Remove libtrust dep from api

Signed-off-by: Daniel Nephin <dnephin@docker.com>
2017-09-06 11:44:11 -04:00 · 2017-09-06 11:44:11 -04:00 · 2f007e46d0
commit 2f007e46d0
parent 22b246417f
6 changed files with 130 additions and 133 deletions
--- a/api/common.go
+++ b/api/common.go
@ -1,17 +1,5 @@
 package api
 import (
 	"encoding/json"
 	"encoding/pem"
 	"fmt"
 	"os"
 	"path/filepath"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/libtrust"
 )
 // Common constants for daemon and client.
 const (
 	// DefaultVersion of Current REST API
@ -21,45 +9,3 @@ const (
 	// command to specify that no base image is to be used.
 	NoBaseImageSpecifier string = "scratch"
 )
 // LoadOrCreateTrustKey attempts to load the libtrust key at the given path,
 // otherwise generates a new one
 func LoadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
 	err := system.MkdirAll(filepath.Dir(trustKeyPath), 0700, "")
 	if err != nil {
 		return nil, err
 	}
 	trustKey, err := libtrust.LoadKeyFile(trustKeyPath)
 	if err == libtrust.ErrKeyFileDoesNotExist {
 		trustKey, err = libtrust.GenerateECP256PrivateKey()
 		if err != nil {
 			return nil, fmt.Errorf("Error generating key: %s", err)
 		}
 		encodedKey, err := serializePrivateKey(trustKey, filepath.Ext(trustKeyPath))
 		if err != nil {
 			return nil, fmt.Errorf("Error serializing key: %s", err)
 		}
 		if err := ioutils.AtomicWriteFile(trustKeyPath, encodedKey, os.FileMode(0600)); err != nil {
 			return nil, fmt.Errorf("Error saving key file: %s", err)
 		}
 	} else if err != nil {
 		return nil, fmt.Errorf("Error loading key file %s: %s", trustKeyPath, err)
 	}
 	return trustKey, nil
 }
 func serializePrivateKey(key libtrust.PrivateKey, ext string) (encoded []byte, err error) {
 	if ext == ".json" || ext == ".jwk" {
 		encoded, err = json.Marshal(key)
 		if err != nil {
 			return nil, fmt.Errorf("unable to encode private key JWK: %s", err)
 		}
 	} else {
 		pemBlock, err := key.PEMBlock()
 		if err != nil {
 			return nil, fmt.Errorf("unable to encode private key PEM: %s", err)
 		}
 		encoded = pem.EncodeToMemory(pemBlock)
 	}
 	return
 }
--- a/api/common_test.go
+++ b/api/common_test.go
@ -1,77 +0,0 @@
 package api
 import (
 	"io/ioutil"
 	"path/filepath"
 	"testing"
 	"os"
 )
 // LoadOrCreateTrustKey
 func TestLoadOrCreateTrustKeyInvalidKeyFile(t *testing.T) {
 	tmpKeyFolderPath, err := ioutil.TempDir("", "api-trustkey-test")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpKeyFolderPath)
 	tmpKeyFile, err := ioutil.TempFile(tmpKeyFolderPath, "keyfile")
 	if err != nil {
 		t.Fatal(err)
 	}
 	if _, err := LoadOrCreateTrustKey(tmpKeyFile.Name()); err == nil {
 		t.Fatal("expected an error, got nothing.")
