def tuf_refresh_repo(root_repo, keyids): """ <Purpose> Update TUF metadata files. Call this method whenever targets files have changed in the 'reg_repo'. """ global version expiration = tuf.formats.format_time(time.time() + 86400) reg_repo = os.path.join(root_repo, 'reg_repo') tuf_repo = os.path.join(root_repo, 'tuf_repo') targets_dir = os.path.join(tuf_repo, 'targets') metadata_dir = os.path.join(tuf_repo, 'metadata') for directory in [reg_repo, tuf_repo, targets_dir, metadata_dir]: if not os.path.isdir(directory): msg = ('Directory ' + repr(directory) + ' does not exist. ' + 'Verify that all directories were setup properly.') raise OSError(msg) shutil.rmtree(targets_dir) shutil.copytree(reg_repo, targets_dir) version = version + 1 # Regenerate the 'targets.txt' metadata file. signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version, expiration) # Regenerate the 'release.txt' metadata file. signerlib.build_release_file(keyids, metadata_dir, version, expiration) # Regenerate the 'timestamp.txt' metadata file. signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)
def build_server_repository(server_repository_dir, targets_dir): # Make metadata directory inside client and server repository dir. server_metadata_dir = os.path.join(server_repository_dir, 'metadata') os.mkdir(server_metadata_dir) # Make a keystore directory inside server's repository and populate it. keystore_dir = os.path.join(server_repository_dir, 'keystore') os.mkdir(keystore_dir) create_keystore(keystore_dir) # Build config file. config_filepath = signerlib.build_config_file( server_repository_dir, 365, unittest_toolbox.semi_roledict) # Role:keyids dictionary. role_keyids = {} for role in unittest_toolbox.semi_roledict.keys(): role_keyids[role] = unittest_toolbox.semi_roledict[role]['keyids'] # Build root file. signerlib.build_root_file(config_filepath, role_keyids['root'], server_metadata_dir) # Build targets file. signerlib.build_targets_file(targets_dir, role_keyids['targets'], server_metadata_dir) # Build release file. signerlib.build_release_file(role_keyids['release'], server_metadata_dir) # Build timestamp file. signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir)
def tuf_refresh_repo(root_repo, keyids): """ <Purpose> Update TUF metadata files. Call this method whenever targets files have changed in the 'reg_repo'. """ global version expiration = tuf.formats.format_time(time.time()+86400) reg_repo = os.path.join(root_repo, 'reg_repo') tuf_repo = os.path.join(root_repo, 'tuf_repo') targets_dir = os.path.join(tuf_repo, 'targets') metadata_dir = os.path.join(tuf_repo, 'metadata') for directory in [reg_repo, tuf_repo, targets_dir, metadata_dir]: if not os.path.isdir(directory): msg = ('Directory '+repr(directory)+' does not exist. '+ 'Verify that all directories were setup properly.') raise OSError(msg) shutil.rmtree(targets_dir) shutil.copytree(reg_repo, targets_dir) version = version+1 # Regenerate the 'targets.txt' metadata file. signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version, expiration) # Regenerate the 'release.txt' metadata file. signerlib.build_release_file(keyids, metadata_dir, version, expiration) # Regenerate the 'timestamp.txt' metadata file. signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)
def test_8_generate_timestamp_metadata(self): """ test_8_generate_timestamp_metadata() uses previously tested build_release_file() """ # SETUP generate_timestamp_meta = signerlib.generate_timestamp_metadata # Create release metadata and create 'release.txt' file. junk, release_keyids, meta_dir = self._get_role_info('release') signerlib.build_release_file(release_keyids, meta_dir) release_filepath = os.path.join(meta_dir, 'release.txt') # To test compression we need to create compressed 'release.txt'. # The 'release.txt' should exist at this point, compress it. release_file = open(release_filepath, 'rb') gzipped_release = open(release_filepath+'.gz', 'wb') gzipped_release.writelines(release_file) gzipped_release.close() release_file.close() # TESTS # Test: normal case. try: timestamp_meta = generate_timestamp_meta(release_filepath) except Exception, e: raise
