func (dbs *databaseSuite) TestImportKeyAlreadyExists(c *C) { err := dbs.db.ImportKey("account0", asserts.OpenPGPPrivateKey(testPrivKey1)) c.Assert(err, IsNil) err = dbs.db.ImportKey("account0", asserts.OpenPGPPrivateKey(testPrivKey1)) c.Check(err, ErrorMatches, "key pair with given key id already exists") }
func (as *assertsSuite) TestSignFormatSanitySupportMultilineHeaderValues(c *C) { headers := map[string]string{ "authority-id": "auth-id1", "primary-key": "0", } multilineVals := []string{ "a\n", "\na", "a\n\b\nc", "a\n\b\nc\n", "\na\n", "\n\na\n\nb\n\nc", } for _, multilineVal := range multilineVals { headers["multiline"] = multilineVal if len(multilineVal)%2 == 1 { headers["odd"] = "true" } a, err := asserts.AssembleAndSignInTest(asserts.TestOnlyType, headers, nil, asserts.OpenPGPPrivateKey(testPrivKey1)) c.Assert(err, IsNil) decoded, err := asserts.Decode(asserts.Encode(a)) c.Assert(err, IsNil) c.Check(decoded.Header("multiline"), Equals, multilineVal) } }
func (safs *signAddFindSuite) TestFindFindsTrustedAccountKeys(c *C) { pk1 := asserts.OpenPGPPrivateKey(testPrivKey1) pubKey1Encoded, err := asserts.EncodePublicKey(pk1.PublicKey()) c.Assert(err, IsNil) now := time.Now().UTC() headers := map[string]string{ "authority-id": "canonical", "account-id": "acc-id1", "public-key-id": pk1.PublicKey().ID(), "public-key-fingerprint": pk1.PublicKey().Fingerprint(), "since": now.Format(time.RFC3339), "until": now.AddDate(1, 0, 0).Format(time.RFC3339), } accKey, err := safs.signingDB.Sign(asserts.AccountKeyType, headers, []byte(pubKey1Encoded), safs.signingKeyID) c.Assert(err, IsNil) err = safs.db.Add(accKey) c.Assert(err, IsNil) // find the trusted key as well tKey, err := safs.db.Find(asserts.AccountKeyType, map[string]string{ "account-id": "canonical", "public-key-id": safs.signingKeyID, }) c.Assert(err, IsNil) c.Assert(tKey.(*asserts.AccountKey).AccountID(), Equals, "canonical") c.Assert(tKey.(*asserts.AccountKey).PublicKeyID(), Equals, safs.signingKeyID) // find trusted and untrusted accKeys, err := safs.db.FindMany(asserts.AccountKeyType, nil) c.Assert(err, IsNil) c.Check(accKeys, HasLen, 2) }
func (safs *signAddFindSuite) SetUpTest(c *C) { cfg0 := &asserts.DatabaseConfig{ KeypairManager: asserts.NewMemoryKeypairManager(), } db0, err := asserts.OpenDatabase(cfg0) c.Assert(err, IsNil) safs.signingDB = db0 pk := asserts.OpenPGPPrivateKey(testPrivKey0) err = db0.ImportKey("canonical", pk) c.Assert(err, IsNil) safs.signingKeyID = pk.PublicKey().ID() topDir := filepath.Join(c.MkDir(), "asserts-db") bs, err := asserts.OpenFSBackstore(topDir) c.Assert(err, IsNil) trustedKey := testPrivKey0 cfg := &asserts.DatabaseConfig{ Backstore: bs, KeypairManager: asserts.NewMemoryKeypairManager(), TrustedKeys: []*asserts.AccountKey{asserts.BootstrapAccountKeyForTest("canonical", &trustedKey.PublicKey)}, } db, err := asserts.OpenDatabase(cfg) c.Assert(err, IsNil) safs.db = db }
