本文整理匯總了Golang中github.com/docker/notary/tuf.NewRepo函數的典型用法代碼示例。如果您正苦於以下問題:Golang NewRepo函數的具體用法?Golang NewRepo怎麽用?Golang NewRepo使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了NewRepo函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。
示例1: TestRotationNewSigMissing
func TestRotationNewSigMissing(t *testing.T) {
logrus.SetLevel(logrus.DebugLevel)
kdb := keys.NewDB()
signer := signed.NewEd25519()
repo := tuf.NewRepo(kdb, signer)
remote := store.NewMemoryStore(nil, nil)
cache := store.NewMemoryStore(nil, nil)
// Generate initial root key and role and add to key DB
rootKey, err := signer.Create("root", data.ED25519Key)
assert.NoError(t, err, "Error creating root key")
rootRole, err := data.NewRole("root", 1, []string{rootKey.ID()}, nil, nil)
assert.NoError(t, err, "Error creating root role")
kdb.AddKey(rootKey)
err = kdb.AddRole(rootRole)
assert.NoError(t, err, "Error adding root role to db")
// Generate new key and role. These will appear in the root.json
// but will not be added to the keyDB.
replacementKey, err := signer.Create("root", data.ED25519Key)
assert.NoError(t, err, "Error creating replacement root key")
replacementRole, err := data.NewRole("root", 1, []string{replacementKey.ID()}, nil, nil)
assert.NoError(t, err, "Error creating replacement root role")
assert.NotEqual(t, rootKey.ID(), replacementKey.ID(), "Key IDs are the same")
// Generate a new root with the replacement key and role
testRoot, err := data.NewRoot(
map[string]data.PublicKey{replacementKey.ID(): replacementKey},
map[string]*data.RootRole{"root": &replacementRole.RootRole},
false,
)
assert.NoError(t, err, "Failed to create new root")
_, ok := testRoot.Signed.Keys[rootKey.ID()]
assert.False(t, ok, "Old root key appeared in test root")
// Sign testRoot with both old and new keys
signedRoot, err := testRoot.ToSigned()
err = signed.Sign(signer, signedRoot, rootKey)
assert.NoError(t, err, "Failed to sign root")
var origKeySig bool
var replKeySig bool
for _, sig := range signedRoot.Signatures {
if sig.KeyID == rootKey.ID() {
origKeySig = true
} else if sig.KeyID == replacementKey.ID() {
replKeySig = true
}
}
assert.True(t, origKeySig, "Original root key signature not present")
assert.False(t, replKeySig, "Replacement root key signature was present and shouldn't be")
client := NewClient(repo, remote, kdb, cache)
err = client.verifyRoot("root", signedRoot, 0)
assert.Error(t, err, "Should have errored on verify as replacement signature was missing.")
}
示例2: TestRotation
func TestRotation(t *testing.T) {
signer := signed.NewEd25519()
repo := tuf.NewRepo(signer)
remote := store.NewMemoryStore(nil)
cache := store.NewMemoryStore(nil)
// Generate initial root key and role and add to key DB
rootKey, err := signer.Create("root", data.ED25519Key)
assert.NoError(t, err, "Error creating root key")
rootRole, err := data.NewRole("root", 1, []string{rootKey.ID()}, nil)
assert.NoError(t, err, "Error creating root role")
originalRoot, err := data.NewRoot(
map[string]data.PublicKey{rootKey.ID(): rootKey},
map[string]*data.RootRole{"root": &rootRole.RootRole},
false,
)
repo.Root = originalRoot
// Generate new key and role.