def test_8_generate_timestamp_metadata(self): """ test_8_generate_timestamp_metadata() uses previously tested build_release_file() """ # SETUP original_get_key = tuf.repo.keystore.get_key version = 8 expiration_date = '1985-10-26 01:20:00 UTC' generate_timestamp_meta = signerlib.generate_timestamp_metadata # Create release metadata and create 'release.txt' file. junk, release_keyids, meta_dir = self._get_role_info('release') signerlib.build_release_file(release_keyids, meta_dir, version, expiration_date) release_filepath = os.path.join(meta_dir, 'release.txt') # To test compression we need to create compressed 'release.txt'. # The 'release.txt' should exist at this point, compress it. release_file = open(release_filepath, 'rb') gzipped_release = open(release_filepath + '.gz', 'wb') gzipped_release.writelines(release_file) gzipped_release.close() release_file.close() # TESTS # Test: normal case. timestamp_meta = generate_timestamp_meta(release_filepath, version, expiration_date) # Verify metadata formats. self.assertTrue(formats.SIGNABLE_SCHEMA.matches(timestamp_meta)) self.assertTrue( formats.TIMESTAMP_SCHEMA.matches(timestamp_meta['signed'])) # Test: normal case (with compression). timestamp_meta = generate_timestamp_meta(release_filepath + '.gz', version, expiration_date) # Verify metadata formats. self.assertTrue(formats.SIGNABLE_SCHEMA.matches(timestamp_meta)) self.assertTrue( formats.TIMESTAMP_SCHEMA.matches(timestamp_meta['signed'])) # Test: invalid path. self.assertRaises(tuf.Error, generate_timestamp_meta, self.random_path(), version, expiration_date) self.assertRaises(tuf.FormatError, generate_timestamp_meta, release_filepath, self.random_string(), expiration_date) self.assertRaises(tuf.FormatError, generate_timestamp_meta, release_filepath, version, self.random_string()) # RESTORE tuf.repo.keystore.get_key = original_get_key
def test_8_generate_timestamp_metadata(self): """ test_8_generate_timestamp_metadata() uses previously tested build_release_file() """ # SETUP original_get_key = tuf.repo.keystore.get_key version = 8 expiration_date = '1985-10-26 01:20:00 UTC' generate_timestamp_meta = signerlib.generate_timestamp_metadata # Create release metadata and create 'release.txt' file. junk, release_keyids, meta_dir = self._get_role_info('release') signerlib.build_release_file(release_keyids, meta_dir, version, expiration_date) release_filepath = os.path.join(meta_dir, 'release.txt') # To test compression we need to create compressed 'release.txt'. # The 'release.txt' should exist at this point, compress it. release_file = open(release_filepath, 'rb') gzipped_release = open(release_filepath+'.gz', 'wb') gzipped_release.writelines(release_file) gzipped_release.close() release_file.close() # TESTS # Test: normal case. timestamp_meta = generate_timestamp_meta(release_filepath, version, expiration_date) # Verify metadata formats. self.assertTrue(formats.SIGNABLE_SCHEMA.matches(timestamp_meta)) self.assertTrue(formats.TIMESTAMP_SCHEMA.matches(timestamp_meta['signed'])) # Test: normal case (with compression). timestamp_meta = generate_timestamp_meta(release_filepath+'.gz', version, expiration_date) # Verify metadata formats. self.assertTrue(formats.SIGNABLE_SCHEMA.matches(timestamp_meta)) self.assertTrue(formats.TIMESTAMP_SCHEMA.matches(timestamp_meta['signed'])) # Test: invalid path. self.assertRaises(tuf.Error, generate_timestamp_meta, self.random_path(), version, expiration_date) self.assertRaises(tuf.FormatError, generate_timestamp_meta, release_filepath, self.random_string(), expiration_date) self.assertRaises(tuf.FormatError, generate_timestamp_meta, release_filepath, version, self.random_string()) # RESTORE tuf.repo.keystore.get_key = original_get_key
