diff --git a/cmd/notary-signer/config.go b/cmd/notary-signer/config.go index 6565f93ade..c0630ba836 100644 --- a/cmd/notary-signer/config.go +++ b/cmd/notary-signer/config.go @@ -5,7 +5,6 @@ import ( "errors" "fmt" "net" - "net/http" "os" "strings" "time" @@ -213,16 +212,6 @@ func setupGRPCServer(grpcAddr string, tlsConfig *tls.Config, return grpcServer, lis, nil } -func setupHTTPServer(httpAddr string, tlsConfig *tls.Config, - cryptoServices signer.CryptoServiceIndex) *http.Server { - - return &http.Server{ - Addr: httpAddr, - Handler: api.Handlers(cryptoServices), - TLSConfig: tlsConfig, - } -} - func getAddrAndTLSConfig(configuration *viper.Viper) (string, string, *tls.Config, error) { tlsConfig, err := utils.ParseServerTLS(configuration, true) if err != nil { diff --git a/cmd/notary-signer/main.go b/cmd/notary-signer/main.go index 864863da79..11feeee68f 100644 --- a/cmd/notary-signer/main.go +++ b/cmd/notary-signer/main.go @@ -58,18 +58,11 @@ func main() { logrus.Fatal(err.Error()) } - httpServer := setupHTTPServer(signerConfig.HTTPAddr, signerConfig.TLSConfig, signerConfig.CryptoServices) - if debug { log.Println("RPC server listening on", signerConfig.GRPCAddr) - log.Println("HTTP server listening on", signerConfig.HTTPAddr) } go grpcServer.Serve(lis) - err = httpServer.ListenAndServeTLS("", "") - if err != nil { - log.Fatal("HTTPS server failed to start:", err) - } } func usage() { diff --git a/cmd/notary-signer/main_test.go b/cmd/notary-signer/main_test.go index d1b3a6e66b..37cc2c9763 100644 --- a/cmd/notary-signer/main_test.go +++ b/cmd/notary-signer/main_test.go @@ -241,12 +241,6 @@ func TestSetupCryptoServicesInvalidStore(t *testing.T) { require.Equal(t, err.Error(), fmt.Sprintf("%s is not an allowed backend, must be one of: %s", "invalid_backend", []string{notary.SQLiteBackend, notary.MemoryBackend, notary.RethinkDBBackend})) } -func TestSetupHTTPServer(t *testing.T) { - httpServer := setupHTTPServer(":4443", nil, make(signer.CryptoServiceIndex)) - require.Equal(t, ":4443", httpServer.Addr) - require.Nil(t, httpServer.TLSConfig) -} - func TestSetupGRPCServerInvalidAddress(t *testing.T) { _, _, err := setupGRPCServer("nope", nil, make(signer.CryptoServiceIndex)) require.Error(t, err) diff --git a/docs/reference/signer-config.md b/docs/reference/signer-config.md index e9f1450bbb..7ced28e175 100644 --- a/docs/reference/signer-config.md +++ b/docs/reference/signer-config.md @@ -25,7 +25,6 @@ learn more about the configuration section corresponding to that key: 
{
   "server": {
-    "http_addr": ":4444",
     "grpc_addr": ":7899",
     "tls_cert_file": "./fixtures/notary-signer.crt",
     "tls_key_file": "./fixtures/notary-signer.key",
@@ -57,7 +56,6 @@ Example:
 
 ```json
 "server": {
-  "http_addr": ":4444",
   "grpc_addr": ":7899",
   "tls_cert_file": "./fixtures/notary-signer.crt",
   "tls_key_file": "./fixtures/notary-signer.key",
@@ -71,22 +69,6 @@ Example:
 		Required
 		Description
 	
-	
-		http_addr
-		yes
-		The TCP address (IP and port) to listen for HTTP
-			traffic on.  Examples:
-			
-		
-	
 	
 		grpc_addr
 		yes
@@ -107,14 +89,14 @@ Example:
 		tls_key_file
 		yes
 		The path to the private key to use for
-			HTTPS. The path is relative to the directory of the
+			GRPC TLS. The path is relative to the directory of the
 			configuration file.
 	
 	
 		tls_cert_file
 		yes
 		The path to the certificate to use for
-			HTTPS. The path is relative to the directory of the
+			GRPC TLS. The path is relative to the directory of the
 			configuration file.
