func (s *SnapKeysSuite) TestExportKeyAccount(c *C) { rootPrivKey, _ := assertstest.GenerateKey(1024) storePrivKey, _ := assertstest.GenerateKey(752) storeSigning := assertstest.NewStoreStack("canonical", rootPrivKey, storePrivKey) manager := asserts.NewGPGKeypairManager() assertstest.NewAccount(storeSigning, "developer1", nil, "") rest, err := snap.Parser().ParseArgs([]string{"export-key", "another", "--account=developer1"}) c.Assert(err, IsNil) c.Assert(rest, DeepEquals, []string{}) assertion, err := asserts.Decode(s.stdout.Bytes()) c.Assert(err, IsNil) c.Check(assertion.Type(), Equals, asserts.AccountKeyRequestType) c.Check(assertion.Revision(), Equals, 0) c.Check(assertion.HeaderString("account-id"), Equals, "developer1") c.Check(assertion.HeaderString("name"), Equals, "another") c.Check(assertion.HeaderString("public-key-sha3-384"), Equals, "DVQf1U4mIsuzlQqAebjjTPYtYJ-GEhJy0REuj3zvpQYTZ7EJj7adBxIXLJ7Vmk3L") since, err := time.Parse(time.RFC3339, assertion.HeaderString("since")) c.Assert(err, IsNil) zone, offset := since.Zone() c.Check(zone, Equals, "UTC") c.Check(offset, Equals, 0) c.Check(s.Stderr(), Equals, "") privKey, err := manager.Get(assertion.HeaderString("public-key-sha3-384")) c.Assert(err, IsNil) err = asserts.SignatureCheck(assertion, privKey.PublicKey()) c.Assert(err, IsNil) }
func (s *assertMgrSuite) SetUpTest(c *C) { dirs.SetRootDir(c.MkDir()) rootPrivKey, _ := assertstest.GenerateKey(1024) storePrivKey, _ := assertstest.GenerateKey(752) s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey) s.restore = sysdb.InjectTrusted(s.storeSigning.Trusted) dev1PrivKey, _ := assertstest.GenerateKey(752) s.dev1Acct = assertstest.NewAccount(s.storeSigning, "developer1", nil, "") err := s.storeSigning.Add(s.dev1Acct) c.Assert(err, IsNil) // developer signing dev1AcctKey := assertstest.NewAccountKey(s.storeSigning, s.dev1Acct, nil, dev1PrivKey.PublicKey(), "") err = s.storeSigning.Add(dev1AcctKey) c.Assert(err, IsNil) s.dev1Signing = assertstest.NewSigningDB(s.dev1Acct.AccountID(), dev1PrivKey) s.state = state.New(nil) mgr, err := assertstate.Manager(s.state) c.Assert(err, IsNil) s.mgr = mgr s.state.Lock() snapstate.ReplaceStore(s.state, &fakeStore{ state: s.state, db: s.storeSigning, }) s.state.Unlock() }
func (s *snapassertsSuite) SetUpTest(c *C) { rootPrivKey, _ := assertstest.GenerateKey(1024) storePrivKey, _ := assertstest.GenerateKey(752) s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey) s.dev1Acct = assertstest.NewAccount(s.storeSigning, "developer1", nil, "") localDB, err := asserts.OpenDatabase(&asserts.DatabaseConfig{ Backstore: asserts.NewMemoryBackstore(), Trusted: s.storeSigning.Trusted, }) c.Assert(err, IsNil) s.localDB = localDB // add in prereqs assertions err = s.localDB.Add(s.storeSigning.StoreAccountKey("")) c.Assert(err, IsNil) err = s.localDB.Add(s.dev1Acct) c.Assert(err, IsNil) headers := map[string]interface{}{ "series": "16", "snap-id": "snap-id-1", "snap-name": "foo", "publisher-id": s.dev1Acct.AccountID(), "timestamp": time.Now().Format(time.RFC3339), } snapDecl, err := s.storeSigning.Sign(asserts.SnapDeclarationType, headers, nil, "") c.Assert(err, IsNil) err = s.localDB.Add(snapDecl) c.Assert(err, IsNil) }
func (s *FirstBootTestSuite) SetUpTest(c *C) { tempdir := c.MkDir() dirs.SetRootDir(tempdir) // mock the world! err := os.MkdirAll(filepath.Join(dirs.SnapSeedDir, "snaps"), 0755) c.Assert(err, IsNil) err = os.MkdirAll(filepath.Join(dirs.SnapSeedDir, "assertions"), 0755) c.Assert(err, IsNil) err = os.MkdirAll(dirs.SnapServicesDir, 0755) c.Assert(err, IsNil) os.Setenv("SNAPPY_SQUASHFS_UNPACK_FOR_TESTS", "1") s.systemctl = testutil.MockCommand(c, "systemctl", "") s.mockUdevAdm = testutil.MockCommand(c, "udevadm", "") err = ioutil.WriteFile(filepath.Join(dirs.SnapSeedDir, "seed.yaml"), nil, 0644) c.Assert(err, IsNil) rootPrivKey, _ := assertstest.GenerateKey(1024) storePrivKey, _ := assertstest.GenerateKey(752) s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey) s.restore = sysdb.InjectTrusted(s.storeSigning.Trusted) s.brandPrivKey, _ = assertstest.GenerateKey(752) s.brandSigning = assertstest.NewSigningDB("my-brand", s.brandPrivKey) ovld, err := overlord.New() c.Assert(err, IsNil) s.overlord = ovld }
