def test_generate_and_write_ed25519_keypair(self):
# Test normal case.
temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
test_keypath = os.path.join(temporary_directory, 'ed25519_key')
repo_lib.generate_and_write_ed25519_keypair(test_keypath,
password='******')
self.assertTrue(os.path.exists(test_keypath))
self.assertTrue(os.path.exists(test_keypath + '.pub'))
# Ensure the generated key files are importable.
imported_pubkey = \
repo_lib.import_ed25519_publickey_from_file(test_keypath + '.pub')
self.assertTrue(tuf.formats.ED25519KEY_SCHEMA.matches(imported_pubkey))
imported_privkey = \
repo_lib.import_ed25519_privatekey_from_file(test_keypath, 'pw')
self.assertTrue(
tuf.formats.ED25519KEY_SCHEMA.matches(imported_privkey))
# Test improperly formatted arguments.
self.assertRaises(tuf.FormatError,
repo_lib.generate_and_write_ed25519_keypair,
3,
password='******')
self.assertRaises(tuf.FormatError,
repo_lib.generate_and_write_rsa_keypair,
test_keypath,
password=3)
def test_import_ed25519_publickey_from_file(self):
# Test normal case.
# Generate ed25519 keys that can be imported.
temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
ed25519_keypath = os.path.join(temporary_directory, "ed25519_key")
repo_lib.generate_and_write_ed25519_keypair(ed25519_keypath, password="******")
imported_ed25519_key = repo_lib.import_ed25519_publickey_from_file(ed25519_keypath + ".pub")
self.assertTrue(tuf.formats.ED25519KEY_SCHEMA.matches(imported_ed25519_key))
# Test improperly formatted argument.
self.assertRaises(tuf.FormatError, repo_lib.import_ed25519_publickey_from_file, 3)
# Test invalid argument.
# Non-existent key file.
nonexistent_keypath = os.path.join(temporary_directory, "nonexistent_keypath")
self.assertRaises(IOError, repo_lib.import_ed25519_publickey_from_file, nonexistent_keypath)
# Invalid key file argument.
invalid_keyfile = os.path.join(temporary_directory, "invalid_keyfile")
with open(invalid_keyfile, "wb") as file_object:
file_object.write(b"bad keyfile")
self.assertRaises(tuf.Error, repo_lib.import_ed25519_publickey_from_file, invalid_keyfile)
# Invalid public key imported (contains unexpected keytype.)
keytype = imported_ed25519_key["keytype"]
keyval = imported_ed25519_key["keyval"]
ed25519key_metadata_format = tuf.keys.format_keyval_to_metadata(keytype, keyval, private=False)
ed25519key_metadata_format["keytype"] = "invalid_keytype"
with open(ed25519_keypath + ".pub", "wb") as file_object:
file_object.write(json.dumps(ed25519key_metadata_format).encode("utf-8"))
self.assertRaises(tuf.FormatError, repo_lib.import_ed25519_publickey_from_file, ed25519_keypath + ".pub")
def test_import_ed25519_privatekey_from_file(self):
# Test normal case.
# Generate ed25519 keys that can be imported.
temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
ed25519_keypath = os.path.join(temporary_directory, 'ed25519_key')
repo_lib.generate_and_write_ed25519_keypair(ed25519_keypath, password='******')
imported_ed25519_key = \
repo_lib.import_ed25519_privatekey_from_file(ed25519_keypath, 'pw')
self.assertTrue(tuf.formats.ED25519KEY_SCHEMA.matches(imported_ed25519_key))
# Test improperly formatted argument.
self.assertRaises(tuf.FormatError,
repo_lib.import_ed25519_privatekey_from_file, 3, 'pw')
# Test invalid argument.
# Non-existent key file.
nonexistent_keypath = os.path.join(temporary_directory,
'nonexistent_keypath')
self.assertRaises(IOError, repo_lib.import_ed25519_privatekey_from_file,
nonexistent_keypath, 'pw')
# Invalid key file argument.
invalid_keyfile = os.path.join(temporary_directory, 'invalid_keyfile')
with open(invalid_keyfile, 'wb') as file_object:
file_object.write(b'bad keyfile')
self.assertRaises(tuf.Error, repo_lib.import_ed25519_privatekey_from_file,
invalid_keyfile, 'pw')
# Invalid private key imported (contains unexpected keytype.)
imported_ed25519_key['keytype'] = 'invalid_keytype'
# Use 'pycrypto_keys.py' to bypass the key format validation performed by
# 'keys.py'.
salt, iterations, derived_key = \
tuf.pycrypto_keys._generate_derived_key('pw')
# Store the derived key info in a dictionary, the object expected
# by the non-public _encrypt() routine.
derived_key_information = {'salt': salt, 'iterations': iterations,
'derived_key': derived_key}
# Convert the key object to json string format and encrypt it with the
# derived key.
encrypted_key = \
tuf.pycrypto_keys._encrypt(json.dumps(imported_ed25519_key),
derived_key_information)
with open(ed25519_keypath, 'wb') as file_object:
file_object.write(encrypted_key.encode('utf-8'))
self.assertRaises(tuf.FormatError,
repo_lib.import_ed25519_privatekey_from_file,
ed25519_keypath, 'pw')
def test_import_ed25519_publickey_from_file(self):