def test_7_build_release_file(self): """ test_7_build_release_file() uses previously tested generate_release_metadata(). """ # SETUP original_get_key = tuf.repo.keystore.get_key # Create root.txt and targets.txt as described above. Also, get signed # release metadata to compare it with the content of the file signed_release_meta, release_info = self._get_signed_role_info("release") meta_dir = release_info[2] release_keyids = release_info[1] # TESTS # Test: normal case. release_filepath = signerlib.build_release_file(release_keyids, meta_dir) # Check if 'release.txt' file was created in metadata directory. self.assertTrue(os.path.exists(release_filepath)) file_content = tuf.util.load_json_file(release_filepath) self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content)) release_metadata = file_content["signed"] self.assertTrue(tuf.formats.RELEASE_SCHEMA.matches(release_metadata)) # Test: exceptions. self.assertRaises(tuf.Error, signerlib.build_release_file, release_keyids, self.random_path()) self.assertRaises(tuf.FormatError, signerlib.build_release_file, self.random_string(), meta_dir) # RESTORE tuf.repo.keystore.get_key = original_get_key
def test_8_generate_timestamp_metadata(self): """ test_8_generate_timestamp_metadata() uses previously tested build_release_file() """ # SETUP original_get_key = tuf.repo.keystore.get_key generate_timestamp_meta = signerlib.generate_timestamp_metadata # Create release metadata and create 'release.txt' file. junk, release_keyids, meta_dir = self._get_role_info("release") signerlib.build_release_file(release_keyids, meta_dir) release_filepath = os.path.join(meta_dir, "release.txt") # To test compression we need to create compressed 'release.txt'. # The 'release.txt' should exist at this point, compress it. release_file = open(release_filepath, "rb") gzipped_release = open(release_filepath + ".gz", "wb") gzipped_release.writelines(release_file) gzipped_release.close() release_file.close() # TESTS # Test: normal case. timestamp_meta = generate_timestamp_meta(release_filepath) # Verify metadata formats. self.assertTrue(formats.SIGNABLE_SCHEMA.matches(timestamp_meta)) self.assertTrue(formats.TIMESTAMP_SCHEMA.matches(timestamp_meta["signed"])) # Test: normal case (with compression). timestamp_meta = generate_timestamp_meta(release_filepath + ".gz") # Verify metadata formats. self.assertTrue(formats.SIGNABLE_SCHEMA.matches(timestamp_meta)) self.assertTrue(formats.TIMESTAMP_SCHEMA.matches(timestamp_meta["signed"])) # Test: invalid path. self.assertRaises(tuf.Error, generate_timestamp_meta, self.random_path()) # RESTORE tuf.repo.keystore.get_key = original_get_key
def update_release(time_delta, compress=False): expiration_date = get_expiration_date(time_delta) release_role_keys = get_keys_for_top_level_role(RELEASE_ROLE_NAME) version_number = signercli._get_metadata_version(RELEASE_ROLE_FILE) # Generate and write the signed release metadata. release_role_filename = \ signerlib.build_release_file(release_role_keys, METADATA_DIRECTORY, version_number, expiration_date, compress=compress) logger.info('Release written to {0}'.format(release_role_filename))
def test_7_build_release_file(self): """ test_7_build_release_file() uses previously tested generate_release_metadata(). """ # SETUP # Create root.txt and targets.txt as described above. Also, get signed # release metadata to compare it with the content of the file signed_release_meta, release_info = self._get_signed_role_info('release') meta_dir = release_info[2] release_keyids = release_info[1] release_filepath = os.path.join(meta_dir, 'release.txt') # TESTS # Test: normal case. try: signerlib.build_release_file(release_keyids, meta_dir) except Exception, e: raise
