func checkContent(c *C, a asserts.Assertion, encoded string) {
expected, err := asserts.Decode([]byte(encoded))
c.Assert(err, IsNil)
expectedCont, _ := expected.Signature()
cont, _ := a.Signature()
c.Check(cont, DeepEquals, expectedCont)
}
// serialRequestToSerial converts a serial-request to a serial assertion
func serialRequestToSerial(assertion asserts.Assertion, signingLog *SigningLog) (asserts.Assertion, error) {
// Create the serial assertion header from the serial-request headers
serialHeaders := assertion.Headers()
headers := map[string]interface{}{
"type": asserts.SerialType.Name,
"authority-id": serialHeaders["brand-id"],
"brand-id": serialHeaders["brand-id"],
"serial": serialHeaders["serial"],
"device-key": serialHeaders["device-key"],
"sign-key-sha3-384": serialHeaders["sign-key-sha3-384"],
"device-key-sha3-384": serialHeaders["sign-key-sha3-384"],
"model": serialHeaders["model"],
"timestamp": time.Now().Format(time.RFC3339),
}
// Get the serial-number from the header, but fallback to the body if it is not there
if headers["serial"] == nil || headers["serial"].(string) == "" {
// Decode the body which must be YAML, ignore errors
body := make(map[string]interface{})
yaml.Unmarshal(assertion.Body(), &body)
// Get the extra headers from the body
headers["serial"] = body["serial"]
}
// Check that we have a serial
if headers["serial"] == nil {
logMessage("SIGN", "create-assertion", ErrorEmptySerial.Message)
return nil, errors.New(ErrorEmptySerial.Message)
}
// Check that we have not already signed this device, and get the max. revision number for the serial number
signingLog.SerialNumber = headers["serial"].(string)
duplicateExists, maxRevision, err := Environ.DB.CheckForDuplicate(signingLog)
if err != nil {
logMessage("SIGN", "duplicate-assertion", err.Error())
return nil, errors.New(ErrorDuplicateAssertion.Message)
}
if duplicateExists {
logMessage("SIGN", "duplicate-assertion", "The serial number and/or device-key have already been used to sign a device")
}
// Set the revision number, incrementing the previously used one
signingLog.Revision = maxRevision + 1
headers["revision"] = fmt.Sprintf("%d", signingLog.Revision)
// If we have a body, set the body length
if len(assertion.Body()) > 0 {
headers["body-length"] = serialHeaders["body-length"]
}
// Create a new serial assertion
content, signature := assertion.Signature()
return asserts.Assemble(headers, assertion.Body(), content, signature)
}
func expectedModelHeaders(a asserts.Assertion) map[string]interface{} {
m := map[string]interface{}{
"type": "model",
"authority-id": "user-id1",
"series": "16",
"brand-id": "user-id1",
"model": "baz-3000",
"architecture": "amd64",
"gadget": "brand-gadget",
"kernel": "baz-linux",
"store": "brand-store",
"required-snaps": []interface{}{"foo", "bar"},
"timestamp": "2015-11-25T20:00:00Z",
}
if a != nil {
m["sign-key-sha3-384"] = a.SignKeyID()
}
return m
}
// serialRequestToSerial converts a serial-request to a serial assertion
func serialRequestToSerial(assertion asserts.Assertion) (asserts.Assertion, error) {
headers := assertion.Headers()
headers["type"] = asserts.SerialType.Name
headers["authority-id"] = headers["brand-id"]
headers["timestamp"] = time.Now().Format(time.RFC3339)
delete(headers, "request-id")
// Decode the body which must be YAML, ignore errors
body := make(map[string]interface{})
yaml.Unmarshal(assertion.Body(), &body)
// Get the extra headers from the body
headers["serial"] = body["serial"]
// Create a new serial assertion
content, signature := assertion.Signature()
return asserts.Assemble(headers, assertion.Body(), content, signature)
}
// Add one assertion to the batch.