func (ms *mgrsSuite) SetUpTest(c *C) { ms.tempdir = c.MkDir() dirs.SetRootDir(ms.tempdir) err := os.MkdirAll(filepath.Dir(dirs.SnapStateFile), 0755) c.Assert(err, IsNil) os.Setenv("SNAPPY_SQUASHFS_UNPACK_FOR_TESTS", "1") // create a fake systemd environment os.MkdirAll(filepath.Join(dirs.SnapServicesDir, "multi-user.target.wants"), 0755) ms.prevctlCmd = systemd.SystemctlCmd systemd.SystemctlCmd = func(cmd ...string) ([]byte, error) { return []byte("ActiveState=inactive\n"), nil } ms.aa = testutil.MockCommand(c, "apparmor_parser", "") ms.udev = testutil.MockCommand(c, "udevadm", "") ms.umount = testutil.MockCommand(c, "umount", "") ms.snapDiscardNs = testutil.MockCommand(c, "snap-discard-ns", "") dirs.LibExecDir = ms.snapDiscardNs.BinDir() ms.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey) ms.restoreTrusted = sysdb.InjectTrusted(ms.storeSigning.Trusted) ms.devAcct = assertstest.NewAccount(ms.storeSigning, "devdevev", map[string]interface{}{ "account-id": "devdevdev", }, "") err = ms.storeSigning.Add(ms.devAcct) c.Assert(err, IsNil) o, err := overlord.New() c.Assert(err, IsNil) ms.o = o }
func (s *deviceMgrSuite) SetUpTest(c *C) { dirs.SetRootDir(c.MkDir()) rootPrivKey, _ := assertstest.GenerateKey(1024) storePrivKey, _ := assertstest.GenerateKey(752) s.storeSigning = assertstest.NewStoreStack("canonical", rootPrivKey, storePrivKey) s.state = state.New(nil) db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{ Backstore: asserts.NewMemoryBackstore(), Trusted: s.storeSigning.Trusted, }) c.Assert(err, IsNil) s.state.Lock() assertstate.ReplaceDB(s.state, db) s.state.Unlock() err = db.Add(s.storeSigning.StoreAccountKey("")) c.Assert(err, IsNil) mgr, err := devicestate.Manager(s.state) c.Assert(err, IsNil) s.db = db s.mgr = mgr s.state.Lock() snapstate.ReplaceStore(s.state, &fakeStore{ state: s.state, db: s.storeSigning, }) s.state.Unlock() }
func makeStoreAndCheckDB(c *C) (storeDB *assertstest.SigningDB, checkDB *asserts.Database) { trustedPrivKey := testPrivKey0 storePrivKey := testPrivKey1 store := assertstest.NewStoreStack("canonical", trustedPrivKey, storePrivKey) cfg := &asserts.DatabaseConfig{ Backstore: asserts.NewMemoryBackstore(), Trusted: store.Trusted, } checkDB, err := asserts.OpenDatabase(cfg) c.Assert(err, IsNil) // add store key err = checkDB.Add(store.StoreAccountKey("")) c.Assert(err, IsNil) return store.SigningDB, checkDB }
func (gkms *gpgKeypairMgrSuite) TestUseInSigning(c *C) { store := assertstest.NewStoreStack("trusted", testPrivKey0, testPrivKey1) devKey, err := gkms.keypairMgr.Get(assertstest.DevKeyID) c.Assert(err, IsNil) devAcct := assertstest.NewAccount(store, "devel1", map[string]interface{}{ "account-id": "dev1-id", }, "") devAccKey := assertstest.NewAccountKey(store, devAcct, nil, devKey.PublicKey(), "") signDB, err := asserts.OpenDatabase(&asserts.DatabaseConfig{ KeypairManager: gkms.keypairMgr, }) c.Assert(err, IsNil) checkDB, err := asserts.OpenDatabase(&asserts.DatabaseConfig{ Backstore: asserts.NewMemoryBackstore(), Trusted: store.Trusted, }) c.Assert(err, IsNil) // add store key err = checkDB.Add(store.StoreAccountKey("")) c.Assert(err, IsNil) // enable devel key err = checkDB.Add(devAcct) c.Assert(err, IsNil) err = checkDB.Add(devAccKey) c.Assert(err, IsNil) headers := map[string]interface{}{ "authority-id": "dev1-id", "snap-sha3-384": blobSHA3_384, "snap-id": "snap-id-1", "grade": "devel", "snap-size": "1025", "timestamp": time.Now().Format(time.RFC3339), } snapBuild, err := signDB.Sign(asserts.SnapBuildType, headers, nil, assertstest.DevKeyID) c.Assert(err, IsNil) err = checkDB.Check(snapBuild) c.Check(err, IsNil) }