def build_server_repository(server_repository_dir, targets_dir): # Make metadata directory inside client and server repository dir. server_metadata_dir = os.path.join(server_repository_dir, 'metadata') os.mkdir(server_metadata_dir) # Make a keystore directory inside server's repository and populate it. keystore_dir = os.path.join(server_repository_dir, 'keystore') os.mkdir(keystore_dir) create_keystore(keystore_dir) # Build config file. config_filepath = signerlib.build_config_file(server_repository_dir, 365, unittest_toolbox.semi_roledict) # Role:keyids dictionary. role_keyids = {} for role in unittest_toolbox.semi_roledict.keys(): role_keyids[role] = unittest_toolbox.semi_roledict[role]['keyids'] # Build root file. signerlib.build_root_file(config_filepath, role_keyids['root'], server_metadata_dir) # Build targets file. signerlib.build_targets_file(targets_dir, role_keyids['targets'], server_metadata_dir) # Build release file. signerlib.build_release_file(role_keyids['release'], server_metadata_dir) # Build timestamp file. signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir)
def test_7_build_release_file(self): """ test_7_build_release_file() uses previously tested generate_release_metadata(). """ # SETUP original_get_key = tuf.repo.keystore.get_key version = 8 expiration_date = '1985-10-26 01:20:00 UTC' # Create root.txt and targets.txt as described above. Also, get signed # release metadata to compare it with the content of the file signed_release_meta, release_info = self._get_signed_role_info( 'release') meta_dir = release_info[2] release_keyids = release_info[1] # TESTS # Test: normal case. release_filepath = signerlib.build_release_file( release_keyids, meta_dir, version, expiration_date) # Check if 'release.txt' file was created in metadata directory. self.assertTrue(os.path.exists(release_filepath)) file_content = tuf.util.load_json_file(release_filepath) self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content)) release_metadata = file_content['signed'] self.assertTrue(tuf.formats.RELEASE_SCHEMA.matches(release_metadata)) # Test: exceptions. self.assertRaises(tuf.Error, signerlib.build_release_file, release_keyids, self.random_path(), version, expiration_date) self.assertRaises(tuf.FormatError, signerlib.build_release_file, self.random_string(), meta_dir, version, expiration_date) self.assertRaises(tuf.FormatError, signerlib.build_release_file, release_keyids, meta_dir, self.random_string(), expiration_date) self.assertRaises(tuf.FormatError, signerlib.build_release_file, release_keyids, meta_dir, version, self.random_string()) # RESTORE tuf.repo.keystore.get_key = original_get_key
def setUp(self): """ The target delegations tree is fixed as such: targets -> [T1, T2] T1 -> [T3] """ global version version = version + 1 expiration = tuf.formats.format_time(time.time() + 86400) root_repo, url, server_proc, keyids = util_test_tools.init_repo( tuf=True) # Server side repository. tuf_repo = os.path.join(root_repo, 'tuf_repo') keystore_dir = os.path.join(tuf_repo, 'keystore') metadata_dir = os.path.join(tuf_repo, 'metadata') targets_dir = os.path.join(tuf_repo, 'targets') # We need to provide clients with a way to reach the tuf repository. tuf_repo_relpath = os.path.basename(tuf_repo) tuf_url = url + tuf_repo_relpath # Add files to the server side repository. # target1 = 'targets_dir/[random].txt' # target2 = 'targets_dir/[random].txt' add_target = util_test_tools.add_file_to_repository target1_path = add_target(targets_dir, data='target1') target2_path = add_target(targets_dir, data='target2') # Target paths relative to the 'targets_dir'. # Ex: targetX = 'targets/delegator/delegatee.txt' target1 = os.path.relpath(target1_path, tuf_repo) target2 = os.path.relpath(target2_path, tuf_repo) # Relative to repository's targets directory. target_filepaths = [target1, target2] # Store in self only the variables relevant for tests. self.root_repo = root_repo self.tuf_repo = tuf_repo self.server_proc = server_proc self.target_filepaths = target_filepaths # Targets delegated from A to B. self.delegated_targets = {} # Targets actually signed by B. self.signed_targets = {} self.mirrors = { "mirror1": { "url_prefix": tuf_url, "metadata_path": "metadata", "targets_path": "targets", "confined_target_dirs": [""] } } # Aliases for targets roles. self.T0 = 'targets' self.T1 = 'targets/T1' self.T2 = 'targets/T2' self.T3 = 'targets/T1/T3' # Get tracked and assigned targets, and generate targets metadata. self.make_targets_metadata() assert hasattr(self, 'T0_metadata') assert hasattr(self, 'T1_metadata') assert hasattr(self, 'T2_metadata') assert hasattr(self, 'T3_metadata') # Make delegation directories at the server's repository. metadata_targets_dir = os.path.join(metadata_dir, 'targets') metadata_T1_dir = os.path.join(metadata_targets_dir, 'T1') os.makedirs(metadata_T1_dir) # Delegations metadata paths for the 3 delegated targets roles. T0_path = os.path.join(metadata_dir, 'targets.txt') T1_path = os.path.join(metadata_targets_dir, 'T1.txt') T2_path = os.path.join(metadata_targets_dir, 'T2.txt') T3_path = os.path.join(metadata_T1_dir, 'T3.txt') # Generate RSA keys for the 3 delegatees. key1 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T1') key2 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T2') key3 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T3') # ID for each of the 3 keys. key1_id = key1['keyid'] key2_id = key2['keyid'] key3_id = key3['keyid'] # ID, in a list, for each of the 3 keys. key1_ids = [key1_id] key2_ids = [key2_id] key3_ids = [key3_id] # Public-key JSON for each of the 3 keys. key1_val = tuf.rsa_key.create_in_metadata_format(key1['keyval']) key2_val = tuf.rsa_key.create_in_metadata_format(key2['keyval']) key3_val = tuf.rsa_key.create_in_metadata_format(key3['keyval']) # Create delegation role metadata for each of the 3 delegated targets roles. make_role_metadata = tuf.formats.make_role_metadata T1_targets = self.relpath_from_targets(self.delegated_targets[self.T1]) T1_role = make_role_metadata(key1_ids, 1, name=self.T1, paths=T1_targets) T2_targets = self.relpath_from_targets(self.delegated_targets[self.T2]) T2_role = make_role_metadata(key2_ids, 1, name=self.T2, paths=T2_targets) T3_targets = self.relpath_from_targets(self.delegated_targets[self.T3]) T3_role = make_role_metadata(key3_ids, 1, name=self.T3, paths=T3_targets) # Assign 'delegations' object for 'targets': self.T0_metadata['signed']['delegations'] = { 'keys': { key1_id: key1_val, key2_id: key2_val }, 'roles': [T1_role, T2_role] } # Assign 'delegations' object for 'targets/T1': self.T1_metadata['signed']['delegations'] = { 'keys': { key3_id: key3_val }, 'roles': [T3_role] } sign = signerlib.sign_metadata write = signerlib.write_metadata_file # Sign new metadata objects. T0_signable = sign(self.T0_metadata, keyids, T0_path) T1_signable = sign(self.T1_metadata, key1_ids, T1_path) T2_signable = sign(self.T2_metadata, key2_ids, T2_path) T3_signable = sign(self.T3_metadata, key3_ids, T3_path) # Save new metadata objects. write(T0_signable, T0_path) write(T1_signable, T1_path) write(T2_signable, T2_path) write(T3_signable, T3_path) # Timestamp a new release to reflect latest targets. signerlib.build_release_file(keyids, metadata_dir, version, expiration) signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration) # Unload all keys. keystore.clear_keystore()
def init_tuf(root_repo, url, port): """ <Purpose> Setup TUF directory structure and populated it with TUF metadata and congfiguration files. """ passwd = 'test' threshold = 1 # Setup TUF-repo directory structure. tuf_repo = os.path.join(root_repo, 'tuf_repo') keystore_dir = os.path.join(tuf_repo, 'keystore') metadata_dir = os.path.join(tuf_repo, 'metadata') targets_dir = os.path.join(tuf_repo, 'targets') os.mkdir(tuf_repo) os.mkdir(keystore_dir) os.mkdir(metadata_dir) shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir) # Setting TUF-client directory structure. # 'tuf.client.updater.py' expects the 'current' and 'previous' # directories to exist under client's 'metadata' directory. tuf_client = os.path.join(root_repo, 'tuf_client') tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata') current_dir = os.path.join(tuf_client_metadata_dir, 'current') previous_dir = os.path.join(tuf_client_metadata_dir, 