replacementKey, err := signer.Create("root", data.ED25519Key)
assert.NoError(t, err, "Error creating replacement root key")
replacementRole, err := data.NewRole("root", 1, []string{replacementKey.ID()}, nil)
assert.NoError(t, err, "Error creating replacement root role")
// Generate a new root with the replacement key and role
testRoot, err := data.NewRoot(
map[string]data.PublicKey{replacementKey.ID(): replacementKey},
map[string]*data.RootRole{
data.CanonicalRootRole: &replacementRole.RootRole,
data.CanonicalSnapshotRole: &replacementRole.RootRole,
data.CanonicalTargetsRole: &replacementRole.RootRole,
data.CanonicalTimestampRole: &replacementRole.RootRole,
},
false,
)
assert.NoError(t, err, "Failed to create new root")
// Sign testRoot with both old and new keys
signedRoot, err := testRoot.ToSigned()
err = signed.Sign(signer, signedRoot, rootKey, replacementKey)
assert.NoError(t, err, "Failed to sign root")
var origKeySig bool
var replKeySig bool
for _, sig := range signedRoot.Signatures {
if sig.KeyID == rootKey.ID() {
origKeySig = true
} else if sig.KeyID == replacementKey.ID() {
replKeySig = true
}
}
assert.True(t, origKeySig, "Original root key signature not present")
assert.True(t, replKeySig, "Replacement root key signature not present")
client := NewClient(repo, remote, cache)
err = client.verifyRoot("root", signedRoot, 0)
assert.NoError(t, err, "Failed to verify key rotated root")
}
示例3: bootstrapClient
func (r *NotaryRepository) bootstrapClient() (*tufclient.Client, error) {
var rootJSON []byte
remote, err := getRemoteStore(r.baseURL, r.gun, r.roundTrip)
if err == nil {
// if remote store successfully set up, try and get root from remote
rootJSON, err = remote.GetMeta("root", maxSize)
}
// if remote store couldn't be setup, or we failed to get a root from it
// load the root from cache (offline operation)
if err != nil {
if err, ok := err.(store.ErrMetaNotFound); ok {
// if the error was MetaNotFound then we successfully contacted
// the store and it doesn't know about the repo.
return nil, err
}
result, cacheErr := r.fileStore.GetMeta("root", maxSize)
if cacheErr != nil {
// if cache didn't return a root, we cannot proceed - just return
// the original error.
return nil, err
}
rootJSON = result
logrus.Debugf(
"Using local cache instead of remote due to failure: %s", err.Error())
}
// can't just unmarshal into SignedRoot because validate root
// needs the root.Signed field to still be []byte for signature
// validation
root := &data.Signed{}
err = json.Unmarshal(rootJSON, root)
if err != nil {
return nil, err
}
err = r.CertManager.ValidateRoot(root, r.gun)
if err != nil {
return nil, err
}
kdb := keys.NewDB()
r.tufRepo = tuf.NewRepo(kdb, r.CryptoService)
signedRoot, err := data.RootFromSigned(root)
if err != nil {
return nil, err
}
err = r.tufRepo.SetRoot(signedRoot)
if err != nil {
return nil, err
}
return tufclient.NewClient(
r.tufRepo,
remote,
kdb,
r.fileStore,
), nil
}
示例4: DeleteTrustData
// DeleteTrustData removes the trust data stored for this repo in the TUF cache on the client side
func (r *NotaryRepository) DeleteTrustData() error {
// Clear TUF files and cache
if err := r.fileStore.RemoveAll(); err != nil {
return fmt.Errorf("error clearing TUF repo data: %v", err)
}
r.tufRepo = tuf.NewRepo(nil)
return nil
}
