本文整理匯總了Golang中github.com/docker/notary/tuf/data.DefaultExpires函數的典型用法代碼示例。如果您正苦於以下問題:Golang DefaultExpires函數的具體用法?Golang DefaultExpires怎麽用?Golang DefaultExpires使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了DefaultExpires函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。
示例1: writeRepo
func writeRepo(t *testing.T, dir string, repo *Repo) {
err := os.MkdirAll(dir, 0755)
assert.NoError(t, err)
signedRoot, err := repo.SignRoot(data.DefaultExpires("root"))
assert.NoError(t, err)
rootJSON, _ := json.Marshal(signedRoot)
ioutil.WriteFile(dir+"/root.json", rootJSON, 0755)
for r := range repo.Targets {
signedTargets, err := repo.SignTargets(r, data.DefaultExpires("targets"))
assert.NoError(t, err)
targetsJSON, _ := json.Marshal(signedTargets)
p := path.Join(dir, r+".json")
parentDir := filepath.Dir(p)
os.MkdirAll(parentDir, 0755)
ioutil.WriteFile(p, targetsJSON, 0755)
}
signedSnapshot, err := repo.SignSnapshot(data.DefaultExpires("snapshot"))
assert.NoError(t, err)
snapshotJSON, _ := json.Marshal(signedSnapshot)
ioutil.WriteFile(dir+"/snapshot.json", snapshotJSON, 0755)
signedTimestamp, err := repo.SignTimestamp(data.DefaultExpires("timestamp"))
assert.NoError(t, err)
timestampJSON, _ := json.Marshal(signedTimestamp)
ioutil.WriteFile(dir+"/timestamp.json", timestampJSON, 0755)
}示例2: TestDownloadSnapshotHappy
func TestDownloadSnapshotHappy(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := store.NewMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
// create and "upload" sample snapshot and timestamp
signedOrig, err := repo.SignSnapshot(data.DefaultExpires("snapshot"))
assert.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
err = remoteStorage.SetMeta("snapshot", orig)
assert.NoError(t, err)
signedOrig, err = repo.SignTimestamp(data.DefaultExpires("timestamp"))
assert.NoError(t, err)
orig, err = json.Marshal(signedOrig)
assert.NoError(t, err)
err = remoteStorage.SetMeta("timestamp", orig)
assert.NoError(t, err)
err = client.downloadSnapshot()
assert.NoError(t, err)
}示例3: TestGetTimestampNewSnapshot
func TestGetTimestampNewSnapshot(t *testing.T) {
store := storage.NewMemStorage()
crypto := signed.NewEd25519()
snapshot := &data.SignedSnapshot{
Signed: data.Snapshot{
Expires: data.DefaultExpires(data.CanonicalSnapshotRole),
},
}
snapshot.Signed.Version = 0
snapJSON, _ := json.Marshal(snapshot)
store.UpdateCurrent("gun", storage.MetaUpdate{Role: "snapshot", Version: 0, Data: snapJSON})
// create a key to be used by GetTimestamp
_, err := GetOrCreateTimestampKey("gun", store, crypto, data.ED25519Key)
assert.Nil(t, err, "GetKey errored")
ts1, err := GetOrCreateTimestamp("gun", store, crypto)
assert.Nil(t, err, "GetTimestamp errored")
snapshot = &data.SignedSnapshot{
Signed: data.Snapshot{
Expires: data.DefaultExpires(data.CanonicalSnapshotRole),
},
}
snapshot.Signed.Version = 1
snapJSON, _ = json.Marshal(snapshot)
store.UpdateCurrent("gun", storage.MetaUpdate{Role: "snapshot", Version: 1, Data: snapJSON})
ts2, err := GetOrCreateTimestamp("gun", store, crypto)
assert.NoError(t, err, "GetTimestamp errored")
assert.NotEqual(t, ts1, ts2, "Timestamp was not regenerated when snapshot changed")
}示例4: TestValidateTargetsRoleNotInParent
func TestValidateTargetsRoleNotInParent(t *testing.T) {
baseRepo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
level1Key, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
r, err := data.NewRole("targets/level1", 1, []string{level1Key.ID()}, []string{""})
baseRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Roles = []*data.Role{r}
baseRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Keys = data.Keys{
level1Key.ID(): level1Key,
}
baseRepo.InitTargets("targets/level1")
