Update TestAddKey to check PKCS#8 implementation

notaryproject · Apr 4, 2017 · 6f92779 · 6f92779
1 parent 9750127
commit 6f92779
Showing 1 changed file with 30 additions and 4 deletions.
diff --git a/trustmanager/keystore_test.go b/trustmanager/keystore_test.go
@@ -1,17 +1,22 @@
 package trustmanager
 
 import (
+	"crypto/ecdsa"
 	"crypto/rand"
+	"encoding/asn1"
+	"encoding/pem"
 	"errors"
 	"fmt"
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"reflect"
 	"testing"
 
 	"github.com/docker/notary"
 	"github.com/docker/notary/tuf/data"
 	"github.com/docker/notary/tuf/utils"
+	"github.com/docker/notary/utils/pkcs8"
 	"github.com/stretchr/testify/require"
 )
 
@@ -58,7 +63,11 @@ func testAddKeyWithRole(t *testing.T, role data.RoleName) {
 	// Check to see if file exists
 	b, err := ioutil.ReadFile(expectedFilePath)
 	require.NoError(t, err, "expected file not found")
-	require.Contains(t, string(b), "-----BEGIN EC PRIVATE KEY-----")
+	require.Contains(t, string(b), "-----BEGIN PRIVATE ENCRYPTED KEY-----")
+
+	// Check to see the key type
+	password, _, err := passphraseRetriever("", "", false, 0)
+	testKeyBlockType(t, b, []byte(password), reflect.TypeOf(&ecdsa.PrivateKey{}))
 
 	// Check that we have the role and gun info for this key's ID
 	keyInfo, ok := store.keyInfoMap[privKey.ID()]
@@ -71,6 +80,22 @@ func testAddKeyWithRole(t *testing.T, role data.RoleName) {
 	}
 }
 
+func testKeyBlockType(t *testing.T, b, password []byte, keyType reflect.Type) {
+	block, _ := pem.Decode(b)
+
+	var wrap data.KeyWrap
+	if _, err := asn1.Unmarshal(block.Bytes, &wrap); err != nil {
+		require.NoError(t, err, "unable to unmarshal key")
+	}
+
+	privKey, err := pkcs8.ParsePKCS8PrivateKey(wrap.Key, password)
+	if err != nil {
+		require.NoError(t, err, "unable to parse to pkcs8")
+	}
+
+	require.Equal(t, keyType, reflect.TypeOf(privKey), "key type did not match")
+}
+
 func TestKeyStoreInternalState(t *testing.T) {
 	// Temporary directory where test files will be created
 	tempBaseDir, err := ioutil.TempDir("", "notary-test-")
@@ -91,9 +116,9 @@ func TestKeyStoreInternalState(t *testing.T) {
 		var privKeyPEM []byte
 		// generate the correct PEM role header
 		if role == data.CanonicalRootRole || data.IsDelegation(role) || !data.ValidRole(role) {
-			privKeyPEM, err = utils.KeyToPEM(privKey, role, "")
+			privKeyPEM, err = utils.ConvertPrivateKeyToPKCS8(privKey, role, "", "")
 		} else {
-			privKeyPEM, err = utils.KeyToPEM(privKey, role, gun)
+			privKeyPEM, err = utils.ConvertPrivateKeyToPKCS8(privKey, role, gun, "")
 		}
 
 		require.NoError(t, err, "could not generate PEM")
@@ -266,7 +291,8 @@ EMl3eFOJXjIch/wIesRSN+2dGOsl7neercjMh1i9RvpCwHDx/E0=
 	privKey, _, err := store.GetKey(testName)
 	require.NoError(t, err, "failed to get %s key from store (it's in %s)", role, filepath.Join(tempBaseDir, notary.PrivDir))
 
-	pemPrivKey, err := utils.KeyToPEM(privKey, role, gun)
+	// TODO: need to fix this test as utils.KeyToPEM was replaced with utils.ConvertPrivateKeyToPKCS8
+	pemPrivKey, err := utils.ConvertPrivateKeyToPKCS8(privKey, role, gun, "")
 	require.NoError(t, err, "failed to convert key to PEM")
 	require.Equal(t, testData, pemPrivKey)
 }