 	
 	
diff --git a/fixtures/signer-config-local.json b/fixtures/signer-config-local.json
index e5da0101e7..5eb18beca1 100644
--- a/fixtures/signer-config-local.json
+++ b/fixtures/signer-config-local.json
@@ -1,6 +1,5 @@
 {
 	"server": {
-		"http_addr": ":4444",
 		"grpc_addr": ":7899",
 		"tls_cert_file": "./notary-signer.crt",
 		"tls_key_file": "./notary-signer.key",
diff --git a/fixtures/signer-config.json b/fixtures/signer-config.json
index 2af789a8dc..a14d7104ed 100644
--- a/fixtures/signer-config.json
+++ b/fixtures/signer-config.json
@@ -1,6 +1,5 @@
 {
 	"server": {
-		"http_addr": ":4444",
 		"grpc_addr": ":7899",
 		"tls_cert_file": "./notary-signer.crt",
 		"tls_key_file": "./notary-signer.key",
diff --git a/fixtures/signer-config.rethink.json b/fixtures/signer-config.rethink.json
index fc0bc0d5ae..27a414b5ee 100644
--- a/fixtures/signer-config.rethink.json
+++ b/fixtures/signer-config.rethink.json
@@ -1,6 +1,5 @@
 {
 	"server": {
-		"http_addr": ":4444",
 		"grpc_addr": ":7899",
 		"tls_cert_file": "./notary-signer.crt",
 		"tls_key_file": "./notary-signer.key",
diff --git a/signer.Dockerfile b/signer.Dockerfile
index 189cbdbee2..9c63f8ff93 100644
--- a/signer.Dockerfile
+++ b/signer.Dockerfile
@@ -17,8 +17,6 @@ ENV SERVICE_NAME=notary_signer
 ENV NOTARY_SIGNER_DEFAULT_ALIAS="timestamp_1"
 ENV NOTARY_SIGNER_TIMESTAMP_1="testpassword"
 
-EXPOSE 4444
-
 # Install notary-signer
 RUN go install \
     -tags pkcs11 \
diff --git a/signer/api/api.go b/signer/api/api.go
deleted file mode 100644
index e71799fcce..0000000000
--- a/signer/api/api.go
+++ /dev/null
@@ -1,205 +0,0 @@
-package api
-
-import (
-	"crypto/rand"
-	"encoding/json"
-	"fmt"
-	"net/http"
-
-	"github.com/docker/notary/signer"
-	"github.com/docker/notary/signer/keys"
-	"github.com/docker/notary/tuf/signed"
-	"github.com/gorilla/mux"
-
-	pb "github.com/docker/notary/proto"
-)
-
-// Handlers sets up all the handers for the routes, injecting a specific CryptoService object for them to use
-func Handlers(cryptoServices signer.CryptoServiceIndex) *mux.Router {
-	r := mux.NewRouter()
-
-	r.Methods("GET").Path("/{ID}").Handler(KeyInfo(cryptoServices))
-	r.Methods("POST").Path("/new/{Algorithm}").Handler(CreateKey(cryptoServices))
-	r.Methods("POST").Path("/delete").Handler(DeleteKey(cryptoServices))
-	r.Methods("POST").Path("/sign").Handler(Sign(cryptoServices))
-	return r
-}
-
-// getCryptoService handles looking up the correct signing service, given the
-// algorithm specified in the HTTP request. If the algorithm isn't specified
-// or isn't supported, an error is returned to the client and this function
-// returns a nil CryptoService
-func getCryptoService(algorithm string, cryptoServices signer.CryptoServiceIndex) (signed.CryptoService, error) {
-	if algorithm == "" {
-		return nil, fmt.Errorf("algorithm not specified")
-	}
-
-	if service, ok := cryptoServices[algorithm]; ok {
-		return service, nil
-	}
-
-	return nil, fmt.Errorf("algorithm " + algorithm + " not supported")
-}
-
-// KeyInfo returns a Handler that given a specific Key ID param, returns the public key bits of that key
-func KeyInfo(cryptoServices signer.CryptoServiceIndex) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		vars := mux.Vars(r)
-
-		tufKey, _, err := FindKeyByID(cryptoServices, &pb.KeyID{ID: vars["ID"]})
-		if err != nil {
-			switch err {
-			// If we received an ErrInvalidKeyID, the key doesn't exist, return 404
-			case keys.ErrInvalidKeyID:
-				w.WriteHeader(http.StatusNotFound)
-				w.Write([]byte(err.Error()))
-				return
-			// If we received anything else, it is unexpected, and we return a 500
-			default:
-				w.WriteHeader(http.StatusInternalServerError)
-				w.Write([]byte(err.Error()))
-				return
-			}
-		}
-		key := &pb.PublicKey{
-			KeyInfo: &pb.KeyInfo{
-				KeyID:     &pb.KeyID{ID: tufKey.ID()},
-				Algorithm: &pb.Algorithm{Algorithm: tufKey.Algorithm()},
-			},
-			PublicKey: tufKey.Public(),
-		}
-		json.NewEncoder(w).Encode(key)
-		return
-	})
-}
-
-// CreateKey returns a handler that generates a new key using the provided
-// algorithm. Only the public component of the key is returned.
