRepo(gun)
require.NoError(t, err)
store := storage.NewMemStorage()
serverCrypto := testutils.CopyKeys(t, crypto, data.CanonicalTimestampRole)
oldRootKeyID := repo.Root.Signed.Roles[data.CanonicalRootRole].KeyIDs[0]
// make the original root have 2 keys with a threshold of 2
pairedRootKeys := make([]data.PublicKey, 2)
for i := 0; i < len(pairedRootKeys); i++ {
pairedRootKeys[i], err = testutils.CreateKey(crypto, gun, data.CanonicalRootRole, data.ECDSAKey)
require.NoError(t, err)
}
require.NoError(t, repo.ReplaceBaseKeys(data.CanonicalRootRole, pairedRootKeys...))
repo.Root.Signed.Roles[data.CanonicalRootRole].Threshold = 2
r, tg, sn, ts, err := testutils.Sign(repo)
require.NoError(t, err)
require.Len(t, r.Signatures, 3)
root, targets, snapshot, timestamp, err := getUpdates(r, tg, sn, ts)
require.NoError(t, err)
updates := []storage.MetaUpdate{root, targets, snapshot, timestamp}
require.NoError(t, store.UpdateMany(gun, updates))
finalRootKey, err := testutils.CreateKey(crypto, gun, data.CanonicalRootRole, data.ECDSAKey)
require.NoError(t, err)
repo.Root.Signed.Roles[data.CanonicalRootRole].Threshold = 1
require.NoError(t, repo.ReplaceBaseKeys(data.CanonicalRootRole, finalRootKey))
r, err = repo.SignRoot(data.DefaultExpires(data.CanonicalRootRole))
require.NoError(t, err)
origSigs := r.Signatures
// make sure it's signed with only one of the previous keys and the new key
sigs := make([]data.Signature, 0, 2)
for _, sig := range origSigs {
if sig.KeyID == pairedRootKeys[0].ID() || sig.KeyID == finalRootKey.ID() {
sigs = append(sigs, sig)
}
}
require.Len(t, sigs, 2)
repo.Root.Signatures = sigs
r.Signatures = sigs
sn, err = repo.SignSnapshot(data.DefaultExpires(data.CanonicalSnapshotRole))
require.NoError(t, err)
root, targets, snapshot, timestamp, err = getUpdates(r, tg, sn, ts)
require.NoError(t, err)
_, err = validateUpdate(serverCrypto, gun, []storage.MetaUpdate{root, snapshot}, store)
require.Error(t, err)
require.Contains(t, err.Error(), "could not rotate trust to a new trusted root")
// now sign with both of the pair and the new one
sigs = make([]data.Signature, 0, 3)
for _, sig := range origSigs {
if sig.KeyID != oldRootKeyID {
sigs = append(sigs, sig)
}
}
require.Len(t, sigs, 3)
repo.Root.Signatures = sigs
r.Signatures = sigs
sn, err = repo.SignSnapshot(data.DefaultExpires(data.CanonicalSnapshotRole))
require.NoError(t, err)
root, _, snapshot, _, err = getUpdates(r, tg, sn, ts)
require.NoError(t, err)
_, err = validateUpdate(serverCrypto, gun, []storage.MetaUpdate{root, snapshot}, store)
require.NoError(t, err)
}
开发者ID:cyli,项目名称:notary,代码行数:77,代码来源:validation_test.go
注:本文中的github.com/docker/notary/tuf/testutils.CopyKeys函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
客服电话
APP下载
官方微信
请发表评论