del, err := baseRepo.SignTargets("targets/level1", data.DefaultExpires(data.CanonicalTargetsRole))
assert.NoError(t, err)
delJSON, err := json.Marshal(del)
assert.NoError(t, err)
delUpdate := storage.MetaUpdate{
Role: "targets/level1",
Version: 1,
Data: delJSON,
}
// set back to empty so stored targets doesn't have reference to level1
baseRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Roles = nil
baseRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Keys = nil
targets, err := baseRepo.SignTargets(data.CanonicalTargetsRole, data.DefaultExpires(data.CanonicalTargetsRole))
tgtsJSON, err := json.Marshal(targets)
assert.NoError(t, err)
update := storage.MetaUpdate{
Role: data.CanonicalTargetsRole,
Version: 1,
Data: tgtsJSON,
}
store.UpdateCurrent("gun", update)
roles := map[string]storage.MetaUpdate{
"targets/level1": delUpdate,
data.CanonicalTargetsRole: update,
}
valRepo := tuf.NewRepo(nil)
valRepo.SetRoot(baseRepo.Root)
// because we sort the roles, the list of returned updates
// will contain shallower roles first, in this case "targets",
// and then "targets/level1"
updates, err := loadAndValidateTargets("gun", valRepo, roles, store)
assert.NoError(t, err)
assert.Len(t, updates, 1)
assert.Equal(t, data.CanonicalTargetsRole, updates[0].Role)
assert.Equal(t, tgtsJSON, updates[0].Data)
}示例5: TestValidateTargetsParentInUpdate
func TestValidateTargetsParentInUpdate(t *testing.T) {
_, baseRepo, cs, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
store := storage.NewMemStorage()
k, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
r, err := data.NewRole("targets/level1", 1, []string{k.ID()}, []string{""}, nil)
assert.NoError(t, err)
baseRepo.UpdateDelegations(r, []data.PublicKey{k})
// no targets file is created for the new delegations, so force one
baseRepo.InitTargets("targets/level1")
targets, err := baseRepo.SignTargets("targets", data.DefaultExpires(data.CanonicalTargetsRole))
tgtsJSON, err := json.Marshal(targets)
assert.NoError(t, err)
update := storage.MetaUpdate{
Role: data.CanonicalTargetsRole,
Version: 1,
Data: tgtsJSON,
}
store.UpdateCurrent("gun", update)
del, err := baseRepo.SignTargets("targets/level1", data.DefaultExpires(data.CanonicalTargetsRole))
assert.NoError(t, err)
delJSON, err := json.Marshal(del)
assert.NoError(t, err)
delUpdate := storage.MetaUpdate{
Role: "targets/level1",
Version: 1,
Data: delJSON,
}
roles := map[string]storage.MetaUpdate{
"targets/level1": delUpdate,
"targets": update,
}
kdb := keys.NewDB()
valRepo := tuf.NewRepo(kdb, nil)
valRepo.SetRoot(baseRepo.Root)
// because we sort the roles, the list of returned updates
// will contain shallower roles first, in this case "targets",
// and then "targets/level1"
updates, err := loadAndValidateTargets("gun", valRepo, roles, kdb, store)
assert.NoError(t, err)
assert.Len(t, updates, 2)
assert.Equal(t, "targets", updates[0].Role)
assert.Equal(t, tgtsJSON, updates[0].Data)
assert.Equal(t, "targets/level1", updates[1].Role)
assert.Equal(t, delJSON, updates[1].Data)
}示例6: TestSignRootOldKeyCertMissing
func TestSignRootOldKeyCertMissing(t *testing.T) {
gun := "docker/test-sign-root"
referenceTime := time.Now()
cs := cryptoservice.NewCryptoService(trustmanager.NewKeyMemoryStore(
passphrase.ConstantRetriever("password")))
rootPublicKey, err := cs.Create(data.CanonicalRootRole, gun, data.ECDSAKey)
require.NoError(t, err)
rootPrivateKey, _, err := cs.GetPrivateKey(rootPublicKey.ID())
require.NoError(t, err)
oldRootCert, err := cryptoservice.GenerateCertificate(rootPrivateKey, gun, referenceTime.AddDate(-9, 0, 0),
referenceTime.AddDate(1, 0, 0))
require.NoError(t, err)
oldRootCertKey := trustmanager.CertToKey(oldRootCert)
repo := initRepoWithRoot(t, cs, oldRootCertKey)
// Create a first signature, using the old key.
