From 5d6bd65786a7f437f8f9bcb6eb1e53edaabd4acf Mon Sep 17 00:00:00 2001
From: Ying Li <ying.li@docker.com>
Date: Fri, 22 Jul 2016 15:48:52 -0700
Subject: [PATCH] Remove the HTTP endpoint for Notary Signer, as it's not used
 by anything. This removes the maintenance burden of keeping them in sync.

Signed-off-by: Ying Li <ying.li@docker.com>
---
 cmd/notary-signer/config.go         |  27 +--
 cmd/notary-signer/main.go           |   9 +-
 cmd/notary-signer/main_test.go      |  31 +---
 docs/reference/signer-config.md     |  22 +--
 fixtures/signer-config-local.json   |   1 -
 fixtures/signer-config.json         |   1 -
 fixtures/signer-config.rethink.json |   1 -
 signer.Dockerfile                   |   2 -
 signer/api/api.go                   | 205 -----------------------
 signer/api/api_test.go              | 250 ----------------------------
 signer/signer.go                    |   1 -
 11 files changed, 12 insertions(+), 538 deletions(-)
 delete mode 100644 signer/api/api.go
 delete mode 100644 signer/api/api_test.go

diff --git a/cmd/notary-signer/config.go b/cmd/notary-signer/config.go
index 6565f93ad..2704b9b86 100644
--- a/cmd/notary-signer/config.go
+++ b/cmd/notary-signer/config.go
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"net"
-	"net/http"
 	"os"
 	"strings"
 	"time"
@@ -62,7 +61,7 @@ func parseSignerConfig(configFilePath string) (signer.Config, error) {
 	utils.SetUpBugsnag(bugsnagConf)
 
 	// parse server config
-	httpAddr, grpcAddr, tlsConfig, err := getAddrAndTLSConfig(config)
+	grpcAddr, tlsConfig, err := getAddrAndTLSConfig(config)
 	if err != nil {
 		return signer.Config{}, err
 	}
@@ -74,7 +73,6 @@ func parseSignerConfig(configFilePath string) (signer.Config, error) {
 	}
 
 	return signer.Config{
-		HTTPAddr:       httpAddr,
 		GRPCAddr:       grpcAddr,
 		TLSConfig:      tlsConfig,
 		CryptoServices: cryptoServices,
@@ -213,33 +211,18 @@ func setupGRPCServer(grpcAddr string, tlsConfig *tls.Config,
 	return grpcServer, lis, nil
 }
 
-func setupHTTPServer(httpAddr string, tlsConfig *tls.Config,
-	cryptoServices signer.CryptoServiceIndex) *http.Server {
-
-	return &http.Server{
-		Addr:      httpAddr,
-		Handler:   api.Handlers(cryptoServices),
-		TLSConfig: tlsConfig,
-	}
-}
-
-func getAddrAndTLSConfig(configuration *viper.Viper) (string, string, *tls.Config, error) {
+func getAddrAndTLSConfig(configuration *viper.Viper) (string, *tls.Config, error) {
 	tlsConfig, err := utils.ParseServerTLS(configuration, true)
 	if err != nil {
-		return "", "", nil, fmt.Errorf("unable to set up TLS: %s", err.Error())
+		return "", nil, fmt.Errorf("unable to set up TLS: %s", err.Error())
 	}
 
 	grpcAddr := configuration.GetString("server.grpc_addr")
 	if grpcAddr == "" {
-		return "", "", nil, fmt.Errorf("grpc listen address required for server")
-	}
-
-	httpAddr := configuration.GetString("server.http_addr")
-	if httpAddr == "" {
-		return "", "", nil, fmt.Errorf("http listen address required for server")
+		return "", nil, fmt.Errorf("grpc listen address required for server")
 	}
 
-	return httpAddr, grpcAddr, tlsConfig, nil
+	return grpcAddr, tlsConfig, nil
 }
 
 func bootstrap(s interface{}) error {
diff --git a/cmd/notary-signer/main.go b/cmd/notary-signer/main.go
index 864863da7..f6b372101 100644
--- a/cmd/notary-signer/main.go
+++ b/cmd/notary-signer/main.go
@@ -58,18 +58,11 @@ func main() {
 		logrus.Fatal(err.Error())
 	}
 
