Ejemplo n.º 1
0
  def test_4_make_release_metadata(self):

    # SETUP
    original_get_metadata_directory = signercli._get_metadata_directory
    original_prompt = signercli._prompt
    original_get_password = signercli._get_password
    
    #  In order to build release metadata file (release.txt),
    #  root and targets metadata files (root.txt, targets.txt)
    #  must exist in the metadata directory.
    #  Create temp directory for config file.
    config_dir = self.make_temp_directory()

    #  Build a config file.
    config_filepath = signerlib.build_config_file(config_dir, 365,
                                                  self.top_level_role_info)

    #  Create a temp repository and metadata directories.
    repo_dir = self.make_temp_directory()
    meta_dir = self.make_temp_directory(repo_dir)

    #  Create a directory containing target files.
    targets_dir, targets_paths = \
        self.make_temp_directory_with_data_files(directory=repo_dir)

    #  Patch signercli._get_metadata_directory().
    self.mock_get_metadata_directory(directory=meta_dir)

    #  Patch signercli._get_password().  Used in _get_role_config_keyids().
    self.get_passwords()

    #  Create keystore directory.
    keystore_dir = self.create_temp_keystore_directory()

    #  Mock method for signercli._prompt().
    self.make_metadata_mock_prompts(targ_dir=targets_dir,
                                    conf_path=config_filepath)


    # TESTS
    #  Test: no root.txt in the metadata dir.
    signercli.make_targets_metadata(keystore_dir)

    #  Verify that 'tuf.RepositoryError' is raised due to a missing root.txt.
    keystore.clear_keystore()
    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt')))
    self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata,
                      keystore_dir)
    os.remove(os.path.join(meta_dir,'targets.txt'))
    keystore.clear_keystore()

    #  Test: no targets.txt in the metadatadir.
    signercli.make_root_metadata(keystore_dir)
    keystore.clear_keystore()

    #  Verify that 'tuf.RepositoryError' is raised due to a missing targets.txt.
    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
    self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata,
                      keystore_dir)
    os.remove(os.path.join(meta_dir,'root.txt'))
    keystore.clear_keystore()

    #  Test: normal case.
    signercli.make_root_metadata(keystore_dir)
    keystore.clear_keystore()
    signercli.make_targets_metadata(keystore_dir)
    keystore.clear_keystore()
    signercli.make_release_metadata(keystore_dir)
    keystore.clear_keystore()

    #  Verify if the root, targets and release meta files were created.
    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt')))
    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'release.txt')))

    #  Test: invalid config path.
    #  Supply a non-existing config file path.
    self.make_metadata_mock_prompts(targ_dir=targets_dir,
        conf_path=self.random_path())
    self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata,
        keystore_dir)

    #  Restore the config file path.
    self.make_metadata_mock_prompts(targ_dir=targets_dir,
        conf_path=config_filepath)

    #  Test: incorrect 'release' passwords.
    #  Clear keystore's dictionaries.
    keystore.clear_keystore()
    keyids = self.top_level_role_info['release']['keyids']
    for keyid in keyids:
      saved_pw = self.rsa_passwords[keyid]
      self.rsa_passwords[keyid] = self.random_string()
      self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata,
          keystore_dir)
      self.rsa_passwords[keyid] = saved_pw

    # RESTORE
    signercli._get_password = original_get_password
    signercli._prompt = original_prompt
    signercli._get_metadata_directory = original_get_metadata_directory
Ejemplo n.º 2
0
  def test_6_sign_metadata_file(self):

    # SETUP
    original_get_metadata_directory = signercli._get_metadata_directory
    original_prompt = signercli._prompt
    original_get_password = signercli._get_password
    
    #  To test this method, an RSA key will be created with
    #  a password in addition to the existing RSA keys.
    #  Create temp directory for config file.
    config_dir = self.make_temp_directory()

    #  Build a config file.
    config_filepath = signerlib.build_config_file(config_dir, 365,
                                                  self.top_level_role_info)

    #  Create a temp repository and metadata directories.
    repo_dir = self.make_temp_directory()
    meta_dir = self.make_temp_directory(repo_dir)

    #  Create a directory containing target files.
    targets_dir, targets_paths = \
        self.make_temp_directory_with_data_files(directory=repo_dir)

    #  Patch signercli._get_metadata_directory().
    self.mock_get_metadata_directory(directory=meta_dir)

    #  Patch signercli._get_password().  Used in _get_role_config_keyids().
    self.get_passwords()

    #  Create keystore directory.
    keystore_dir = self.create_temp_keystore_directory()

    #  Mock method for signercli._prompt().
    self.make_metadata_mock_prompts(targ_dir=targets_dir,
                                    conf_path=config_filepath)

    #  Create metadata files.
    signercli.make_root_metadata(keystore_dir)
    keystore.clear_keystore()
    signercli.make_targets_metadata(keystore_dir)
    keystore.clear_keystore()
    signercli.make_release_metadata(keystore_dir)
    keystore.clear_keystore()
    signercli.make_timestamp_metadata(keystore_dir)
    keystore.clear_keystore()

    #  Verify if the root, targets and release meta files were created.
    root_meta_filepath = os.path.join(meta_dir, 'root.txt')
    targets_meta_filepath = os.path.join(meta_dir, 'targets.txt')
    release_meta_filepath = os.path.join(meta_dir, 'release.txt')
    timestamp_meta_filepath = os.path.join(meta_dir, 'timestamp.txt')

    self.assertTrue(os.path.exists(root_meta_filepath))
    self.assertTrue(os.path.exists(targets_meta_filepath))
    self.assertTrue(os.path.exists(release_meta_filepath))
    self.assertTrue(os.path.exists(timestamp_meta_filepath))


    #  Create a new RSA key, indicate metadata filename.
    new_keyid = self.generate_rsakey()
    meta_filename = targets_meta_filepath

    #  Create keystore directory.  New key is untouched.
    keystore_dir = self.create_temp_keystore_directory(keystore_dicts=True)

    #  List of keyids to be returned by _get_keyids()
    signing_keyids = []

    #  Method to patch signercli._get_keyids()
    def _mock_get_keyids(junk):
      return signing_keyids

    #  Method to patch signercli._prompt().
    def _mock_prompt(msg, junk):
      return meta_filename

    #  Patch signercli._get_keyids()
    signercli._get_keyids = _mock_get_keyids

    #  Patch signercli._prompt().
    signercli._prompt = _mock_prompt


    # TESTS
    #  Test: no loaded keyids.
    self.assertRaises(tuf.RepositoryError,
                      signercli.sign_metadata_file, keystore_dir)

    #  Load new keyid.
    signing_keyids = [new_keyid]

    #  Test: normal case.
    signercli.sign_metadata_file(keystore_dir)

    #  Verify the change.
    self.assertTrue(os.path.exists(targets_meta_filepath))

    #  Load targets metadata from the file ('targets.txt').
    targets_metadata = tuf.util.load_json_file(targets_meta_filepath)
    keyid_exists = False
    for signature in targets_metadata['signatures']:
      if new_keyid == signature['keyid']:
        keyid_exists = True
        break

    self.assertTrue(keyid_exists)

    # RESTORE
    signercli._get_password = original_get_password
    signercli._prompt = original_prompt
    signercli._get_metadata_directory = original_get_metadata_directory