'previous') os.makedirs(tuf_client_metadata_dir) # Generate at least one rsa key. key = signerlib.generate_and_save_rsa_key(keystore_dir, passwd) keyids = [key['keyid']] # Set role info. info = {'keyids': [key['keyid']], 'threshold': threshold} # 'role_info' dictionary looks like this: # {role : {'keyids : [keyid1, ...] , 'threshold' : 1}} # In our case 'role_info[keyids]' will only have on entry since only one # is being used. role_info = {} role_list = ['root', 'targets', 'release', 'timestamp'] for role in role_list: role_info[role] = info # At this point there is enough information to create TUF configuration # and metadata files. # Build the configuration file. conf_path = signerlib.build_config_file(metadata_dir, 365, role_info) # Generate the 'root.txt' metadata file. signerlib.build_root_file(conf_path, keyids, metadata_dir) # Generate the 'targets.txt' metadata file. signerlib.build_targets_file(targets_dir, keyids, metadata_dir) # Generate the 'release.txt' metadata file. signerlib.build_release_file(keyids, metadata_dir) # Generate the 'timestamp.txt' metadata file. signerlib.build_timestamp_file(keyids, metadata_dir) # Move the metadata to the client's 'current' and 'previous' directories. shutil.copytree(metadata_dir, current_dir) shutil.copytree(metadata_dir, previous_dir) # The repository is now setup! # Here is a mirrors dictionary that will allow a client to seek out # places to download the metadata and targets from. tuf_repo_relpath = os.path.basename(tuf_repo) tuf_url = url+tuf_repo_relpath mirrors = {'mirror1': {'url_prefix': tuf_url, 'metadata_path': 'metadata', 'targets_path': 'targets', 'confined_target_dirs': ['']}} # Adjusting configuration file (tuf.conf.py). tuf.conf.repository_directory = tuf_client # In order to implement interposition we need to have a config file with # the following dictionary JSON-serialized. # tuf_url: http://localhost:port/root_repo/tuf_repo/ hostname = 'localhost:9999' interposition_dict = {"configurations": {hostname: {"repository_directory": tuf_client+'/', "repository_mirrors" : {"mirror1": {"url_prefix": tuf_url, "metadata_path": "metadata", "targets_path": "targets", "confined_target_dirs": [ "" ]}}}}} # "target_paths": [ { "(.*\\.html)": "{0}" } ] junk, interpose_json = tempfile.mkstemp(prefix='conf_', dir=root_repo) with open(interpose_json, 'wb') as fileobj: tuf.util.json.dump(interposition_dict, fileobj) tuf.interposition.configure(filename=interpose_json) return keyids
def tuf_refresh_release_timestamp(metadata_dir, keyids): # Regenerate the 'release.txt' metadata file. signerlib.build_release_file(keyids, metadata_dir)
def init_tuf(root_repo): """ <Purpose> Setup TUF directory structure and populated it with TUF metadata and congfiguration files. """ threshold = 1 global version version = version+1 expiration = tuf.formats.format_time(time.time()+86400) # Setup TUF-repo directory structure. tuf_repo = os.path.join(root_repo, 'tuf_repo') keystore_dir = os.path.join(tuf_repo, 'keystore') metadata_dir = os.path.join(tuf_repo, 'metadata') targets_dir = os.path.join(tuf_repo, 'targets') os.mkdir(tuf_repo) os.mkdir(keystore_dir) os.mkdir(metadata_dir) shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir) # Setting TUF-client directory structure. # 'tuf.client.updater.py' expects the 'current' and 'previous' # directories to exist under client's 'metadata' directory. tuf_client = os.path.join(root_repo, 'tuf_client') tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata') current_dir = os.path.join(tuf_client_metadata_dir, 'current') previous_dir = os.path.join(tuf_client_metadata_dir, 'previous') os.makedirs(tuf_client_metadata_dir) # Generate at least one rsa key. key = signerlib.generate_and_save_rsa_key(keystore_dir, PASSWD) keyids = [key['keyid']] # Set role info. info = {'keyids': [key['keyid']], 'threshold': threshold} # 'role_info' dictionary looks like this: # {role : {'keyids : [keyid1, ...] , 'threshold' : 1}} # In our case 