github.com/kubiko/snapd@v0.0.0-20201013125620-d4f3094d9ddf/asserts/sysdb/sysdb_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2015-2016 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package sysdb_test 21 22 import ( 23 "os" 24 "path/filepath" 25 "syscall" 26 "testing" 27 28 . "gopkg.in/check.v1" 29 30 "github.com/snapcore/snapd/dirs" 31 32 "github.com/snapcore/snapd/asserts" 33 "github.com/snapcore/snapd/asserts/assertstest" 34 "github.com/snapcore/snapd/asserts/sysdb" 35 ) 36 37 func TestSysDB(t *testing.T) { TestingT(t) } 38 39 type sysDBSuite struct { 40 extraTrusted []asserts.Assertion 41 extraGeneric []asserts.Assertion 42 otherModel *asserts.Model 43 probeAssert asserts.Assertion 44 } 45 46 var _ = Suite(&sysDBSuite{}) 47 48 func (sdbs *sysDBSuite) SetUpTest(c *C) { 49 tmpdir := c.MkDir() 50 51 pk, _ := assertstest.GenerateKey(752) 52 53 signingDB := assertstest.NewSigningDB("can0nical", pk) 54 55 trustedAcct := assertstest.NewAccount(signingDB, "can0nical", map[string]interface{}{ 56 "account-id": "can0nical", 57 "validation": "verified", 58 "timestamp": "2015-11-20T15:04:00Z", 59 }, "") 60 61 trustedAccKey := assertstest.NewAccountKey(signingDB, trustedAcct, map[string]interface{}{ 62 "account-id": "can0nical", 63 "since": "2015-11-20T15:04:00Z", 64 "until": "2500-11-20T15:04:00Z", 65 }, pk.PublicKey(), "") 66 67 sdbs.extraTrusted = []asserts.Assertion{trustedAcct, trustedAccKey} 68 69 otherAcct := assertstest.NewAccount(signingDB, "gener1c", map[string]interface{}{ 70 "account-id": "gener1c", 71 "validation": "verified", 72 "timestamp": "2015-11-20T15:04:00Z", 73 }, "") 74 75 sdbs.extraGeneric = []asserts.Assertion{otherAcct} 76 77 a, err := signingDB.Sign(asserts.ModelType, map[string]interface{}{ 78 "series": "16", 79 "brand-id": "can0nical", 80 "model": "other-model", 81 "classic": "true", 82 "timestamp": "2015-11-20T15:04:00Z", 83 }, nil, "") 84 c.Assert(err, IsNil) 85 sdbs.otherModel = a.(*asserts.Model) 86 87 fakeRoot := filepath.Join(tmpdir, "root") 88 89 err = os.Mkdir(fakeRoot, os.ModePerm) 90 c.Assert(err, IsNil) 91 dirs.SetRootDir(fakeRoot) 92 93 sdbs.probeAssert = assertstest.NewAccount(signingDB, "probe", nil, "") 94 } 95 96 func (sdbs *sysDBSuite) TearDownTest(c *C) { 97 dirs.SetRootDir("/") 98 } 99 100 func (sdbs *sysDBSuite) TestTrusted(c *C) { 101 trusted := sysdb.Trusted() 102 c.Check(trusted, HasLen, 2) 103 104 restore := sysdb.InjectTrusted(sdbs.extraTrusted) 105 defer restore() 106 107 trustedEx := sysdb.Trusted() 108 c.Check(trustedEx, HasLen, 4) 109 } 110 111 func (sdbs *sysDBSuite) TestGeneric(c *C) { 112 generic := sysdb.Generic() 113 c.Check(generic, HasLen, 2) 114 115 restore := sysdb.InjectGeneric(sdbs.extraGeneric) 116 defer restore() 117 118 genericEx := sysdb.Generic() 119 c.Check(genericEx, HasLen, 3) 120 } 121 122 func (sdbs *sysDBSuite) TestGenericClassicModel(c *C) { 123 m := sysdb.GenericClassicModel() 124 c.Assert(m, NotNil) 125 126 c.Check(m.AuthorityID(), Equals, "generic") 127 c.Check(m.BrandID(), Equals, "generic") 128 c.Check(m.Model(), Equals, "generic-classic") 129 c.Check(m.Classic(), Equals, true) 130 131 r := sysdb.MockGenericClassicModel(sdbs.otherModel) 132 defer r() 133 134 m = sysdb.GenericClassicModel() 135 c.Check(m, Equals, sdbs.otherModel) 136 } 137 138 func (sdbs *sysDBSuite) TestOpenSysDatabase(c *C) { 139 db, err := sysdb.Open() 140 c.Assert(err, IsNil) 141 c.Check(db, NotNil) 142 143 // check trusted 144 _, err = db.Find(asserts.AccountKeyType, map[string]string{ 145 "account-id": "canonical", 146 "public-key-sha3-384": "-CvQKAwRQ5h3Ffn10FILJoEZUXOv6km9FwA80-Rcj-f-6jadQ89VRswHNiEB9Lxk", 147 }) 148 c.Assert(err, IsNil) 149 150 trustedAcc, err := db.Find(asserts.AccountType, map[string]string{ 151 "account-id": "canonical", 152 }) 153 c.Assert(err, IsNil) 154 155 c.Check(trustedAcc.(*asserts.Account).Validation(), Equals, "verified") 156 157 err = db.Check(trustedAcc) 158 c.Check(err, IsNil) 159 160 // check generic 161 genericAcc, err := db.Find(asserts.AccountType, map[string]string{ 162 "account-id": "generic", 163 }) 164 c.Assert(err, IsNil) 165 _, err = db.FindMany(asserts.AccountKeyType, map[string]string{ 166 "account-id": "generic", 167 "name": "models", 168 }) 169 c.Assert(err, IsNil) 170 171 c.Check(genericAcc.(*asserts.Account).Validation(), Equals, "verified") 172 173 err = db.Check(genericAcc) 174 c.Check(err, IsNil) 175 176 err = db.Check(sysdb.GenericClassicModel()) 177 c.Check(err, IsNil) 178 179 // extraneous 180 err = db.Check(sdbs.probeAssert) 181 c.Check(err, ErrorMatches, "no matching public key.*") 182 } 183 184 func (sdbs *sysDBSuite) TestOpenSysDatabaseExtras(c *C) { 185 restore := sysdb.InjectTrusted(sdbs.extraTrusted) 186 defer restore() 187 188 db, err := sysdb.Open() 189 c.Assert(err, IsNil) 190 c.Check(db, NotNil) 191 192 err = db.Check(sdbs.probeAssert) 193 c.Check(err, IsNil) 194 } 195 196 func (sdbs *sysDBSuite) TestOpenSysDatabaseBackstoreOpenFail(c *C) { 197 // make it not world-writeable 198 oldUmask := syscall.Umask(0) 199 os.MkdirAll(filepath.Join(dirs.SnapAssertsDBDir, "asserts-v0"), 0777) 200 syscall.Umask(oldUmask) 201 202 db, err := sysdb.Open() 203 c.Assert(err, ErrorMatches, "assert storage root unexpectedly world-writable: .*") 204 c.Check(db, IsNil) 205 } 206 207 func (sdbs *sysDBSuite) TestOpenSysDatabaseKeypairManagerOpenFail(c *C) { 208 // make it not world-writeable 209 oldUmask := syscall.Umask(0) 210 os.MkdirAll(filepath.Join(dirs.SnapAssertsDBDir, "private-keys-v1"), 0777) 211 syscall.Umask(oldUmask) 212 213 db, err := sysdb.Open() 214 c.Assert(err, ErrorMatches, "assert storage root unexpectedly world-writable: .*") 215 c.Check(db, IsNil) 216 }