-	httpServer := setupHTTPServer(signerConfig.HTTPAddr, signerConfig.TLSConfig, signerConfig.CryptoServices)
-
 	if debug {
 		log.Println("RPC server listening on", signerConfig.GRPCAddr)
-		log.Println("HTTP server listening on", signerConfig.HTTPAddr)
 	}
 
-	go grpcServer.Serve(lis)
-	err = httpServer.ListenAndServeTLS("", "")
-	if err != nil {
-		log.Fatal("HTTPS server failed to start:", err)
-	}
+	grpcServer.Serve(lis)
 }
 
 func usage() {
diff --git a/cmd/notary-signer/main_test.go b/cmd/notary-signer/main_test.go
index d1b3a6e66..16b0fc20e 100644
--- a/cmd/notary-signer/main_test.go
+++ b/cmd/notary-signer/main_test.go
@@ -40,16 +40,15 @@ func configure(jsonConfig string) *viper.Viper {
 // error is propagated.
 func TestGetAddrAndTLSConfigInvalidTLS(t *testing.T) {
 	invalids := []string{
-		`{"server": {"http_addr": ":1234", "grpc_addr": ":2345"}}`,
+		`{"server": {"grpc_addr": ":2345"}}`,
 		`{"server": {
-				"http_addr": ":1234",
 				"grpc_addr": ":2345",
 				"tls_cert_file": "nope",
 				"tls_key_file": "nope"
 		}}`,
 	}
 	for _, configJSON := range invalids {
-		_, _, _, err := getAddrAndTLSConfig(configure(configJSON))
+		_, _, err := getAddrAndTLSConfig(configure(configJSON))
 		require.Error(t, err)
 		require.Contains(t, err.Error(), "unable to set up TLS")
 	}
@@ -57,9 +56,8 @@ func TestGetAddrAndTLSConfigInvalidTLS(t *testing.T) {
 
 // If a GRPC address is not provided, an error is returned.
 func TestGetAddrAndTLSConfigNoGRPCAddr(t *testing.T) {
-	_, _, _, err := getAddrAndTLSConfig(configure(fmt.Sprintf(`{
+	_, _, err := getAddrAndTLSConfig(configure(fmt.Sprintf(`{
 		"server": {
-			"http_addr": ":1234",
 			"tls_cert_file": "%s",
 			"tls_key_file": "%s"
 		}
@@ -68,31 +66,16 @@ func TestGetAddrAndTLSConfigNoGRPCAddr(t *testing.T) {
 	require.Contains(t, err.Error(), "grpc listen address required for server")
 }
 
-// If an HTTP address is not provided, an error is returned.
-func TestGetAddrAndTLSConfigNoHTTPAddr(t *testing.T) {
-	_, _, _, err := getAddrAndTLSConfig(configure(fmt.Sprintf(`{
-		"server": {
-			"grpc_addr": ":1234",
-			"tls_cert_file": "%s",
-			"tls_key_file": "%s"
-		}
-	}`, Cert, Key)))
-	require.Error(t, err)
-	require.Contains(t, err.Error(), "http listen address required for server")
-}
-
 // Success parsing a valid TLS config, HTTP address, and GRPC address.
 func TestGetAddrAndTLSConfigSuccess(t *testing.T) {
-	httpAddr, grpcAddr, tlsConf, err := getAddrAndTLSConfig(configure(fmt.Sprintf(`{
+	grpcAddr, tlsConf, err := getAddrAndTLSConfig(configure(fmt.Sprintf(`{
 		"server": {
-			"http_addr": ":2345",
 			"grpc_addr": ":1234",
 			"tls_cert_file": "%s",
 			"tls_key_file": "%s"
 		}
 	}`, Cert, Key)))
 	require.NoError(t, err)
-	require.Equal(t, ":2345", httpAddr)
 	require.Equal(t, ":1234", grpcAddr)
 	require.NotNil(t, tlsConf)
 }
@@ -241,12 +224,6 @@ func TestSetupCryptoServicesInvalidStore(t *testing.T) {
 	require.Equal(t, err.Error(), fmt.Sprintf("%s is not an allowed backend, must be one of: %s", "invalid_backend", []string{notary.SQLiteBackend, notary.MemoryBackend, notary.RethinkDBBackend}))
 }
 