signedRoot, err := repo.SignRoot(data.DefaultExpires(data.CanonicalRootRole))
require.NoError(t, err)
verifySignatureList(t, signedRoot, oldRootCertKey)
err = verifyRootSignatureAgainstKey(t, signedRoot, oldRootCertKey)
require.NoError(t, err)
// Create a new certificate
newRootCert, err := cryptoservice.GenerateCertificate(rootPrivateKey, gun, referenceTime, referenceTime.AddDate(10, 0, 0))
require.NoError(t, err)
newRootCertKey := trustmanager.CertToKey(newRootCert)
require.NotEqual(t, oldRootCertKey.ID(), newRootCertKey.ID())
// Only trust the new certificate
err = repo.ReplaceBaseKeys(data.CanonicalRootRole, newRootCertKey)
require.NoError(t, err)
updatedRootRole, err := repo.GetBaseRole(data.CanonicalRootRole)
require.NoError(t, err)
updatedRootKeyIDs := updatedRootRole.ListKeyIDs()
require.Equal(t, 1, len(updatedRootKeyIDs))
require.Equal(t, newRootCertKey.ID(), updatedRootKeyIDs[0])
// Now forget all about the old certificate: drop it from the Root carried keys
delete(repo.Root.Signed.Keys, oldRootCertKey.ID())
repo2 := NewRepo(cs)
repo2.Root = repo.Root
repo2.originalRootRole = updatedRootRole
// Create a second signature
signedRoot, err = repo2.SignRoot(data.DefaultExpires(data.CanonicalRootRole))
require.NoError(t, err)
verifySignatureList(t, signedRoot, newRootCertKey) // Without oldRootCertKey
// Verify that the signature can be verified when trusting the new certificate
err = verifyRootSignatureAgainstKey(t, signedRoot, newRootCertKey)
require.NoError(t, err)
err = verifyRootSignatureAgainstKey(t, signedRoot, oldRootCertKey)
require.Error(t, err)
}示例7: TestDBGetChecksum
func TestDBGetChecksum(t *testing.T) {
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
_, store := SetUpSQLite(t, tempBaseDir)
defer os.RemoveAll(tempBaseDir)
ts := data.SignedTimestamp{
Signatures: make([]data.Signature, 0),
Signed: data.Timestamp{
SignedCommon: data.SignedCommon{
Type: data.TUFTypes[data.CanonicalTimestampRole],
Version: 1,
Expires: data.DefaultExpires(data.CanonicalTimestampRole),
},
},
}
j, err := json.Marshal(&ts)
require.NoError(t, err)
update := MetaUpdate{
Role: data.CanonicalTimestampRole,
Version: 1,
Data: j,
}
checksumBytes := sha256.Sum256(j)
checksum := hex.EncodeToString(checksumBytes[:])
store.UpdateCurrent("gun", update)
// create and add a newer timestamp. We're going to try and get the one
// created above by checksum
ts = data.SignedTimestamp{
Signatures: make([]data.Signature, 0),
Signed: data.Timestamp{
SignedCommon: data.SignedCommon{
Type: data.TUFTypes[data.CanonicalTimestampRole],
Version: 2,
Expires: data.DefaultExpires(data.CanonicalTimestampRole),
},
},
}
newJ, err := json.Marshal(&ts)
require.NoError(t, err)
update = MetaUpdate{
Role: data.CanonicalTimestampRole,
Version: 2,
Data: newJ,
}
store.UpdateCurrent("gun", update)
cDate, data, err := store.GetChecksum("gun", data.CanonicalTimestampRole, checksum)
require.NoError(t, err)
require.EqualValues(t, j, data)
// the creation date was sometime wthin the last minute
require.True(t, cDate.After(time.Now().Add(-1*time.Minute)))
require.True(t, cDate.Before(time.Now().Add(5*time.Second)))
}示例8: TestValidateTargetsRoleNotInParent
func TestValidateTargetsRoleNotInParent(t *testing.T) {
