def test_4_make_release_metadata(self): # SETUP original_get_metadata_directory = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password # In order to build release metadata file (release.txt), # root and targets metadata files (root.txt, targets.txt) # must exist in the metadata directory. # Create temp directory for config file. config_dir = self.make_temp_directory() # Build a config file. config_filepath = signerlib.build_config_file(config_dir, 365, self.top_level_role_info) # Create a temp repository and metadata directories. repo_dir = self.make_temp_directory() meta_dir = self.make_temp_directory(repo_dir) # Create a directory containing target files. targets_dir, targets_paths = \ self.make_temp_directory_with_data_files(directory=repo_dir) # Patch signercli._get_metadata_directory(). self.mock_get_metadata_directory(directory=meta_dir) # Patch signercli._get_password(). Used in _get_role_config_keyids(). self.get_passwords() # Create keystore directory. keystore_dir = self.create_temp_keystore_directory() # Mock method for signercli._prompt(). self.make_metadata_mock_prompts(targ_dir=targets_dir, conf_path=config_filepath) # TESTS # Test: no root.txt in the metadata dir. signercli.make_targets_metadata(keystore_dir) # Verify that 'tuf.RepositoryError' is raised due to a missing root.txt. keystore.clear_keystore() self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt'))) self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata, keystore_dir) os.remove(os.path.join(meta_dir,'targets.txt')) keystore.clear_keystore() # Test: no targets.txt in the metadatadir. signercli.make_root_metadata(keystore_dir) keystore.clear_keystore() # Verify that 'tuf.RepositoryError' is raised due to a missing targets.txt. self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt'))) self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata, keystore_dir) os.remove(os.path.join(meta_dir,'root.txt')) keystore.clear_keystore() # Test: normal case. signercli.make_root_metadata(keystore_dir) keystore.clear_keystore() signercli.make_targets_metadata(keystore_dir) keystore.clear_keystore() signercli.make_release_metadata(keystore_dir) keystore.clear_keystore() # Verify if the root, targets and release meta files were created. self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt'))) self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt'))) self.assertTrue(os.path.exists(os.path.join(meta_dir, 'release.txt'))) # Test: invalid config path. # Supply a non-existing config file path. self.make_metadata_mock_prompts(targ_dir=targets_dir, conf_path=self.random_path()) self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata, keystore_dir) # Restore the config file path. self.make_metadata_mock_prompts(targ_dir=targets_dir, conf_path=config_filepath) # Test: incorrect 'release' passwords. # Clear keystore's dictionaries. keystore.clear_keystore() keyids = self.top_level_role_info['release']['keyids'] for keyid in keyids: saved_pw = self.rsa_passwords[keyid] self.rsa_passwords[keyid] = self.random_string() self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata, keystore_dir) self.rsa_passwords[keyid] = saved_pw # RESTORE signercli._get_password = original_get_password signercli._prompt = original_prompt signercli._get_metadata_directory = original_get_metadata_directory
def test_6_sign_metadata_file(self): # SETUP original_get_metadata_directory = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password # To test this method, an RSA key will be created with # a password in addition to the existing RSA keys. # Create temp directory for config file. config_dir = self.make_temp_directory() # Build a config file. config_filepath = signerlib.build_config_file(config_dir, 365, self.top_level_role_info) # Create a temp repository and metadata directories. repo_dir = self.make_temp_directory() meta_dir = self.make_temp_directory(repo_dir) # Create a directory containing target files. targets_dir, targets_paths = \ self.make_temp_directory_with_data_files(directory=repo_dir) # Patch signercli._get_metadata_directory(). self.mock_get_metadata_directory(directory=meta_dir) # Patch signercli._get_password(). Used in _get_role_config_keyids(). self.get_passwords() # Create keystore directory. keystore_dir = self.create_temp_keystore_directory() # Mock method for signercli._prompt(). self.make_metadata_mock_prompts(targ_dir=targets_dir, conf_path=config_filepath) # Create metadata files. signercli.make_root_metadata(keystore_dir) keystore.clear_keystore() signercli.make_targets_metadata(keystore_dir) keystore.clear_keystore() signercli.make_release_metadata(keystore_dir) keystore.clear_keystore() signercli.make_timestamp_metadata(keystore_dir) keystore.clear_keystore() # Verify if the root, targets and release meta files were created. root_meta_filepath = os.path.join(meta_dir, 'root.txt') targets_meta_filepath = os.path.join(meta_dir, 'targets.txt') release_meta_filepath = os.path.join(meta_dir, 'release.txt') timestamp_meta_filepath = os.path.join(meta_dir, 'timestamp.txt') self.assertTrue(os.path.exists(root_meta_filepath)) self.assertTrue(os.path.exists(targets_meta_filepath)) self.assertTrue(os.path.exists(release_meta_filepath)) self.assertTrue(os.path.exists(timestamp_meta_filepath)) # Create a new RSA key, indicate metadata filename. new_keyid = self.generate_rsakey() meta_filename = targets_meta_filepath # Create keystore directory. New key is untouched. keystore_dir = self.create_temp_keystore_directory(keystore_dicts=True) # List of keyids to be returned by _get_keyids() signing_keyids = [] # Method to patch signercli._get_keyids() def _mock_get_keyids(junk): return signing_keyids # Method to patch signercli._prompt(). def _mock_prompt(msg, junk): return meta_filename # Patch signercli._get_keyids() signercli._get_keyids = _mock_get_keyids # Patch signercli._prompt(). signercli._prompt = _mock_prompt # TESTS # Test: no loaded keyids. self.assertRaises(tuf.RepositoryError, signercli.sign_metadata_file, keystore_dir) # Load new keyid. signing_keyids = [new_keyid] # Test: normal case. signercli.sign_metadata_file(keystore_dir) # Verify the change. self.assertTrue(os.path.exists(targets_meta_filepath)) # Load targets metadata from the file ('targets.txt'). targets_metadata = tuf.util.load_json_file(targets_meta_filepath) keyid_exists = False for signature in targets_metadata['signatures']: if new_keyid == signature['keyid']: keyid_exists = True break self.assertTrue(keyid_exists) # RESTORE signercli._get_password = original_get_password signercli._prompt = original_prompt signercli._get_metadata_directory = original_get_metadata_directory