-func TestSetupHTTPServer(t *testing.T) {
-	httpServer := setupHTTPServer(":4443", nil, make(signer.CryptoServiceIndex))
-	require.Equal(t, ":4443", httpServer.Addr)
-	require.Nil(t, httpServer.TLSConfig)
-}
-
 func TestSetupGRPCServerInvalidAddress(t *testing.T) {
 	_, _, err := setupGRPCServer("nope", nil, make(signer.CryptoServiceIndex))
 	require.Error(t, err)
diff --git a/docs/reference/signer-config.md b/docs/reference/signer-config.md
index e9f1450bb..7ced28e17 100644
--- a/docs/reference/signer-config.md
+++ b/docs/reference/signer-config.md
@@ -25,7 +25,6 @@ learn more about the configuration section corresponding to that key:
 
 <pre><code class="language-json">{
   <a href="#server-section-required">"server"</a>: {
-    "http_addr": ":4444",
     "grpc_addr": ":7899",
     "tls_cert_file": "./fixtures/notary-signer.crt",
     "tls_key_file": "./fixtures/notary-signer.key",
@@ -57,7 +56,6 @@ Example:
 
 ```json
 "server": {
-  "http_addr": ":4444",
   "grpc_addr": ":7899",
   "tls_cert_file": "./fixtures/notary-signer.crt",
   "tls_key_file": "./fixtures/notary-signer.key",
@@ -71,22 +69,6 @@ Example:
 		<th>Required</th>
 		<th>Description</th>
 	</tr>
-	<tr>
-		<td valign="top"><code>http_addr</code></td>
-		<td valign="top">yes</td>
-		<td valign="top">The TCP address (IP and port) to listen for HTTP
-			traffic on.  Examples:
-			<ul>
-			<li><code>":4444"</code> means listen on port 4444 on all IPs (and
-				hence all interfaces, such as those listed when you run
-				<code>ifconfig</code>)</li>
-			<li><code>"127.0.0.1:4444"</code> means listen on port 4444 on
-				localhost only.  That means that the server will not be
-				accessible except locally (via SSH tunnel, or just on a local
-				terminal)</li>
-			</ul>
-		</td>
-	</tr>
 	<tr>
 		<td valign="top"><code>grpc_addr</code></td>
 		<td valign="top">yes</td>
@@ -107,14 +89,14 @@ Example:
 		<td valign="top"><code>tls_key_file</code></td>
 		<td valign="top">yes</td>
 		<td valign="top">The path to the private key to use for
-			HTTPS. The path is relative to the directory of the
+			GRPC TLS. The path is relative to the directory of the
 			configuration file.</td>
 	</tr>
 	<tr>
 		<td valign="top"><code>tls_cert_file</code></td>
 		<td valign="top">yes</td>
 		<td valign="top">The path to the certificate to use for
-			HTTPS. The path is relative to the directory of the
+			GRPC TLS. The path is relative to the directory of the
 			configuration file.</td>
 	</tr>
 	<tr>
diff --git a/fixtures/signer-config-local.json b/fixtures/signer-config-local.json
index e5da0101e..5eb18beca 100644
--- a/fixtures/signer-config-local.json
+++ b/fixtures/signer-config-local.json
@@ -1,6 +1,5 @@
 {
 	"server": {
-		"http_addr": ":4444",
 		"grpc_addr": ":7899",
 		"tls_cert_file": "./notary-signer.crt",
 		"tls_key_file": "./notary-signer.key",
diff --git a/fixtures/signer-config.json b/fixtures/signer-config.json
index 2af789a8d..a14d7104e 100644
--- a/fixtures/signer-config.json
+++ b/fixtures/signer-config.json
@@ -1,6 +1,5 @@
 {
 	"server": {
-		"http_addr": ":4444",
 		"grpc_addr": ":7899",
 		"tls_cert_file": "./notary-signer.crt",
 		"tls_key_file": "./notary-signer.key",
diff --git a/fixtures/signer-config.rethink.json b/fixtures/signer-config.rethink.json
index fc0bc0d5a..27a414b5e 100644
--- a/fixtures/signer-config.rethink.json
+++ b/fixtures/signer-config.rethink.json
@@ -1,6 +1,5 @@
 {
