Merge pull request #875 from endophage/witness

Witness command
notaryproject · Aug 3, 2016 · dc74bd3 · dc74bd3
2 parents 41625dc + 3b9ffbc
commit dc74bd3
Show file tree

Hide file tree

Showing 15 changed files with 466 additions and 112 deletions.
diff --git a/client/changelist/change.go b/client/changelist/change.go
@@ -23,6 +23,7 @@ const (
 	TypeRootRole          = "role"
 	TypeTargetsTarget     = "target"
 	TypeTargetsDelegation = "delegation"
+	TypeWitness           = "witness"
 )
 
 // TUFChange represents a change to a TUF repo

diff --git a/client/client.go b/client/client.go
@@ -20,7 +20,6 @@ import (
 	"github.com/docker/notary/trustmanager"
 	"github.com/docker/notary/trustpinning"
 	"github.com/docker/notary/tuf"
-	tufclient "github.com/docker/notary/tuf/client"
 	"github.com/docker/notary/tuf/data"
 	"github.com/docker/notary/tuf/signed"
 	"github.com/docker/notary/tuf/utils"
@@ -85,6 +84,7 @@ type NotaryRepository struct {
 	fileStore     store.MetadataStore
 	CryptoService signed.CryptoService
 	tufRepo       *tuf.Repo
+	invalid       *tuf.Repo // known data that was parsable but deemed invalid
 	roundTrip     http.RoundTripper
 	trustPinning  trustpinning.TrustPinConfig
 }
@@ -616,7 +616,7 @@ func (r *NotaryRepository) publish(cl changelist.Changelist) error {
 		}
 	}
 	// apply the changelist to the repo
-	if err := applyChangelist(r.tufRepo, cl); err != nil {
+	if err := applyChangelist(r.tufRepo, r.invalid, cl); err != nil {
 		logrus.Debug("Error applying changelist")
 		return err
 	}
@@ -714,7 +714,7 @@ func (r *NotaryRepository) bootstrapRepo() error {
 		}
 	}
 
-	tufRepo, err := b.Finish()
+	tufRepo, _, err := b.Finish()
 	if err == nil {
 		r.tufRepo = tufRepo
 	}
@@ -787,7 +787,7 @@ func (r *NotaryRepository) Update(forWrite bool) error {
 		}
 		return err
 	}
-	repo, err := c.Update()
+	repo, invalid, err := c.Update()
 	if err != nil {
 		// notFound.Resource may include a checksum so when the role is root,
 		// it will be root or root.<checksum>. Therefore best we can
@@ -800,6 +800,7 @@ func (r *NotaryRepository) Update(forWrite bool) error {
 	// we can be assured if we are at this stage that the repo we built is good
 	// no need to test the following function call for an error as it will always be fine should the repo be good- it is!
 	r.tufRepo = repo
+	r.invalid = invalid
 	warnRolesNearExpiry(repo)
 	return nil
 }
@@ -811,16 +812,16 @@ func (r *NotaryRepository) Update(forWrite bool) error {
 // and return an error if the remote repository errors.
 //
 // Populates a tuf.RepoBuilder with this root metadata (only use
-// tufclient.Client.Update to load the rest).
+// TUFClient.Update to load the rest).
 //
 // Fails if the remote server is reachable and does not know the repo
 // (i.e. before the first r.Publish()), in which case the error is
 // store.ErrMetaNotFound, or if the root metadata (from whichever source is used)
 // is not trusted.
 //
-// Returns a tufclient.Client for the remote server, which may not be actually
+// Returns a TUFClient for the remote server, which may not be actually
 // operational (if the URL is invalid but a root.json is cached).
-func (r *NotaryRepository) bootstrapClient(checkInitialized bool) (*tufclient.Client, error) {
+func (r *NotaryRepository) bootstrapClient(checkInitialized bool) (*TUFClient, error) {
 	minVersion := 1
 	// the old root on disk should not be validated against any trust pinning configuration
 	// because if we have an old root, it itself is the thing that pins trust
@@ -887,7 +888,7 @@ func (r *NotaryRepository) bootstrapClient(checkInitialized bool) (*tufclient.Cl
 		return nil, ErrRepoNotInitialized{}
 	}
 