kdb, baseRepo, cs := testutils.EmptyRepo()
store := storage.NewMemStorage()
k, err := cs.Create("targets/level1", data.ED25519Key)
assert.NoError(t, err)
r, err := data.NewRole("targets/level1", 1, []string{k.ID()}, []string{""}, nil)
assert.NoError(t, err)
kdb.AddKey(k)
err = kdb.AddRole(r)
assert.NoError(t, err)
baseRepo.InitTargets("targets/level1")
targets, err := baseRepo.SignTargets("targets", data.DefaultExpires(data.CanonicalTargetsRole))
tgtsJSON, err := json.MarshalCanonical(targets)
assert.NoError(t, err)
update := storage.MetaUpdate{
Role: data.CanonicalTargetsRole,
Version: 1,
Data: tgtsJSON,
}
store.UpdateCurrent("gun", update)
del, err := baseRepo.SignTargets("targets/level1", data.DefaultExpires(data.CanonicalTargetsRole))
assert.NoError(t, err)
delJSON, err := json.MarshalCanonical(del)
assert.NoError(t, err)
delUpdate := storage.MetaUpdate{
Role: "targets/level1",
Version: 1,
Data: delJSON,
}
roles := map[string]storage.MetaUpdate{
"targets/level1": delUpdate,
"targets": update,
}
kdb = keys.NewDB()
valRepo := tuf.NewRepo(kdb, nil)
valRepo.SetRoot(baseRepo.Root)
// because we sort the roles, the list of returned updates
// will contain shallower roles first, in this case "targets",
// and then "targets/level1"
updates, err := loadAndValidateTargets("gun", valRepo, roles, kdb, store)
assert.NoError(t, err)
assert.Len(t, updates, 1)
assert.Equal(t, "targets", updates[0].Role)
assert.Equal(t, tgtsJSON, updates[0].Data)
}示例9: fakeServerData
// reads data from the repository in order to fake data being served via
// the ServeMux.
func fakeServerData(t *testing.T, repo *NotaryRepository, mux *http.ServeMux) {
tempKey, err := data.UnmarshalPrivateKey([]byte(timestampECDSAKeyJSON))
assert.NoError(t, err)
savedTUFRepo := repo.tufRepo // in case this is overwritten
fileStore, err := trustmanager.NewKeyFileStore(repo.baseDir, passphraseRetriever)
assert.NoError(t, err)
fileStore.AddKey(
filepath.Join(filepath.FromSlash(repo.gun), tempKey.ID()),
"nonroot", tempKey)
rootJSONFile := filepath.Join(repo.baseDir, "tuf",
filepath.FromSlash(repo.gun), "metadata", "root.json")
rootFileBytes, err := ioutil.ReadFile(rootJSONFile)
signedTargets, err := savedTUFRepo.SignTargets(
"targets", data.DefaultExpires("targets"))
assert.NoError(t, err)
signedSnapshot, err := savedTUFRepo.SignSnapshot(
data.DefaultExpires("snapshot"))
assert.NoError(t, err)
signedTimestamp, err := savedTUFRepo.SignTimestamp(
data.DefaultExpires("timestamp"))
assert.NoError(t, err)
mux.HandleFunc("/v2/docker.com/notary/_trust/tuf/root.json",
func(w http.ResponseWriter, r *http.Request) {
assert.NoError(t, err)
fmt.Fprint(w, string(rootFileBytes))
})
mux.HandleFunc("/v2/docker.com/notary/_trust/tuf/timestamp.json",
func(w http.ResponseWriter, r *http.Request) {
timestampJSON, _ := json.Marshal(signedTimestamp)
fmt.Fprint(w, string(timestampJSON))
})
mux.HandleFunc("/v2/docker.com/notary/_trust/tuf/snapshot.json",
func(w http.ResponseWriter, r *http.Request) {
snapshotJSON, _ := json.Marshal(signedSnapshot)
fmt.Fprint(w, string(snapshotJSON))
})
mux.HandleFunc("/v2/docker.com/notary/_trust/tuf/targets.json",
func(w http.ResponseWriter, r *http.Request) {
targetsJSON, _ := json.Marshal(signedTargets)