 	"server": {
-		"http_addr": ":4444",
 		"grpc_addr": ":7899",
 		"tls_cert_file": "./notary-signer.crt",
 		"tls_key_file": "./notary-signer.key",
diff --git a/signer.Dockerfile b/signer.Dockerfile
index 189cbdbee..9c63f8ff9 100644
--- a/signer.Dockerfile
+++ b/signer.Dockerfile
@@ -17,8 +17,6 @@ ENV SERVICE_NAME=notary_signer
 ENV NOTARY_SIGNER_DEFAULT_ALIAS="timestamp_1"
 ENV NOTARY_SIGNER_TIMESTAMP_1="testpassword"
 
-EXPOSE 4444
-
 # Install notary-signer
 RUN go install \
     -tags pkcs11 \
diff --git a/signer/api/api.go b/signer/api/api.go
deleted file mode 100644
index e71799fcc..000000000
--- a/signer/api/api.go
+++ /dev/null
@@ -1,205 +0,0 @@
-package api
-
-import (
-	"crypto/rand"
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	"github.com/docker/notary/signer"
-	"github.com/docker/notary/signer/keys"
-	"github.com/docker/notary/tuf/signed"
-	"github.com/gorilla/mux"
-
-	pb "github.com/docker/notary/proto"
-)
-
-// Handlers sets up all the handers for the routes, injecting a specific CryptoService object for them to use
-func Handlers(cryptoServices signer.CryptoServiceIndex) *mux.Router {
-	r := mux.NewRouter()
-
-	r.Methods("GET").Path("/{ID}").Handler(KeyInfo(cryptoServices))
-	r.Methods("POST").Path("/new/{Algorithm}").Handler(CreateKey(cryptoServices))
-	r.Methods("POST").Path("/delete").Handler(DeleteKey(cryptoServices))
-	r.Methods("POST").Path("/sign").Handler(Sign(cryptoServices))
-	return r
-}
-
-// getCryptoService handles looking up the correct signing service, given the
-// algorithm specified in the HTTP request. If the algorithm isn't specified
-// or isn't supported, an error is returned to the client and this function
-// returns a nil CryptoService
-func getCryptoService(algorithm string, cryptoServices signer.CryptoServiceIndex) (signed.CryptoService, error) {
-	if algorithm == "" {
-		return nil, fmt.Errorf("algorithm not specified")
-	}
-
-	if service, ok := cryptoServices[algorithm]; ok {
-		return service, nil
-	}
-
-	return nil, fmt.Errorf("algorithm " + algorithm + " not supported")
-}
-
-// KeyInfo returns a Handler that given a specific Key ID param, returns the public key bits of that key
-func KeyInfo(cryptoServices signer.CryptoServiceIndex) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		vars := mux.Vars(r)
-
-		tufKey, _, err := FindKeyByID(cryptoServices, &pb.KeyID{ID: vars["ID"]})
-		if err != nil {
-			switch err {
-			// If we received an ErrInvalidKeyID, the key doesn't exist, return 404
-			case keys.ErrInvalidKeyID:
-				w.WriteHeader(http.StatusNotFound)
-				w.Write([]byte(err.Error()))
-				return
-			// If we received anything else, it is unexpected, and we return a 500
-			default:
-				w.WriteHeader(http.StatusInternalServerError)
-				w.Write([]byte(err.Error()))
-				return
-			}
-		}
-		key := &pb.PublicKey{
-			KeyInfo: &pb.KeyInfo{
-				KeyID:     &pb.KeyID{ID: tufKey.ID()},
-				Algorithm: &pb.Algorithm{Algorithm: tufKey.Algorithm()},
-			},
-			PublicKey: tufKey.Public(),
-		}
-		json.NewEncoder(w).Encode(key)
-		return
-	})
-}
-
-// CreateKey returns a handler that generates a new key using the provided
-// algorithm. Only the public component of the key is returned.
-func CreateKey(cryptoServices signer.CryptoServiceIndex) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		vars := mux.Vars(r)
-		cryptoService, err := getCryptoService(vars["Algorithm"], cryptoServices)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