-	return tufclient.NewClient(oldBuilder, newBuilder, remote, r.fileStore), nil
+	return NewTUFClient(oldBuilder, newBuilder, remote, r.fileStore), nil
 }
 
 // RotateKey removes all existing keys associated with the role, and either

diff --git a/client/client_test.go b/client/client_test.go
@@ -1202,7 +1202,7 @@ func testListTarget(t *testing.T, rootType string) {
 	require.NoError(t, err, "could not open changelist")
 
 	// apply the changelist to the repo
-	err = applyChangelist(repo.tufRepo, cl)
+	err = applyChangelist(repo.tufRepo, nil, cl)
 	require.NoError(t, err, "could not apply changelist")
 
 	fakeServerData(t, repo, mux, keys)
@@ -1280,7 +1280,7 @@ func testListTargetWithDelegates(t *testing.T, rootType string) {
 	require.NoError(t, err, "could not open changelist")
 
 	// apply the changelist to the repo, then clear it
-	err = applyChangelist(repo.tufRepo, cl)
+	err = applyChangelist(repo.tufRepo, nil, cl)
 	require.NoError(t, err, "could not apply changelist")
 	require.NoError(t, cl.Clear(""))
 
@@ -1305,7 +1305,7 @@ func testListTargetWithDelegates(t *testing.T, rootType string) {
 		filepath.Join(repo.baseDir, "tuf", filepath.FromSlash(repo.gun), "changelist"))
 	require.NoError(t, err, "could not open changelist")
 	// apply the changelist to the repo
-	err = applyChangelist(repo.tufRepo, cl)
+	err = applyChangelist(repo.tufRepo, nil, cl)
 	require.NoError(t, err, "could not apply changelist")
 	// check the changelist was applied
 	_, ok = repo.tufRepo.Targets["targets/level1/level2"].Signed.Targets["level2"]
@@ -1430,7 +1430,7 @@ func TestListTargetRestrictsDelegationPaths(t *testing.T) {
 	require.NoError(t, err, "could not open changelist")
 
 	// apply the changelist to the repo
-	err = applyChangelist(repo.tufRepo, cl)
+	err = applyChangelist(repo.tufRepo, nil, cl)
 	require.NoError(t, err, "could not apply changelist")
 
 	require.NoError(t, cl.Clear(""))
@@ -1452,7 +1452,7 @@ func TestListTargetRestrictsDelegationPaths(t *testing.T) {
 	require.NoError(t, err, "could not open changelist")
 
 	// apply the changelist to the repo
-	err = applyChangelist(repo.tufRepo, cl)
+	err = applyChangelist(repo.tufRepo, nil, cl)
 	require.NoError(t, err, "could not apply changelist")
 
 	fakeServerData(t, repo, mux, keys)
@@ -2948,7 +2948,7 @@ func TestAddDelegationChangefileApplicable(t *testing.T) {
 	require.Len(t, changes, 2)
 
 	// ensure that it can be applied correctly
-	err = applyTargetsChange(repo.tufRepo, changes[0])
+	err = applyTargetsChange(repo.tufRepo, nil, changes[0])
 	require.NoError(t, err)
 
 	targetRole := repo.tufRepo.Targets[data.CanonicalTargetsRole]
@@ -3025,8 +3025,8 @@ func TestRemoveDelegationChangefileApplicable(t *testing.T) {
 	require.NoError(t, repo.AddDelegation("targets/a", []data.PublicKey{rootPubKey}, []string{""}))
 	changes := getChanges(t, repo)
 	require.Len(t, changes, 2)
-	require.NoError(t, applyTargetsChange(repo.tufRepo, changes[0]))
-	require.NoError(t, applyTargetsChange(repo.tufRepo, changes[1]))
+	require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[0]))
+	require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[1]))
 