'role_info[keyids]' will only have on entry since only one # is being used. role_info = {} role_list = ['root', 'targets', 'release', 'timestamp'] for role in role_list: role_info[role] = info # At this point there is enough information to create TUF configuration # and metadata files. # Build the configuration file. conf_path = signerlib.build_config_file(metadata_dir, 365, role_info) # Generate the 'root.txt' metadata file. signerlib.build_root_file(conf_path, keyids, metadata_dir, version) # Generate the 'targets.txt' metadata file. signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version, expiration) # Generate the 'release.txt' metadata file. signerlib.build_release_file(keyids, metadata_dir, version, expiration) # Generate the 'timestamp.txt' metadata file. signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration) # Move the metadata to the client's 'current' and 'previous' directories. shutil.copytree(metadata_dir, current_dir) shutil.copytree(metadata_dir, previous_dir) # The repository is now setup! return keyids
def build_server_repository(server_repository_dir, targets_dir): """ <Purpose> 'build_server_repository' builds a complete repository based on target files provided in the 'targets_dir'. Delegated roles are included. """ # Save the originals of the functions patched by this function. # The patched functions will be restored prior to returning. original_get_metadata = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password original_get_keyids = signercli._get_keyids # The expiration date for created metadata, required by the 'signercli.py' # script. The expiration date is set to 259200 seconds ahead of the current # time. Set all the metadata versions numbers to 1. expiration_date = tuf.formats.format_time(time.time() + 259200) expiration_date = expiration_date[0:expiration_date.rfind(' UTC')] version = 1 server_metadata_dir = os.path.join(server_repository_dir, 'metadata') keystore_dir = os.path.join(server_repository_dir, 'keystore') # Remove 'server_metadata_dir' and 'keystore_dir' if they already exist. if os.path.exists(server_metadata_dir): shutil.rmtree(server_metadata_dir) if os.path.exists(keystore_dir): shutil.rmtree(keystore_dir) # Make metadata directory inside server repository dir. os.mkdir(server_metadata_dir) # Make a keystore directory inside server's repository and populate it. os.mkdir(keystore_dir) _create_keystore(keystore_dir) # Build config file. build_config = signerlib.build_config_file top_level_role_info = unittest_toolbox.Modified_TestCase.top_level_role_info config_filepath = build_config(server_repository_dir, 365, top_level_role_info) # BUILD ROLE FILES. # Build root file. signerlib.build_root_file(config_filepath, role_keyids['root'], server_metadata_dir, version) # Build targets file. signerlib.build_targets_file([targets_dir], role_keyids['targets'], server_metadata_dir, version, expiration_date + ' UTC') # MAKE DELEGATIONS. # We will need to patch a few signercli prompts. # Specifically, signercli.make_delegations() asks user input for: # metadata directory, delegated targets directory, parent role, # passwords for parent role's keyids, delegated role's name, and # the keyid to be assigned to the delegated role. Take a look at # signercli's make_delegation() to gain bit more insight in what is # happening. # 'load_key' is a reference to the 'load_keystore_from_keyfiles function'. load_keys = keystore.load_keystore_from_keyfiles # Setup first level delegated role. delegated_level1 = os.path.join(targets_dir, 'delegated_level1') delegated_targets_dir = delegated_level1 parent_role = 'targets' delegated_role_name = 'delegated_role1' signing_keyids = role_keyids['targets/delegated_role1'] # Patching the 'signercli' prompts. # Mock method for signercli._get_metadata_directory(). def _mock_get_metadata_directory(): return server_metadata_dir # Mock method for signercli._prompt(). def _mock_prompt(msg, junk): if msg.startswith('\nThe paths entered'): return