github.com/meulengracht/snapd@v0.0.0-20210719210640-8bde69bcc84e/daemon/api_system_recovery_keys_test.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2020 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package daemon_test 21 22 import ( 23 "encoding/hex" 24 "io/ioutil" 25 "net/http" 26 "net/http/httptest" 27 "os" 28 "path/filepath" 29 30 . "gopkg.in/check.v1" 31 32 "github.com/snapcore/snapd/client" 33 "github.com/snapcore/snapd/dirs" 34 "github.com/snapcore/snapd/secboot" 35 ) 36 37 var _ = Suite(&recoveryKeysSuite{}) 38 39 type recoveryKeysSuite struct { 40 apiBaseSuite 41 } 42 43 func (s *recoveryKeysSuite) SetUpTest(c *C) { 44 s.apiBaseSuite.SetUpTest(c) 45 46 s.expectRootAccess() 47 } 48 49 func mockSystemRecoveryKeys(c *C) { 50 // same inputs/outputs as secboot:crypt_test.go in this test 51 rkeystr, err := hex.DecodeString("e1f01302c5d43726a9b85b4a8d9c7f6e") 52 c.Assert(err, IsNil) 53 rkeyPath := filepath.Join(dirs.SnapFDEDir, "recovery.key") 54 err = os.MkdirAll(filepath.Dir(rkeyPath), 0755) 55 c.Assert(err, IsNil) 56 err = ioutil.WriteFile(rkeyPath, []byte(rkeystr), 0644) 57 c.Assert(err, IsNil) 58 59 skeystr := "1234567890123456" 60 c.Assert(err, IsNil) 61 skeyPath := filepath.Join(dirs.SnapFDEDir, "reinstall.key") 62 err = ioutil.WriteFile(skeyPath, []byte(skeystr), 0644) 63 c.Assert(err, IsNil) 64 } 65 66 func (s *recoveryKeysSuite) TestSystemGetRecoveryKeysAsRootHappy(c *C) { 67 if (secboot.RecoveryKey{}).String() == "not-implemented" { 68 c.Skip("needs working secboot recovery key") 69 } 70 71 s.daemon(c) 72 mockSystemRecoveryKeys(c) 73 74 req, err := http.NewRequest("GET", "/v2/system-recovery-keys", nil) 75 c.Assert(err, IsNil) 76 77 rsp := s.syncReq(c, req, nil) 78 c.Assert(rsp.Status, Equals, 200) 79 srk := rsp.Result.(*client.SystemRecoveryKeysResponse) 80 c.Assert(srk, DeepEquals, &client.SystemRecoveryKeysResponse{ 81 RecoveryKey: "61665-00531-54469-09783-47273-19035-40077-28287", 82 ReinstallKey: "12849-13363-13877-14391-12345-12849-13363-13877", 83 }) 84 } 85 86 func (s *recoveryKeysSuite) TestSystemGetRecoveryAsUserErrors(c *C) { 87 s.daemon(c) 88 mockSystemRecoveryKeys(c) 89 90 req, err := http.NewRequest("GET", "/v2/system-recovery-keys", nil) 91 c.Assert(err, IsNil) 92 93 // being properly authorized as user is not enough, needs root 94 s.asUserAuth(c, req) 95 rec := httptest.NewRecorder() 96 s.serveHTTP(c, rec, req) 97 c.Assert(rec.Code, Equals, 403) 98 }