github.com/anonymouse64/snapd@v0.0.0-20210824153203-04c4c42d842d/asserts/sysdb/sysdb_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2015-2016 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package sysdb_test 21 22 import ( 23 "os" 24 "path/filepath" 25 "syscall" 26 "testing" 27 28 . "gopkg.in/check.v1" 29 30 "github.com/snapcore/snapd/asserts" 31 "github.com/snapcore/snapd/asserts/assertstest" 32 "github.com/snapcore/snapd/asserts/sysdb" 33 "github.com/snapcore/snapd/dirs" 34 ) 35 36 func TestSysDB(t *testing.T) { TestingT(t) } 37 38 type sysDBSuite struct { 39 extraTrusted []asserts.Assertion 40 extraGeneric []asserts.Assertion 41 otherModel *asserts.Model 42 probeAssert asserts.Assertion 43 } 44 45 var _ = Suite(&sysDBSuite{}) 46 47 func (sdbs *sysDBSuite) SetUpTest(c *C) { 48 tmpdir := c.MkDir() 49 50 pk, _ := assertstest.GenerateKey(752) 51 52 signingDB := assertstest.NewSigningDB("can0nical", pk) 53 54 trustedAcct := assertstest.NewAccount(signingDB, "can0nical", map[string]interface{}{ 55 "account-id": "can0nical", 56 "validation": "verified", 57 "timestamp": "2015-11-20T15:04:00Z", 58 }, "") 59 60 trustedAccKey := assertstest.NewAccountKey(signingDB, trustedAcct, map[string]interface{}{ 61 "account-id": "can0nical", 62 "since": "2015-11-20T15:04:00Z", 63 "until": "2500-11-20T15:04:00Z", 64 }, pk.PublicKey(), "") 65 66 sdbs.extraTrusted = []asserts.Assertion{trustedAcct, trustedAccKey} 67 68 otherAcct := assertstest.NewAccount(signingDB, "gener1c", map[string]interface{}{ 69 "account-id": "gener1c", 70 "validation": "verified", 71 "timestamp": "2015-11-20T15:04:00Z", 72 }, "") 73 74 sdbs.extraGeneric = []asserts.Assertion{otherAcct} 75 76 a, err := signingDB.Sign(asserts.ModelType, map[string]interface{}{ 77 "series": "16", 78 "brand-id": "can0nical", 79 "model": "other-model", 80 "classic": "true", 81 "timestamp": "2015-11-20T15:04:00Z", 82 }, nil, "") 83 c.Assert(err, IsNil) 84 sdbs.otherModel = a.(*asserts.Model) 85 86 fakeRoot := filepath.Join(tmpdir, "root") 87 88 err = os.Mkdir(fakeRoot, os.ModePerm) 89 c.Assert(err, IsNil) 90 dirs.SetRootDir(fakeRoot) 91 92 sdbs.probeAssert = assertstest.NewAccount(signingDB, "probe", nil, "") 93 } 94 95 func (sdbs *sysDBSuite) TearDownTest(c *C) { 96 dirs.SetRootDir("/") 97 } 98 99 func (sdbs *sysDBSuite) TestTrusted(c *C) { 100 trusted := sysdb.Trusted() 101 c.Check(trusted, HasLen, 2) 102 103 restore := sysdb.InjectTrusted(sdbs.extraTrusted) 104 defer restore() 105 106 trustedEx := sysdb.Trusted() 107 c.Check(trustedEx, HasLen, 4) 108 } 109 110 func (sdbs *sysDBSuite) TestGeneric(c *C) { 111 generic := sysdb.Generic() 112 c.Check(generic, HasLen, 2) 113 114 restore := sysdb.InjectGeneric(sdbs.extraGeneric) 115 defer restore() 116 117 genericEx := sysdb.Generic() 118 c.Check(genericEx, HasLen, 3) 119 } 120 121 func (sdbs *sysDBSuite) TestGenericClassicModel(c *C) { 122 m := sysdb.GenericClassicModel() 123 c.Assert(m, NotNil) 124 125 c.Check(m.AuthorityID(), Equals, "generic") 126 c.Check(m.BrandID(), Equals, "generic") 127 c.Check(m.Model(), Equals, "generic-classic") 128 c.Check(m.Classic(), Equals, true) 129 130 r := sysdb.MockGenericClassicModel(sdbs.otherModel) 131 defer r() 132 133 m = sysdb.GenericClassicModel() 134 c.Check(m, Equals, sdbs.otherModel) 135 } 136 137 func (sdbs *sysDBSuite) TestOpenSysDatabase(c *C) { 138 db, err := sysdb.Open() 139 c.Assert(err, IsNil) 140 c.Check(db, NotNil) 141 142 // check trusted 143 _, err = db.Find(asserts.AccountKeyType, map[string]string{ 144 "account-id": "canonical", 145 "public-key-sha3-384": "-CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk", 146 }) 147 c.Assert(err, IsNil) 148 149 trustedAcc, err := db.Find(asserts.AccountType, map[string]string{ 150 "account-id": "canonical", 151 }) 152 c.Assert(err, IsNil) 153 154 c.Check(trustedAcc.(*asserts.Account).Validation(), Equals, "verified") 155 156 err = db.Check(trustedAcc) 157 c.Check(err, IsNil) 158 159 // check generic 160 genericAcc, err := db.Find(asserts.AccountType, map[string]string{ 161 "account-id": "generic", 162 }) 163 c.Assert(err, IsNil) 164 _, err = db.FindMany(asserts.AccountKeyType, map[string]string{ 165 "account-id": "generic", 166 "name": "models", 167 }) 168 c.Assert(err, IsNil) 169 170 c.Check(genericAcc.(*asserts.Account).Validation(), Equals, "verified") 171 172 err = db.Check(genericAcc) 173 c.Check(err, IsNil) 174 175 err = db.Check(sysdb.GenericClassicModel()) 176 c.Check(err, IsNil) 177 178 // extraneous 179 err = db.Check(sdbs.probeAssert) 180 c.Check(err, ErrorMatches, "no matching public key.*") 181 } 182 183 func (sdbs *sysDBSuite) TestOpenSysDatabaseExtras(c *C) { 184 restore := sysdb.InjectTrusted(sdbs.extraTrusted) 185 defer restore() 186 187 db, err := sysdb.Open() 188 c.Assert(err, IsNil) 189 c.Check(db, NotNil) 190 191 err = db.Check(sdbs.probeAssert) 192 c.Check(err, IsNil) 193 } 194 195 func (sdbs *sysDBSuite) TestOpenSysDatabaseBackstoreOpenFail(c *C) { 196 // make it not world-writeable 197 oldUmask := syscall.Umask(0) 198 os.MkdirAll(filepath.Join(dirs.SnapAssertsDBDir, "asserts-v0"), 0777) 199 syscall.Umask(oldUmask) 200 201 db, err := sysdb.Open() 202 c.Assert(err, ErrorMatches, "assert storage root unexpectedly world-writable: .*") 203 c.Check(db, IsNil) 204 } 205 206 func (sdbs *sysDBSuite) TestOpenSysDatabaseKeypairManagerOpenFail(c *C) { 207 // make it not world-writeable 208 oldUmask := syscall.Umask(0) 209 os.MkdirAll(filepath.Join(dirs.SnapAssertsDBDir, "private-keys-v1"), 0777) 210 syscall.Umask(oldUmask) 211 212 db, err := sysdb.Open() 213 c.Assert(err, ErrorMatches, "assert storage root unexpectedly world-writable: .*") 214 c.Check(db, IsNil) 215 }