added nearexpiry functionality and removed an unused testutil function

avaid96 · avaid96 · commit 111b01d5e436 · 2016-06-14T15:21:35.000-07:00
Signed-off-by: avaid96 &lt;avaid1996@gmail.com&gt;
diff --git a/client/client.go b/client/client.go
@@ -612,7 +612,7 @@ func (r *NotaryRepository) publish(cl changelist.Changelist) error {
 	// check if our root file is nearing expiry or dirty. Resign if it is.  If
 	// root is not dirty but we are publishing for the first time, then just
 	// publish the existing root we have.
-	if nearExpiry(r.tufRepo.Root) || r.tufRepo.Root.Dirty {
+	if nearExpiry(r.tufRepo.Root.Signed.SignedCommon) || r.tufRepo.Root.Dirty {
 		rootJSON, err := serializeCanonicalRole(r.tufRepo, data.CanonicalRootRole)
 		if err != nil {
 			return err
@@ -781,7 +781,10 @@ func (r *NotaryRepository) Update(forWrite bool) error {
 		}
 		return err
 	}
+	// we can be assured if we are at this stage that the repo we built is good
+	// no need to test the following function call for an error as it will always be fine should the repo be good- it is!
 	r.tufRepo = repo
+	warnRolesNearExpiry(repo)
 	return nil
 }
 
diff --git a/client/helpers.go b/client/helpers.go
@@ -190,9 +190,30 @@ func applyRootRoleChange(repo *tuf.Repo, c changelist.Change) error {
 	return nil
 }
 
-func nearExpiry(r *data.SignedRoot) bool {
+func nearExpiry(r data.SignedCommon) bool {
 	plus6mo := time.Now().AddDate(0, 6, 0)
-	return r.Signed.Expires.Before(plus6mo)
+	return r.Expires.Before(plus6mo)
+}
+
+func warnRolesNearExpiry(r *tuf.Repo) error {
+	//get every role and its respective signed common and call nearExpiry on it
+	//Root check
+	if nearExpiry(r.Root.Signed.SignedCommon) {
+		logrus.Warn("root is nearing expiry, you should re-sign the key")
+	}
+	//Targets and delegations check
+	for role, signedTOrD := range r.Targets {
+		//signedTOrD is of type *data.SignedTargets
+		if nearExpiry(signedTOrD.Signed.SignedCommon) {
+			logrus.Warn(role, " metadata is nearing expiry, you should re-sign the key")
+		}
+	}
+	//Snapshot check
+	if nearExpiry(r.Snapshot.Signed.SignedCommon) {
+		logrus.Warn("snapshot is nearing expiry, you should re-sign the key")
+	}
+	return nil
+	//Timestamp is not checked since the user doesn't need to worry about it, we deal with it
 }
 
 // Fetches a public key from a remote store, given a gun and role
diff --git a/client/helpers_test.go b/client/helpers_test.go
@@ -1,14 +1,16 @@
 package client
 
 import (
+	"bytes"
 	"crypto/sha256"
 	"encoding/json"
-	"testing"
-
+	log "github.com/Sirupsen/logrus"
 	"github.com/docker/notary/client/changelist"
 	"github.com/docker/notary/tuf/data"
 	"github.com/docker/notary/tuf/testutils"
 	"github.com/stretchr/testify/require"
+	"testing"
+	"time"
 )
 