示例5: TestValidateTargetsRoleNotInParent
func TestValidateTargetsRoleNotInParent(t *testing.T) {
baseRepo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
level1Key, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
r, err := data.NewRole("targets/level1", 1, []string{level1Key.ID()}, []string{""})
baseRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Roles = []*data.Role{r}
baseRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Keys = data.Keys{
level1Key.ID(): level1Key,
}
baseRepo.InitTargets("targets/level1")
del, err := baseRepo.SignTargets("targets/level1", data.DefaultExpires(data.CanonicalTargetsRole))
assert.NoError(t, err)
delJSON, err := json.Marshal(del)
assert.NoError(t, err)
delUpdate := storage.MetaUpdate{
Role: "targets/level1",
Version: 1,
Data: delJSON,
}
// set back to empty so stored targets doesn't have reference to level1
baseRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Roles = nil
baseRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Keys = nil
targets, err := baseRepo.SignTargets(data.CanonicalTargetsRole, data.DefaultExpires(data.CanonicalTargetsRole))
tgtsJSON, err := json.Marshal(targets)
assert.NoError(t, err)
update := storage.MetaUpdate{
Role: data.CanonicalTargetsRole,
Version: 1,
Data: tgtsJSON,
}
store.UpdateCurrent("gun", update)
roles := map[string]storage.MetaUpdate{
"targets/level1": delUpdate,
data.CanonicalTargetsRole: update,
}
valRepo := tuf.NewRepo(nil)
valRepo.SetRoot(baseRepo.Root)
// because we sort the roles, the list of returned updates
// will contain shallower roles first, in this case "targets",
// and then "targets/level1"
updates, err := loadAndValidateTargets("gun", valRepo, roles, store)
assert.NoError(t, err)
assert.Len(t, updates, 1)
assert.Equal(t, data.CanonicalTargetsRole, updates[0].Role)
assert.Equal(t, tgtsJSON, updates[0].Data)
}
示例6: TestValidateTargetsParentInUpdate
func TestValidateTargetsParentInUpdate(t *testing.T) {
_, baseRepo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
k, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
r, err := data.NewRole("targets/level1", 1, []string{k.ID()}, []string{""}, nil)
assert.NoError(t, err)
baseRepo.UpdateDelegations(r, []data.PublicKey{k})
// no targets file is created for the new delegations, so force one
baseRepo.InitTargets("targets/level1")
targets, err := baseRepo.SignTargets("targets", data.DefaultExpires(data.CanonicalTargetsRole))
tgtsJSON, err := json.Marshal(targets)
assert.NoError(t, err)
update := storage.MetaUpdate{
Role: data.CanonicalTargetsRole,
Version: 1,
Data: tgtsJSON,
}
store.UpdateCurrent("gun", update)
del, err := baseRepo.SignTargets("targets/level1", data.DefaultExpires(data.CanonicalTargetsRole))
assert.NoError(t, err)
delJSON, err := json.Marshal(del)
assert.NoError(t, err)
delUpdate := storage.MetaUpdate{
Role: "targets/level1",
Version: 1,
Data: delJSON,
}
roles := map[string]storage.MetaUpdate{
"targets/level1": delUpdate,
"targets": update,
}
kdb := keys.NewDB()
valRepo := tuf.NewRepo(kdb, nil)
valRepo.SetRoot(baseRepo.Root)
// because we sort the roles, the list of returned updates
// will contain shallower roles first, in this case "targets",
// and then "targets/level1"
updates, err := loadAndValidateTargets("gun", valRepo, roles, kdb, store)
assert.NoError(t, err)
