func (safs *signAddFindSuite) SetUpTest(c *C) { cfg0 := &asserts.DatabaseConfig{ KeypairManager: asserts.NewMemoryKeypairManager(), } db0, err := asserts.OpenDatabase(cfg0) c.Assert(err, IsNil) safs.signingDB = db0 pk := asserts.OpenPGPPrivateKey(testPrivKey0) err = db0.ImportKey("canonical", pk) c.Assert(err, IsNil) safs.signingKeyID = pk.PublicKey().ID() topDir := filepath.Join(c.MkDir(), "asserts-db") bs, err := asserts.OpenFSBackstore(topDir) c.Assert(err, IsNil) trustedKey := testPrivKey0 cfg := &asserts.DatabaseConfig{ Backstore: bs, KeypairManager: asserts.NewMemoryKeypairManager(), TrustedKeys: []*asserts.AccountKey{asserts.BootstrapAccountKeyForTest("canonical", &trustedKey.PublicKey)}, } db, err := asserts.OpenDatabase(cfg) c.Assert(err, IsNil) safs.db = db }
func (chks *checkSuite) TestCheckForgery(c *C) { trustedKey := testPrivKey0 cfg := &asserts.DatabaseConfig{ Backstore: chks.bs, KeypairManager: asserts.NewMemoryKeypairManager(), TrustedKeys: []*asserts.AccountKey{asserts.BootstrapAccountKeyForTest("canonical", &trustedKey.PublicKey)}, } db, err := asserts.OpenDatabase(cfg) c.Assert(err, IsNil) encoded := asserts.Encode(chks.a) content, encodedSig := chks.a.Signature() // forgery forgedSig := new(packet.Signature) forgedSig.PubKeyAlgo = testPrivKey1.PubKeyAlgo forgedSig.Hash = crypto.SHA256 forgedSig.CreationTime = time.Now() forgedSig.IssuerKeyId = &testPrivKey0.KeyId h := crypto.SHA256.New() h.Write(content) err = forgedSig.Sign(h, testPrivKey1, &packet.Config{DefaultHash: crypto.SHA256}) c.Assert(err, IsNil) buf := new(bytes.Buffer) forgedSig.Serialize(buf) forgedSigEncoded := "openpgp " + base64.StdEncoding.EncodeToString(buf.Bytes()) forgedEncoded := bytes.Replace(encoded, encodedSig, []byte(forgedSigEncoded), 1) c.Assert(forgedEncoded, Not(DeepEquals), encoded) forgedAssert, err := asserts.Decode(forgedEncoded) c.Assert(err, IsNil) err = db.Check(forgedAssert) c.Assert(err, ErrorMatches, "failed signature verification: .*") }
func makeSignAndCheckDbWithAccountKey(c *C, accountID string) (signingKeyID string, accSignDB, checkDB *asserts.Database) { trustedKey := testPrivKey0 cfg1 := &asserts.DatabaseConfig{ KeypairManager: asserts.NewMemoryKeypairManager(), } accSignDB, err := asserts.OpenDatabase(cfg1) c.Assert(err, IsNil) pk1 := asserts.OpenPGPPrivateKey(testPrivKey1) err = accSignDB.ImportKey(accountID, asserts.OpenPGPPrivateKey(testPrivKey1)) c.Assert(err, IsNil) accFingerp := pk1.PublicKey().Fingerprint() accKeyID := pk1.PublicKey().ID() pubKey, err := accSignDB.PublicKey(accountID, accKeyID) c.Assert(err, IsNil) pubKeyEncoded, err := asserts.EncodePublicKey(pubKey) c.Assert(err, IsNil) accPubKeyBody := string(pubKeyEncoded) headers := map[string]string{ "authority-id": "canonical", "account-id": accountID, "public-key-id": accKeyID, "public-key-fingerprint": accFingerp, "since": "2015-11-20T15:04:00Z", "until": "2500-11-20T15:04:00Z", } accKey, err := asserts.AssembleAndSignInTest(asserts.AccountKeyType, headers, []byte(accPubKeyBody), asserts.OpenPGPPrivateKey(trustedKey)) c.Assert(err, IsNil) topDir := filepath.Join(c.MkDir(), "asserts-db") bs, err := asserts.OpenFSBackstore(topDir) c.Assert(err, IsNil) cfg := &asserts.DatabaseConfig{ Backstore: bs, KeypairManager: asserts.NewMemoryKeypairManager(), TrustedKeys: []*asserts.AccountKey{asserts.BootstrapAccountKeyForTest("canonical", &trustedKey.PublicKey)}, } checkDB, err = asserts.OpenDatabase(cfg) c.Assert(err, IsNil) err = checkDB.Add(accKey) c.Assert(err, IsNil) return accKeyID, accSignDB, checkDB }
