forked from TrueCloudLab/distribution
77e69b9cf3
Signed-off-by: Olivier Gambier <olivier@docker.com>
220 lines
5 KiB
Go
220 lines
5 KiB
Go
package libtrust
|
|
|
|
import (
|
|
"errors"
|
|
"io/ioutil"
|
|
"os"
|
|
"testing"
|
|
)
|
|
|
|
func makeTempFile(t *testing.T, prefix string) (filename string) {
|
|
file, err := ioutil.TempFile("", prefix)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
filename = file.Name()
|
|
file.Close()
|
|
|
|
return
|
|
}
|
|
|
|
func TestKeyFiles(t *testing.T) {
|
|
key, err := GenerateECP256PrivateKey()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
testKeyFiles(t, key)
|
|
|
|
key, err = GenerateRSA2048PrivateKey()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
testKeyFiles(t, key)
|
|
}
|
|
|
|
func testKeyFiles(t *testing.T, key PrivateKey) {
|
|
var err error
|
|
|
|
privateKeyFilename := makeTempFile(t, "private_key")
|
|
privateKeyFilenamePEM := privateKeyFilename + ".pem"
|
|
privateKeyFilenameJWK := privateKeyFilename + ".jwk"
|
|
|
|
publicKeyFilename := makeTempFile(t, "public_key")
|
|
publicKeyFilenamePEM := publicKeyFilename + ".pem"
|
|
publicKeyFilenameJWK := publicKeyFilename + ".jwk"
|
|
|
|
if err = SaveKey(privateKeyFilenamePEM, key); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
if err = SaveKey(privateKeyFilenameJWK, key); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
if err = SavePublicKey(publicKeyFilenamePEM, key.PublicKey()); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
if err = SavePublicKey(publicKeyFilenameJWK, key.PublicKey()); err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
loadedPEMKey, err := LoadKeyFile(privateKeyFilenamePEM)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
loadedJWKKey, err := LoadKeyFile(privateKeyFilenameJWK)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
loadedPEMPublicKey, err := LoadPublicKeyFile(publicKeyFilenamePEM)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
loadedJWKPublicKey, err := LoadPublicKeyFile(publicKeyFilenameJWK)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
if key.KeyID() != loadedPEMKey.KeyID() {
|
|
t.Fatal(errors.New("key IDs do not match"))
|
|
}
|
|
|
|
if key.KeyID() != loadedJWKKey.KeyID() {
|
|
t.Fatal(errors.New("key IDs do not match"))
|
|
}
|
|
|
|
if key.KeyID() != loadedPEMPublicKey.KeyID() {
|
|
t.Fatal(errors.New("key IDs do not match"))
|
|
}
|
|
|
|
if key.KeyID() != loadedJWKPublicKey.KeyID() {
|
|
t.Fatal(errors.New("key IDs do not match"))
|
|
}
|
|
|
|
os.Remove(privateKeyFilename)
|
|
os.Remove(privateKeyFilenamePEM)
|
|
os.Remove(privateKeyFilenameJWK)
|
|
os.Remove(publicKeyFilename)
|
|
os.Remove(publicKeyFilenamePEM)
|
|
os.Remove(publicKeyFilenameJWK)
|
|
}
|
|
|
|
func TestTrustedHostKeysFile(t *testing.T) {
|
|
trustedHostKeysFilename := makeTempFile(t, "trusted_host_keys")
|
|
trustedHostKeysFilenamePEM := trustedHostKeysFilename + ".pem"
|
|
trustedHostKeysFilenameJWK := trustedHostKeysFilename + ".json"
|
|
|
|
testTrustedHostKeysFile(t, trustedHostKeysFilenamePEM)
|
|
testTrustedHostKeysFile(t, trustedHostKeysFilenameJWK)
|
|
|
|
os.Remove(trustedHostKeysFilename)
|
|
os.Remove(trustedHostKeysFilenamePEM)
|
|
os.Remove(trustedHostKeysFilenameJWK)
|
|
}
|
|
|
|
func testTrustedHostKeysFile(t *testing.T, trustedHostKeysFilename string) {
|
|
hostAddress1 := "docker.example.com:2376"
|
|
hostKey1, err := GenerateECP256PrivateKey()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
hostKey1.AddExtendedField("hosts", []string{hostAddress1})
|
|
err = AddKeySetFile(trustedHostKeysFilename, hostKey1.PublicKey())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
trustedHostKeysMapping, err := LoadKeySetFile(trustedHostKeysFilename)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
for addr, hostKey := range trustedHostKeysMapping {
|
|
t.Logf("Host Address: %d\n", addr)
|
|
t.Logf("Host Key: %s\n\n", hostKey)
|
|
}
|
|
|
|
hostAddress2 := "192.168.59.103:2376"
|
|
hostKey2, err := GenerateRSA2048PrivateKey()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
hostKey2.AddExtendedField("hosts", hostAddress2)
|
|
err = AddKeySetFile(trustedHostKeysFilename, hostKey2.PublicKey())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
trustedHostKeysMapping, err = LoadKeySetFile(trustedHostKeysFilename)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
for addr, hostKey := range trustedHostKeysMapping {
|
|
t.Logf("Host Address: %d\n", addr)
|
|
t.Logf("Host Key: %s\n\n", hostKey)
|
|
}
|
|
|
|
}
|
|
|
|
func TestTrustedClientKeysFile(t *testing.T) {
|
|
trustedClientKeysFilename := makeTempFile(t, "trusted_client_keys")
|
|
trustedClientKeysFilenamePEM := trustedClientKeysFilename + ".pem"
|
|
trustedClientKeysFilenameJWK := trustedClientKeysFilename + ".json"
|
|
|
|
testTrustedClientKeysFile(t, trustedClientKeysFilenamePEM)
|
|
testTrustedClientKeysFile(t, trustedClientKeysFilenameJWK)
|
|
|
|
os.Remove(trustedClientKeysFilename)
|
|
os.Remove(trustedClientKeysFilenamePEM)
|
|
os.Remove(trustedClientKeysFilenameJWK)
|
|
}
|
|
|
|
func testTrustedClientKeysFile(t *testing.T, trustedClientKeysFilename string) {
|
|
clientKey1, err := GenerateECP256PrivateKey()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
err = AddKeySetFile(trustedClientKeysFilename, clientKey1.PublicKey())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
trustedClientKeys, err := LoadKeySetFile(trustedClientKeysFilename)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
for _, clientKey := range trustedClientKeys {
|
|
t.Logf("Client Key: %s\n", clientKey)
|
|
}
|
|
|
|
clientKey2, err := GenerateRSA2048PrivateKey()
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
err = AddKeySetFile(trustedClientKeysFilename, clientKey2.PublicKey())
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
trustedClientKeys, err = LoadKeySetFile(trustedClientKeysFilename)
|
|
if err != nil {
|
|
t.Fatal(err)
|
|
}
|
|
|
|
for _, clientKey := range trustedClientKeys {
|
|
t.Logf("Client Key: %s\n", clientKey)
|
|
}
|
|
}
|