-func CreateKey(cryptoServices signer.CryptoServiceIndex) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		vars := mux.Vars(r)
-		cryptoService, err := getCryptoService(vars["Algorithm"], cryptoServices)
-		if err != nil {
-			http.Error(w, err.Error(), http.StatusBadRequest)
-			return
-		}
-
-		tufKey, err := cryptoService.Create("", "", vars["Algorithm"])
-		if err != nil {
-			w.WriteHeader(http.StatusInternalServerError)
-			w.Write([]byte(err.Error()))
-			return
-		}
-		key := &pb.PublicKey{
-			KeyInfo: &pb.KeyInfo{
-				KeyID:     &pb.KeyID{ID: tufKey.ID()},
-				Algorithm: &pb.Algorithm{Algorithm: tufKey.Algorithm()},
-			},
-			PublicKey: tufKey.Public(),
-		}
-		json.NewEncoder(w).Encode(key)
-		return
-	})
-}
-
-// DeleteKey returns a handler that delete a specific KeyID
-func DeleteKey(cryptoServices signer.CryptoServiceIndex) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		var keyID *pb.KeyID
-		err := json.NewDecoder(r.Body).Decode(&keyID)
-		defer r.Body.Close()
-		if err != nil || keyID.ID == "" {
-			w.WriteHeader(http.StatusBadRequest)
-			jsonErr, _ := json.Marshal("Malformed request")
-			w.Write([]byte(jsonErr))
-			return
-		}
-
-		_, cryptoService, err := FindKeyByID(cryptoServices, keyID)
-
-		if err != nil {
-			switch err {
-			// If we received an ErrInvalidKeyID, the key doesn't exist, return 404
-			case keys.ErrInvalidKeyID:
-				w.WriteHeader(http.StatusNotFound)
-				w.Write([]byte(err.Error()))
-				return
-			// If we received anything else, it is unexpected, and we return a 500
-			default:
-				w.WriteHeader(http.StatusInternalServerError)
-				w.Write([]byte(err.Error()))
-				return
-			}
-		}
-
-		if err = cryptoService.RemoveKey(keyID.ID); err != nil {
-			switch err {
-			// If we received an ErrInvalidKeyID, the key doesn't exist, return 404
-			case keys.ErrInvalidKeyID:
-				w.WriteHeader(http.StatusNotFound)
-				w.Write([]byte(err.Error()))
-				return
-			// If we received anything else, it is unexpected, and we return a 500
-			default:
-				w.WriteHeader(http.StatusInternalServerError)
-				w.Write([]byte(err.Error()))
-				return
-			}
-		}
-		// In case we successfully delete this key, return 200
-		return
-	})
-}
-
-// Sign returns a handler that is able to perform signatures on a given blob
-func Sign(cryptoServices signer.CryptoServiceIndex) http.Handler {
-	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		var sigRequest *pb.SignatureRequest
-		err := json.NewDecoder(r.Body).Decode(&sigRequest)
-		defer r.Body.Close()
-		if err != nil || sigRequest.Content == nil ||
-			sigRequest.KeyID == nil {
-			w.WriteHeader(http.StatusBadRequest)
-			jsonErr, _ := json.Marshal("Malformed request")
-			w.Write([]byte(jsonErr))
-			return
-		}
-
-		tufKey, cryptoService, err := FindKeyByID(cryptoServices, sigRequest.KeyID)
-		if err == keys.ErrInvalidKeyID {
-			w.WriteHeader(http.StatusNotFound)
-			w.Write([]byte(err.Error()))
-			return
-		} else if err != nil {
-			// We got an unexpected error
-			w.WriteHeader(http.StatusInternalServerError)
-			w.Write([]byte(err.Error()))
-			return
-		}
-
-		privKey, _, err := cryptoService.GetPrivateKey(tufKey.ID())
-		if err != nil {
-			// We got an unexpected error
-			w.WriteHeader(http.StatusInternalServerError)
-			w.Write([]byte(err.Error()))
-			return
-		}
-		sig, err := privKey.Sign(rand.Reader, sigRequest.Content, nil)
-		if err != nil {
-			w.WriteHeader(http.StatusInternalServerError)
-			w.Write([]byte(err.Error()))