func (opens *openSuite) TestOpenDatabaseOK(c *C) { cfg := &asserts.DatabaseConfig{ KeypairManager: asserts.NewMemoryKeypairManager(), } db, err := asserts.OpenDatabase(cfg) c.Assert(err, IsNil) c.Assert(db, NotNil) }
func (chks *checkSuite) TestCheckNoPubKey(c *C) { cfg := &asserts.DatabaseConfig{ Backstore: chks.bs, KeypairManager: asserts.NewMemoryKeypairManager(), } db, err := asserts.OpenDatabase(cfg) c.Assert(err, IsNil) err = db.Check(chks.a) c.Assert(err, ErrorMatches, `no matching public key "[a-f0-9]+" for signature by "canonical"`) }
func (chks *checkSuite) TestCheckNoPubKey(c *C) { cfg := &asserts.DatabaseConfig{ Backstore: chks.bs, KeypairManager: asserts.NewMemoryKeypairManager(), } db, err := asserts.OpenDatabase(cfg) c.Assert(err, IsNil) err = db.Check(chks.a) c.Assert(err, ErrorMatches, "no valid known public key verifies assertion") }
func (chks *checkSuite) TestCheckExpiredPubKey(c *C) { trustedKey := testPrivKey0 cfg := &asserts.DatabaseConfig{ Backstore: chks.bs, KeypairManager: asserts.NewMemoryKeypairManager(), TrustedKeys: []*asserts.AccountKey{asserts.ExpiredAccountKeyForTest("canonical", &trustedKey.PublicKey)}, } db, err := asserts.OpenDatabase(cfg) c.Assert(err, IsNil) err = db.Check(chks.a) c.Assert(err, ErrorMatches, `assertion is signed with expired public key "[a-f0-9]+" from "canonical"`) }
func (aks *accountKeySuite) openDB(c *C) *asserts.Database { trustedKey := testPrivKey0 topDir := filepath.Join(c.MkDir(), "asserts-db") bs, err := asserts.OpenFSBackstore(topDir) c.Assert(err, IsNil) cfg := &asserts.DatabaseConfig{ Backstore: bs, KeypairManager: asserts.NewMemoryKeypairManager(), TrustedKeys: []*asserts.AccountKey{asserts.BootstrapAccountKeyForTest("canonical", &trustedKey.PublicKey)}, } db, err := asserts.OpenDatabase(cfg) c.Assert(err, IsNil) return db }
func (aks *accountKeySuite) SetUpSuite(c *C) { cfg1 := &asserts.DatabaseConfig{ KeypairManager: asserts.NewMemoryKeypairManager(), } accDb, err := asserts.OpenDatabase(cfg1) c.Assert(err, IsNil) pk := asserts.OpenPGPPrivateKey(testPrivKey1) err = accDb.ImportKey("acc-id1", pk) c.Assert(err, IsNil) aks.fp = pk.PublicKey().Fingerprint() aks.keyid = pk.PublicKey().ID() pubKey, err := accDb.PublicKey("acc-id1", aks.keyid) c.Assert(err, IsNil) pubKeyEncoded, err := asserts.EncodePublicKey(pubKey) c.Assert(err, IsNil) aks.pubKeyBody = string(pubKeyEncoded) aks.since, err = time.Parse(time.RFC822, "16 Nov 15 15:04 UTC") c.Assert(err, IsNil) aks.until = aks.since.AddDate(1, 0, 0) aks.sinceLine = "since: " + aks.since.Format(time.RFC3339) + "\n" aks.untilLine = "until: " + aks.until.Format(time.RFC3339) + "\n" }
func (mkms *memKeypairMgtSuite) SetUpTest(c *C) { mkms.keypairMgr = asserts.NewMemoryKeypairManager() }