Exemple #1
0
func (s *signSuite) SetUpSuite(c *C) {
	testKey, _ := assertstest.GenerateKey(752)

	s.keypairMgr = asserts.NewMemoryKeypairManager()
	s.keypairMgr.Put(testKey)
	s.testKeyID = testKey.PublicKey().ID()
}
func getMemoryKeyStore(config ConfigSettings) (*KeypairDatabase, error) {
	db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
		KeypairManager: asserts.NewMemoryKeypairManager(),
	})
	kdb := KeypairDatabase{FilesystemStore, db, nil}
	return &kdb, err
}
Exemple #3
0
// GetKeyStore returns the keystore as defined in the config file
func GetKeyStore(config ConfigSettings) (*KeypairDatabase, error) {
	switch config.KeyStoreType {
	case DatabaseStore.Name:
		// Prepare the memory store for the unsealed keys
		memStore := asserts.NewMemoryKeypairManager()
		db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
			KeypairManager: memStore,
		})

		dbOperator := DatabaseKeypairOperator{}

		keypairDB = KeypairDatabase{DatabaseStore, db, &dbOperator}
		return &keypairDB, err

	case TPM20Store.Name:
		// Initalize the TPM store
		tpm20 := TPM20KeypairOperator{config.KeyStorePath, config.KeyStoreSecret, &tpm20Command{}}

		// Prepare the memory store for the unsealed keys
		memStore := asserts.NewMemoryKeypairManager()
		db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
			KeypairManager: memStore,
		})

		keypairDB = KeypairDatabase{TPM20Store, db, &tpm20}
		return &keypairDB, err

	case FilesystemStore.Name:
		fsStore, err := asserts.OpenFSKeypairManager(config.KeyStorePath)
		if err != nil {
			return nil, err
		}
		db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
			KeypairManager: fsStore,
		})

		keypairDB = KeypairDatabase{FilesystemStore, db, nil}
		return &keypairDB, err

	default:
		return nil, ErrorInvalidKeystoreType
	}
}
Exemple #4
0
func MakeFakeRefreshForSnaps(snaps []string, blobDir string) error {
	storePrivKey, _ := assertstest.ReadPrivKey(systestkeys.TestStorePrivKey)
	db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
		KeypairManager: asserts.NewMemoryKeypairManager(),
		Backstore:      asserts.NewMemoryBackstore(),
		Trusted:        sysdb.Trusted(),
	})
	if err != nil {
		return err
	}
	// for signing
	db.ImportKey(storePrivKey)

	var cliConfig client.Config
	cli := client.New(&cliConfig)
	retrieve := func(ref *asserts.Ref) (asserts.Assertion, error) {
		headers := make(map[string]string)
		for i, k := range ref.Type.PrimaryKey {
			headers[k] = ref.PrimaryKey[i]
		}
		as, err := cli.Known(ref.Type.Name, headers)
		if err != nil {
			return nil, err
		}
		switch len(as) {
		case 1:
			return as[0], nil
		case 0:
			return nil, asserts.ErrNotFound
		default:
			panic(fmt.Sprintf("multiple assertions when retrieving by primary key: %v", ref))
		}
	}

	save := func(a asserts.Assertion) error {
		err := db.Add(a)
		if err != nil {
			if _, ok := err.(*asserts.RevisionError); !ok {
				return err
			}
		}
		return writeAssert(a, blobDir)
	}

	f := asserts.NewFetcher(db, retrieve, save)

	for _, snap := range snaps {
		if err := makeFakeRefreshForSnap(snap, blobDir, db, f); err != nil {
			return err
		}
	}
	return nil
}
func getTPMKeyStoreWithMockCommand() *KeypairDatabase {
	// Set up the environment variables
	config := ConfigSettings{KeyStorePath: "../keystore", KeyStoreType: "tpm2.0", KeyStoreSecret: "this needs to be 32 bytes long!!"}
	Environ = &Env{Config: config, DB: &mockDB{}}

	tpm20 := TPM20KeypairOperator{config.KeyStorePath, config.KeyStoreSecret, &mockTPM20Command{}}

	// Prepare the memory store for the unsealed keys
	memStore := asserts.NewMemoryKeypairManager()
	db, _ := asserts.OpenDatabase(&asserts.DatabaseConfig{
		KeypairManager: memStore,
	})

	keypairDB = KeypairDatabase{TPM20Store, db, &tpm20}
	return &keypairDB
}
Exemple #6
0
func MakeFakeRefreshForSnaps(snaps []string, blobDir string) error {
	storePrivKey, _ := assertstest.ReadPrivKey(systestkeys.TestStorePrivKey)
	db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
		KeypairManager: asserts.NewMemoryKeypairManager(),
		Backstore:      asserts.NewMemoryBackstore(),
		Trusted:        sysdb.Trusted(),
	})
	if err != nil {
		return err
	}
	// for signing
	db.ImportKey(storePrivKey)

	// XXX: ideally for consistency we should talk to the local snapd
	// but this allows us to go working until snapd itself
	// start being fully assertion using
	sto := store.New(nil, nil)
	retrieve := func(ref *asserts.Ref) (asserts.Assertion, error) {
		return sto.Assertion(ref.Type, ref.PrimaryKey, nil)
	}

	save := func(a asserts.Assertion) error {
		err := db.Add(a)
		if err != nil {
			if _, ok := err.(*asserts.RevisionError); !ok {
				return err
			}
		}
		return writeAssert(a, blobDir)
	}

	f := asserts.NewFetcher(db, retrieve, save)

	for _, snap := range snaps {
		if err := makeFakeRefreshForSnap(snap, blobDir, db, f); err != nil {
			return err
		}
	}
	return nil
}
Exemple #7
0
func (mkms *memKeypairMgtSuite) SetUpTest(c *C) {
	mkms.keypairMgr = asserts.NewMemoryKeypairManager()
}