Merge pull request #1260 from eiais/invalidBlocks

return errors for invalid key pem blocks
notaryproject · Nov 7, 2017 · 78afe81 · 78afe81
2 parents 86888f1 + b615042
commit 78afe81
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 7 deletions.
diff --git a/cmd/notary/integration_test.go b/cmd/notary/integration_test.go
@@ -2663,7 +2663,7 @@ func TestClientKeyImport(t *testing.T) {
 
 	// import the key
 	_, err = runCommand(t, tempDir, "key", "import", tempFile6.Name())
-	require.NoError(t, err)
+	require.EqualError(t, err, "failed to import all keys: invalid key pem block")
 
 	// if there is hardware available, root will only be on hardware, and not
 	// on disk
@@ -2720,7 +2720,7 @@ func TestClientKeyImport(t *testing.T) {
 
 	// import the key
 	_, err = runCommand(t, tempDir, "key", "import", tempFile8.Name())
-	require.NoError(t, err)
+	require.EqualError(t, err, "failed to import all keys: invalid key pem block")
 
 	// if there is hardware available, root will only be on hardware, and not
 	// on disk

diff --git a/cmd/notary/keys_test.go b/cmd/notary/keys_test.go
@@ -830,11 +830,9 @@ func TestKeyGeneration(t *testing.T) {
 	require.NoError(t, err)
 	privK, err := utils.ParsePEMPrivateKey(priv, testPassphrase)
 	require.NoError(t, err)
-
 	// the ID is only generated from the public part of the key so they should be identical
 	require.Equal(t, pubK.ID(), privK.ID())
 
 	_, err = runCommand(t, tempDir, "key", "import", filepath.Join(tempDir, "testkeys-key.pem"))
-	require.NoError(t, err)
-
+	require.EqualError(t, err, "failed to import all keys: invalid key pem block")
 }
diff --git a/trustmanager/keys.go b/trustmanager/keys.go
@@ -3,6 +3,7 @@ package trustmanager
 import (
 	"encoding/pem"
 	"errors"
+	"fmt"
 	"io"
 	"io/ioutil"
 	"path/filepath"
@@ -100,8 +101,9 @@ func ImportKeys(from io.Reader, to []Importer, fallbackRole string, fallbackGUN
 		return err
 	}
 	var (
-		writeTo string
-		toWrite []byte
+		writeTo   string
+		toWrite   []byte
+		errBlocks []string
 	)
 	for block, rest := pem.Decode(data); block != nil; block, rest = pem.Decode(rest) {
 		handleLegacyPath(block)
@@ -110,6 +112,7 @@ func ImportKeys(from io.Reader, to []Importer, fallbackRole string, fallbackGUN
 		loc, err := checkValidity(block)
 		if err != nil {
 			// already logged in checkValidity
+			errBlocks = append(errBlocks, err.Error())
 			continue
 		}
 
@@ -157,6 +160,9 @@ func ImportKeys(from io.Reader, to []Importer, fallbackRole string, fallbackGUN
 	if toWrite != nil { // close out final iteration if there's data left
 		return importToStores(to, writeTo, toWrite)
 	}
+	if len(errBlocks) > 0 {
+		return fmt.Errorf("failed to import all keys: %s", strings.Join(errBlocks, ", "))
+	}
 	return nil
 }