github.com/hugh712/snapd@v0.0.0-20200910133618-1a99902bd583/asserts/assertstest/assertstest_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2016 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package assertstest_test 21 22 import ( 23 "encoding/hex" 24 "testing" 25 "time" 26 27 "golang.org/x/crypto/openpgp/packet" 28 . "gopkg.in/check.v1" 29 30 "github.com/snapcore/snapd/asserts" 31 "github.com/snapcore/snapd/asserts/assertstest" 32 ) 33 34 func TestAssertsTest(t *testing.T) { TestingT(t) } 35 36 type helperSuite struct{} 37 38 var _ = Suite(&helperSuite{}) 39 40 func (s *helperSuite) TestReadPrivKeyArmored(c *C) { 41 pk, rsaPrivKey := assertstest.ReadPrivKey(assertstest.DevKey) 42 c.Check(pk, NotNil) 43 c.Check(rsaPrivKey, NotNil) 44 c.Check(pk.PublicKey().ID(), Equals, assertstest.DevKeyID) 45 pkt := packet.NewRSAPrivateKey(time.Date(2016, time.January, 1, 0, 0, 0, 0, time.UTC), rsaPrivKey) 46 c.Check(hex.EncodeToString(pkt.Fingerprint[:]), Equals, assertstest.DevKeyPGPFingerprint) 47 } 48 49 const ( 50 base64PrivKey = ` 51 xcLYBFaU5cgBCAC/2wUYK7YzvL6f0ZxBfptFVfNmI7G9J9Eszdoq1NZZXaV+aYeC7eNU 52 1sKdO6wIRcw3lvybtq5W1n4D/jJAb2qXbB6BukuCGVXCLMEUdvheaVVcIZ/LwdbxmgMJsDFoHsDC 53 RzjkUVTU2b8sK6MwANIsSS5r8Lwm7FazD1qq50UdebsIx8dkjFR5VwrCYgOu1MO2Bqka7UU9as2q 54 4ZsFzpcS/so41kd4IPFEmNMlejhSjgCaixehpLeXypQVHLluV+oSPMV7GtE7Z6HO4V5cT2c9RdXg 55 l4jSKY91rHInkmSizF03laL3T/I6oj0FdZG9GB6QzqRCBTzK05cnVP1k7WFJABEBAAEAB/9spiIa 56 cBa88fSaGWB+Dq7r8yLmAuzTDEt/LgyRGPtSnJ/uGOEvGn0VPJH17ScdgDmIea8Ql8HfV5UBueDH 57 cNFSc15LZS8BvEs+rY2ig0VgYhJ/HGOcRmftZqS1xdwU9OWAoEjts8lwyOdkoknGE5Dyl3b8ldZX 58 zJvEx7s28cXITH4UwGEAMHEXrAMCjkcKPVbM7vW81uOWn0U1jMzmfmqrcLkSfvaCnep6+4QphKPy 59 B4DxJAI34EvJAru4iL5bWWvMeXkBZgmBy4g2SlYbk09cfTmhzw6di5GZtg+77yGACltPBA8MSbzF 60 v30apQ5iuI/hVin7U2/QtQHP4d0zUDbpBADusynnaFcDnPEUm4RdvNpujaBC/HfIpOstiS36RZy8 61 lZeVtffa/+DqzodZD9YF7zEVWeUiC5Os4THirYOZ04dM5yqR/GlKXMHGHaT+mnhD8g1hORx/LrMO 62 k5wUpD1NmloSjP/0pJRccuXq7O1QQfls1Hq1vOSh3cZ/aIvTONJ/YwQAzcK0/2SrnaUc3oCxMEuI 63 2FX0LsYDQiXzMK/x/lfZ/ywxt5J/q6CuaG3xXgSHlsk0M8Uo4acZqpCIFA9mwCPxKbrIOGnwJsI/ 64 +sZBkngtZMSS88Vl32gnzpVWLGpbW2F7hnWrj1YigTcFUdi6TFNa7zHPASzCKxKKiz9YxEWWymME 65 AIbURnQJJOSfYgFyloQuA2QWyAK5Zu7qPworBoRo+PZPVb5yQmSUQ21VqNfzqIJz1EgiDZ0NyGid 66 uXAjn58O9tAq7IN5pTeHoTacZ75cI82kQkUxEnfiKjBO/AU30Y3COsIXhtbIXbtcitHSicp4lnpU 67 NejDkxUnC2wIvJzHWo1FQ18= 68 ` 69 ) 70 71 func (s *helperSuite) TestReadPrivKeyUnarmored(c *C) { 72 pk, rsaPrivKey := assertstest.ReadPrivKey(base64PrivKey) 73 c.Check(pk, NotNil) 74 c.Check(rsaPrivKey, NotNil) 75 } 76 77 func (s *helperSuite) TestStoreStack(c *C) { 78 store := assertstest.NewStoreStack("super", nil) 79 80 c.Check(store.TrustedAccount.AccountID(), Equals, "super") 81 c.Check(store.TrustedAccount.Validation(), Equals, "verified") 82 83 c.Check(store.TrustedKey.AccountID(), Equals, "super") 84 c.Check(store.TrustedKey.Name(), Equals, "root") 85 86 c.Check(store.GenericAccount.AccountID(), Equals, "generic") 87 c.Check(store.GenericAccount.Validation(), Equals, "verified") 88 89 db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{ 90 Backstore: asserts.NewMemoryBackstore(), 91 Trusted: store.Trusted, 92 OtherPredefined: store.Generic, 93 }) 94 c.Assert(err, IsNil) 95 96 storeAccKey := store.StoreAccountKey("") 97 c.Assert(storeAccKey, NotNil) 98 99 c.Check(storeAccKey.AccountID(), Equals, "super") 100 c.Check(storeAccKey.AccountID(), Equals, store.AuthorityID) 101 c.Check(storeAccKey.PublicKeyID(), Equals, store.KeyID) 102 c.Check(storeAccKey.Name(), Equals, "store") 103 104 c.Check(store.GenericKey.AccountID(), Equals, "generic") 105 c.Check(store.GenericKey.Name(), Equals, "serials") 106 107 c.Check(store.GenericModelsKey.AccountID(), Equals, "generic") 108 c.Check(store.GenericModelsKey.Name(), Equals, "models") 109 110 g, err := store.Find(asserts.AccountType, map[string]string{ 111 "account-id": "generic", 112 }) 113 c.Assert(err, IsNil) 114 c.Assert(g.Headers(), DeepEquals, store.GenericAccount.Headers()) 115 116 g, err = store.Find(asserts.AccountKeyType, map[string]string{ 117 "public-key-sha3-384": store.GenericKey.PublicKeyID(), 118 }) 119 c.Assert(err, IsNil) 120 c.Assert(g.Headers(), DeepEquals, store.GenericKey.Headers()) 121 122 g, err = store.Find(asserts.AccountKeyType, map[string]string{ 123 "public-key-sha3-384": store.GenericModelsKey.PublicKeyID(), 124 }) 125 c.Assert(err, IsNil) 126 c.Assert(g.Headers(), DeepEquals, store.GenericModelsKey.Headers()) 127 128 acct := assertstest.NewAccount(store, "devel1", nil, "") 129 c.Check(acct.Username(), Equals, "devel1") 130 c.Check(acct.AccountID(), HasLen, 32) 131 c.Check(acct.Validation(), Equals, "unproven") 132 133 err = db.Add(storeAccKey) 134 c.Assert(err, IsNil) 135 136 err = db.Add(acct) 137 c.Assert(err, IsNil) 138 139 devKey, _ := assertstest.GenerateKey(752) 140 141 acctKey := assertstest.NewAccountKey(store, acct, nil, devKey.PublicKey(), "") 142 143 err = db.Add(acctKey) 144 c.Assert(err, IsNil) 145 146 c.Check(acctKey.Name(), Equals, "default") 147 148 a, err := db.Find(asserts.AccountType, map[string]string{ 149 "account-id": "generic", 150 }) 151 c.Assert(err, IsNil) 152 c.Assert(a.Headers(), DeepEquals, store.GenericAccount.Headers()) 153 154 c.Check(store.GenericClassicModel.AuthorityID(), Equals, "generic") 155 c.Check(store.GenericClassicModel.BrandID(), Equals, "generic") 156 c.Check(store.GenericClassicModel.Model(), Equals, "generic-classic") 157 c.Check(store.GenericClassicModel.Classic(), Equals, true) 158 err = db.Check(store.GenericClassicModel) 159 c.Assert(err, IsNil) 160 161 err = db.Add(store.GenericKey) 162 c.Assert(err, IsNil) 163 } 164 165 func (s *helperSuite) TestSigningAccounts(c *C) { 166 brandKey, _ := assertstest.GenerateKey(752) 167 168 store := assertstest.NewStoreStack("super", nil) 169 170 sa := assertstest.NewSigningAccounts(store) 171 sa.Register("my-brand", brandKey, map[string]interface{}{ 172 "validation": "verified", 173 }) 174 175 acct := sa.Account("my-brand") 176 c.Check(acct.Username(), Equals, "my-brand") 177 c.Check(acct.Validation(), Equals, "verified") 178 179 c.Check(sa.AccountKey("my-brand").PublicKeyID(), Equals, brandKey.PublicKey().ID()) 180 181 c.Check(sa.PublicKey("my-brand").ID(), Equals, brandKey.PublicKey().ID()) 182 183 model := sa.Model("my-brand", "my-model", map[string]interface{}{ 184 "classic": "true", 185 }) 186 c.Check(model.BrandID(), Equals, "my-brand") 187 c.Check(model.Model(), Equals, "my-model") 188 c.Check(model.Classic(), Equals, true) 189 190 // can also sign models for store account-id 191 model = sa.Model("super", "pc", map[string]interface{}{ 192 "classic": "true", 193 }) 194 c.Check(model.BrandID(), Equals, "super") 195 c.Check(model.Model(), Equals, "pc") 196 } 197 198 func (s *helperSuite) TestSigningAccountsAccountsAndKeysPlusAddMany(c *C) { 199 brandKey, _ := assertstest.GenerateKey(752) 200 201 store := assertstest.NewStoreStack("super", nil) 202 203 sa := assertstest.NewSigningAccounts(store) 204 sa.Register("my-brand", brandKey, map[string]interface{}{ 205 "validation": "verified", 206 }) 207 208 db, err := asserts.OpenDatabase(&asserts.DatabaseConfig{ 209 Backstore: asserts.NewMemoryBackstore(), 210 Trusted: store.Trusted, 211 }) 212 c.Assert(err, IsNil) 213 err = db.Add(store.StoreAccountKey("")) 214 c.Assert(err, IsNil) 215 216 assertstest.AddMany(db, sa.AccountsAndKeys("my-brand")...) 217 as, err := db.FindMany(asserts.AccountKeyType, map[string]string{ 218 "account-id": "my-brand", 219 }) 220 c.Check(err, IsNil) 221 c.Check(as, HasLen, 1) 222 223 // idempotent 224 assertstest.AddMany(db, sa.AccountsAndKeys("my-brand")...) 225 }