func makeSignAndCheckDbWithAccountKey(c *C, accountID string) (signingKeyID string, accSignDB, checkDB *asserts.Database) { trustedKey := testPrivKey0 cfg1 := &asserts.DatabaseConfig{ KeypairManager: asserts.NewMemoryKeypairManager(), } accSignDB, err := asserts.OpenDatabase(cfg1) c.Assert(err, IsNil) pk1 := asserts.OpenPGPPrivateKey(testPrivKey1) err = accSignDB.ImportKey(accountID, asserts.OpenPGPPrivateKey(testPrivKey1)) c.Assert(err, IsNil) accFingerp := pk1.PublicKey().Fingerprint() accKeyID := pk1.PublicKey().ID() pubKey, err := accSignDB.PublicKey(accountID, accKeyID) c.Assert(err, IsNil) pubKeyEncoded, err := asserts.EncodePublicKey(pubKey) c.Assert(err, IsNil) accPubKeyBody := string(pubKeyEncoded) headers := map[string]string{ "authority-id": "canonical", "account-id": accountID, "public-key-id": accKeyID, "public-key-fingerprint": accFingerp, "since": "2015-11-20T15:04:00Z", "until": "2500-11-20T15:04:00Z", } accKey, err := asserts.AssembleAndSignInTest(asserts.AccountKeyType, headers, []byte(accPubKeyBody), asserts.OpenPGPPrivateKey(trustedKey)) c.Assert(err, IsNil) topDir := filepath.Join(c.MkDir(), "asserts-db") bs, err := asserts.OpenFSBackstore(topDir) c.Assert(err, IsNil) cfg := &asserts.DatabaseConfig{ Backstore: bs, KeypairManager: asserts.NewMemoryKeypairManager(), TrustedKeys: []*asserts.AccountKey{asserts.BootstrapAccountKeyForTest("canonical", &trustedKey.PublicKey)}, } checkDB, err = asserts.OpenDatabase(cfg) c.Assert(err, IsNil) err = checkDB.Add(accKey) c.Assert(err, IsNil) return accKeyID, accSignDB, checkDB }
func (mkms *memKeypairMgtSuite) TestPutAlreadyExists(c *C) { pk1 := asserts.OpenPGPPrivateKey(testPrivKey1) err := mkms.keypairMgr.Put("auth-id1", pk1) c.Assert(err, IsNil) err = mkms.keypairMgr.Put("auth-id1", pk1) c.Check(err, ErrorMatches, "key pair with given key id already exists") }
func (dss *deviceSerialSuite) SetUpSuite(c *C) { dss.ts = time.Now().Truncate(time.Second).UTC() dss.tsLine = "timestamp: " + dss.ts.Format(time.RFC3339) + "\n" dss.deviceKey = asserts.OpenPGPPrivateKey(testPrivKey2) encodedPubKey, err := asserts.EncodePublicKey(dss.deviceKey.PublicKey()) c.Assert(err, IsNil) dss.encodedDevKey = string(encodedPubKey) }
func (mkms *memKeypairMgtSuite) TestPutAndGet(c *C) { pk1 := asserts.OpenPGPPrivateKey(testPrivKey1) keyID := pk1.PublicKey().ID() err := mkms.keypairMgr.Put("auth-id1", pk1) c.Assert(err, IsNil) got, err := mkms.keypairMgr.Get("auth-id1", keyID) c.Assert(err, IsNil) c.Assert(got, NotNil) c.Check(got.PublicKey().Fingerprint(), Equals, pk1.PublicKey().Fingerprint()) }
func (as *assertsSuite) TestSignFormatSanityEmptyBody(c *C) { headers := map[string]string{ "authority-id": "auth-id1", "primary-key": "0", } a, err := asserts.AssembleAndSignInTest(asserts.TestOnlyType, headers, nil, asserts.OpenPGPPrivateKey(testPrivKey1)) c.Assert(err, IsNil) _, err = asserts.Decode(asserts.Encode(a)) c.Check(err, IsNil) }