fmt.Fprint(w, string(targetsJSON))
})
}示例10: TestDBGetChecksum
func TestDBGetChecksum(t *testing.T) {
tempBaseDir, err := ioutil.TempDir("", "notary-test-")
_, store := SetUpSQLite(t, tempBaseDir)
defer os.RemoveAll(tempBaseDir)
ts := data.SignedTimestamp{
Signatures: make([]data.Signature, 0),
Signed: data.Timestamp{
Type: data.TUFTypes["timestamp"],
Version: 1,
Expires: data.DefaultExpires("timestamp"),
},
}
j, err := json.Marshal(&ts)
require.NoError(t, err)
update := MetaUpdate{
Role: data.CanonicalTimestampRole,
Version: 1,
Data: j,
}
checksumBytes := sha256.Sum256(j)
checksum := hex.EncodeToString(checksumBytes[:])
store.UpdateCurrent("gun", update)
// create and add a newer timestamp. We're going to try and get the one
// created above by checksum
ts = data.SignedTimestamp{
Signatures: make([]data.Signature, 0),
Signed: data.Timestamp{
Type: data.TUFTypes["timestamp"],
Version: 2,
Expires: data.DefaultExpires("timestamp"),
},
}
newJ, err := json.Marshal(&ts)
require.NoError(t, err)
update = MetaUpdate{
Role: data.CanonicalTimestampRole,
Version: 2,
Data: newJ,
}
store.UpdateCurrent("gun", update)
data, err := store.GetChecksum("gun", data.CanonicalTimestampRole, checksum)
require.NoError(t, err)
require.EqualValues(t, j, data)
}示例11: TestDuplicateSigs
func TestDuplicateSigs(t *testing.T) {
cs := NewEd25519()
k, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
r, err := data.NewRole(
"root",
2,
[]string{k.ID()},
nil,
nil,
)
assert.NoError(t, err)
db := keys.NewDB()
assert.NoError(t, err)
db.AddKey(k)
err = db.AddRole(r)
assert.NoError(t, err)
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
b, err := json.MarshalCanonical(meta)
assert.NoError(t, err)
s := &data.Signed{Signed: b}
Sign(cs, s, k)
s.Signatures = append(s.Signatures, s.Signatures[0])
err = Verify(s, "root", 1, db)
assert.IsType(t, ErrRoleThreshold{}, err)
}示例12: TestGetSnapshotCurrValid
func TestGetSnapshotCurrValid(t *testing.T) {
store := storage.NewMemStorage()
crypto := signed.NewEd25519()
_, err := GetOrCreateSnapshotKey("gun", store, crypto, data.ED25519Key)
newData := []byte{2}
currMeta, err := data.NewFileMeta(bytes.NewReader(newData), "sha256")
assert.NoError(t, err)
snapshot := &data.SignedSnapshot{
Signed: data.Snapshot{
Expires: data.DefaultExpires(data.CanonicalSnapshotRole),
Meta: data.Files{
data.CanonicalRootRole: currMeta,
},
},
}
snapJSON, _ := json.Marshal(snapshot)
// test when db is missing the role data
store.UpdateCurrent("gun", storage.MetaUpdate{Role: "snapshot", Version: 0, Data: snapJSON})
_, err = GetOrCreateSnapshot("gun", store, crypto)
assert.NoError(t, err)
// test when db has the role data
store.UpdateCurrent("gun", storage.MetaUpdate{Role: "root", Version: 0, Data: newData})
_, err = GetOrCreateSnapshot("gun", store, crypto)
assert.NoError(t, err)
// test when db role data is expired
store.UpdateCurrent("gun", storage.MetaUpdate{Role: "root", Version: 1, Data: []byte{3}})
_, err = GetOrCreateSnapshot("gun", store, crypto)
assert.NoError(t, err)
}示例13: TestGetSnapshotNoPreviousSnapshot
// If there is no previous snapshot or the previous snapshot is corrupt, then
// even if everything else is in place, getting the snapshot fails
