assertstest

package
v0.0.0-...-1f06296 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 4, 2021 License: GPL-3.0 Imports: 13 Imported by: 0

Documentation

Overview

Package assertstest provides helpers for testing code that involves assertions.

Index

Constants

View Source 
const (
	DevKey = `` /* 3349-byte string literal not displayed */

	DevKeyID = "EAD4DbLxK_kn0gzNCXOs3kd6DeMU3f-L6BEsSEuJGBqCORR0gXkdDxMbOm11mRFu"

	DevKeyPGPFingerprint = "966e70f4b9f257a2772f8f354a423d28aaea4b4f"
)

A sample developer key. See systestkeys for a prebuilt set of trusted keys and assertions.

Variables

This section is empty.

Functions

func AddMany 

func AddMany(db accuDB, assertions ...asserts.Assertion)

AddMany conveniently adds the given assertions to the db. It is idempotent but otherwise panics on error.

func FakeAssertion 

func FakeAssertion(headerLayers ...map[string]interface{}) asserts.Assertion

FakeAssertion builds a fake assertion with given layered headers and an empty body. A fake assertion cannot be verified or added to a database or properly encoded. It can still be useful for unit tests but shouldn't be used in integration tests.

func FakeAssertionWithBody 

func FakeAssertionWithBody(body []byte, headerLayers ...map[string]interface{}) asserts.Assertion

FakeAssertionWithBody builds a fake assertion with the given body and layered headers. A fake assertion cannot be verified or added to a database or properly encoded. It can still be useful for unit tests but shouldn't be used in integration tests.

func GPGImportKey 

func GPGImportKey(homedir, armoredKey string)

GPGImportKey imports the given PGP armored key into the GnuPG setup at homedir. It panics on error.

func GenerateKey 

func GenerateKey(bits int) (asserts.PrivateKey, *rsa.PrivateKey)

GenerateKey generates a private/public key pair of the given bits. It panics on error.

func MockBuiltinBaseDeclaration 

func MockBuiltinBaseDeclaration(headers []byte) (restore func())

MockBuiltinBaseDeclaration mocks the builtin base-declaration exposed by asserts.BuiltinBaseDeclaration.

func NewAccount 

func NewAccount(db SignerDB, username string, otherHeaders map[string]interface{}, keyID string) *asserts.Account

NewAccount creates an account assertion for username, it fills in values for other missing headers as needed. It panics on error.

func NewAccountKey 

func NewAccountKey(db SignerDB, acct *asserts.Account, otherHeaders map[string]interface{}, pubKey asserts.PublicKey, keyID string) *asserts.AccountKey

NewAccountKey creates an account-key assertion for the account, it fills in values for missing headers as needed. In panics on error.

func ReadPrivKey 

func ReadPrivKey(pk string) (asserts.PrivateKey, *rsa.PrivateKey)

ReadPrivKey reads a PGP private key (either armored or simply base64 encoded). It panics on error.

Types

type SignerDB 

type SignerDB interface {
	Sign(assertType *asserts.AssertionType, headers map[string]interface{}, body []byte, keyID string) (asserts.Assertion, error)
}

A SignerDB can sign assertions using its key pairs.

type SigningAccounts 

type SigningAccounts struct {
	// contains filtered or unexported fields
}

SigningAccounts manages a set of brand or user accounts, with their keys that can sign models etc.

func NewSigningAccounts 

func NewSigningAccounts(store *StoreStack) *SigningAccounts

NewSigningAccounts creates a new SigningAccounts instance.

func (*SigningAccounts) Account 

func (sa *SigningAccounts) Account(accountID string) *asserts.Account

func (*SigningAccounts) AccountKey 

func (sa *SigningAccounts) AccountKey(accountID string) *asserts.AccountKey

func (*SigningAccounts) AccountsAndKeys 

func (sa *SigningAccounts) AccountsAndKeys(accountIDs ...string) []asserts.Assertion

AccountsAndKeys returns the account and account-key for each given accountID in that order.

func (*SigningAccounts) Model 

func (sa *SigningAccounts) Model(accountID, model string, extras ...map[string]interface{}) *asserts.Model

Model creates a new model for accountID. accountID can also be the account-id of the underlying store stack.

func (*SigningAccounts) PublicKey 

func (sa *SigningAccounts) PublicKey(accountID string) asserts.PublicKey

func (*SigningAccounts) Register 

func (sa *SigningAccounts) Register(accountID string, brandPrivKey asserts.PrivateKey, extra map[string]interface{}) *SigningDB

func (*SigningAccounts) Signing 

func (sa *SigningAccounts) Signing(accountID string) *SigningDB

type SigningDB 

type SigningDB struct {
	AuthorityID string
	KeyID       string

	*asserts.Database
}

SigningDB embeds a signing assertion database with a default private key and assigned authority id. Sign will use the assigned authority id. "" can be passed for keyID to Sign and PublicKey to use the default key.

func NewSigningDB 

func NewSigningDB(authorityID string, privKey asserts.PrivateKey) *SigningDB

NewSigningDB creates a test signing assertion db with the given defaults. It panics on error.

func (*SigningDB) PublicKey 

func (db *SigningDB) PublicKey(keyID string) (asserts.PublicKey, error)

func (*SigningDB) Sign 

func (db *SigningDB) Sign(assertType *asserts.AssertionType, headers map[string]interface{}, body []byte, keyID string) (asserts.Assertion, error)

type StoreKeys 

type StoreKeys struct {
	Root          asserts.PrivateKey
	Store         asserts.PrivateKey
	Generic       asserts.PrivateKey
	GenericModels asserts.PrivateKey
}

StoreKeys holds a set of store private keys.

type StoreStack 

type StoreStack struct {
	// Trusted authority assertions.
	TrustedAccount *asserts.Account
	TrustedKey     *asserts.AccountKey
	Trusted        []asserts.Assertion

	// Generic authority assertions.
	GenericAccount      *asserts.Account
	GenericKey          *asserts.AccountKey
	GenericModelsKey    *asserts.AccountKey
	Generic             []asserts.Assertion
	GenericClassicModel *asserts.Model

	// Signing assertion db that signs with the root private key.
	RootSigning *SigningDB

	// The store-like signing functionality that signs with a store key, setup to also store assertions if desired. It stores a default account-key for the store private key, see also the StoreStack.Key method.
	*SigningDB
}

StoreStack realises a store-like set of founding trusted assertions and signing setup.

func NewStoreStack 

func NewStoreStack(authorityID string, keys *StoreKeys) *StoreStack

NewStoreStack creates a new store assertion stack. It panics on error. Optional keys specify private keys to use for the various roles.

func (*StoreStack) StoreAccountKey 

func (ss *StoreStack) StoreAccountKey(keyID string) *asserts.AccountKey

StoreAccountKey retrieves one of the account-key assertions for the signing keys of the simulated store signing database. "" for keyID means the default one. It panics on error.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.