Use utils instead of trustmanager

Signed-off-by: Riyaz Faizullabhoy <[email protected]>

trustpinning/certs.go

@@ -152,7 +152,7 @@ func ValidateRoot(prevRoot *data.SignedRoot, root *data.Signed, gun string, trus
 	// Note that certsFromRoot is guaranteed to be unchanged only if we had prior cert data for this GUN or enabled TOFUS
 	// If we attempted to pin a certain certificate or CA, certsFromRoot could have been pruned accordingly
 	err = signed.VerifySignatures(root, data.BaseRole{
-		Keys: trustmanager.CertsToKeys(certsFromRoot, validIntCerts), Threshold: rootRole.Threshold})
+		Keys: utils.CertsToKeys(certsFromRoot, validIntCerts), Threshold: rootRole.Threshold})
 	if err != nil {
 		logrus.Debugf("failed to verify TUF data for: %s, %v", gun, err)
 		return nil, &ErrValidationFail{Reason: "failed to validate integrity of roots"}
@@ -178,7 +178,7 @@ func validRootLeafCerts(allLeafCerts map[string]*x509.Certificate, gun string, c
 		}
 		// Make sure the certificate is not expired if checkExpiry is true
 		// and warn if it hasn't expired yet but is within 6 months of expiry
-		if err := trustmanager.ValidateCertificate(cert, checkExpiry); err != nil {
+		if err := utils.ValidateCertificate(cert, checkExpiry); err != nil {
 			continue
 		}
 
@@ -203,7 +203,7 @@ func validRootIntCerts(allIntCerts map[string][]*x509.Certificate) map[string][]
 	// Go through every leaf cert ID, and build its valid intermediate certificate list
 	for leafID, intCertList := range allIntCerts {
 		for _, intCert := range intCertList {
-			if err := trustmanager.ValidateCertificate(intCert, true); err != nil {
+			if err := utils.ValidateCertificate(intCert, true); err != nil {
 				continue
 			}
 			validIntCerts[leafID] = append(validIntCerts[leafID], intCert)

trustpinning/certs_test.go

@@ -817,7 +817,7 @@ func TestCheckingCertExpiry(t *testing.T) {
 
 	almostExpiredCert, err := generateTestingCertificate(testPrivKey, gun, notary.Day*30)
 	require.NoError(t, err)
-	almostExpiredPubKey, err := trustmanager.ParsePEMPublicKey(trustmanager.CertToPEM(almostExpiredCert))
+	almostExpiredPubKey, err := utils.ParsePEMPublicKey(utils.CertToPEM(almostExpiredCert))
 	require.NoError(t, err)
 
 	// set up a logrus logger to capture warning output
@@ -854,7 +854,7 @@ func TestCheckingCertExpiry(t *testing.T) {
 
 	expiredCert, err := generateExpiredTestingCertificate(testPrivKey, gun)
 	require.NoError(t, err)
-	expiredPubKey := trustmanager.CertToKey(expiredCert)
+	expiredPubKey := utils.CertToKey(expiredCert)
 
 	rootRole, err = data.NewRole(data.CanonicalRootRole, 1, []string{expiredPubKey.ID()}, nil)
 	require.NoError(t, err)

trustpinning/trustpin.go

@@ -45,7 +45,7 @@ func NewTrustPinChecker(trustPinConfig TrustPinConfig, gun string) (CertChecker,
 		// Now only consider certificates that are direct children from this CA cert chain
 		caRootPool := x509.NewCertPool()
 		for _, caCert := range caCerts {
-			if err = trustmanager.ValidateCertificate(caCert, true); err != nil {
+			if err = utils.ValidateCertificate(caCert, true); err != nil {
 				continue
 			}
 			caRootPool.AddCert(caCert)