func TestGetSnapshotNoPreviousSnapshot(t *testing.T) {
repo, crypto, err := testutils.EmptyRepo("gun")
require.NoError(t, err)
sgnd, err := repo.SignRoot(data.DefaultExpires(data.CanonicalRootRole))
require.NoError(t, err)
rootJSON, err := json.Marshal(sgnd)
require.NoError(t, err)
for _, snapshotJSON := range [][]byte{nil, []byte("invalid JSON")} {
store := storage.NewMemStorage()
// so we know it's not a failure in getting root
require.NoError(t,
store.UpdateCurrent("gun", storage.MetaUpdate{Role: data.CanonicalRootRole, Version: 0, Data: rootJSON}))
if snapshotJSON != nil {
require.NoError(t,
store.UpdateCurrent("gun",
storage.MetaUpdate{Role: data.CanonicalSnapshotRole, Version: 0, Data: snapshotJSON}))
}
hashBytes := sha256.Sum256(snapshotJSON)
hashHex := hex.EncodeToString(hashBytes[:])
_, _, err = GetOrCreateSnapshot("gun", hashHex, store, crypto)
require.Error(t, err, "GetSnapshot should have failed")
if snapshotJSON == nil {
require.IsType(t, storage.ErrNotFound{}, err)
} else {
require.IsType(t, &json.SyntaxError{}, err)
}
}
}示例14: TestDownloadTargetChecksumMismatch
func TestDownloadTargetChecksumMismatch(t *testing.T) {
repo, _, err := testutils.EmptyRepo("docker.com/notary")
assert.NoError(t, err)
localStorage := store.NewMemoryStore(nil)
remoteStorage := testutils.NewCorruptingMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
// create and "upload" sample targets
signedOrig, err := repo.SignTargets("targets", data.DefaultExpires("targets"))
assert.NoError(t, err)
orig, err := json.Marshal(signedOrig)
assert.NoError(t, err)
origSha256 := sha256.Sum256(orig)
err = remoteStorage.SetMeta("targets", orig)
assert.NoError(t, err)
// create local snapshot with targets file
snap := data.SignedSnapshot{
Signed: data.Snapshot{
Meta: data.Files{
"targets": data.FileMeta{
Length: int64(len(orig)),
Hashes: data.Hashes{
"sha256": origSha256[:],
},
},
},
},
}
repo.Snapshot = &snap
err = client.downloadTargets("targets")
assert.IsType(t, ErrChecksumMismatch{}, err)
}示例15: TestCreateSnapshotNoKeyInCrypto
func TestCreateSnapshotNoKeyInCrypto(t *testing.T) {
store := storage.NewMemStorage()
repo, _, err := testutils.EmptyRepo("gun")
require.NoError(t, err)
sgnd, err := repo.SignRoot(data.DefaultExpires(data.CanonicalRootRole))
require.NoError(t, err)
rootJSON, err := json.Marshal(sgnd)
require.NoError(t, err)
// create an expired snapshot
sgnd, err = repo.SignSnapshot(time.Now().AddDate(-1, -1, -1))
require.True(t, repo.Snapshot.Signed.Expires.Before(time.Now()))
require.NoError(t, err)
snapshotJSON, err := json.Marshal(sgnd)
require.NoError(t, err)
// set all the metadata so we know the failure to sign is just because of the key
require.NoError(t, store.UpdateCurrent("gun",
storage.MetaUpdate{Role: data.CanonicalRootRole, Version: 0, Data: rootJSON}))
require.NoError(t, store.UpdateCurrent("gun",
storage.MetaUpdate{Role: data.CanonicalSnapshotRole, Version: 0, Data: snapshotJSON}))
hashBytes := sha256.Sum256(snapshotJSON)
hashHex := hex.EncodeToString(hashBytes[:])
// pass it a new cryptoservice without the key
_, _, err = GetOrCreateSnapshot("gun", hashHex, store, signed.NewEd25519())
require.Error(t, err)
require.IsType(t, signed.ErrInsufficientSignatures{}, err)
}