-			return
-		}
-		signature := &pb.Signature{
-			KeyInfo: &pb.KeyInfo{
-				KeyID:     &pb.KeyID{ID: tufKey.ID()},
-				Algorithm: &pb.Algorithm{Algorithm: tufKey.Algorithm()},
-			},
-			Algorithm: &pb.Algorithm{Algorithm: privKey.SignatureAlgorithm().String()},
-			Content:   sig,
-		}
-
-		json.NewEncoder(w).Encode(signature)
-		return
-	})
-}
diff --git a/signer/api/api_test.go b/signer/api/api_test.go
deleted file mode 100644
index fec2dd63f3..0000000000
--- a/signer/api/api_test.go
+++ /dev/null
@@ -1,250 +0,0 @@
-package api_test
-
-import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"io/ioutil"
-	"net/http"
-	"net/http/httptest"
-	"strings"
-	"testing"
-
-	"github.com/docker/notary/cryptoservice"
-	"github.com/docker/notary/signer"
-	"github.com/docker/notary/signer/api"
-	"github.com/docker/notary/trustmanager"
-	"github.com/docker/notary/tuf/data"
-	"github.com/stretchr/testify/require"
-
-	pb "github.com/docker/notary/proto"
-)
-
-var (
-	server              *httptest.Server
-	reader              io.Reader
-	deleteKeyBaseURL    string
-	createKeyBaseURL    string
-	keyInfoBaseURL      string
-	signBaseURL         string
-	passphraseRetriever = func(string, string, bool, int) (string, bool, error) { return "passphrase", false, nil }
-)
-
-func setup(cryptoServices signer.CryptoServiceIndex) {
-	server = httptest.NewServer(api.Handlers(cryptoServices))
-	deleteKeyBaseURL = fmt.Sprintf("%s/delete", server.URL)
-	createKeyBaseURL = fmt.Sprintf("%s/new", server.URL)
-	keyInfoBaseURL = fmt.Sprintf("%s", server.URL)
-	signBaseURL = fmt.Sprintf("%s/sign", server.URL)
-}
-
-func TestDeleteKeyHandlerReturns404WithNonexistentKey(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	fakeID := "c62e6d68851cef1f7e55a9d56e3b0c05f3359f16838cad43600f0554e7d3b54d"
-
-	keyID := &pb.KeyID{ID: fakeID}
-	requestJSON, _ := json.Marshal(keyID)
-	reader = strings.NewReader(string(requestJSON))
-
-	request, err := http.NewRequest("POST", deleteKeyBaseURL, reader)
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	require.Equal(t, 404, res.StatusCode)
-}
-
-func TestDeleteKeyHandler(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	tufKey, _ := cryptoService.Create("", "", data.ED25519Key)
-	require.NotNil(t, tufKey)
-
-	requestJSON, _ := json.Marshal(&pb.KeyID{ID: tufKey.ID()})
-	reader = strings.NewReader(string(requestJSON))
-
-	request, err := http.NewRequest("POST", deleteKeyBaseURL, reader)
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	require.Equal(t, 200, res.StatusCode)
-}
-
-func TestKeyInfoHandler(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	tufKey, _ := cryptoService.Create("", "", data.ED25519Key)
-	require.NotNil(t, tufKey)
-
-	keyInfoURL := fmt.Sprintf("%s/%s", keyInfoBaseURL, tufKey.ID())
-
-	request, err := http.NewRequest("GET", keyInfoURL, nil)
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	jsonBlob, err := ioutil.ReadAll(res.Body)
-	require.Nil(t, err)
-
-	var pubKey *pb.PublicKey
-	err = json.Unmarshal(jsonBlob, &pubKey)
-	require.Nil(t, err)
-
-	require.Equal(t, tufKey.ID(), pubKey.KeyInfo.KeyID.ID)
-	require.Equal(t, 200, res.StatusCode)
-}
-
-func TestKeyInfoHandlerReturns404WithNonexistentKey(t *testing.T) {
-	// We associate both key types with this signing service to bypass the
-	// ID -> keyType logic in the tests
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	fakeID := "c62e6d68851cef1f7e55a9d56e3b0c05f3359f16838cad43600f0554e7d3b54d"
-	keyInfoURL := fmt.Sprintf("%s/%s", keyInfoBaseURL, fakeID)