-			return
-		}
-
-		tufKey, err := cryptoService.Create("", "", vars["Algorithm"])
-		if err != nil {
-			w.WriteHeader(http.StatusInternalServerError)
-			w.Write([]byte(err.Error()))
-			return
-		}
-		key := &pb.PublicKey{
-			KeyInfo: &pb.KeyInfo{
-				KeyID:     &pb.KeyID{ID: tufKey.ID()},
-				Algorithm: &pb.Algorithm{Algorithm: tufKey.Algorithm()},
-			},
-			PublicKey: tufKey.Public(),
-		}
-		json.NewEncoder(w).Encode(key)
-		return
-	})
-}
-
-// DeleteKey returns a handler that delete a specific KeyID
-func DeleteKey(cryptoServices signer.CryptoServiceIndex) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		var keyID *pb.KeyID
-		err := json.NewDecoder(r.Body).Decode(&keyID)
-		defer r.Body.Close()
-		if err != nil || keyID.ID == "" {
-			w.WriteHeader(http.StatusBadRequest)
-			jsonErr, _ := json.Marshal("Malformed request")
-			w.Write([]byte(jsonErr))
-			return
-		}
-
-		_, cryptoService, err := FindKeyByID(cryptoServices, keyID)
-
-		if err != nil {
-			switch err {
-			// If we received an ErrInvalidKeyID, the key doesn't exist, return 404
-			case keys.ErrInvalidKeyID:
-				w.WriteHeader(http.StatusNotFound)
-				w.Write([]byte(err.Error()))
-				return
-			// If we received anything else, it is unexpected, and we return a 500
-			default:
-				w.WriteHeader(http.StatusInternalServerError)
-				w.Write([]byte(err.Error()))
-				return
-			}
-		}
-
-		if err = cryptoService.RemoveKey(keyID.ID); err != nil {
-			switch err {
-			// If we received an ErrInvalidKeyID, the key doesn't exist, return 404
-			case keys.ErrInvalidKeyID:
-				w.WriteHeader(http.StatusNotFound)
-				w.Write([]byte(err.Error()))
-				return
-			// If we received anything else, it is unexpected, and we return a 500
-			default:
-				w.WriteHeader(http.StatusInternalServerError)
-				w.Write([]byte(err.Error()))
-				return
-			}
-		}
-		// In case we successfully delete this key, return 200
-		return
-	})
-}
-
-// Sign returns a handler that is able to perform signatures on a given blob
-func Sign(cryptoServices signer.CryptoServiceIndex) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		var sigRequest *pb.SignatureRequest
-		err := json.NewDecoder(r.Body).Decode(&sigRequest)
-		defer r.Body.Close()
-		if err != nil || sigRequest.Content == nil ||
-			sigRequest.KeyID == nil {
-			w.WriteHeader(http.StatusBadRequest)
-			jsonErr, _ := json.Marshal("Malformed request")
-			w.Write([]byte(jsonErr))
-			return
-		}
-
-		tufKey, cryptoService, err := FindKeyByID(cryptoServices, sigRequest.KeyID)
-		if err == keys.ErrInvalidKeyID {
-			w.WriteHeader(http.StatusNotFound)
-			w.Write([]byte(err.Error()))
-			return
-		} else if err != nil {
-			// We got an unexpected error
-			w.WriteHeader(http.StatusInternalServerError)
-			w.Write([]byte(err.Error()))
-			return
-		}
-
-		privKey, _, err := cryptoService.GetPrivateKey(tufKey.ID())
-		if err != nil {
-			// We got an unexpected error
-			w.WriteHeader(http.StatusInternalServerError)
-			w.Write([]byte(err.Error()))
-			return
-		}
-		sig, err := privKey.Sign(rand.Reader, sigRequest.Content, nil)
-		if err != nil {
-			w.WriteHeader(http.StatusInternalServerError)
-			w.Write([]byte(err.Error()))
-			return
-		}
-		signature := &pb.Signature{
-			KeyInfo: &pb.KeyInfo{
-				KeyID:     &pb.KeyID{ID: tufKey.ID()},
-				Algorithm: &pb.Algorithm{Algorithm: tufKey.Algorithm()},
-			},