 	targetRole := repo.tufRepo.Targets[data.CanonicalTargetsRole]
 	require.Len(t, targetRole.Signed.Delegations.Roles, 1)
@@ -3038,7 +3038,7 @@ func TestRemoveDelegationChangefileApplicable(t *testing.T) {
 	require.NoError(t, repo.RemoveDelegationKeys("targets/a", []string{rootKeyCanonicalID}))
 	changes = getChanges(t, repo)
 	require.Len(t, changes, 3)
-	require.NoError(t, applyTargetsChange(repo.tufRepo, changes[2]))
+	require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[2]))
 
 	targetRole = repo.tufRepo.Targets[data.CanonicalTargetsRole]
 	require.Len(t, targetRole.Signed.Delegations.Roles, 1)
@@ -3061,14 +3061,14 @@ func TestClearAllPathsDelegationChangefileApplicable(t *testing.T) {
 	require.NoError(t, repo.AddDelegation("targets/a", []data.PublicKey{rootPubKey}, []string{"abc,123,xyz,path"}))
 	changes := getChanges(t, repo)
 	require.Len(t, changes, 2)
-	require.NoError(t, applyTargetsChange(repo.tufRepo, changes[0]))
-	require.NoError(t, applyTargetsChange(repo.tufRepo, changes[1]))
+	require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[0]))
+	require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[1]))
 
 	// now clear paths it
 	require.NoError(t, repo.ClearDelegationPaths("targets/a"))
 	changes = getChanges(t, repo)
 	require.Len(t, changes, 3)
-	require.NoError(t, applyTargetsChange(repo.tufRepo, changes[2]))
+	require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[2]))
 
 	delgRoles := repo.tufRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Roles
 	require.Len(t, delgRoles, 1)
@@ -3105,7 +3105,7 @@ func TestFullAddDelegationChangefileApplicable(t *testing.T) {
 
 	changes := getChanges(t, repo)
 	require.Len(t, changes, 1)
-	require.NoError(t, applyTargetsChange(repo.tufRepo, changes[0]))
+	require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[0]))
 
 	delgRoles := repo.tufRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Roles
 	require.Len(t, delgRoles, 1)
@@ -3136,8 +3136,8 @@ func TestFullRemoveDelegationChangefileApplicable(t *testing.T) {
 	require.NoError(t, repo.AddDelegation(delegationName, []data.PublicKey{rootPubKey, key2}, []string{"abc", "123"}))
 	changes := getChanges(t, repo)
 	require.Len(t, changes, 2)
-	require.NoError(t, applyTargetsChange(repo.tufRepo, changes[0]))
-	require.NoError(t, applyTargetsChange(repo.tufRepo, changes[1]))
+	require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[0]))
+	require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[1]))
 
 	targetRole := repo.tufRepo.Targets[data.CanonicalTargetsRole]
 	require.Len(t, targetRole.Signed.Delegations.Roles, 1)
@@ -3155,7 +3155,7 @@ func TestFullRemoveDelegationChangefileApplicable(t *testing.T) {
 
 	changes = getChanges(t, repo)
 	require.Len(t, changes, 3)
-	require.NoError(t, applyTargetsChange(repo.tufRepo, changes[2]))
+	require.NoError(t, applyTargetsChange(repo.tufRepo, nil, changes[2]))
 
 	delgRoles := repo.tufRepo.Targets[data.CanonicalTargetsRole].Signed.Delegations.Roles
 	require.Len(t, delgRoles, 1)
@@ -3577,7 +3577,7 @@ func TestGetAllTargetInfo(t *testing.T) {
 	require.NoError(t, err, "could not open changelist")
 
 	// apply the changelist to the repo, then clear it
-	err = applyChangelist(repo.tufRepo, cl)
+	err = applyChangelist(repo.tufRepo, nil, cl)
 	require.NoError(t, err, "could not apply changelist")
 	require.NoError(t, cl.Clear(""))
 
