func (s *signedSuite) SetUpSuite(c *gc.C) {
var imageData = map[string]string{
"/unsigned/streams/v1/index.json": unsignedIndex,
"/unsigned/streams/v1/image_metadata.json": unsignedProduct,
}
// Set up some signed data from the unsigned data.
// Overwrite the product path to use the sjson suffix.
rawUnsignedIndex := strings.Replace(
unsignedIndex, "streams/v1/image_metadata.json", "streams/v1/image_metadata.sjson", -1)
r := bytes.NewReader([]byte(rawUnsignedIndex))
signedData, err := simplestreams.Encode(
r, sstesting.SignedMetadataPrivateKey, sstesting.PrivateKeyPassphrase)
c.Assert(err, jc.ErrorIsNil)
imageData["/signed/streams/v1/index.sjson"] = string(signedData)
// Replace the image id in the unsigned data with a different one so we can test that the right
// image id is used.
rawUnsignedProduct := strings.Replace(
unsignedProduct, "ami-26745463", "ami-123456", -1)
r = bytes.NewReader([]byte(rawUnsignedProduct))
signedData, err = simplestreams.Encode(
r, sstesting.SignedMetadataPrivateKey, sstesting.PrivateKeyPassphrase)
c.Assert(err, jc.ErrorIsNil)
imageData["/signed/streams/v1/image_metadata.sjson"] = string(signedData)
sstesting.SetRoundTripperFiles(imageData, map[string]int{"test://unauth": http.StatusUnauthorized})
s.origKey = imagemetadata.SetSigningPublicKey(sstesting.SignedMetadataPublicKey)
}
func (s *simplestreamsSuite) TestOfficialSources(c *gc.C) {
origKey := imagemetadata.SetSigningPublicKey(sstesting.SignedMetadataPublicKey)
defer func() {
imagemetadata.SetSigningPublicKey(origKey)
}()
ds, err := imagemetadata.OfficialDataSources("daily")
c.Assert(err, jc.ErrorIsNil)
c.Assert(ds, gc.HasLen, 2)
url, err := ds[0].URL("")
c.Assert(err, jc.ErrorIsNil)
c.Assert(url, gc.Equals, "https://streams.canonical.com/juju/images/daily/")
c.Assert(ds[0].PublicSigningKey(), gc.Equals, sstesting.SignedMetadataPublicKey)
url, err = ds[1].URL("")
c.Assert(err, jc.ErrorIsNil)
c.Assert(url, gc.Equals, "http://cloud-images.ubuntu.com/daily/")
c.Assert(ds[1].PublicSigningKey(), gc.Equals, sstesting.SignedMetadataPublicKey)
}
func (s *signedSuite) TestSignedImageMetadataInvalidSignature(c *gc.C) {
signedSource := simplestreams.NewURLDataSource("test", "test://host/signed", utils.VerifySSLHostnames, simplestreams.DEFAULT_CLOUD_DATA, true)
imageConstraint := imagemetadata.NewImageConstraint(simplestreams.LookupParams{
CloudSpec: simplestreams.CloudSpec{"us-east-1", "https://ec2.us-east-1.amazonaws.com"},
Series: []string{"precise"},
Arches: []string{"amd64"},
})
imagemetadata.SetSigningPublicKey(s.origKey)
_, _, err := imagemetadata.Fetch([]simplestreams.DataSource{signedSource}, imageConstraint)
c.Assert(err, gc.ErrorMatches, "cannot read index data.*")
}
func (s *signedSuite) TearDownSuite(c *gc.C) {
sstesting.SetRoundTripperFiles(nil, nil)
imagemetadata.SetSigningPublicKey(s.origKey)
}
func (s *signedSuite) TearDownSuite(c *gc.C) {
testRoundTripper.Sub = nil
imagemetadata.SetSigningPublicKey(s.origKey)
}