-			Algorithm: &pb.Algorithm{Algorithm: privKey.SignatureAlgorithm().String()},
-			Content:   sig,
-		}
-
-		json.NewEncoder(w).Encode(signature)
-		return
-	})
-}
diff --git a/signer/api/api_test.go b/signer/api/api_test.go
deleted file mode 100644
index fec2dd63f..000000000
--- a/signer/api/api_test.go
+++ /dev/null
@@ -1,250 +0,0 @@
-package api_test
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-
-	"github.com/docker/notary/cryptoservice"
-	"github.com/docker/notary/signer"
-	"github.com/docker/notary/signer/api"
-	"github.com/docker/notary/trustmanager"
-	"github.com/docker/notary/tuf/data"
-	"github.com/stretchr/testify/require"
-
-	pb "github.com/docker/notary/proto"
-)
-
-var (
-	server              *httptest.Server
-	reader              io.Reader
-	deleteKeyBaseURL    string
-	createKeyBaseURL    string
-	keyInfoBaseURL      string
-	signBaseURL         string
-	passphraseRetriever = func(string, string, bool, int) (string, bool, error) { return "passphrase", false, nil }
-)
-
-func setup(cryptoServices signer.CryptoServiceIndex) {
-	server = httptest.NewServer(api.Handlers(cryptoServices))
-	deleteKeyBaseURL = fmt.Sprintf("%s/delete", server.URL)
-	createKeyBaseURL = fmt.Sprintf("%s/new", server.URL)
-	keyInfoBaseURL = fmt.Sprintf("%s", server.URL)
-	signBaseURL = fmt.Sprintf("%s/sign", server.URL)
-}
-
-func TestDeleteKeyHandlerReturns404WithNonexistentKey(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	fakeID := "c62e6d68851cef1f7e55a9d56e3b0c05f3359f16838cad43600f0554e7d3b54d"
-
-	keyID := &pb.KeyID{ID: fakeID}
-	requestJSON, _ := json.Marshal(keyID)
-	reader = strings.NewReader(string(requestJSON))
-
-	request, err := http.NewRequest("POST", deleteKeyBaseURL, reader)
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	require.Equal(t, 404, res.StatusCode)
-}
-
-func TestDeleteKeyHandler(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	tufKey, _ := cryptoService.Create("", "", data.ED25519Key)
-	require.NotNil(t, tufKey)
-
-	requestJSON, _ := json.Marshal(&pb.KeyID{ID: tufKey.ID()})
-	reader = strings.NewReader(string(requestJSON))
-
-	request, err := http.NewRequest("POST", deleteKeyBaseURL, reader)
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	require.Equal(t, 200, res.StatusCode)
-}
-
-func TestKeyInfoHandler(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	tufKey, _ := cryptoService.Create("", "", data.ED25519Key)
-	require.NotNil(t, tufKey)
-
-	keyInfoURL := fmt.Sprintf("%s/%s", keyInfoBaseURL, tufKey.ID())
-
-	request, err := http.NewRequest("GET", keyInfoURL, nil)
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	jsonBlob, err := ioutil.ReadAll(res.Body)
-	require.Nil(t, err)
-
-	var pubKey *pb.PublicKey
-	err = json.Unmarshal(jsonBlob, &pubKey)
-	require.Nil(t, err)
-
-	require.Equal(t, tufKey.ID(), pubKey.KeyInfo.KeyID.ID)
-	require.Equal(t, 200, res.StatusCode)
-}
-
-func TestKeyInfoHandlerReturns404WithNonexistentKey(t *testing.T) {
-	// We associate both key types with this signing service to bypass the
-	// ID -> keyType logic in the tests
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	fakeID := "c62e6d68851cef1f7e55a9d56e3b0c05f3359f16838cad43600f0554e7d3b54d"
-	keyInfoURL := fmt.Sprintf("%s/%s", keyInfoBaseURL, fakeID)
-
-	request, err := http.NewRequest("GET", keyInfoURL, nil)
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	require.Equal(t, 404, res.StatusCode)
-}
-
