func (s *signSuite) SetUpSuite(c *C) {
testKey, _ := assertstest.GenerateKey(752)
s.keypairMgr = asserts.NewMemoryKeypairManager()
s.keypairMgr.Put(testKey)
s.testKeyID = testKey.PublicKey().ID()
}
func getMemoryKeyStore(config ConfigSettings) (*KeypairDatabase, error) {
db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
KeypairManager: asserts.NewMemoryKeypairManager(),
})
kdb := KeypairDatabase{FilesystemStore, db, nil}
return &kdb, err
}
// GetKeyStore returns the keystore as defined in the config file
func GetKeyStore(config ConfigSettings) (*KeypairDatabase, error) {
switch config.KeyStoreType {
case DatabaseStore.Name:
// Prepare the memory store for the unsealed keys
memStore := asserts.NewMemoryKeypairManager()
db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
KeypairManager: memStore,
})
dbOperator := DatabaseKeypairOperator{}
keypairDB = KeypairDatabase{DatabaseStore, db, &dbOperator}
return &keypairDB, err
case TPM20Store.Name:
// Initalize the TPM store
tpm20 := TPM20KeypairOperator{config.KeyStorePath, config.KeyStoreSecret, &tpm20Command{}}
// Prepare the memory store for the unsealed keys
memStore := asserts.NewMemoryKeypairManager()
db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
KeypairManager: memStore,
})
keypairDB = KeypairDatabase{TPM20Store, db, &tpm20}
return &keypairDB, err
case FilesystemStore.Name:
fsStore, err := asserts.OpenFSKeypairManager(config.KeyStorePath)
if err != nil {
return nil, err
}
db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
KeypairManager: fsStore,
})
keypairDB = KeypairDatabase{FilesystemStore, db, nil}
return &keypairDB, err
default:
return nil, ErrorInvalidKeystoreType
}
}
func MakeFakeRefreshForSnaps(snaps []string, blobDir string) error {
storePrivKey, _ := assertstest.ReadPrivKey(systestkeys.TestStorePrivKey)
db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
KeypairManager: asserts.NewMemoryKeypairManager(),
Backstore: asserts.NewMemoryBackstore(),
Trusted: sysdb.Trusted(),
})
if err != nil {
return err
}
// for signing
db.ImportKey(storePrivKey)
var cliConfig client.Config
cli := client.New(&cliConfig)
retrieve := func(ref *asserts.Ref) (asserts.Assertion, error) {
headers := make(map[string]string)
for i, k := range ref.Type.PrimaryKey {
headers[k] = ref.PrimaryKey[i]
}
as, err := cli.Known(ref.Type.Name, headers)
if err != nil {
return nil, err
}
switch len(as) {
case 1:
return as[0], nil
case 0:
return nil, asserts.ErrNotFound
default:
panic(fmt.Sprintf("multiple assertions when retrieving by primary key: %v", ref))
}
}
save := func(a asserts.Assertion) error {
err := db.Add(a)
if err != nil {
if _, ok := err.(*asserts.RevisionError); !ok {
return err
}
}
return writeAssert(a, blobDir)
}
f := asserts.NewFetcher(db, retrieve, save)
for _, snap := range snaps {
if err := makeFakeRefreshForSnap(snap, blobDir, db, f); err != nil {
return err
}
}
return nil
}
func getTPMKeyStoreWithMockCommand() *KeypairDatabase {
// Set up the environment variables
config := ConfigSettings{KeyStorePath: "../keystore", KeyStoreType: "tpm2.0", KeyStoreSecret: "this needs to be 32 bytes long!!"}
Environ = &Env{Config: config, DB: &mockDB{}}
tpm20 := TPM20KeypairOperator{config.KeyStorePath, config.KeyStoreSecret, &mockTPM20Command{}}
// Prepare the memory store for the unsealed keys
memStore := asserts.NewMemoryKeypairManager()
db, _ := asserts.OpenDatabase(&asserts.DatabaseConfig{
KeypairManager: memStore,
})
keypairDB = KeypairDatabase{TPM20Store, db, &tpm20}
return &keypairDB
}
func MakeFakeRefreshForSnaps(snaps []string, blobDir string) error {
storePrivKey, _ := assertstest.ReadPrivKey(systestkeys.TestStorePrivKey)
db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{
KeypairManager: asserts.NewMemoryKeypairManager(),
Backstore: asserts.NewMemoryBackstore(),
Trusted: sysdb.Trusted(),
})
if err != nil {
return err
}
// for signing
db.ImportKey(storePrivKey)
// XXX: ideally for consistency we should talk to the local snapd
// but this allows us to go working until snapd itself
// start being fully assertion using
sto := store.New(nil, nil)
retrieve := func(ref *asserts.Ref) (asserts.Assertion, error) {
return sto.Assertion(ref.Type, ref.PrimaryKey, nil)
}
save := func(a asserts.Assertion) error {
err := db.Add(a)
if err != nil {
if _, ok := err.(*asserts.RevisionError); !ok {
return err
}
}
return writeAssert(a, blobDir)
}
f := asserts.NewFetcher(db, retrieve, save)
for _, snap := range snaps {
if err := makeFakeRefreshForSnap(snap, blobDir, db, f); err != nil {
return err
}
}
return nil
}
func (mkms *memKeypairMgtSuite) SetUpTest(c *C) {
mkms.keypairMgr = asserts.NewMemoryKeypairManager()
}