 	}
 }
 func TestLoadOrCreateTrustKeyCreateKey(t *testing.T) {
 	tmpKeyFolderPath, err := ioutil.TempDir("", "api-trustkey-test")
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer os.RemoveAll(tmpKeyFolderPath)
 	// Without the need to create the folder hierarchy
 	tmpKeyFile := filepath.Join(tmpKeyFolderPath, "keyfile")
 	if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
 		t.Fatalf("expected a new key file, got : %v and %v", err, key)
 	}
 	if _, err := os.Stat(tmpKeyFile); err != nil {
 		t.Fatalf("Expected to find a file %s, got %v", tmpKeyFile, err)
 	}
 	// With the need to create the folder hierarchy as tmpKeyFie is in a path
 	// where some folders do not exist.
 	tmpKeyFile = filepath.Join(tmpKeyFolderPath, "folder/hierarchy/keyfile")
 	if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
 		t.Fatalf("expected a new key file, got : %v and %v", err, key)
 	}
 	if _, err := os.Stat(tmpKeyFile); err != nil {
 		t.Fatalf("Expected to find a file %s, got %v", tmpKeyFile, err)
 	}
 	// With no path at all
 	defer os.Remove("keyfile")
 	if key, err := LoadOrCreateTrustKey("keyfile"); err != nil || key == nil {
 		t.Fatalf("expected a new key file, got : %v and %v", err, key)
 	}
 	if _, err := os.Stat("keyfile"); err != nil {
 		t.Fatalf("Expected to find a file keyfile, got %v", err)
 	}
 }
 func TestLoadOrCreateTrustKeyLoadValidKey(t *testing.T) {
 	tmpKeyFile := filepath.Join("fixtures", "keyfile")
 	if key, err := LoadOrCreateTrustKey(tmpKeyFile); err != nil || key == nil {
 		t.Fatalf("expected a key file, got : %v and %v", err, key)
 	}
 }
--- a/daemon/daemon.go
+++ b/daemon/daemon.go
@ -19,7 +19,6 @@ import (
 	"time"
 	containerd "github.com/containerd/containerd/api/grpc/types"
 	"github.com/docker/docker/api"
 	"github.com/docker/docker/api/types"
 	containertypes "github.com/docker/docker/api/types/container"
 	"github.com/docker/docker/api/types/swarm"
@ -713,7 +712,7 @@ func NewDaemon(config *config.Config, registryService registry.Service, containe
 		return nil, err
 	}
-	trustKey, err := api.LoadOrCreateTrustKey(config.TrustKeyPath)
+	trustKey, err := loadOrCreateTrustKey(config.TrustKeyPath)
 	if err != nil {
 		return nil, err
 	}
--- a/daemon/testdata/keyfile
+++ b/daemon/testdata/keyfile
--- a/daemon/trustkey.go
+++ b/daemon/trustkey.go
@ -0,0 +1,57 @@
 package daemon
 import (
 	"encoding/json"
 	"encoding/pem"
 	"fmt"
 	"os"
 	"path/filepath"
 	"github.com/docker/docker/pkg/ioutils"
 	"github.com/docker/docker/pkg/system"
 	"github.com/docker/libtrust"
 )
 // LoadOrCreateTrustKey attempts to load the libtrust key at the given path,
 // otherwise generates a new one
 // TODO: this should use more of libtrust.LoadOrCreateTrustKey which may need
 // a refactor or this function to be moved into libtrust
 func loadOrCreateTrustKey(trustKeyPath string) (libtrust.PrivateKey, error) {
 	err := system.MkdirAll(filepath.Dir(trustKeyPath), 0700, "")
 	if err != nil {
 		return nil, err
 	}
 	trustKey, err := libtrust.LoadKeyFile(trustKeyPath)
 	if err == libtrust.ErrKeyFileDoesNotExist {
 		trustKey, err = libtrust.GenerateECP256PrivateKey()
 		if err != nil {
