func (s *assertMgrSuite) TestBatchAddStreamReturnsEffectivelyAddedRefs(c *C) {
s.state.Lock()
defer s.state.Unlock()
b := &bytes.Buffer{}
enc := asserts.NewEncoder(b)
// wrong order is ok
err := enc.Encode(s.dev1Acct)
c.Assert(err, IsNil)
enc.Encode(s.storeSigning.StoreAccountKey(""))
c.Assert(err, IsNil)
batch := assertstate.NewBatch()
err = batch.Add(s.storeSigning.StoreAccountKey(""))
c.Assert(err, IsNil)
refs, err := batch.AddStream(b)
c.Assert(err, IsNil)
c.Check(refs, DeepEquals, []*asserts.Ref{
{Type: asserts.AccountType, PrimaryKey: []string{s.dev1Acct.AccountID()}},
})
err = batch.Commit(s.state)
c.Assert(err, IsNil)
db := assertstate.DB(s.state)
devAcct, err := db.Find(asserts.AccountType, map[string]string{
"account-id": s.dev1Acct.AccountID(),
})
c.Assert(err, IsNil)
c.Check(devAcct.(*asserts.Account).Username(), Equals, "developer1")
}
func (x *cmdKnown) Execute(args []string) error {
if len(args) > 0 {
return ErrExtraArgs
}
// TODO: share this kind of parsing once it's clearer how often is used in snap
headers := map[string]string{}
for _, headerFilter := range x.KnownOptions.HeaderFilters {
parts := strings.SplitN(headerFilter, "=", 2)
if len(parts) != 2 {
return fmt.Errorf(i18n.G("invalid header filter: %q (want key=value)"), headerFilter)
}
headers[parts[0]] = parts[1]
}
var assertions []asserts.Assertion
var err error
if x.Remote {
assertions, err = downloadAssertion(x.KnownOptions.AssertTypeName, headers)
} else {
assertions, err = Client().Known(x.KnownOptions.AssertTypeName, headers)
}
if err != nil {
return err
}
enc := asserts.NewEncoder(Stdout)
for _, a := range assertions {
enc.Encode(a)
}
return nil
}
func (as *assertsSuite) TestEncoderSingleDecodeOK(c *C) {
encoded := []byte("type: test-only\n" +
"authority-id: auth-id2\n" +
"primary-key: abc\n" +
"revision: 5\n" +
"header1: value1\n" +
"header2: value2\n" +
"body-length: 8\n" +
"sign-key-sha3-384: Jv8_JiHiIzJVcO9M55pPdqSDWUvuhfDIBJUS-3VW7F_idjix7Ffn5qMxB21ZQuij\n\n" +
"THE-BODY" +
"\n\n" +
"AXNpZw==")
a0, err := asserts.Decode(encoded)
c.Assert(err, IsNil)
cont0, _ := a0.Signature()
stream := new(bytes.Buffer)
enc := asserts.NewEncoder(stream)
enc.Encode(a0)
a1, err := asserts.Decode(stream.Bytes())
c.Assert(err, IsNil)
cont1, _ := a1.Signature()
c.Check(cont1, DeepEquals, cont0)
}
func (as *assertsSuite) TestEncoderDecoderHappy(c *C) {
stream := new(bytes.Buffer)
enc := asserts.NewEncoder(stream)
asserts.EncoderAppend(enc, []byte(exampleEmptyBody2NlNl))
asserts.EncoderAppend(enc, []byte(exampleBodyAndExtraHeaders))
asserts.EncoderAppend(enc, []byte(exampleEmptyBodyAllDefaults))
decoder := asserts.NewDecoder(stream)
a, err := decoder.Decode()
c.Assert(err, IsNil)
c.Check(a.Type(), Equals, asserts.TestOnlyType)
_, ok := a.(*asserts.TestOnly)
c.Check(ok, Equals, true)
checkContent(c, a, exampleEmptyBody2NlNl)
a, err = decoder.Decode()
c.Assert(err, IsNil)
checkContent(c, a, exampleBodyAndExtraHeaders)
a, err = decoder.Decode()
c.Assert(err, IsNil)
checkContent(c, a, exampleEmptyBodyAllDefaults)
a, err = decoder.Decode()
c.Assert(err, Equals, io.EOF)
}
func formatSignResponse(success bool, errorCode, errorSubcode, message string, assertion asserts.Assertion, w http.ResponseWriter) error {
w.Header().Set("Content-Type", asserts.MediaType)
w.WriteHeader(http.StatusOK)
encoder := asserts.NewEncoder(w)
err := encoder.Encode(assertion)
if err != nil {
// Not much we can do if we're here - apart from panic!
log.Println("Error encoding the assertion.")
return err
}
return nil
}
func writeAssertionsToFile(fn string, assertions []asserts.Assertion) {
multifn := filepath.Join(dirs.SnapSeedDir, "assertions", fn)
f, err := os.Create(multifn)
if err != nil {
panic(err)
}
defer f.Close()
enc := asserts.NewEncoder(f)
for _, a := range assertions {
err := enc.Encode(a)
if err != nil {
panic(err)
}
}
}
func (ar assertResponse) ServeHTTP(w http.ResponseWriter, r *http.Request) {
t := asserts.MediaType
if ar.bundle {
t = mime.FormatMediaType(t, map[string]string{"bundle": "y"})
}
w.Header().Set("Content-Type", t)
w.Header().Set("X-Ubuntu-Assertions-Count", strconv.Itoa(len(ar.assertions)))
w.WriteHeader(http.StatusOK)
enc := asserts.NewEncoder(w)
for _, a := range ar.assertions {
err := enc.Encode(a)
if err != nil {
logger.Noticef("cannot write encoded assertion into response: %v", err)
break
}
}
}
func fetchSnapAssertions(sto *store.Store, snapPath string, snapInfo *snap.Info, dlOpts *image.DownloadOptions) error {
db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
Backstore: asserts.NewMemoryBackstore(),
Trusted: sysdb.Trusted(),
})
if err != nil {
return err
}
w, err := os.Create(snapPath + ".assertions")
if err != nil {
return fmt.Errorf(i18n.G("cannot create assertions file: %v"), err)
}
defer w.Close()
encoder := asserts.NewEncoder(w)
save := func(a asserts.Assertion) error {
return encoder.Encode(a)
}
f := image.StoreAssertionFetcher(sto, dlOpts, db, save)
return image.FetchAndCheckSnapAssertions(snapPath, snapInfo, f, db)
}
