Esempio n. 1
0
func (dbs *databaseSuite) TestImportKeyAlreadyExists(c *C) {
	err := dbs.db.ImportKey("account0", asserts.OpenPGPPrivateKey(testPrivKey1))
	c.Assert(err, IsNil)

	err = dbs.db.ImportKey("account0", asserts.OpenPGPPrivateKey(testPrivKey1))
	c.Check(err, ErrorMatches, "key pair with given key id already exists")
}
Esempio n. 2
0
func (as *assertsSuite) TestSignFormatSanitySupportMultilineHeaderValues(c *C) {
	headers := map[string]string{
		"authority-id": "auth-id1",
		"primary-key":  "0",
	}

	multilineVals := []string{
		"a\n",
		"\na",
		"a\n\b\nc",
		"a\n\b\nc\n",
		"\na\n",
		"\n\na\n\nb\n\nc",
	}

	for _, multilineVal := range multilineVals {
		headers["multiline"] = multilineVal
		if len(multilineVal)%2 == 1 {
			headers["odd"] = "true"
		}

		a, err := asserts.AssembleAndSignInTest(asserts.TestOnlyType, headers, nil, asserts.OpenPGPPrivateKey(testPrivKey1))
		c.Assert(err, IsNil)

		decoded, err := asserts.Decode(asserts.Encode(a))
		c.Assert(err, IsNil)

		c.Check(decoded.Header("multiline"), Equals, multilineVal)
	}
}
Esempio n. 3
0
func (safs *signAddFindSuite) TestFindFindsTrustedAccountKeys(c *C) {
	pk1 := asserts.OpenPGPPrivateKey(testPrivKey1)
	pubKey1Encoded, err := asserts.EncodePublicKey(pk1.PublicKey())
	c.Assert(err, IsNil)

	now := time.Now().UTC()
	headers := map[string]string{
		"authority-id":           "canonical",
		"account-id":             "acc-id1",
		"public-key-id":          pk1.PublicKey().ID(),
		"public-key-fingerprint": pk1.PublicKey().Fingerprint(),
		"since":                  now.Format(time.RFC3339),
		"until":                  now.AddDate(1, 0, 0).Format(time.RFC3339),
	}
	accKey, err := safs.signingDB.Sign(asserts.AccountKeyType, headers, []byte(pubKey1Encoded), safs.signingKeyID)
	c.Assert(err, IsNil)

	err = safs.db.Add(accKey)
	c.Assert(err, IsNil)

	// find the trusted key as well
	tKey, err := safs.db.Find(asserts.AccountKeyType, map[string]string{
		"account-id":    "canonical",
		"public-key-id": safs.signingKeyID,
	})
	c.Assert(err, IsNil)
	c.Assert(tKey.(*asserts.AccountKey).AccountID(), Equals, "canonical")
	c.Assert(tKey.(*asserts.AccountKey).PublicKeyID(), Equals, safs.signingKeyID)

	// find trusted and untrusted
	accKeys, err := safs.db.FindMany(asserts.AccountKeyType, nil)
	c.Assert(err, IsNil)
	c.Check(accKeys, HasLen, 2)
}
Esempio n. 4
0
func (safs *signAddFindSuite) SetUpTest(c *C) {
	cfg0 := &asserts.DatabaseConfig{
		KeypairManager: asserts.NewMemoryKeypairManager(),
	}
	db0, err := asserts.OpenDatabase(cfg0)
	c.Assert(err, IsNil)
	safs.signingDB = db0

	pk := asserts.OpenPGPPrivateKey(testPrivKey0)
	err = db0.ImportKey("canonical", pk)
	c.Assert(err, IsNil)
	safs.signingKeyID = pk.PublicKey().ID()

	topDir := filepath.Join(c.MkDir(), "asserts-db")
	bs, err := asserts.OpenFSBackstore(topDir)
	c.Assert(err, IsNil)

	trustedKey := testPrivKey0
	cfg := &asserts.DatabaseConfig{
		Backstore:      bs,
		KeypairManager: asserts.NewMemoryKeypairManager(),
		TrustedKeys:    []*asserts.AccountKey{asserts.BootstrapAccountKeyForTest("canonical", &trustedKey.PublicKey)},
	}
	db, err := asserts.OpenDatabase(cfg)
	c.Assert(err, IsNil)
	safs.db = db
}
Esempio n. 5
0
func makeSignAndCheckDbWithAccountKey(c *C, accountID string) (signingKeyID string, accSignDB, checkDB *asserts.Database) {
	trustedKey := testPrivKey0