-
-	request, err := http.NewRequest("GET", keyInfoURL, nil)
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	require.Equal(t, 404, res.StatusCode)
-}
-
-func TestSoftwareCreateKeyHandler(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	createKeyURL := fmt.Sprintf("%s/%s", createKeyBaseURL, data.ED25519Key)
-
-	request, err := http.NewRequest("POST", createKeyURL, nil)
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	require.Equal(t, 200, res.StatusCode)
-
-	jsonBlob, err := ioutil.ReadAll(res.Body)
-	require.Nil(t, err)
-
-	var keyInfo *pb.PublicKey
-	err = json.Unmarshal(jsonBlob, &keyInfo)
-	require.Nil(t, err)
-}
-
-func TestSoftwareSignHandler(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	tufKey, err := cryptoService.Create("", "", data.ED25519Key)
-	require.Nil(t, err)
-
-	sigRequest := &pb.SignatureRequest{KeyID: &pb.KeyID{ID: tufKey.ID()}, Content: make([]byte, 10)}
-	requestJSON, _ := json.Marshal(sigRequest)
-
-	reader = strings.NewReader(string(requestJSON))
-
-	request, err := http.NewRequest("POST", signBaseURL, reader)
-
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	require.Equal(t, 200, res.StatusCode)
-
-	jsonBlob, err := ioutil.ReadAll(res.Body)
-	require.Nil(t, err)
-
-	var sig *pb.Signature
-	err = json.Unmarshal(jsonBlob, &sig)
-	require.Nil(t, err)
-
-	require.Equal(t, tufKey.ID(), sig.KeyInfo.KeyID.ID)
-}
-
-func TestSoftwareSignWithInvalidRequestHandler(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	requestJSON := "{\"blob\":\"7d16f1d0b95310a7bc557747fc4f20fcd41c1c5095ae42f189df0717e7d7f4a0a2b55debce630f43c4ac099769c612965e3fda3cd4c0078ee6a460f14fa19307\"}"
-	reader = strings.NewReader(requestJSON)
-
-	request, err := http.NewRequest("POST", signBaseURL, reader)
-
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	jsonBlob, err := ioutil.ReadAll(res.Body)
-	require.Nil(t, err)
-
-	var sig *pb.Signature
-	err = json.Unmarshal(jsonBlob, &sig)
-	require.Error(t, err)
-	require.Equal(t, 400, res.StatusCode)
-}
-
-func TestSignHandlerReturns404WithNonexistentKey(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	fakeID := "c62e6d68851cef1f7e55a9d56e3b0c05f3359f16838cad43600f0554e7d3b54d"
-
-	cryptoService.Create("", "", data.ED25519Key)
-
-	sigRequest := &pb.SignatureRequest{KeyID: &pb.KeyID{ID: fakeID}, Content: make([]byte, 10)}
-	requestJSON, _ := json.Marshal(sigRequest)
-
-	reader = strings.NewReader(string(requestJSON))
-
-	request, err := http.NewRequest("POST", signBaseURL, reader)
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	require.Equal(t, 404, res.StatusCode)
-}
-
-func TestCreateKeyHandlerWithInvalidAlgorithm(t *testing.T) {
-	keyStore := trustmanager.NewKeyMemoryStore(passphraseRetriever)
-	cryptoService := cryptoservice.NewCryptoService(keyStore)
-	setup(signer.CryptoServiceIndex{data.ED25519Key: cryptoService, data.RSAKey: cryptoService, data.ECDSAKey: cryptoService})
-
-	// The `rbtree-algorithm` is expected as not supported
-	createKeyURL := fmt.Sprintf("%s/%s", createKeyBaseURL, "rbtree-algorithm")
-
-	request, err := http.NewRequest("POST", createKeyURL, nil)
-	require.Nil(t, err)
-
-	res, err := http.DefaultClient.Do(request)
-	require.Nil(t, err)
-
-	require.Equal(t, http.StatusBadRequest, res.StatusCode)
-
-	body, err := ioutil.ReadAll(res.Body)
-	require.Nil(t, err)
-
-	// The body may contains some `\r\n`, so we use require.Contains not require.Equals
-	require.Contains(t, string(body), "algorithm rbtree-algorithm not supported")
-}