func (safs *signAddFindSuite) SetUpTest(c *C) {
cfg0 := &asserts.DatabaseConfig{
KeypairManager: asserts.NewMemoryKeypairManager(),
}
db0, err := asserts.OpenDatabase(cfg0)
c.Assert(err, IsNil)
safs.signingDB = db0
pk := asserts.OpenPGPPrivateKey(testPrivKey0)
err = db0.ImportKey("canonical", pk)
c.Assert(err, IsNil)
safs.signingKeyID = pk.PublicKey().ID()
topDir := filepath.Join(c.MkDir(), "asserts-db")
bs, err := asserts.OpenFSBackstore(topDir)
c.Assert(err, IsNil)
trustedKey := testPrivKey0
cfg := &asserts.DatabaseConfig{
Backstore: bs,
KeypairManager: asserts.NewMemoryKeypairManager(),
TrustedKeys: []*asserts.AccountKey{asserts.BootstrapAccountKeyForTest("canonical", &trustedKey.PublicKey)},
}
db, err := asserts.OpenDatabase(cfg)
c.Assert(err, IsNil)
safs.db = db
}
func (chks *checkSuite) TestCheckForgery(c *C) {
trustedKey := testPrivKey0
cfg := &asserts.DatabaseConfig{
Backstore: chks.bs,
KeypairManager: asserts.NewMemoryKeypairManager(),
TrustedKeys: []*asserts.AccountKey{asserts.BootstrapAccountKeyForTest("canonical", &trustedKey.PublicKey)},
}
db, err := asserts.OpenDatabase(cfg)
c.Assert(err, IsNil)
encoded := asserts.Encode(chks.a)
content, encodedSig := chks.a.Signature()
// forgery
forgedSig := new(packet.Signature)
forgedSig.PubKeyAlgo = testPrivKey1.PubKeyAlgo
forgedSig.Hash = crypto.SHA256
forgedSig.CreationTime = time.Now()
forgedSig.IssuerKeyId = &testPrivKey0.KeyId
h := crypto.SHA256.New()
h.Write(content)
err = forgedSig.Sign(h, testPrivKey1, &packet.Config{DefaultHash: crypto.SHA256})
c.Assert(err, IsNil)
buf := new(bytes.Buffer)
forgedSig.Serialize(buf)
forgedSigEncoded := "openpgp " + base64.StdEncoding.EncodeToString(buf.Bytes())
forgedEncoded := bytes.Replace(encoded, encodedSig, []byte(forgedSigEncoded), 1)
c.Assert(forgedEncoded, Not(DeepEquals), encoded)
forgedAssert, err := asserts.Decode(forgedEncoded)
c.Assert(err, IsNil)
err = db.Check(forgedAssert)
c.Assert(err, ErrorMatches, "failed signature verification: .*")
}
func makeSignAndCheckDbWithAccountKey(c *C, accountID string) (signingKeyID string, accSignDB, checkDB *asserts.Database) {
trustedKey := testPrivKey0
cfg1 := &asserts.DatabaseConfig{
KeypairManager: asserts.NewMemoryKeypairManager(),
}
accSignDB, err := asserts.OpenDatabase(cfg1)
c.Assert(err, IsNil)
pk1 := asserts.OpenPGPPrivateKey(testPrivKey1)
err = accSignDB.ImportKey(accountID, asserts.OpenPGPPrivateKey(testPrivKey1))
c.Assert(err, IsNil)
accFingerp := pk1.PublicKey().Fingerprint()
accKeyID := pk1.PublicKey().ID()
pubKey, err := accSignDB.PublicKey(accountID, accKeyID)
c.Assert(err, IsNil)
pubKeyEncoded, err := asserts.EncodePublicKey(pubKey)
c.Assert(err, IsNil)
accPubKeyBody := string(pubKeyEncoded)
headers := map[string]string{
"authority-id": "canonical",
"account-id": accountID,
"public-key-id": accKeyID,
"public-key-fingerprint": accFingerp,
"since": "2015-11-20T15:04:00Z",
"until": "2500-11-20T15:04:00Z",
}
accKey, err := asserts.AssembleAndSignInTest(asserts.AccountKeyType, headers, []byte(accPubKeyBody), asserts.OpenPGPPrivateKey(trustedKey))
c.Assert(err, IsNil)
topDir := filepath.Join(c.MkDir(), "asserts-db")