assert.Len(t, updates, 2)
assert.Equal(t, "targets", updates[0].Role)
assert.Equal(t, tgtsJSON, updates[0].Data)
assert.Equal(t, "targets/level1", updates[1].Role)
assert.Equal(t, delJSON, updates[1].Data)
}
示例7: TestValidateTargetsRoleNotInParent
func TestValidateTargetsRoleNotInParent(t *testing.T) {
kdb, baseRepo, cs := testutils.EmptyRepo()
store := storage.NewMemStorage()
k, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
r, err := data.NewRole("targets/level1", 1, []string{k.ID()}, []string{""}, nil)
assert.NoError(t, err)
kdb.AddKey(k)
err = kdb.AddRole(r)
assert.NoError(t, err)
baseRepo.InitTargets("targets/level1")
targets, err := baseRepo.SignTargets("targets", data.DefaultExpires(data.CanonicalTargetsRole))
tgtsJSON, err := json.MarshalCanonical(targets)
assert.NoError(t, err)
update := storage.MetaUpdate{
Role: data.CanonicalTargetsRole,
Version: 1,
Data: tgtsJSON,
}
store.UpdateCurrent("gun", update)
del, err := baseRepo.SignTargets("targets/level1", data.DefaultExpires(data.CanonicalTargetsRole))
assert.NoError(t, err)
delJSON, err := json.MarshalCanonical(del)
assert.NoError(t, err)
delUpdate := storage.MetaUpdate{
Role: "targets/level1",
Version: 1,
Data: delJSON,
}
roles := map[string]storage.MetaUpdate{
"targets/level1": delUpdate,
"targets": update,
}
kdb = keys.NewDB()
valRepo := tuf.NewRepo(kdb, nil)
valRepo.SetRoot(baseRepo.Root)
// because we sort the roles, the list of returned updates
// will contain shallower roles first, in this case "targets",
// and then "targets/level1"
updates, err := loadAndValidateTargets("gun", valRepo, roles, kdb, store)
assert.NoError(t, err)
assert.Len(t, updates, 1)
assert.Equal(t, "targets", updates[0].Role)
assert.Equal(t, tgtsJSON, updates[0].Data)
}
示例8: TestValidateTargetsLoadParent
func TestValidateTargetsLoadParent(t *testing.T) {
_, baseRepo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
k, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
r, err := data.NewRole("targets/level1", 1, []string{k.ID()}, []string{""}, nil)
assert.NoError(t, err)
err = baseRepo.UpdateDelegations(r, []data.PublicKey{k})
assert.NoError(t, err)
// no targets file is created for the new delegations, so force one
baseRepo.InitTargets("targets/level1")
// we're not going to validate things loaded from storage, so no need
// to sign the base targets, just Marshal it and set it into storage
tgtsJSON, err := json.Marshal(baseRepo.Targets["targets"])
assert.NoError(t, err)
update := storage.MetaUpdate{
Role: data.CanonicalTargetsRole,
Version: 1,
Data: tgtsJSON,
}
store.UpdateCurrent("gun", update)
// generate the update object we're doing to use to call loadAndValidateTargets
del, err := baseRepo.SignTargets("targets/level1", data.DefaultExpires(data.CanonicalTargetsRole))
assert.NoError(t, err)
delJSON, err := json.Marshal(del)
assert.NoError(t, err)
delUpdate := storage.MetaUpdate{
Role: "targets/level1",
Version: 1,
Data: delJSON,
}
roles := map[string]storage.MetaUpdate{"targets/level1": delUpdate}
kdb := keys.NewDB()
valRepo := tuf.NewRepo(kdb, nil)
valRepo.SetRoot(baseRepo.Root)
updates, err := loadAndValidateTargets("gun", valRepo, roles, kdb, store)
assert.NoError(t, err)
assert.Len(t, updates, 1)
assert.Equal(t, "targets/level1", updates[0].Role)