	cfg1 := &asserts.DatabaseConfig{
		KeypairManager: asserts.NewMemoryKeypairManager(),
	}
	accSignDB, err := asserts.OpenDatabase(cfg1)
	c.Assert(err, IsNil)
	pk1 := asserts.OpenPGPPrivateKey(testPrivKey1)
	err = accSignDB.ImportKey(accountID, asserts.OpenPGPPrivateKey(testPrivKey1))
	c.Assert(err, IsNil)
	accFingerp := pk1.PublicKey().Fingerprint()
	accKeyID := pk1.PublicKey().ID()

	pubKey, err := accSignDB.PublicKey(accountID, accKeyID)
	c.Assert(err, IsNil)
	pubKeyEncoded, err := asserts.EncodePublicKey(pubKey)
	c.Assert(err, IsNil)
	accPubKeyBody := string(pubKeyEncoded)

	headers := map[string]string{
		"authority-id":           "canonical",
		"account-id":             accountID,
		"public-key-id":          accKeyID,
		"public-key-fingerprint": accFingerp,
		"since":                  "2015-11-20T15:04:00Z",
		"until":                  "2500-11-20T15:04:00Z",
	}
	accKey, err := asserts.AssembleAndSignInTest(asserts.AccountKeyType, headers, []byte(accPubKeyBody), asserts.OpenPGPPrivateKey(trustedKey))
	c.Assert(err, IsNil)

	topDir := filepath.Join(c.MkDir(), "asserts-db")
	bs, err := asserts.OpenFSBackstore(topDir)
	c.Assert(err, IsNil)
	cfg := &asserts.DatabaseConfig{
		Backstore:      bs,
		KeypairManager: asserts.NewMemoryKeypairManager(),
		TrustedKeys:    []*asserts.AccountKey{asserts.BootstrapAccountKeyForTest("canonical", &trustedKey.PublicKey)},
	}
	checkDB, err = asserts.OpenDatabase(cfg)
	c.Assert(err, IsNil)

	err = checkDB.Add(accKey)
	c.Assert(err, IsNil)

	return accKeyID, accSignDB, checkDB
}
Esempio n. 6
0
func (mkms *memKeypairMgtSuite) TestPutAlreadyExists(c *C) {
	pk1 := asserts.OpenPGPPrivateKey(testPrivKey1)
	err := mkms.keypairMgr.Put("auth-id1", pk1)
	c.Assert(err, IsNil)

	err = mkms.keypairMgr.Put("auth-id1", pk1)
	c.Check(err, ErrorMatches, "key pair with given key id already exists")
}
Esempio n. 7
0
func (dss *deviceSerialSuite) SetUpSuite(c *C) {
	dss.ts = time.Now().Truncate(time.Second).UTC()
	dss.tsLine = "timestamp: " + dss.ts.Format(time.RFC3339) + "\n"

	dss.deviceKey = asserts.OpenPGPPrivateKey(testPrivKey2)
	encodedPubKey, err := asserts.EncodePublicKey(dss.deviceKey.PublicKey())
	c.Assert(err, IsNil)
	dss.encodedDevKey = string(encodedPubKey)
}
Esempio n. 8
0
func (mkms *memKeypairMgtSuite) TestPutAndGet(c *C) {
	pk1 := asserts.OpenPGPPrivateKey(testPrivKey1)
	keyID := pk1.PublicKey().ID()
	err := mkms.keypairMgr.Put("auth-id1", pk1)
	c.Assert(err, IsNil)

	got, err := mkms.keypairMgr.Get("auth-id1", keyID)
	c.Assert(err, IsNil)
	c.Assert(got, NotNil)
	c.Check(got.PublicKey().Fingerprint(), Equals, pk1.PublicKey().Fingerprint())
}
Esempio n. 9
0
func (as *assertsSuite) TestSignFormatSanityEmptyBody(c *C) {
	headers := map[string]string{
		"authority-id": "auth-id1",
		"primary-key":  "0",
	}
	a, err := asserts.AssembleAndSignInTest(asserts.TestOnlyType, headers, nil, asserts.OpenPGPPrivateKey(testPrivKey1))
	c.Assert(err, IsNil)

	_, err = asserts.Decode(asserts.Encode(a))
	c.Check(err, IsNil)
}
Esempio n. 10
0
func (dbs *databaseSuite) TestPublicKeyNotFound(c *C) {
	pk := asserts.OpenPGPPrivateKey(testPrivKey1)
	keyID := pk.PublicKey().ID()

