diff --git a/cmd/notary/integration_test.go b/cmd/notary/integration_test.go index d5751870c..350bce3b2 100644 --- a/cmd/notary/integration_test.go +++ b/cmd/notary/integration_test.go @@ -11,7 +11,9 @@ import ( "crypto/rand" "crypto/sha256" "crypto/sha512" + "crypto/x509" "encoding/hex" + "fmt" "io/ioutil" "net/http" "net/http/httptest" @@ -265,16 +267,8 @@ func TestClientDeleteTUFInteraction(t *testing.T) { // Setup certificate certFile, err := ioutil.TempFile("", "pemfile") require.NoError(t, err) - - privKey, err := utils.GenerateECDSAKey(rand.Reader) - startTime := time.Now() - endTime := startTime.AddDate(10, 0, 0) - cert, err := cryptoservice.GenerateCertificate(privKey, "gun", startTime, endTime) - require.NoError(t, err) - + cert, _, _ := generateCertPrivKeyPair(t, "gun", data.ECDSAKey) _, err = certFile.Write(utils.CertToPEM(cert)) - require.NoError(t, err) - tempFile.Close() defer os.Remove(certFile.Name()) var ( @@ -557,23 +551,12 @@ func TestClientDelegationsInteraction(t *testing.T) { // Setup certificate tempFile, err := ioutil.TempFile("", "pemfile") require.NoError(t, err) - - privKey, err := utils.GenerateECDSAKey(rand.Reader) - startTime := time.Now() - endTime := startTime.AddDate(10, 0, 0) - cert, err := cryptoservice.GenerateCertificate(privKey, "gun", startTime, endTime) - require.NoError(t, err) - + cert, _, keyID := generateCertPrivKeyPair(t, "gun", data.ECDSAKey) _, err = tempFile.Write(utils.CertToPEM(cert)) require.NoError(t, err) tempFile.Close() defer os.Remove(tempFile.Name()) - rawPubBytes, _ := ioutil.ReadFile(tempFile.Name()) - parsedPubKey, _ := utils.ParsePEMPublicKey(rawPubBytes) - keyID, err := utils.CanonicalKeyID(parsedPubKey) - require.NoError(t, err) - var output string // -- tests -- @@ -646,23 +629,12 @@ func TestClientDelegationsInteraction(t *testing.T) { tempFile2, err := ioutil.TempFile("", "pemfile2") require.NoError(t, err) - privKey, err = utils.GenerateECDSAKey(rand.Reader) - startTime = time.Now() - endTime = startTime.AddDate(10, 0, 0) - cert, err = cryptoservice.GenerateCertificate(privKey, "gun", startTime, endTime) - require.NoError(t, err) - - _, err = tempFile2.Write(utils.CertToPEM(cert)) - require.NoError(t, err) + cert2, _, keyID2 := generateCertPrivKeyPair(t, "gun", data.ECDSAKey) + _, err = tempFile2.Write(utils.CertToPEM(cert2)) require.NoError(t, err) tempFile2.Close() defer os.Remove(tempFile2.Name()) - rawPubBytes2, _ := ioutil.ReadFile(tempFile2.Name()) - parsedPubKey2, _ := utils.ParsePEMPublicKey(rawPubBytes2) - keyID2, err := utils.CanonicalKeyID(parsedPubKey2) - require.NoError(t, err) - // add to the delegation by specifying the same role, this time add a scoped path output, err = runCommand(t, tempDir, "delegation", "add", "gun", "targets/delegation", tempFile2.Name(), "--paths", "path") require.NoError(t, err) @@ -929,26 +901,15 @@ func TestClientDelegationsPublishing(t *testing.T) { // Setup certificate for delegation role tempFile, err := ioutil.TempFile("", "pemfile") require.NoError(t, err) - - privKey, err := utils.GenerateRSAKey(rand.Reader, 2048) - require.NoError(t, err) - privKeyBytesNoRole, err := utils.KeyToPEM(privKey, "") - require.NoError(t, err) - privKeyBytesWithRole, err := utils.KeyToPEM(privKey, "user") - require.NoError(t, err) - startTime := time.Now() - endTime := startTime.AddDate(10, 0, 0) - cert, err := cryptoservice.GenerateCertificate(privKey, "gun", startTime, endTime) - require.NoError(t, err) - + cert, privKey, canonicalKeyID := generateCertPrivKeyPair(t, "gun", data.RSAKey) _, err = tempFile.Write(utils.CertToPEM(cert)) require.NoError(t, err) tempFile.Close() defer os.Remove(tempFile.Name()) - rawPubBytes, _ := ioutil.ReadFile(tempFile.Name()) - parsedPubKey, _ := utils.ParsePEMPublicKey(rawPubBytes) - canonicalKeyID, err := utils.CanonicalKeyID(parsedPubKey) + privKeyBytesNoRole, err := utils.KeyToPEM(privKey, "") + require.NoError(t, err) + privKeyBytesWithRole, err := utils.KeyToPEM(privKey, "user") require.NoError(t, err) // Set up targets for publishing @@ -1103,24 +1064,12 @@ func TestClientDelegationsPublishing(t *testing.T) { // Setup another certificate tempFile2, err := ioutil.TempFile("", "pemfile2") require.NoError(t, err) - - privKey, err = utils.GenerateECDSAKey(rand.Reader) - startTime = time.Now() - endTime = startTime.AddDate(10, 0, 0) - cert, err = cryptoservice.GenerateCertificate(privKey, "gun", startTime, endTime) - require.NoError(t, err) - - _, err = tempFile2.Write(utils.CertToPEM(cert)) - require.NoError(t, err) + cert2, _, keyID2 := generateCertPrivKeyPair(t, "gun", data.RSAKey) + _, err = tempFile2.Write(utils.CertToPEM(cert2)) require.NoError(t, err) tempFile2.Close() defer os.Remove(tempFile2.Name()) - rawPubBytes2, _ := ioutil.ReadFile(tempFile2.Name()) - parsedPubKey2, _ := utils.ParsePEMPublicKey(rawPubBytes2) - keyID2, err := utils.CanonicalKeyID(parsedPubKey2) - require.NoError(t, err) - // add a nested delegation under this releases role output, err = runCommand(t, tempDir, "delegation", "add", "gun", "targets/releases/nested", tempFile2.Name(), "--paths", "nested/path") require.NoError(t, err) @@ -1503,3 +1452,26 @@ func TestPurge(t *testing.T) { require.NoError(t, err) require.Contains(t, out, delgName) } + +func generateCertPrivKeyPair(t *testing.T, gun, keyAlgorithm string) (*x509.Certificate, data.PrivateKey, string) { + // Setup certificate + var privKey data.PrivateKey + var err error + switch keyAlgorithm { + case data.ECDSAKey: + privKey, err = utils.GenerateECDSAKey(rand.Reader) + case data.RSAKey: + privKey, err = utils.GenerateRSAKey(rand.Reader, 4096) + default: + err = fmt.Errorf("invalid key algorithm provided: %s", keyAlgorithm) + } + require.NoError(t, err) + startTime := time.Now() + endTime := startTime.AddDate(10, 0, 0) + cert, err := cryptoservice.GenerateCertificate(privKey, gun, startTime, endTime) + require.NoError(t, err) + parsedPubKey, _ := utils.ParsePEMPublicKey(utils.CertToPEM(cert)) + keyID, err := utils.CanonicalKeyID(parsedPubKey) + require.NoError(t, err) + return cert, privKey, keyID +}