bs, err := asserts.OpenFSBackstore(topDir)
c.Assert(err, IsNil)
cfg := &asserts.DatabaseConfig{
Backstore: bs,
KeypairManager: asserts.NewMemoryKeypairManager(),
TrustedKeys: []*asserts.AccountKey{asserts.BootstrapAccountKeyForTest("canonical", &trustedKey.PublicKey)},
}
checkDB, err = asserts.OpenDatabase(cfg)
c.Assert(err, IsNil)
err = checkDB.Add(accKey)
c.Assert(err, IsNil)
return accKeyID, accSignDB, checkDB
}
func (opens *openSuite) TestOpenDatabaseOK(c *C) {
cfg := &asserts.DatabaseConfig{
KeypairManager: asserts.NewMemoryKeypairManager(),
}
db, err := asserts.OpenDatabase(cfg)
c.Assert(err, IsNil)
c.Assert(db, NotNil)
}
func (chks *checkSuite) TestCheckNoPubKey(c *C) {
cfg := &asserts.DatabaseConfig{
Backstore: chks.bs,
KeypairManager: asserts.NewMemoryKeypairManager(),
}
db, err := asserts.OpenDatabase(cfg)
c.Assert(err, IsNil)
err = db.Check(chks.a)
c.Assert(err, ErrorMatches, `no matching public key "[a-f0-9]+" for signature by "canonical"`)
}
func (chks *checkSuite) TestCheckNoPubKey(c *C) {
cfg := &asserts.DatabaseConfig{
Backstore: chks.bs,
KeypairManager: asserts.NewMemoryKeypairManager(),
}
db, err := asserts.OpenDatabase(cfg)
c.Assert(err, IsNil)
err = db.Check(chks.a)
c.Assert(err, ErrorMatches, "no valid known public key verifies assertion")
}
func (chks *checkSuite) TestCheckExpiredPubKey(c *C) {
trustedKey := testPrivKey0
cfg := &asserts.DatabaseConfig{
Backstore: chks.bs,
KeypairManager: asserts.NewMemoryKeypairManager(),
TrustedKeys: []*asserts.AccountKey{asserts.ExpiredAccountKeyForTest("canonical", &trustedKey.PublicKey)},
}
db, err := asserts.OpenDatabase(cfg)
c.Assert(err, IsNil)
err = db.Check(chks.a)
c.Assert(err, ErrorMatches, `assertion is signed with expired public key "[a-f0-9]+" from "canonical"`)
}
func (aks *accountKeySuite) openDB(c *C) *asserts.Database {
trustedKey := testPrivKey0
topDir := filepath.Join(c.MkDir(), "asserts-db")
bs, err := asserts.OpenFSBackstore(topDir)
c.Assert(err, IsNil)
cfg := &asserts.DatabaseConfig{
Backstore: bs,
KeypairManager: asserts.NewMemoryKeypairManager(),
TrustedKeys: []*asserts.AccountKey{asserts.BootstrapAccountKeyForTest("canonical", &trustedKey.PublicKey)},
}
db, err := asserts.OpenDatabase(cfg)
c.Assert(err, IsNil)
return db
}
func (aks *accountKeySuite) SetUpSuite(c *C) {
cfg1 := &asserts.DatabaseConfig{
KeypairManager: asserts.NewMemoryKeypairManager(),
}
accDb, err := asserts.OpenDatabase(cfg1)
c.Assert(err, IsNil)
pk := asserts.OpenPGPPrivateKey(testPrivKey1)
err = accDb.ImportKey("acc-id1", pk)
c.Assert(err, IsNil)
aks.fp = pk.PublicKey().Fingerprint()
aks.keyid = pk.PublicKey().ID()
pubKey, err := accDb.PublicKey("acc-id1", aks.keyid)
c.Assert(err, IsNil)
pubKeyEncoded, err := asserts.EncodePublicKey(pubKey)
c.Assert(err, IsNil)
aks.pubKeyBody = string(pubKeyEncoded)
aks.since, err = time.Parse(time.RFC822, "16 Nov 15 15:04 UTC")
c.Assert(err, IsNil)
aks.until = aks.since.AddDate(1, 0, 0)
aks.sinceLine = "since: " + aks.since.Format(time.RFC3339) + "\n"
aks.untilLine = "until: " + aks.until.Format(time.RFC3339) + "\n"
}
func (mkms *memKeypairMgtSuite) SetUpTest(c *C) {
mkms.keypairMgr = asserts.NewMemoryKeypairManager()
}