	_, err := dbs.db.PublicKey("account0", keyID)
	c.Check(err, ErrorMatches, "no matching key pair found")

	err = dbs.db.ImportKey("account0", pk)
	c.Assert(err, IsNil)

	_, err = dbs.db.PublicKey("account0", "ff"+keyID)
	c.Check(err, ErrorMatches, "no matching key pair found")
}
Esempio n. 11
0
func (as *assertsSuite) TestSignFormatSanityNonEmptyBody(c *C) {
	headers := map[string]string{
		"authority-id": "auth-id1",
		"primary-key":  "0",
	}
	body := []byte("THE-BODY")
	a, err := asserts.AssembleAndSignInTest(asserts.TestOnlyType, headers, body, asserts.OpenPGPPrivateKey(testPrivKey1))
	c.Assert(err, IsNil)
	c.Check(a.Body(), DeepEquals, body)

	decoded, err := asserts.Decode(asserts.Encode(a))
	c.Assert(err, IsNil)
	c.Check(decoded.Body(), DeepEquals, body)
}
Esempio n. 12
0
func (chks *checkSuite) SetUpTest(c *C) {
	var err error

	topDir := filepath.Join(c.MkDir(), "asserts-db")
	chks.bs, err = asserts.OpenFSBackstore(topDir)
	c.Assert(err, IsNil)

	headers := map[string]string{
		"authority-id": "canonical",
		"primary-key":  "0",
	}
	chks.a, err = asserts.AssembleAndSignInTest(asserts.TestOnlyType, headers, nil, asserts.OpenPGPPrivateKey(testPrivKey0))
	c.Assert(err, IsNil)
}
Esempio n. 13
0
func (mkms *memKeypairMgtSuite) TestGetNotFound(c *C) {
	pk1 := asserts.OpenPGPPrivateKey(testPrivKey1)
	keyID := pk1.PublicKey().ID()

	got, err := mkms.keypairMgr.Get("auth-id1", keyID)
	c.Check(got, IsNil)
	c.Check(err, ErrorMatches, "no matching key pair found")

	err = mkms.keypairMgr.Put("auth-id1", pk1)
	c.Assert(err, IsNil)

	got, err = mkms.keypairMgr.Get("auth-id1", keyID+"x")
	c.Check(got, IsNil)
	c.Check(err, ErrorMatches, "no matching key pair found")
}
Esempio n. 14
0
func (dbs *databaseSuite) TestImportKey(c *C) {
	expectedFingerprint := hex.EncodeToString(testPrivKey1.PublicKey.Fingerprint[:])
	expectedKeyID := hex.EncodeToString(testPrivKey1.PublicKey.Fingerprint[12:])

	err := dbs.db.ImportKey("account0", asserts.OpenPGPPrivateKey(testPrivKey1))
	c.Assert(err, IsNil)

	keyPath := filepath.Join(dbs.topDir, "private-keys-v0/account0", expectedKeyID)
	info, err := os.Stat(keyPath)
	c.Assert(err, IsNil)
	c.Check(info.Mode().Perm(), Equals, os.FileMode(0600)) // secret
	// too white box? ok at least until we have more functionality
	privKey, err := ioutil.ReadFile(keyPath)
	c.Assert(err, IsNil)

	privKeyFromDisk, err := asserts.DecodePrivateKeyInTest(privKey)
	c.Assert(err, IsNil)

	c.Check(privKeyFromDisk.PublicKey().Fingerprint(), Equals, expectedFingerprint)
}
Esempio n. 15
0
func (dbs *databaseSuite) TestPublicKey(c *C) {
	pk := asserts.OpenPGPPrivateKey(testPrivKey1)
	fingerp := pk.PublicKey().Fingerprint()
	keyid := pk.PublicKey().ID()
	err := dbs.db.ImportKey("account0", pk)
	c.Assert(err, IsNil)

	pubk, err := dbs.db.PublicKey("account0", keyid)
	c.Assert(err, IsNil)
	c.Check(pubk.Fingerprint(), Equals, fingerp)

