def _initialize(self) -> None:
"""Setup a minimal valid repository."""
self.md_targets = Metadata(Targets(expires=self.safe_expiry))
self.md_snapshot = Metadata(Snapshot(expires=self.safe_expiry))
self.md_timestamp = Metadata(Timestamp(expires=self.safe_expiry))
self.md_root = Metadata(Root(expires=self.safe_expiry))
for role in TOP_LEVEL_ROLE_NAMES:
key, signer = self.create_key()
self.md_root.signed.add_key(key, role)
self.add_signer(role, signer)
self.publish_root()
def generate_all_files(dump: Optional[bool] = False,
verify: Optional[bool] = False) -> None:
"""Generate a new repository and optionally verify it.
Args:
dump: Wheter to dump the newly generated files.
verify: Whether to verify the newly generated files with the
local staored.
"""
md_root = Metadata(Root(expires=EXPIRY))
md_timestamp = Metadata(Timestamp(expires=EXPIRY))
md_snapshot = Metadata(Snapshot(expires=EXPIRY))
md_targets = Metadata(Targets(expires=EXPIRY))
md_root.signed.add_key(keys["ed25519_0"], "root")
md_root.signed.add_key(keys["ed25519_1"], "timestamp")
md_root.signed.add_key(keys["ed25519_2"], "snapshot")
md_root.signed.add_key(keys["ed25519_3"], "targets")
for i, md in enumerate([md_root, md_timestamp, md_snapshot, md_targets]):
assert isinstance(md, Metadata)
signer = SSlibSigner({
"keytype": "ed25519",
"scheme": "ed25519",
"keyid": keyids[i],
"keyval": {
"public": public_values[i],
"private": private_values[i],
},
})
md.sign(signer)
path = os.path.join(OUT_DIR, f"{md.signed.type}_with_ed25519.json")
if verify:
verify_generation(md, path)
if dump:
md.to_file(path, SERIALIZER)
def timestamp_expired_modifier(timestamp: Timestamp) -> None:
timestamp.expires = datetime(1970, 1, 1)
def version_modifier(timestamp: Timestamp) -> None:
timestamp.version = 3
def test_timestamp_serialization(self, test_case_data: str):
case_dict = json.loads(test_case_data)
timestamp = Timestamp.from_dict(copy.deepcopy(case_dict))
self.assertDictEqual(case_dict, timestamp.to_dict())
def test_invalid_timestamp_serialization(self, test_case_data: Dict[str,
str]):
case_dict = json.loads(test_case_data)
with self.assertRaises((ValueError, KeyError)):
Timestamp.from_dict(copy.deepcopy(case_dict))
def test_invalid_timestamp_serialization(self,
test_case_data: str) -> None:
case_dict = json.loads(test_case_data)
with self.assertRaises((ValueError, KeyError)):
Timestamp.from_dict(case_dict)
# repository and we want to protect the client against mix-and-match attacks. roles["snapshot"] = Metadata(Snapshot(expires=_in(7))) # Timestamp (freshness) # --------------------- # The timestamp role guarantees freshness of the repository metadata. It does # so by listing the latest snapshot (which in turn lists all the latest # targets) metadata. A short expiration interval requires the repository to # regularly issue new timestamp metadata and thus protects the client against # freeze attacks. # # Note that snapshot and timestamp use the same generic wireline metadata # format. But given that timestamp metadata always has only one entry in its # 'meta' field, i.e. for the latest snapshot file, the timestamp object # provides the shortcut 'snapshot_meta'. roles["timestamp"] = Metadata(Timestamp(expires=_in(1))) # Root (root of trust) # -------------------- # The root role serves as root of trust for all top-level roles, including # itself. It does so by mapping cryptographic keys to roles, i.e. the keys that # are authorized to sign any top-level role metadata, and signing thresholds, # i.e. how many authorized keys are required for a given role (see 'roles' # field). This is called top-level delegation. # # In addition, root provides all public keys to verify these signatures (see # 'keys' field), and a configuration parameter that describes whether a # repository uses consistent snapshots (see section 'Persist metadata' below # for more details). # Create root metadata object