func (s *imageSuite) SetUpTest(c *C) { s.root = c.MkDir() s.bootloader = boottest.NewMockBootloader("grub", c.MkDir()) partition.ForceBootloader(s.bootloader) s.stdout = bytes.NewBuffer(nil) image.Stdout = s.stdout s.downloadedSnaps = make(map[string]string) s.storeSnapInfo = make(map[string]*snap.Info) rootPrivKey, _ := assertstest.GenerateKey(1024) storePrivKey, _ := assertstest.GenerateKey(752) s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey) brandPrivKey, _ := assertstest.GenerateKey(752) s.brandSigning = assertstest.NewSigningDB("my-brand", brandPrivKey) brandAcct := assertstest.NewAccount(s.storeSigning, "my-brand", map[string]interface{}{ "account-id": "my-brand", "verification": "certified", }, "") s.storeSigning.Add(brandAcct) brandAccKey := assertstest.NewAccountKey(s.storeSigning, brandAcct, nil, brandPrivKey.PublicKey(), "") s.storeSigning.Add(brandAccKey) model, err := s.brandSigning.Sign(asserts.ModelType, map[string]interface{}{ "series": "16", "authority-id": "my-brand", "brand-id": "my-brand", "model": "my-model", "architecture": "amd64", "gadget": "pc", "kernel": "pc-kernel", "required-snaps": []interface{}{"required-snap1"}, "timestamp": time.Now().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) s.model = model.(*asserts.Model) }
func (s *interfaceManagerSuite) SetUpTest(c *C) { s.storeSigning = assertstest.NewStoreStack("canonical", rootKey, storeKey) dirs.SetRootDir(c.MkDir()) state := state.New(nil) s.state = state db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{ Backstore: asserts.NewMemoryBackstore(), Trusted: s.storeSigning.Trusted, }) c.Assert(err, IsNil) s.db = db err = db.Add(s.storeSigning.StoreAccountKey("")) c.Assert(err, IsNil) s.state.Lock() assertstate.ReplaceDB(state, s.db) s.state.Unlock() s.privateMgr = nil s.extraIfaces = nil s.secBackend = &interfaces.TestSecurityBackend{} s.restoreBackends = ifacestate.MockSecurityBackends([]interfaces.SecurityBackend{s.secBackend}) }
func (s *fetcherSuite) SetUpTest(c *C) { rootPrivKey, _ := assertstest.GenerateKey(1024) storePrivKey, _ := assertstest.GenerateKey(752) s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey) }
func (s *authContextSetupSuite) SetUpTest(c *C) { tempdir := c.MkDir() dirs.SetRootDir(tempdir) err := os.MkdirAll(filepath.Dir(dirs.SnapStateFile), 0755) c.Assert(err, IsNil) captureAuthContext := func(_ *store.Config, ac auth.AuthContext) *store.Store { s.ac = ac return nil } r := overlord.MockStoreNew(captureAuthContext) defer r() s.storeSigning = assertstest.NewStoreStack("can0nical", rootPrivKey, storePrivKey) s.restoreTrusted = sysdb.InjectTrusted(s.storeSigning.Trusted) s.brandSigning = assertstest.NewSigningDB("my-brand", brandPrivKey) brandAcct := assertstest.NewAccount(s.storeSigning, "my-brand", map[string]interface{}{ "account-id": "my-brand", "verification": "certified", }, "") s.storeSigning.Add(brandAcct) brandAccKey := assertstest.NewAccountKey(s.storeSigning, brandAcct, nil, brandPrivKey.PublicKey(), "") s.storeSigning.Add(brandAccKey) model, err := s.brandSigning.Sign(asserts.ModelType, map[string]interface{}{ "series": "16", "authority-id": "my-brand", "brand-id": "my-brand", "model": "my-model", "architecture": "amd64", "store": "my-brand-store-id", "gadget": "pc", "kernel": "pc-kernel", "timestamp": time.Now().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) s.model = model.(*asserts.Model) encDevKey, err := asserts.EncodePublicKey(deviceKey.PublicKey()) c.Assert(err, IsNil) serial, err := s.brandSigning.Sign(asserts.SerialType, map[string]interface{}{ "authority-id": "my-brand", "brand-id": "my-brand", "model": "my-model", "serial": "7878", "device-key": string(encDevKey), "device-key-sha3-384": deviceKey.PublicKey().ID(), "timestamp": time.Now().Format(time.RFC3339), }, nil, "") c.Assert(err, IsNil) s.serial = serial.(*asserts.Serial) o, err := overlord.New() c.Assert(err, IsNil) s.o = o st := o.State() st.Lock() defer st.Unlock() prereqs := []asserts.Assertion{s.storeSigning.StoreAccountKey(""), brandAcct, brandAccKey} for _, a := range prereqs { err = assertstate.Add(st, a) c.Assert(err, IsNil) } }