	// usual pattern is to then encode it
	encoded, err := asserts.EncodePublicKey(pubk)
	c.Assert(err, IsNil)
	c.Check(bytes.HasPrefix(encoded, []byte("openpgp ")), Equals, true)
	data, err := base64.StdEncoding.DecodeString(string(encoded[len("openpgp "):]))
	c.Assert(err, IsNil)
	pkt, err := packet.Read(bytes.NewBuffer(data))
	c.Assert(err, IsNil)
	pubKey, ok := pkt.(*packet.PublicKey)
	c.Assert(ok, Equals, true)
	c.Assert(pubKey.Fingerprint, DeepEquals, testPrivKey1.PublicKey.Fingerprint)
}
Esempio n. 16
0
func (aks *accountKeySuite) SetUpSuite(c *C) {
	cfg1 := &asserts.DatabaseConfig{
		KeypairManager: asserts.NewMemoryKeypairManager(),
	}
	accDb, err := asserts.OpenDatabase(cfg1)
	c.Assert(err, IsNil)
	pk := asserts.OpenPGPPrivateKey(testPrivKey1)
	err = accDb.ImportKey("acc-id1", pk)
	c.Assert(err, IsNil)
	aks.fp = pk.PublicKey().Fingerprint()
	aks.keyid = pk.PublicKey().ID()

	pubKey, err := accDb.PublicKey("acc-id1", aks.keyid)
	c.Assert(err, IsNil)
	pubKeyEncoded, err := asserts.EncodePublicKey(pubKey)
	c.Assert(err, IsNil)
	aks.pubKeyBody = string(pubKeyEncoded)

	aks.since, err = time.Parse(time.RFC822, "16 Nov 15 15:04 UTC")
	c.Assert(err, IsNil)
	aks.until = aks.since.AddDate(1, 0, 0)
	aks.sinceLine = "since: " + aks.since.Format(time.RFC3339) + "\n"
	aks.untilLine = "until: " + aks.until.Format(time.RFC3339) + "\n"
}
Esempio n. 17
0
func (sdbs *sysDBSuite) SetUpTest(c *C) {
	tmpdir := c.MkDir()

	pk := asserts.OpenPGPPrivateKey(testPrivKey0)
	trustedPubKey := pk.PublicKey()
	trustedPubKeyEncoded, err := asserts.EncodePublicKey(trustedPubKey)
	c.Assert(err, IsNil)
	// self-signed
	headers := map[string]string{
		"authority-id":           "canonical",
		"account-id":             "canonical",
		"public-key-id":          trustedPubKey.ID(),
		"public-key-fingerprint": trustedPubKey.Fingerprint(),
		"since":                  "2015-11-20T15:04:00Z",
		"until":                  "2500-11-20T15:04:00Z",
	}
	trustedAccKey, err := asserts.AssembleAndSignInTest(asserts.AccountKeyType, headers, trustedPubKeyEncoded, pk)
	c.Assert(err, IsNil)

	fakeRoot := filepath.Join(tmpdir, "root")
	err = os.Mkdir(fakeRoot, os.ModePerm)
	c.Assert(err, IsNil)
	dirs.SetRootDir(fakeRoot)

	err = os.MkdirAll(filepath.Dir(dirs.SnapTrustedAccountKey), os.ModePerm)
	c.Assert(err, IsNil)
	err = ioutil.WriteFile(dirs.SnapTrustedAccountKey, asserts.Encode(trustedAccKey), os.ModePerm)
	c.Assert(err, IsNil)

	headers = map[string]string{
		"authority-id": "canonical",
		"primary-key":  "0",
	}
	sdbs.probeAssert, err = asserts.AssembleAndSignInTest(asserts.TestOnlyType, headers, nil, pk)
	c.Assert(err, IsNil)
}
Esempio n. 18
0
func (aks *accountKeySuite) TestAccountKeyAddAndFind(c *C) {
	trustedKey := testPrivKey0

	headers := map[string]string{
		"authority-id":           "canonical",
		"account-id":             "acc-id1",
		"public-key-id":          aks.keyid,
		"public-key-fingerprint": aks.fp,
		"since":                  aks.since.Format(time.RFC3339),
		"until":                  aks.until.Format(time.RFC3339),
	}
	accKey, err := asserts.AssembleAndSignInTest(asserts.AccountKeyType, headers, []byte(aks.pubKeyBody), asserts.OpenPGPPrivateKey(trustedKey))
	c.Assert(err, IsNil)

	db := aks.openDB(c)

	err = db.Add(accKey)
	c.Assert(err, IsNil)

	found, err := db.Find(asserts.AccountKeyType, map[string]string{
		"account-id":    "acc-id1",
		"public-key-id": aks.keyid,
	})
	c.Assert(err, IsNil)
	c.Assert(found, NotNil)
	c.Check(found.Body(), DeepEquals, []byte(aks.pubKeyBody))
}