# Test normal case.
# Generate ed25519 keys that can be imported.
temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
ed25519_keypath = os.path.join(temporary_directory, 'ed25519_key')
repo_lib.generate_and_write_ed25519_keypair(ed25519_keypath,
password='******')
imported_ed25519_key = \
repo_lib.import_ed25519_publickey_from_file(ed25519_keypath + '.pub')
self.assertTrue(
tuf.formats.ED25519KEY_SCHEMA.matches(imported_ed25519_key))
# Test improperly formatted argument.
self.assertRaises(tuf.FormatError,
repo_lib.import_ed25519_publickey_from_file, 3)
# Test invalid argument.
# Non-existent key file.
nonexistent_keypath = os.path.join(temporary_directory,
'nonexistent_keypath')
self.assertRaises(IOError, repo_lib.import_ed25519_publickey_from_file,
nonexistent_keypath)
# Invalid key file argument.
invalid_keyfile = os.path.join(temporary_directory, 'invalid_keyfile')
with open(invalid_keyfile, 'wb') as file_object:
file_object.write(b'bad keyfile')
self.assertRaises(tuf.Error,
repo_lib.import_ed25519_publickey_from_file,
invalid_keyfile)
# Invalid public key imported (contains unexpected keytype.)
keytype = imported_ed25519_key['keytype']
keyval = imported_ed25519_key['keyval']
ed25519key_metadata_format = \
tuf.keys.format_keyval_to_metadata(keytype, keyval, private=False)
ed25519key_metadata_format['keytype'] = 'invalid_keytype'
with open(ed25519_keypath + '.pub', 'wb') as file_object:
file_object.write(
json.dumps(ed25519key_metadata_format).encode('utf-8'))
self.assertRaises(tuf.FormatError,
repo_lib.import_ed25519_publickey_from_file,
ed25519_keypath + '.pub')
def test_import_ed25519_privatekey_from_file(self):
# Test normal case.
# Generate ed25519 keys that can be imported.
temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
ed25519_keypath = os.path.join(temporary_directory, "ed25519_key")
repo_lib.generate_and_write_ed25519_keypair(ed25519_keypath, password="******")
imported_ed25519_key = repo_lib.import_ed25519_privatekey_from_file(ed25519_keypath, "pw")
self.assertTrue(tuf.formats.ED25519KEY_SCHEMA.matches(imported_ed25519_key))
# Test improperly formatted argument.
self.assertRaises(tuf.FormatError, repo_lib.import_ed25519_privatekey_from_file, 3, "pw")
# Test invalid argument.
# Non-existent key file.
nonexistent_keypath = os.path.join(temporary_directory, "nonexistent_keypath")
self.assertRaises(IOError, repo_lib.import_ed25519_privatekey_from_file, nonexistent_keypath, "pw")
# Invalid key file argument.
invalid_keyfile = os.path.join(temporary_directory, "invalid_keyfile")
with open(invalid_keyfile, "wb") as file_object:
file_object.write(b"bad keyfile")
self.assertRaises(tuf.Error, repo_lib.import_ed25519_privatekey_from_file, invalid_keyfile, "pw")
# Invalid private key imported (contains unexpected keytype.)
imported_ed25519_key["keytype"] = "invalid_keytype"
# Use 'pycrypto_keys.py' to bypass the key format validation performed by
# 'keys.py'.
salt, iterations, derived_key = tuf.pycrypto_keys._generate_derived_key("pw")
# Store the derived key info in a dictionary, the object expected
# by the non-public _encrypt() routine.
derived_key_information = {"salt": salt, "iterations": iterations, "derived_key": derived_key}
# Convert the key object to json string format and encrypt it with the
# derived key.
encrypted_key = tuf.pycrypto_keys._encrypt(json.dumps(imported_ed25519_key), derived_key_information)
with open(ed25519_keypath, "wb") as file_object:
file_object.write(encrypted_key.encode("utf-8"))
self.assertRaises(tuf.FormatError, repo_lib.import_ed25519_privatekey_from_file, ed25519_keypath, "pw")
def test_generate_and_write_ed25519_keypair(self):
# Test normal case.
temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
test_keypath = os.path.join(temporary_directory, "ed25519_key")
repo_lib.generate_and_write_ed25519_keypair(test_keypath, password="******")
self.assertTrue(os.path.exists(test_keypath))
self.assertTrue(os.path.exists(test_keypath + ".pub"))
# Ensure the generated key files are importable.
imported_pubkey = repo_lib.import_ed25519_publickey_from_file(test_keypath + ".pub")
self.assertTrue(tuf.formats.ED25519KEY_SCHEMA.matches(imported_pubkey))
imported_privkey = repo_lib.import_ed25519_privatekey_from_file(test_keypath, "pw")
self.assertTrue(tuf.formats.ED25519KEY_SCHEMA.matches(imported_privkey))
# Test improperly formatted arguments.
self.assertRaises(tuf.FormatError, repo_lib.generate_and_write_ed25519_keypair, 3, password="******")
self.assertRaises(tuf.FormatError, repo_lib.generate_and_write_rsa_keypair, test_keypath, password=3)
def generate_and_write_ed25519_keypair(filepath, password): return repo_lib.generate_and_write_ed25519_keypair(filepath, password)
