diff --git a/cli/command/trust/helpers.go b/cli/command/trust/helpers.go index 3d2ba4acc3..0a9ef6671f 100644 --- a/cli/command/trust/helpers.go +++ b/cli/command/trust/helpers.go @@ -47,3 +47,9 @@ func getOrGenerateRootKeyAndInitRepo(notaryRepo client.Repository) error { } return notaryRepo.Initialize([]string{rootKey.ID()}, data.CanonicalSnapshotRole) } + +const testPass = "password" + +func testPassRetriever(string, string, bool, int) (string, bool, error) { + return testPass, false, nil +} diff --git a/cli/command/trust/key_generate_test.go b/cli/command/trust/key_generate_test.go index 74fc3fed68..1efd1d3121 100644 --- a/cli/command/trust/key_generate_test.go +++ b/cli/command/trust/key_generate_test.go @@ -11,7 +11,6 @@ import ( "github.com/docker/cli/cli/config" "github.com/docker/cli/internal/test" "github.com/theupdateframework/notary" - "github.com/theupdateframework/notary/passphrase" "github.com/theupdateframework/notary/trustmanager" tufutils "github.com/theupdateframework/notary/tuf/utils" "gotest.tools/v3/assert" @@ -51,11 +50,9 @@ func TestGenerateKeySuccess(t *testing.T) { pubKeyCWD := t.TempDir() privKeyStorageDir := t.TempDir() - const testPass = "password" - cannedPasswordRetriever := passphrase.ConstantRetriever(testPass) // generate a single key keyName := "alice" - privKeyFileStore, err := trustmanager.NewKeyFileStore(privKeyStorageDir, cannedPasswordRetriever) + privKeyFileStore, err := trustmanager.NewKeyFileStore(privKeyStorageDir, testPassRetriever) assert.NilError(t, err) pubKeyPEM, err := generateKeyAndOutputPubPEM(keyName, privKeyFileStore) diff --git a/cli/command/trust/key_load_test.go b/cli/command/trust/key_load_test.go index b2233f282a..2c004d3884 100644 --- a/cli/command/trust/key_load_test.go +++ b/cli/command/trust/key_load_test.go @@ -12,7 +12,6 @@ import ( "github.com/docker/cli/cli/config" "github.com/docker/cli/internal/test" "github.com/theupdateframework/notary" - "github.com/theupdateframework/notary/passphrase" "github.com/theupdateframework/notary/storage" "github.com/theupdateframework/notary/trustmanager" tufutils "github.com/theupdateframework/notary/tuf/utils" @@ -122,8 +121,6 @@ func TestLoadKeyFromPath(t *testing.T) { keyStorageDir := t.TempDir() - const passwd = "password" - cannedPasswordRetriever := passphrase.ConstantRetriever(passwd) keyFileStore, err := storage.NewPrivateKeyFileStorage(keyStorageDir, notary.KeyExtension) assert.NilError(t, err) privKeyImporters := []trustmanager.Importer{keyFileStore} @@ -133,7 +130,7 @@ func TestLoadKeyFromPath(t *testing.T) { assert.NilError(t, err) // import the key to our keyStorageDir - assert.Check(t, loadPrivKeyBytesToStore(privKeyBytes, privKeyImporters, privKeyFilepath, "signer-name", cannedPasswordRetriever)) + assert.Check(t, loadPrivKeyBytesToStore(privKeyBytes, privKeyImporters, privKeyFilepath, "signer-name", testPassRetriever)) // check that the appropriate ~//private/.key file exists expectedImportKeyPath := filepath.Join(keyStorageDir, notary.PrivDir, keyID+"."+notary.KeyExtension) @@ -151,7 +148,7 @@ func TestLoadKeyFromPath(t *testing.T) { // assert encrypted header assert.Check(t, is.Equal("ENCRYPTED PRIVATE KEY", keyPEM.Type)) - decryptedKey, err := tufutils.ParsePKCS8ToTufKey(keyPEM.Bytes, []byte(passwd)) + decryptedKey, err := tufutils.ParsePKCS8ToTufKey(keyPEM.Bytes, []byte(testPass)) assert.NilError(t, err) fixturePEM, _ := pem.Decode(keyBytes) assert.Check(t, is.DeepEqual(fixturePEM.Bytes, decryptedKey.Private())) @@ -213,8 +210,6 @@ func TestLoadPubKeyFailure(t *testing.T) { assert.NilError(t, os.WriteFile(pubKeyFilepath, pubKeyFixture, notary.PrivNoExecPerms)) keyStorageDir := t.TempDir() - const passwd = "password" - cannedPasswordRetriever := passphrase.ConstantRetriever(passwd) keyFileStore, err := storage.NewPrivateKeyFileStorage(keyStorageDir, notary.KeyExtension) assert.NilError(t, err) privKeyImporters := []trustmanager.Importer{keyFileStore} @@ -223,7 +218,7 @@ func TestLoadPubKeyFailure(t *testing.T) { assert.NilError(t, err) // import the key to our keyStorageDir - it should fail - err = loadPrivKeyBytesToStore(pubKeyBytes, privKeyImporters, pubKeyFilepath, "signer-name", cannedPasswordRetriever) + err = loadPrivKeyBytesToStore(pubKeyBytes, privKeyImporters, pubKeyFilepath, "signer-name", testPassRetriever) expected := fmt.Sprintf("provided file %s is not a supported private key - to add a signer's public key use docker trust signer add", pubKeyFilepath) assert.Error(t, err, expected) } diff --git a/cli/command/trust/sign_test.go b/cli/command/trust/sign_test.go index 7e8d0a08e7..e24ffbba73 100644 --- a/cli/command/trust/sign_test.go +++ b/cli/command/trust/sign_test.go @@ -14,7 +14,6 @@ import ( "github.com/theupdateframework/notary" "github.com/theupdateframework/notary/client" "github.com/theupdateframework/notary/client/changelist" - "github.com/theupdateframework/notary/passphrase" "github.com/theupdateframework/notary/trustpinning" "github.com/theupdateframework/notary/tuf/data" "gotest.tools/v3/assert" @@ -22,8 +21,6 @@ import ( "gotest.tools/v3/skip" ) -const passwd = "password" - func TestTrustSignCommandErrors(t *testing.T) { testCases := []struct { name string @@ -83,7 +80,7 @@ func TestTrustSignCommandOfflineErrors(t *testing.T) { } func TestGetOrGenerateNotaryKey(t *testing.T) { - notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{}) + notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, testPassRetriever, trustpinning.TrustPinConfig{}) assert.NilError(t, err) // repo is empty, try making a root key @@ -126,7 +123,7 @@ func TestGetOrGenerateNotaryKey(t *testing.T) { func TestAddStageSigners(t *testing.T) { skip.If(t, runtime.GOOS == "windows", "FIXME: not supported currently") - notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{}) + notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, testPassRetriever, trustpinning.TrustPinConfig{}) assert.NilError(t, err) // stage targets/user @@ -207,7 +204,7 @@ func TestAddStageSigners(t *testing.T) { } func TestGetSignedManifestHashAndSize(t *testing.T) { - notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{}) + notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, testPassRetriever, trustpinning.TrustPinConfig{}) assert.NilError(t, err) _, _, err = getSignedManifestHashAndSize(notaryRepo, "test") assert.Error(t, err, "client is offline") @@ -229,7 +226,7 @@ func TestGetReleasedTargetHashAndSize(t *testing.T) { } func TestCreateTarget(t *testing.T) { - notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{}) + notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, testPassRetriever, trustpinning.TrustPinConfig{}) assert.NilError(t, err) _, err = createTarget(notaryRepo, "") assert.Error(t, err, "no tag specified") @@ -238,7 +235,7 @@ func TestCreateTarget(t *testing.T) { } func TestGetExistingSignatureInfoForReleasedTag(t *testing.T) { - notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{}) + notaryRepo, err := client.NewFileCachedRepository(t.TempDir(), "gun", "https://localhost", nil, testPassRetriever, trustpinning.TrustPinConfig{}) assert.NilError(t, err) _, err = getExistingSignatureInfoForReleasedTag(notaryRepo, "test") assert.Error(t, err, "client is offline") @@ -267,7 +264,7 @@ func TestSignCommandChangeListIsCleanedOnError(t *testing.T) { err := cmd.Execute() assert.Assert(t, err != nil) - notaryRepo, err := client.NewFileCachedRepository(tmpDir, "docker.io/library/ubuntu", "https://localhost", nil, passphrase.ConstantRetriever(passwd), trustpinning.TrustPinConfig{}) + notaryRepo, err := client.NewFileCachedRepository(tmpDir, "docker.io/library/ubuntu", "https://localhost", nil, testPassRetriever, trustpinning.TrustPinConfig{}) assert.NilError(t, err) cl, err := notaryRepo.GetChangelist() assert.NilError(t, err)