assert.Equal(t, delJSON, updates[0].Data)
}
示例9: TestSwizzlerChangeRootKey
// This changes the root key
func TestSwizzlerChangeRootKey(t *testing.T) {
f, origMeta := createNewSwizzler(t)
f.ChangeRootKey()
tufRepo := tuf.NewRepo(f.CryptoService)
// we want to test these in a specific order
roles := []string{data.CanonicalRootRole, data.CanonicalTargetsRole, data.CanonicalSnapshotRole,
data.CanonicalTimestampRole, "targets/a", "targets/a/b"}
for _, role := range roles {
origMeta := origMeta[role]
newMeta, err := f.MetadataCache.GetMeta(role, -1)
require.NoError(t, err)
// the threshold for base roles is set in root
switch role {
case data.CanonicalRootRole:
require.False(t, bytes.Equal(origMeta, newMeta))
origRoot, newRoot := &data.SignedRoot{}, &data.SignedRoot{}
require.NoError(t, json.Unmarshal(origMeta, origRoot))
require.NoError(t, json.Unmarshal(newMeta, newRoot))
require.NotEqual(t, len(origRoot.Signed.Keys), len(newRoot.Signed.Keys))
var rootRole data.Role
for r, origRole := range origRoot.Signed.Roles {
newRole := newRoot.Signed.Roles[r]
require.Len(t, origRole.KeyIDs, 1)
require.Len(t, newRole.KeyIDs, 1)
if r == data.CanonicalRootRole {
require.NotEqual(t, origRole.KeyIDs[0], newRole.KeyIDs[0])
rootRole = data.Role{RootRole: *newRole, Name: data.CanonicalRootRole}
} else {
require.Equal(t, origRole.KeyIDs[0], newRole.KeyIDs[0])
}
}
require.NoError(t, tufRepo.SetRoot(newRoot))
signedThing, err := newRoot.ToSigned()
require.NoError(t, err)
newKey := newRoot.Signed.Keys[rootRole.KeyIDs[0]]
require.NoError(t, signed.Verify(signedThing,
data.BaseRole{Name: data.CanonicalRootRole, Keys: map[string]data.PublicKey{newKey.ID(): newKey}, Threshold: 1}, 1))
default:
require.True(t, bytes.Equal(origMeta, newMeta), "bytes have changed for role %s", role)
}
}
}
示例10: EmptyRepo
// EmptyRepo creates an in memory crypto service
// and initializes a repo with no targets. Delegations are only created
// if delegation roles are passed in.
func EmptyRepo(gun string, delegationRoles ...string) (*tuf.Repo, signed.CryptoService, error) {
cs := cryptoservice.NewCryptoService(
gun, trustmanager.NewKeyMemoryStore(passphrase.ConstantRetriever("")))
r := tuf.NewRepo(cs)
baseRoles := map[string]data.BaseRole{}
for _, role := range data.BaseRoles {
key, err := createKey(cs, gun, role)
if err != nil {
return nil, nil, err
}
baseRoles[role] = data.NewBaseRole(
role,
1,
key,
)
}
r.InitRoot(
baseRoles[data.CanonicalRootRole],
baseRoles[data.CanonicalTimestampRole],
baseRoles[data.CanonicalSnapshotRole],
baseRoles[data.CanonicalTargetsRole],
false,
)
r.InitTargets(data.CanonicalTargetsRole)
r.InitSnapshot()
r.InitTimestamp()
// sort the delegation roles so that we make sure to create the parents
// first
sort.Strings(delegationRoles)
for _, delgName := range delegationRoles {
// create a delegations key and a delegation in the tuf repo
delgKey, err := createKey(cs, gun, delgName)
if err != nil {
return nil, nil, err
}
role, err := data.NewRole(delgName, 1, []string{}, []string{""})
if err != nil {
return nil, nil, err
}
if err := r.UpdateDelegations(role, []data.PublicKey{delgKey}); err != nil {
return nil, nil, err
}
}
return r, cs, nil
}
示例11: EmptyRepo
// EmptyRepo creates an in memory key database, crypto service
// and initializes a repo with no targets or delegations.