-func TestSoftwareCreateKeyHandler(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	createKeyURL := fmt.Sprintf("%s/%s", createKeyBaseURL, data.ED25519Key)
-
-	request, err := http.NewRequest("POST", createKeyURL, nil)
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	require.Equal(t, 200, res.StatusCode)
-
-	jsonBlob, err := ioutil.ReadAll(res.Body)
-	require.Nil(t, err)
-
-	var keyInfo *pb.PublicKey
-	err = json.Unmarshal(jsonBlob, &keyInfo)
-	require.Nil(t, err)
-}
-
-func TestSoftwareSignHandler(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	tufKey, err := cryptoService.Create("", "", data.ED25519Key)
-	require.Nil(t, err)
-
-	sigRequest := &pb.SignatureRequest{KeyID: &pb.KeyID{ID: tufKey.ID()}, Content: make([]byte, 10)}
-	requestJSON, _ := json.Marshal(sigRequest)
-
-	reader = strings.NewReader(string(requestJSON))
-
-	request, err := http.NewRequest("POST", signBaseURL, reader)
-
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	require.Equal(t, 200, res.StatusCode)
-
-	jsonBlob, err := ioutil.ReadAll(res.Body)
-	require.Nil(t, err)
-
-	var sig *pb.Signature
-	err = json.Unmarshal(jsonBlob, &sig)
-	require.Nil(t, err)
-
-	require.Equal(t, tufKey.ID(), sig.KeyInfo.KeyID.ID)
-}
-
-func TestSoftwareSignWithInvalidRequestHandler(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	requestJSON := "{\"blob\":\"7d16f1d0b95310a7bc557747fc4f20fcd41c1c5095ae42f189df0717e7d7f4a0a2b55debce630f43c4ac099769c612965e3fda3cd4c0078ee6a460f14fa19307\"}"
-	reader = strings.NewReader(requestJSON)
-
-	request, err := http.NewRequest("POST", signBaseURL, reader)
-
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	jsonBlob, err := ioutil.ReadAll(res.Body)
-	require.Nil(t, err)
-
-	var sig *pb.Signature
-	err = json.Unmarshal(jsonBlob, &sig)
-	require.Error(t, err)
-	require.Equal(t, 400, res.StatusCode)
-}
-
-func TestSignHandlerReturns404WithNonexistentKey(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	fakeID := "c62e6d68851cef1f7e55a9d56e3b0c05f3359f16838cad43600f0554e7d3b54d"
-
-	cryptoService.Create("", "", data.ED25519Key)
-
-	sigRequest := &pb.SignatureRequest{KeyID: &pb.KeyID{ID: fakeID}, Content: make([]byte, 10)}
-	requestJSON, _ := json.Marshal(sigRequest)
-
-	reader = strings.NewReader(string(requestJSON))
-
-	request, err := http.NewRequest("POST", signBaseURL, reader)
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	require.Equal(t, 404, res.StatusCode)
-}
-
-func TestCreateKeyHandlerWithInvalidAlgorithm(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	// The `rbtree-algorithm` is expected as not supported
-	createKeyURL := fmt.Sprintf("%s/%s", createKeyBaseURL, "rbtree-algorithm")
-
-	request, err := http.NewRequest("POST", createKeyURL, nil)
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	require.Equal(t, http.StatusBadRequest, res.StatusCode)
-
-	body, err := ioutil.ReadAll(res.Body)
-	require.Nil(t, err)
-
-	// The body may contains some `\r\n`, so we use require.Contains not require.Equals
-	require.Contains(t, string(body), "algorithm rbtree-algorithm not supported")
-}
diff --git a/signer/signer.go b/signer/signer.go
index f7a6c92dc..074282ac9 100644
--- a/signer/signer.go
+++ b/signer/signer.go
@@ -38,7 +38,6 @@ type Signer interface {
 
 // Config tells how to configure a notary-signer
 type Config struct {
-	HTTPAddr       string
 	GRPCAddr       string
 	TLSConfig      *tls.Config
 	CryptoServices CryptoServiceIndex