func (dbs *databaseSuite) TestPublicKeyNotFound(c *C) { pk := asserts.OpenPGPPrivateKey(testPrivKey1) keyID := pk.PublicKey().ID() _, err := dbs.db.PublicKey("account0", keyID) c.Check(err, ErrorMatches, "no matching key pair found") err = dbs.db.ImportKey("account0", pk) c.Assert(err, IsNil) _, err = dbs.db.PublicKey("account0", "ff"+keyID) c.Check(err, ErrorMatches, "no matching key pair found") }
func (as *assertsSuite) TestSignFormatSanityNonEmptyBody(c *C) { headers := map[string]string{ "authority-id": "auth-id1", "primary-key": "0", } body := []byte("THE-BODY") a, err := asserts.AssembleAndSignInTest(asserts.TestOnlyType, headers, body, asserts.OpenPGPPrivateKey(testPrivKey1)) c.Assert(err, IsNil) c.Check(a.Body(), DeepEquals, body) decoded, err := asserts.Decode(asserts.Encode(a)) c.Assert(err, IsNil) c.Check(decoded.Body(), DeepEquals, body) }
func (chks *checkSuite) SetUpTest(c *C) { var err error topDir := filepath.Join(c.MkDir(), "asserts-db") chks.bs, err = asserts.OpenFSBackstore(topDir) c.Assert(err, IsNil) headers := map[string]string{ "authority-id": "canonical", "primary-key": "0", } chks.a, err = asserts.AssembleAndSignInTest(asserts.TestOnlyType, headers, nil, asserts.OpenPGPPrivateKey(testPrivKey0)) c.Assert(err, IsNil) }
func (mkms *memKeypairMgtSuite) TestGetNotFound(c *C) { pk1 := asserts.OpenPGPPrivateKey(testPrivKey1) keyID := pk1.PublicKey().ID() got, err := mkms.keypairMgr.Get("auth-id1", keyID) c.Check(got, IsNil) c.Check(err, ErrorMatches, "no matching key pair found") err = mkms.keypairMgr.Put("auth-id1", pk1) c.Assert(err, IsNil) got, err = mkms.keypairMgr.Get("auth-id1", keyID+"x") c.Check(got, IsNil) c.Check(err, ErrorMatches, "no matching key pair found") }
func (dbs *databaseSuite) TestImportKey(c *C) { expectedFingerprint := hex.EncodeToString(testPrivKey1.PublicKey.Fingerprint[:]) expectedKeyID := hex.EncodeToString(testPrivKey1.PublicKey.Fingerprint[12:]) err := dbs.db.ImportKey("account0", asserts.OpenPGPPrivateKey(testPrivKey1)) c.Assert(err, IsNil) keyPath := filepath.Join(dbs.topDir, "private-keys-v0/account0", expectedKeyID) info, err := os.Stat(keyPath) c.Assert(err, IsNil) c.Check(info.Mode().Perm(), Equals, os.FileMode(0600)) // secret // too white box? ok at least until we have more functionality privKey, err := ioutil.ReadFile(keyPath) c.Assert(err, IsNil) privKeyFromDisk, err := asserts.DecodePrivateKeyInTest(privKey) c.Assert(err, IsNil) c.Check(privKeyFromDisk.PublicKey().Fingerprint(), Equals, expectedFingerprint) }
func (dbs *databaseSuite) TestPublicKey(c *C) { pk := asserts.OpenPGPPrivateKey(testPrivKey1) fingerp := pk.PublicKey().Fingerprint() keyid := pk.PublicKey().ID() err := dbs.db.ImportKey("account0", pk) c.Assert(err, IsNil) pubk, err := dbs.db.PublicKey("account0", keyid) c.Assert(err, IsNil) c.Check(pubk.Fingerprint(), Equals, fingerp) // usual pattern is to then encode it encoded, err := asserts.EncodePublicKey(pubk) c.Assert(err, IsNil) c.Check(bytes.HasPrefix(encoded, []byte("openpgp ")), Equals, true) data, err := base64.StdEncoding.DecodeString(string(encoded[len("openpgp "):])) c.Assert(err, IsNil) pkt, err := packet.Read(bytes.NewBuffer(data)) c.Assert(err, IsNil) pubKey, ok := pkt.(*packet.PublicKey) c.Assert(ok, Equals, true) c.Assert(pubKey.Fingerprint, DeepEquals, testPrivKey1.PublicKey.Fingerprint) }