func EmptyRepo() (*keys.KeyDB, *tuf.Repo, signed.CryptoService) {
c := signed.NewEd25519()
kdb := keys.NewDB()
r := tuf.NewRepo(kdb, c)
for _, role := range []string{"root", "targets", "snapshot", "timestamp"} {
key, _ := c.Create(role, data.ED25519Key)
role, _ := data.NewRole(role, 1, []string{key.ID()}, nil, nil)
kdb.AddKey(key)
kdb.AddRole(role)
}
r.InitRepo(false)
return kdb, r, c
}
示例12: TestChecksumMatch
func TestChecksumMatch(t *testing.T) {
repo := tuf.NewRepo(nil, nil)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, nil, localStorage)
sampleTargets := data.NewTargets()
orig, err := json.Marshal(sampleTargets)
origSha256 := sha256.Sum256(orig)
assert.NoError(t, err)
remoteStorage.SetMeta("targets", orig)
_, _, err = client.downloadSigned("targets", int64(len(orig)), origSha256[:])
assert.NoError(t, err)
}
示例13: TestApplyChangelist
func TestApplyChangelist(t *testing.T) {
kdb := keys.NewDB()
role, err := data.NewRole("targets", 1, nil, nil, nil)
assert.NoError(t, err)
kdb.AddRole(role)
repo := tuf.NewRepo(kdb, nil)
err = repo.InitTargets()
assert.NoError(t, err)
hash := sha256.Sum256([]byte{})
f := &data.FileMeta{
Length: 1,
Hashes: map[string][]byte{
"sha256": hash[:],
},
}
fjson, err := json.Marshal(f)
assert.NoError(t, err)
cl := changelist.NewMemChangelist()
addChange := &changelist.TufChange{
Actn: changelist.ActionCreate,
Role: changelist.ScopeTargets,
ChangeType: "target",
ChangePath: "latest",
Data: fjson,
}
cl.Add(addChange)
err = applyChangelist(repo, cl)
assert.NoError(t, err)
assert.NotNil(t, repo.Targets["targets"].Signed.Targets["latest"])
cl.Clear("")
removeChange := &changelist.TufChange{
Actn: changelist.ActionDelete,
Role: changelist.ScopeTargets,
ChangeType: "target",
ChangePath: "latest",
Data: nil,
}
cl.Add(removeChange)
err = applyChangelist(repo, cl)
assert.NoError(t, err)
_, ok := repo.Targets["targets"].Signed.Targets["latest"]
assert.False(t, ok)
}
示例14: bootstrapRepo
// bootstrapRepo loads the repository from the local file system. This attempts
// to load metadata for all roles. Since server snapshots are supported,
// if the snapshot metadata fails to load, that's ok.
// This can also be unified with some cache reading tools from tuf/client.
// This assumes that bootstrapRepo is only used by Publish()
func (r *NotaryRepository) bootstrapRepo() error {
kdb := keys.NewDB()
tufRepo := tuf.NewRepo(kdb, r.CryptoService)
logrus.Debugf("Loading trusted collection.")
rootJSON, err := r.fileStore.GetMeta("root", 0)
if err != nil {
return err
}
root := &data.SignedRoot{}
err = json.Unmarshal(rootJSON, root)
if err != nil {
return err
}
err = tufRepo.SetRoot(root)
if err != nil {
return err
}
targetsJSON, err := r.fileStore.GetMeta("targets", 0)
if err != nil {
return err
}
targets := &data.SignedTargets{}
err = json.Unmarshal(targetsJSON, targets)
if err != nil {
return err
}
tufRepo.SetTargets("targets", targets)
snapshotJSON, err := r.fileStore.GetMeta("snapshot", 0)
if err == nil {
snapshot := &data.SignedSnapshot{}
err = json.Unmarshal(snapshotJSON, snapshot)
if err != nil {
return err
}
tufRepo.SetSnapshot(snapshot)
} else if _, ok := err.(store.ErrMetaNotFound); !ok {
return err
}
r.tufRepo = tufRepo
return nil
}
示例15: DeleteTrustData
// DeleteTrustData removes the trust data stored for this repo in the TUF cache on the client side
// Note that we will not delete any private key material from local storage
func (r *NotaryRepository) DeleteTrustData(deleteRemote bool) error {
// Clear local TUF files and cache
if err := r.fileStore.RemoveAll(); err != nil {
return fmt.Errorf("error clearing TUF repo data: %v", err)
}
r.tufRepo = tuf.NewRepo(nil)
// Note that this will require admin permission in this NotaryRepository's roundtripper
if deleteRemote {
remote, err := getRemoteStore(r.baseURL, r.gun, r.roundTrip)
if err != nil {
return err
}
if err := remote.RemoveAll(); err != nil {
return err
}
}
return nil
}