func (s *authContextSetupSuite) TestDeviceSessionRequest(c *C) { st := s.o.State() st.Lock() defer st.Unlock() st.Unlock() _, _, err := s.ac.DeviceSessionRequest("NONCE") st.Lock() c.Check(err, Equals, auth.ErrNoSerial) // setup serial and key in system state err = assertstate.Add(st, s.serial) c.Assert(err, IsNil) kpMgr, err := asserts.OpenFSKeypairManager(dirs.SnapDeviceDir) c.Assert(err, IsNil) err = kpMgr.Put(deviceKey) c.Assert(err, IsNil) auth.SetDevice(st, &auth.DeviceState{ Brand: s.serial.BrandID(), Model: s.serial.Model(), Serial: s.serial.Serial(), KeyID: deviceKey.PublicKey().ID(), }) st.Unlock() req, encSerial, err := s.ac.DeviceSessionRequest("NONCE") st.Lock() c.Assert(err, IsNil) c.Check(bytes.HasPrefix(req, []byte("type: device-session-request\n")), Equals, true) c.Check(encSerial, DeepEquals, asserts.Encode(s.serial)) }
func (dbs *databaseSuite) SetUpTest(c *C) { dbs.topDir = filepath.Join(c.MkDir(), "asserts-db") fsKeypairMgr, err := asserts.OpenFSKeypairManager(dbs.topDir) c.Assert(err, IsNil) cfg := &asserts.DatabaseConfig{ KeypairManager: fsKeypairMgr, } db, err := asserts.OpenDatabase(cfg) c.Assert(err, IsNil) dbs.db = db }
func (fsbss *fsKeypairMgrSuite) TestOpenWorldWritableFail(c *C) { topDir := filepath.Join(c.MkDir(), "asserts-db") // make it world-writable oldUmask := syscall.Umask(0) os.MkdirAll(filepath.Join(topDir, "private-keys-v1"), 0777) syscall.Umask(oldUmask) bs, err := asserts.OpenFSKeypairManager(topDir) c.Assert(err, ErrorMatches, "assert storage root unexpectedly world-writable: .*") c.Check(bs, IsNil) }
func openDatabaseAt(path string, cfg *asserts.DatabaseConfig) (*asserts.Database, error) { bs, err := asserts.OpenFSBackstore(path) if err != nil { return nil, err } keypairMgr, err := asserts.OpenFSKeypairManager(path) if err != nil { return nil, err } cfg.Backstore = bs cfg.KeypairManager = keypairMgr return asserts.OpenDatabase(cfg) }
// Manager returns a new device manager. func Manager(s *state.State) (*DeviceManager, error) { runner := state.NewTaskRunner(s) keypairMgr, err := asserts.OpenFSKeypairManager(dirs.SnapDeviceDir) if err != nil { return nil, err } m := &DeviceManager{state: s, keypairMgr: keypairMgr, runner: runner} runner.AddHandler("generate-device-key", m.doGenerateDeviceKey, nil) runner.AddHandler("request-serial", m.doRequestSerial, nil) return m, nil }
func (fsbss *fsKeypairMgrSuite) TestOpenOK(c *C) { // ensure umask is clean when creating the DB dir oldUmask := syscall.Umask(0) defer syscall.Umask(oldUmask) topDir := filepath.Join(c.MkDir(), "asserts-db") err := os.MkdirAll(topDir, 0775) c.Assert(err, IsNil) bs, err := asserts.OpenFSKeypairManager(topDir) c.Check(err, IsNil) c.Check(bs, NotNil) info, err := os.Stat(filepath.Join(topDir, "private-keys-v1")) c.Assert(err, IsNil) c.Assert(info.IsDir(), Equals, true) c.Check(info.Mode().Perm(), Equals, os.FileMode(0775)) }
// Manager returns a new device manager. func Manager(s *state.State, hookManager *hookstate.HookManager) (*DeviceManager, error) { runner := state.NewTaskRunner(s) keypairMgr, err := asserts.OpenFSKeypairManager(dirs.SnapDeviceDir) if err != nil { return nil, err } m := &DeviceManager{state: s, keypairMgr: keypairMgr, runner: runner} hookManager.Register(regexp.MustCompile("^prepare-device$"), newPrepareDeviceHandler) runner.AddHandler("generate-device-key", m.doGenerateDeviceKey, nil) runner.AddHandler("request-serial", m.doRequestSerial, nil) runner.AddHandler("mark-seeded", m.doMarkSeeded, nil) return m, nil }
// GetKeyStore returns the keystore as defined in the config file func GetKeyStore(config ConfigSettings) (*KeypairDatabase, error) { switch config.KeyStoreType { case DatabaseStore.Name: // Prepare the memory store for the unsealed keys memStore := asserts.NewMemoryKeypairManager() db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{ KeypairManager: memStore, }) dbOperator := DatabaseKeypairOperator{} keypairDB = KeypairDatabase{DatabaseStore, db, &dbOperator} return &keypairDB, err case TPM20Store.Name: // Initalize the TPM store tpm20 := TPM20KeypairOperator{config.KeyStorePath, config.KeyStoreSecret, &tpm20Command{}} // Prepare the memory store for the unsealed keys memStore := asserts.NewMemoryKeypairManager() db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{ KeypairManager: memStore, }) keypairDB = KeypairDatabase{TPM20Store, db, &tpm20} return &keypairDB, err case FilesystemStore.Name: fsStore, err := asserts.OpenFSKeypairManager(config.KeyStorePath) if err != nil { return nil, err } db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{ KeypairManager: fsStore, }) keypairDB = KeypairDatabase{FilesystemStore, db, nil} return &keypairDB, err default: return nil, ErrorInvalidKeystoreType } }