func (aks *accountKeySuite) SetUpSuite(c *C) { cfg1 := &asserts.DatabaseConfig{ KeypairManager: asserts.NewMemoryKeypairManager(), } accDb, err := asserts.OpenDatabase(cfg1) c.Assert(err, IsNil) pk := asserts.OpenPGPPrivateKey(testPrivKey1) err = accDb.ImportKey("acc-id1", pk) c.Assert(err, IsNil) aks.fp = pk.PublicKey().Fingerprint() aks.keyid = pk.PublicKey().ID() pubKey, err := accDb.PublicKey("acc-id1", aks.keyid) c.Assert(err, IsNil) pubKeyEncoded, err := asserts.EncodePublicKey(pubKey) c.Assert(err, IsNil) aks.pubKeyBody = string(pubKeyEncoded) aks.since, err = time.Parse(time.RFC822, "16 Nov 15 15:04 UTC") c.Assert(err, IsNil) aks.until = aks.since.AddDate(1, 0, 0) aks.sinceLine = "since: " + aks.since.Format(time.RFC3339) + "\n" aks.untilLine = "until: " + aks.until.Format(time.RFC3339) + "\n" }
func (sdbs *sysDBSuite) SetUpTest(c *C) { tmpdir := c.MkDir() pk := asserts.OpenPGPPrivateKey(testPrivKey0) trustedPubKey := pk.PublicKey() trustedPubKeyEncoded, err := asserts.EncodePublicKey(trustedPubKey) c.Assert(err, IsNil) // self-signed headers := map[string]string{ "authority-id": "canonical", "account-id": "canonical", "public-key-id": trustedPubKey.ID(), "public-key-fingerprint": trustedPubKey.Fingerprint(), "since": "2015-11-20T15:04:00Z", "until": "2500-11-20T15:04:00Z", } trustedAccKey, err := asserts.AssembleAndSignInTest(asserts.AccountKeyType, headers, trustedPubKeyEncoded, pk) c.Assert(err, IsNil) fakeRoot := filepath.Join(tmpdir, "root") err = os.Mkdir(fakeRoot, os.ModePerm) c.Assert(err, IsNil) dirs.SetRootDir(fakeRoot) err = os.MkdirAll(filepath.Dir(dirs.SnapTrustedAccountKey), os.ModePerm) c.Assert(err, IsNil) err = ioutil.WriteFile(dirs.SnapTrustedAccountKey, asserts.Encode(trustedAccKey), os.ModePerm) c.Assert(err, IsNil) headers = map[string]string{ "authority-id": "canonical", "primary-key": "0", } sdbs.probeAssert, err = asserts.AssembleAndSignInTest(asserts.TestOnlyType, headers, nil, pk) c.Assert(err, IsNil) }
func (aks *accountKeySuite) TestAccountKeyAddAndFind(c *C) { trustedKey := testPrivKey0 headers := map[string]string{ "authority-id": "canonical", "account-id": "acc-id1", "public-key-id": aks.keyid, "public-key-fingerprint": aks.fp, "since": aks.since.Format(time.RFC3339), "until": aks.until.Format(time.RFC3339), } accKey, err := asserts.AssembleAndSignInTest(asserts.AccountKeyType, headers, []byte(aks.pubKeyBody), asserts.OpenPGPPrivateKey(trustedKey)) c.Assert(err, IsNil) db := aks.openDB(c) err = db.Add(accKey) c.Assert(err, IsNil) found, err := db.Find(asserts.AccountKeyType, map[string]string{ "account-id": "acc-id1", "public-key-id": aks.keyid, }) c.Assert(err, IsNil) c.Assert(found, NotNil) c.Check(found.Body(), DeepEquals, []byte(aks.pubKeyBody)) }