@@ -3602,7 +3602,7 @@ func TestGetAllTargetInfo(t *testing.T) {
 		filepath.Join(repo.baseDir, "tuf", filepath.FromSlash(repo.gun), "changelist"))
 	require.NoError(t, err, "could not open changelist")
 	// apply the changelist to the repo
-	err = applyChangelist(repo.tufRepo, cl)
+	err = applyChangelist(repo.tufRepo, nil, cl)
 	require.NoError(t, err, "could not apply changelist")
 	// check the changelist was applied
 	_, ok = repo.tufRepo.Targets["targets/level1/level2"].Signed.Targets["level2"]

diff --git a/client/helpers.go b/client/helpers.go
@@ -29,7 +29,7 @@ func getRemoteStore(baseURL, gun string, rt http.RoundTripper) (store.RemoteStor
 	return s, err
 }
 
-func applyChangelist(repo *tuf.Repo, cl changelist.Changelist) error {
+func applyChangelist(repo *tuf.Repo, invalid *tuf.Repo, cl changelist.Changelist) error {
 	it, err := cl.NewIterator()
 	if err != nil {
 		return err
@@ -43,11 +43,11 @@ func applyChangelist(repo *tuf.Repo, cl changelist.Changelist) error {
 		isDel := data.IsDelegation(c.Scope()) || data.IsWildDelegation(c.Scope())
 		switch {
 		case c.Scope() == changelist.ScopeTargets || isDel:
-			err = applyTargetsChange(repo, c)
+			err = applyTargetsChange(repo, invalid, c)
 		case c.Scope() == changelist.ScopeRoot:
 			err = applyRootChange(repo, c)
 		default:
-			logrus.Debug("scope not supported: ", c.Scope())
+			return fmt.Errorf("scope not supported: %s", c.Scope())
 		}
 		if err != nil {
 			logrus.Debugf("error attempting to apply change #%d: %s, on scope: %s path: %s type: %s", index, c.Action(), c.Scope(), c.Path(), c.Type())
@@ -59,12 +59,14 @@ func applyChangelist(repo *tuf.Repo, cl changelist.Changelist) error {
 	return nil
 }
 
-func applyTargetsChange(repo *tuf.Repo, c changelist.Change) error {
+func applyTargetsChange(repo *tuf.Repo, invalid *tuf.Repo, c changelist.Change) error {
 	switch c.Type() {
 	case changelist.TypeTargetsTarget:
 		return changeTargetMeta(repo, c)
 	case changelist.TypeTargetsDelegation:
 		return changeTargetsDelegation(repo, c)
+	case changelist.TypeWitness:
+		return witnessTargets(repo, invalid, c.Scope())
 	default:
 		return fmt.Errorf("only target meta and delegations changes supported")
 	}
@@ -155,7 +157,7 @@ func changeTargetMeta(repo *tuf.Repo, c changelist.Change) error {
 		}
 
 	default:
-		logrus.Debug("action not yet supported: ", c.Action())
+		err = fmt.Errorf("action not yet supported: %s", c.Action())
 	}
 	return err
 }
@@ -166,7 +168,7 @@ func applyRootChange(repo *tuf.Repo, c changelist.Change) error {
 	case changelist.TypeRootRole:
 		err = applyRootRoleChange(repo, c)
 	default:
-		logrus.Debug("type of root change not yet supported: ", c.Type())
+		err = fmt.Errorf("type of root change not yet supported: %s", c.Type())
 	}
 	return err // might be nil
 }
@@ -185,7 +187,7 @@ func applyRootRoleChange(repo *tuf.Repo, c changelist.Change) error {
 			return err
 		}
 	default:
-		logrus.Debug("action not yet supported for root: ", c.Action())
+		return fmt.Errorf("action not yet supported for root: %s", c.Action())
 	}
 	return nil
 }