github.com/stolowski/snapd@v0.0.0-20210407085831-115137ce5a22/daemon/api_system_recovery_keys_test.go

github.com/stolowski/snapd@v0.0.0-20210407085831-115137ce5a22/daemon/api_system_recovery_keys_test.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2020 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package daemon_test
    21  
    22  import (
    23  	"encoding/hex"
    24  	"io/ioutil"
    25  	"net/http"
    26  	"net/http/httptest"
    27  	"os"
    28  	"path/filepath"
    29  
    30  	. "gopkg.in/check.v1"
    31  
    32  	"github.com/snapcore/snapd/client"
    33  	"github.com/snapcore/snapd/dirs"
    34  	"github.com/snapcore/snapd/secboot"
    35  )
    36  
    37  var _ = Suite(&recoveryKeysSuite{})
    38  
    39  type recoveryKeysSuite struct {
    40  	apiBaseSuite
    41  }
    42  
    43  func mockSystemRecoveryKeys(c *C) {
    44  	// same inputs/outputs as secboot:crypt_test.go in this test
    45  	rkeystr, err := hex.DecodeString("e1f01302c5d43726a9b85b4a8d9c7f6e")
    46  	c.Assert(err, IsNil)
    47  	rkeyPath := filepath.Join(dirs.SnapFDEDir, "recovery.key")
    48  	err = os.MkdirAll(filepath.Dir(rkeyPath), 0755)
    49  	c.Assert(err, IsNil)
    50  	err = ioutil.WriteFile(rkeyPath, []byte(rkeystr), 0644)
    51  	c.Assert(err, IsNil)
    52  
    53  	skeystr := "1234567890123456"
    54  	c.Assert(err, IsNil)
    55  	skeyPath := filepath.Join(dirs.SnapFDEDir, "reinstall.key")
    56  	err = ioutil.WriteFile(skeyPath, []byte(skeystr), 0644)
    57  	c.Assert(err, IsNil)
    58  }
    59  
    60  func (s *recoveryKeysSuite) TestSystemGetRecoveryKeysAsRootHappy(c *C) {
    61  	if (secboot.RecoveryKey{}).String() == "not-implemented" {
    62  		c.Skip("needs working secboot recovery key")
    63  	}
    64  
    65  	s.daemon(c)
    66  	mockSystemRecoveryKeys(c)
    67  
    68  	req, err := http.NewRequest("GET", "/v2/system-recovery-keys", nil)
    69  	c.Assert(err, IsNil)
    70  
    71  	rsp := s.syncReq(c, req, nil)
    72  	c.Assert(rsp.Status, Equals, 200)
    73  	srk := rsp.Result.(*client.SystemRecoveryKeysResponse)
    74  	c.Assert(srk, DeepEquals, &client.SystemRecoveryKeysResponse{
    75  		RecoveryKey:  "61665-00531-54469-09783-47273-19035-40077-28287",
    76  		ReinstallKey: "12849-13363-13877-14391-12345-12849-13363-13877",
    77  	})
    78  }
    79  
    80  func (s *recoveryKeysSuite) TestSystemGetRecoveryAsUserErrors(c *C) {
    81  	s.daemon(c)
    82  	mockSystemRecoveryKeys(c)
    83  
    84  	req, err := http.NewRequest("GET", "/v2/system-recovery-keys", nil)
    85  	c.Assert(err, IsNil)
    86  
    87  	req.RemoteAddr = "pid=100;uid=1000;socket=;"
    88  	rec := httptest.NewRecorder()
    89  	s.serveHTTP(c, rec, req)
    90  	c.Assert(rec.Code, Equals, 401)
    91  }