 func TestApplyTargetsChange(t *testing.T) {
@@ -968,3 +970,45 @@ func TestChangeTargetMetaFailsIfPrefixError(t *testing.T) {
 	require.Empty(t, repo.Targets[data.CanonicalTargetsRole].Signed.Targets)
 	require.Empty(t, repo.Targets["targets/level1"].Signed.Targets)
 }
+
+func TestAllNearExpiry(t *testing.T) {
+	repo, _, err := testutils.EmptyRepo("docker.com/notary")
+	require.NoError(t, err)
+	nearexpdate := time.Now().AddDate(0, 1, 0)
+	repo.Root.Signed.SignedCommon.Expires = nearexpdate
+	repo.Snapshot.Signed.SignedCommon.Expires = nearexpdate
+	repo.Targets["targets"].Signed.Expires = nearexpdate
+	_, err1 := repo.InitTargets("targets/exp")
+	require.NoError(t, err1)
+	repo.Targets["targets/exp"].Signed.Expires = nearexpdate
+	//Reset levels to display warnings through logrus
+	log.SetLevel(log.WarnLevel)
+	b := bytes.NewBuffer(nil)
+	log.SetOutput(b)
+	warnRolesNearExpiry(repo)
+	require.Contains(t, b.String(), "targets metadata is nearing expiry, you should re-sign the key", "targets should show near expiry")
+	require.Contains(t, b.String(), "targets/exp metadata is nearing expiry, you should re-sign the key", b.String(), "targets/exp should show near expiry")
+	require.Contains(t, b.String(), "root is nearing expiry, you should re-sign the key", "Root should show near expiry")
+	require.Contains(t, b.String(), "snapshot is nearing expiry, you should re-sign the key", "Snapshot should show near expiry")
+}
+
+func TestAllNotNearExpiry(t *testing.T) {
+	repo, _, err := testutils.EmptyRepo("docker.com/notary")
+	require.NoError(t, err)
+	notnearexpdate := time.Now().AddDate(0, 10, 0)
+	repo.Root.Signed.SignedCommon.Expires = notnearexpdate
+	repo.Snapshot.Signed.SignedCommon.Expires = notnearexpdate
+	repo.Targets["targets"].Signed.Expires = notnearexpdate
+	_, err1 := repo.InitTargets("targets/noexp")
+	require.NoError(t, err1)
+	repo.Targets["targets/noexp"].Signed.Expires = notnearexpdate
+	//Reset levels to display warnings through logrus
+	log.SetLevel(log.WarnLevel)
+	a := bytes.NewBuffer(nil)
+	log.SetOutput(a)
+	warnRolesNearExpiry(repo)
+	require.NotContains(t, a.String(), "targets metadata is nearing expiry, you should re-sign the key", "targets should not show near expiry")
+	require.NotContains(t, a.String(), "targets/noexp metadata is nearing expiry, you should re-sign the key", "targets/noexp should not show near expiry")
+	require.NotContains(t, a.String(), "root is nearing expiry, you should re-sign the key", "Root should not show near expiry")
+	require.NotContains(t, a.String(), "snapshot is nearing expiry, you should re-sign the key", "Snapshot should not show near expiry")
+}
diff --git a/tuf/testutils/repo.go b/tuf/testutils/repo.go
@@ -12,8 +12,6 @@ import (
 	"github.com/docker/notary/passphrase"
 	"github.com/docker/notary/trustmanager"
 	"github.com/docker/notary/tuf/data"
-	"github.com/docker/notary/tuf/utils"
-	fuzz "github.com/google/gofuzz"
 	"github.com/stretchr/testify/require"
 
 	tuf "github.com/docker/notary/tuf"
@@ -142,23 +140,6 @@ func CopyRepoMetadata(from map[string][]byte) map[string][]byte {
 	return copied
 }
 
-// AddTarget generates a fake target and adds it to a repo.
-func AddTarget(role string, r *tuf.Repo) (name string, meta data.FileMeta, content []byte, err error) {
-	randness := fuzz.Continue{}
-	content = RandomByteSlice(1024)
-	name = randness.RandString()
-	t := data.FileMeta{
-		Length: int64(len(content)),
-		Hashes: data.Hashes{
-			"sha256": utils.DoHash("sha256", content),
-			"sha512": utils.DoHash("sha512", content),
-		},
-	}
-	files := data.Files{name: t}
-	_, err = r.AddTargets(role, files)
-	return
-}
-
 // RandomByteSlice generates some random data to be used for testing only
 func RandomByteSlice(maxSize int) []byte {
 	r := rand.New(rand.NewSource(time.Now().UnixNano()))

Original file line number	Diff line number	Diff line change
`@@ -612,7 +612,7 @@ func (r *NotaryRepository) publish(cl changelist.Changelist) error {`
`612`	`612`	`// check if our root file is nearing expiry or dirty. Resign if it is. If`
`613`	`613`	`// root is not dirty but we are publishing for the first time, then just`
`614`	`614`	`// publish the existing root we have.`
`615`		`- if nearExpiry(r.tufRepo.Root) \|\| r.tufRepo.Root.Dirty {`
	`615`	`+ if nearExpiry(r.tufRepo.Root.Signed.SignedCommon) \|\| r.tufRepo.Root.Dirty {`
`616`	`616`	`rootJSON, err := serializeCanonicalRole(r.tufRepo, data.CanonicalRootRole)`
`617`	`617`	`if err != nil {`
`618`	`618`	`return err`
`@@ -781,7 +781,10 @@ func (r *NotaryRepository) Update(forWrite bool) error {`
`781`	`781`	`}`
`782`	`782`	`return err`
`783`	`783`	`}`
	`784`	`+ // we can be assured if we are at this stage that the repo we built is good`
	`785`	`+ // no need to test the following function call for an error as it will always be fine should the repo be good- it is!`
`784`	`786`	`r.tufRepo = repo`
	`787`	`+ warnRolesNearExpiry(repo)`
`785`	`788`	`return nil`
`786`	`789`	`}`
`787`	`790`