assertstest

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 12, 2022 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Overview

Package assertstest provides helpers for testing code that involves assertions.

Index

Constants

View Source
const (
	DevKey = `` /* 3349-byte string literal not displayed */

	DevKeyID = "EAD4DbLxK_kn0gzNCXOs3kd6DeMU3f-L6BEsSEuJGBqCORR0gXkdDxMbOm11mRFu"

	DevKeyPGPFingerprint = "966e70f4b9f257a2772f8f354a423d28aaea4b4f"
)

A sample developer key. See systestkeys for a prebuilt set of trusted keys and assertions.

Variables

This section is empty.

Functions

func AddMany

func AddMany(db accuDB, assertions ...asserts.Assertion)

AddMany conveniently adds the given assertions to the db. It is idempotent but otherwise panics on error.

func FakeAssertion

func FakeAssertion(headerLayers ...map[string]interface{}) asserts.Assertion

FakeAssertion builds a fake assertion with given layered headers and an empty body. A fake assertion cannot be verified or added to a database or properly encoded. It can still be useful for unit tests but shouldn't be used in integration tests.

func FakeAssertionWithBody

func FakeAssertionWithBody(body []byte, headerLayers ...map[string]interface{}) asserts.Assertion

FakeAssertionWithBody builds a fake assertion with the given body and layered headers. A fake assertion cannot be verified or added to a database or properly encoded. It can still be useful for unit tests but shouldn't be used in integration tests.

func GPGImportKey

func GPGImportKey(homedir, armoredKey string)

GPGImportKey imports the given PGP armored key into the GnuPG setup at homedir. It panics on error.

func GenerateKey

func GenerateKey(bits int) (asserts.PrivateKey, *rsa.PrivateKey)

GenerateKey generates a private/public key pair of the given bits. It panics on error.

func MockBuiltinBaseDeclaration

func MockBuiltinBaseDeclaration(headers []byte) (restore func())

MockBuiltinBaseDeclaration mocks the builtin base-declaration exposed by asserts.BuiltinBaseDeclaration.

func NewAccount

func NewAccount(db SignerDB, username string, otherHeaders map[string]interface{}, keyID string) *asserts.Account

NewAccount creates an account assertion for username, it fills in values for other missing headers as needed. It panics on error.

func NewAccountKey

func NewAccountKey(db SignerDB, acct *asserts.Account, otherHeaders map[string]interface{}, pubKey asserts.PublicKey, keyID string) *asserts.AccountKey

NewAccountKey creates an account-key assertion for the account, it fills in values for missing headers as needed. In panics on error.

func ReadPrivKey

func ReadPrivKey(pk string) (asserts.PrivateKey, *rsa.PrivateKey)

ReadPrivKey reads a PGP private key (either armored or simply base64 encoded). It panics on error.

Types

type SignerDB

type SignerDB interface {
	Sign(assertType *asserts.AssertionType, headers map[string]interface{}, body []byte, keyID string) (asserts.Assertion, error)
}

A SignerDB can sign assertions using its key pairs.

type SigningAccounts

type SigningAccounts struct {
	// contains filtered or unexported fields
}

SigningAccounts manages a set of brand or user accounts, with their keys that can sign models etc.

func NewSigningAccounts

func NewSigningAccounts(store *StoreStack) *SigningAccounts

NewSigningAccounts creates a new SigningAccounts instance.

func (*SigningAccounts) Account

func (sa *SigningAccounts) Account(accountID string) *asserts.Account

func (*SigningAccounts) AccountKey

func (sa *SigningAccounts) AccountKey(accountID string) *asserts.AccountKey

func (*SigningAccounts) AccountsAndKeys

func (sa *SigningAccounts) AccountsAndKeys(accountIDs ...string) []asserts.Assertion

AccountsAndKeys returns the account and account-key for each given accountID in that order.

func (*SigningAccounts) Model

func (sa *SigningAccounts) Model(accountID, model string, extras ...map[string]interface{}) *asserts.Model

Model creates a new model for accountID. accountID can also be the account-id of the underlying store stack.

func (*SigningAccounts) PublicKey

func (sa *SigningAccounts) PublicKey(accountID string) asserts.PublicKey

func (*SigningAccounts) Register

func (sa *SigningAccounts) Register(accountID string, brandPrivKey asserts.PrivateKey, extra map[string]interface{}) *SigningDB

func (*SigningAccounts) Signing

func (sa *SigningAccounts) Signing(accountID string) *SigningDB

type SigningDB

type SigningDB struct {
	AuthorityID string
	KeyID       string

	*asserts.Database
}

SigningDB embeds a signing assertion database with a default private key and assigned authority id. Sign will use the assigned authority id. "" can be passed for keyID to Sign and PublicKey to use the default key.

func NewSigningDB

func NewSigningDB(authorityID string, privKey asserts.PrivateKey) *SigningDB

NewSigningDB creates a test signing assertion db with the given defaults. It panics on error.

func (*SigningDB) PublicKey

func (db *SigningDB) PublicKey(keyID string) (asserts.PublicKey, error)

func (*SigningDB) Sign

func (db *SigningDB) Sign(assertType *asserts.AssertionType, headers map[string]interface{}, body []byte, keyID string) (asserts.Assertion, error)

type StoreKeys

type StoreKeys struct {
	Root          asserts.PrivateKey
	Store         asserts.PrivateKey
	Generic       asserts.PrivateKey
	GenericModels asserts.PrivateKey
}

StoreKeys holds a set of store private keys.

type StoreStack

type StoreStack struct {
	// Trusted authority assertions.
	TrustedAccount *asserts.Account
	TrustedKey     *asserts.AccountKey
	Trusted        []asserts.Assertion

	// Generic authority assertions.
	GenericAccount      *asserts.Account
	GenericKey          *asserts.AccountKey
	GenericModelsKey    *asserts.AccountKey
	Generic             []asserts.Assertion
	GenericClassicModel *asserts.Model

	// Signing assertion db that signs with the root private key.
	RootSigning *SigningDB

	// The store-like signing functionality that signs with a store key, setup to also store assertions if desired. It stores a default account-key for the store private key, see also the StoreStack.Key method.
	*SigningDB
}

StoreStack realises a store-like set of founding trusted assertions and signing setup.

func NewStoreStack

func NewStoreStack(authorityID string, keys *StoreKeys) *StoreStack

NewStoreStack creates a new store assertion stack. It panics on error. Optional keys specify private keys to use for the various roles.

func (*StoreStack) StoreAccountKey

func (ss *StoreStack) StoreAccountKey(keyID string) *asserts.AccountKey

StoreAccountKey retrieves one of the account-key assertions for the signing keys of the simulated store signing database. "" for keyID means the default one. It panics on error.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL