gopkg.in/ubuntu-core/snappy.v0@v0.0.0-20210902073436-25a8614f10a6/daemon/api_system_recovery_keys_test.go

gopkg.in/ubuntu-core/snappy.v0@v0.0.0-20210902073436-25a8614f10a6/daemon/api_system_recovery_keys_test.go (about)

     1  // -*- Mode: Go; indent-tabs-mode: t -*-
     2  
     3  /*
     4   * Copyright (C) 2020 Canonical Ltd
     5   *
     6   * This program is free software: you can redistribute it and/or modify
     7   * it under the terms of the GNU General Public License version 3 as
     8   * published by the Free Software Foundation.
     9   *
    10   * This program is distributed in the hope that it will be useful,
    11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
    12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    13   * GNU General Public License for more details.
    14   *
    15   * You should have received a copy of the GNU General Public License
    16   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
    17   *
    18   */
    19  
    20  package daemon_test
    21  
    22  import (
    23  	"encoding/hex"
    24  	"io/ioutil"
    25  	"net/http"
    26  	"net/http/httptest"
    27  	"os"
    28  	"path/filepath"
    29  
    30  	. "gopkg.in/check.v1"
    31  
    32  	"github.com/snapcore/snapd/client"
    33  	"github.com/snapcore/snapd/dirs"
    34  	"github.com/snapcore/snapd/secboot"
    35  )
    36  
    37  var _ = Suite(&recoveryKeysSuite{})
    38  
    39  type recoveryKeysSuite struct {
    40  	apiBaseSuite
    41  }
    42  
    43  func (s *recoveryKeysSuite) SetUpTest(c *C) {
    44  	s.apiBaseSuite.SetUpTest(c)
    45  
    46  	s.expectRootAccess()
    47  }
    48  
    49  func mockSystemRecoveryKeys(c *C) {
    50  	// same inputs/outputs as secboot:crypt_test.go in this test
    51  	rkeystr, err := hex.DecodeString("e1f01302c5d43726a9b85b4a8d9c7f6e")
    52  	c.Assert(err, IsNil)
    53  	rkeyPath := filepath.Join(dirs.SnapFDEDir, "recovery.key")
    54  	err = os.MkdirAll(filepath.Dir(rkeyPath), 0755)
    55  	c.Assert(err, IsNil)
    56  	err = ioutil.WriteFile(rkeyPath, []byte(rkeystr), 0644)
    57  	c.Assert(err, IsNil)
    58  
    59  	skeystr := "1234567890123456"
    60  	c.Assert(err, IsNil)
    61  	skeyPath := filepath.Join(dirs.SnapFDEDir, "reinstall.key")
    62  	err = ioutil.WriteFile(skeyPath, []byte(skeystr), 0644)
    63  	c.Assert(err, IsNil)
    64  }
    65  
    66  func (s *recoveryKeysSuite) TestSystemGetRecoveryKeysAsRootHappy(c *C) {
    67  	if (secboot.RecoveryKey{}).String() == "not-implemented" {
    68  		c.Skip("needs working secboot recovery key")
    69  	}
    70  
    71  	s.daemon(c)
    72  	mockSystemRecoveryKeys(c)
    73  
    74  	req, err := http.NewRequest("GET", "/v2/system-recovery-keys", nil)
    75  	c.Assert(err, IsNil)
    76  
    77  	rsp := s.syncReq(c, req, nil)
    78  	c.Assert(rsp.Status, Equals, 200)
    79  	srk := rsp.Result.(*client.SystemRecoveryKeysResponse)
    80  	c.Assert(srk, DeepEquals, &client.SystemRecoveryKeysResponse{
    81  		RecoveryKey:  "61665-00531-54469-09783-47273-19035-40077-28287",
    82  		ReinstallKey: "12849-13363-13877-14391-12345-12849-13363-13877",
    83  	})
    84  }
    85  
    86  func (s *recoveryKeysSuite) TestSystemGetRecoveryAsUserErrors(c *C) {
    87  	s.daemon(c)
    88  	mockSystemRecoveryKeys(c)
    89  
    90  	req, err := http.NewRequest("GET", "/v2/system-recovery-keys", nil)
    91  	c.Assert(err, IsNil)
    92  
    93  	// being properly authorized as user is not enough, needs root
    94  	s.asUserAuth(c, req)
    95  	rec := httptest.NewRecorder()
    96  	s.serveHTTP(c, rec, req)
    97  	c.Assert(rec.Code, Equals, 403)
    98  }