func (b *Batch) Add(a asserts.Assertion) error {
if err := b.bs.Put(a.Type(), a); err != nil {
if revErr, ok := err.(*asserts.RevisionError); ok {
if revErr.Current >= a.Revision() {
// we already got something more recent
return nil
}
}
return err
}
b.refs = append(b.refs, a.Ref())
return nil
}
func writeAssert(a asserts.Assertion, targetDir string) error {
ref := a.Ref()
fn := fmt.Sprintf("%s.%s", strings.Join(ref.PrimaryKey, ","), ref.Type.Name)
return ioutil.WriteFile(filepath.Join(targetDir, "asserts", fn), asserts.Encode(a), 0644)
}
func (mbss *memBackstoreSuite) TestSearchFormat(c *C) {
bs := asserts.NewMemoryBackstore()
af0, err := asserts.Decode([]byte("type: test-only-2\n" +
"authority-id: auth-id1\n" +
"pk1: foo\n" +
"pk2: bar\n" +
"sign-key-sha3-384: Jv8_JiHiIzJVcO9M55pPdqSDWUvuhfDIBJUS-3VW7F_idjix7Ffn5qMxB21ZQuij" +
"\n\n" +
"AXNpZw=="))
c.Assert(err, IsNil)
af1, err := asserts.Decode([]byte("type: test-only-2\n" +
"authority-id: auth-id1\n" +
"pk1: foo\n" +
"pk2: bar\n" +
"format: 1\n" +
"revision: 1\n" +
"sign-key-sha3-384: Jv8_JiHiIzJVcO9M55pPdqSDWUvuhfDIBJUS-3VW7F_idjix7Ffn5qMxB21ZQuij" +
"\n\n" +
"AXNpZw=="))
c.Assert(err, IsNil)
af2, err := asserts.Decode([]byte("type: test-only-2\n" +
"authority-id: auth-id1\n" +
"pk1: foo\n" +
"pk2: baz\n" +
"format: 2\n" +
"revision: 1\n" +
"sign-key-sha3-384: Jv8_JiHiIzJVcO9M55pPdqSDWUvuhfDIBJUS-3VW7F_idjix7Ffn5qMxB21ZQuij" +
"\n\n" +
"AXNpZw=="))
c.Assert(err, IsNil)
err = bs.Put(asserts.TestOnly2Type, af0)
c.Assert(err, IsNil)
queries := []map[string]string{
{"pk1": "foo", "pk2": "bar"},
{"pk1": "foo"},
{"pk2": "bar"},
}
for _, q := range queries {
var a asserts.Assertion
foundCb := func(a1 asserts.Assertion) {
a = a1
}
err := bs.Search(asserts.TestOnly2Type, q, foundCb, 1)
c.Assert(err, IsNil)
c.Check(a.Revision(), Equals, 0)
}
err = bs.Put(asserts.TestOnly2Type, af1)
c.Assert(err, IsNil)
for _, q := range queries {
var a asserts.Assertion
foundCb := func(a1 asserts.Assertion) {
a = a1
}
err := bs.Search(asserts.TestOnly2Type, q, foundCb, 1)
c.Assert(err, IsNil)
c.Check(a.Revision(), Equals, 1)
err = bs.Search(asserts.TestOnly2Type, q, foundCb, 0)
c.Assert(err, IsNil)
c.Check(a.Revision(), Equals, 0)
}
err = bs.Put(asserts.TestOnly2Type, af2)
c.Assert(err, IsNil)
var as []asserts.Assertion
foundCb := func(a1 asserts.Assertion) {
as = append(as, a1)
}
err = bs.Search(asserts.TestOnly2Type, map[string]string{
"pk1": "foo",
}, foundCb, 1) // will not find af2
c.Assert(err, IsNil)
c.Check(as, HasLen, 1)
c.Check(as[0].Revision(), Equals, 1)
}