 			return nil, fmt.Errorf("Error generating key: %s", err)
 		}
 		encodedKey, err := serializePrivateKey(trustKey, filepath.Ext(trustKeyPath))
 		if err != nil {
 			return nil, fmt.Errorf("Error serializing key: %s", err)
 		}
 		if err := ioutils.AtomicWriteFile(trustKeyPath, encodedKey, os.FileMode(0600)); err != nil {
 			return nil, fmt.Errorf("Error saving key file: %s", err)
 		}
 	} else if err != nil {
 		return nil, fmt.Errorf("Error loading key file %s: %s", trustKeyPath, err)
 	}
 	return trustKey, nil
 }
 func serializePrivateKey(key libtrust.PrivateKey, ext string) (encoded []byte, err error) {
 	if ext == ".json" || ext == ".jwk" {
 		encoded, err = json.Marshal(key)
 		if err != nil {
 			return nil, fmt.Errorf("unable to encode private key JWK: %s", err)
 		}
 	} else {
 		pemBlock, err := key.PEMBlock()
 		if err != nil {
 			return nil, fmt.Errorf("unable to encode private key PEM: %s", err)
 		}
 		encoded = pem.EncodeToMemory(pemBlock)
 	}
 	return
 }
--- a/daemon/trustkey_test.go
+++ b/daemon/trustkey_test.go
@ -0,0 +1,72 @@
 package daemon
 import (
 	"io/ioutil"
 	"os"
 	"path/filepath"
 	"testing"
 	"github.com/docker/docker/internal/testutil"
 	"github.com/gotestyourself/gotestyourself/fs"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
 // LoadOrCreateTrustKey
 func TestLoadOrCreateTrustKeyInvalidKeyFile(t *testing.T) {
 	tmpKeyFolderPath, err := ioutil.TempDir("", "api-trustkey-test")
 	require.NoError(t, err)
 	defer os.RemoveAll(tmpKeyFolderPath)
 	tmpKeyFile, err := ioutil.TempFile(tmpKeyFolderPath, "keyfile")
 	require.NoError(t, err)
 	_, err = loadOrCreateTrustKey(tmpKeyFile.Name())
 	testutil.ErrorContains(t, err, "Error loading key file")
 }
 func TestLoadOrCreateTrustKeyCreateKeyWhenFileDoesNotExist(t *testing.T) {
 	tmpKeyFolderPath := fs.NewDir(t, "api-trustkey-test")
 	defer tmpKeyFolderPath.Remove()
 	// Without the need to create the folder hierarchy
 	tmpKeyFile := tmpKeyFolderPath.Join("keyfile")
 	key, err := loadOrCreateTrustKey(tmpKeyFile)
 	require.NoError(t, err)
 	assert.NotNil(t, key)
 	_, err = os.Stat(tmpKeyFile)
 	require.NoError(t, err, "key file doesn't exist")
 }
 func TestLoadOrCreateTrustKeyCreateKeyWhenDirectoryDoesNotExist(t *testing.T) {
 	tmpKeyFolderPath := fs.NewDir(t, "api-trustkey-test")
 	defer tmpKeyFolderPath.Remove()
 	tmpKeyFile := tmpKeyFolderPath.Join("folder/hierarchy/keyfile")
 	key, err := loadOrCreateTrustKey(tmpKeyFile)
 	require.NoError(t, err)
 	assert.NotNil(t, key)
 	_, err = os.Stat(tmpKeyFile)
 	require.NoError(t, err, "key file doesn't exist")
 }
 func TestLoadOrCreateTrustKeyCreateKeyNoPath(t *testing.T) {
 	defer os.Remove("keyfile")
 	key, err := loadOrCreateTrustKey("keyfile")
 	require.NoError(t, err)
 	assert.NotNil(t, key)
 	_, err = os.Stat("keyfile")
 	require.NoError(t, err, "key file doesn't exist")
 }
 func TestLoadOrCreateTrustKeyLoadValidKey(t *testing.T) {
 	tmpKeyFile := filepath.Join("testdata", "keyfile")
 	key, err := loadOrCreateTrustKey(tmpKeyFile)
 	require.NoError(t, err)
 	expected := "AWX2:I27X:WQFX:IOMK:CNAK:O7PW:VYNB:ZLKC:CVAE:YJP2:SI4A:XXAY"
 	assert.Contains(t, key.String(), expected)
 }