delegated_targets_dir elif msg.startswith('\nChoose and enter the parent'): return parent_role elif msg.startswith('\nEnter the delegated role\'s name: '): return delegated_role_name elif msg.startswith('\nCurrent time:'): return expiration_date else: error_msg = ('Prompt: ' + '\'' + msg + '\'' + ' did not match any predefined mock prompts.') sys.exit(error_msg) # Mock method for signercli._get_password(). def _mock_get_password(msg): for keyid in unittest_toolbox.Modified_TestCase.rsa_keyids: if msg.endswith('(' + keyid + '): '): return unittest_toolbox.Modified_TestCase.rsa_passwords[keyid] # Method to patch signercli._get_keyids() def _mock_get_keyids(junk): if signing_keyids: for keyid in signing_keyids: password = unittest_toolbox.Modified_TestCase.rsa_passwords[ keyid] # Load the keyfile. load_keys(keystore_dir, [keyid], [password]) return signing_keyids # Patch signercli._get_metadata_directory(). signercli._get_metadata_directory = _mock_get_metadata_directory # Patch signercli._prompt(). signercli._prompt = _mock_prompt # Patch signercli._get_password(). signercli._get_password = _mock_get_password # Patch signercli._get_keyids(). signercli._get_keyids = _mock_get_keyids # Clear kestore's dictionaries, by detaching them from unittest_toolbox's # dictionaries. keystore._keystore = {} keystore._derived_keys = {} # Make first level delegation. signercli.make_delegation(keystore_dir) # Setup second level delegated role. delegated_level2 = os.path.join(delegated_level1, 'delegated_level2') delegated_targets_dir = delegated_level2 parent_role = 'targets/delegated_role1' delegated_role_name = 'delegated_role2' signing_keyids = role_keyids['targets/delegated_role1/delegated_role2'] # Clear kestore's dictionaries. keystore.clear_keystore() # Make second level delegation. signercli.make_delegation(keystore_dir) keystore._keystore = unittest_toolbox.Modified_TestCase.rsa_keystore keystore._derived_keys = unittest_toolbox.Modified_TestCase.rsa_passwords # Build release file. signerlib.build_release_file(role_keyids['release'], server_metadata_dir, version, expiration_date + ' UTC') # Build timestamp file. signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir, version, expiration_date + ' UTC') keystore._keystore = {} keystore._derived_keys = {} # RESTORE signercli._get_metadata_directory = original_get_metadata signercli._prompt = original_prompt signercli._get_password = original_get_password signercli._get_keyids = original_get_keyids
def init_tuf(root_repo): """ <Purpose> Setup TUF directory structure and populated it with TUF metadata and congfiguration files. """ threshold = 1 global version version = version + 1 expiration = tuf.formats.format_time(time.time() + 86400) # Setup TUF-repo directory structure. tuf_repo = os.path.join(root_repo, 'tuf_repo') keystore_dir = os.path.join(tuf_repo, 'keystore') metadata_dir = os.path.join(tuf_repo, 'metadata') targets_dir = os.path.join(tuf_repo, 'targets') os.mkdir(tuf_repo) os.mkdir(keystore_dir) os.mkdir(metadata_dir) shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir) # Setting TUF-client directory structure. # 'tuf.client.updater.py' expects the 'current' and 'previous' # directories to exist under client's 'metadata' directory. tuf_client = os.path.join(root_repo, 'tuf_client') tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata') current_dir = os.path.join(tuf_client_metadata_dir, 'current') previous_dir = os.path.join(tuf_client_metadata_dir, 'previous') os.makedirs(tuf_client_metadata_dir) # Generate at least one rsa key. key = signerlib.generate_and_save_rsa_key(keystore_dir, PASSWD) keyids = [key['keyid']] # Set role info. info = {'keyids': [key['keyid']], 'threshold': threshold} # 'role_info' dictionary looks like this: # {role : {'keyids : [keyid1, ...] , 'threshold' : 1}} # In our case 'role_info[keyids]' will only have on entry since only one # is being used. role_info = {} role_list = ['root', 'targets', 'release', 'timestamp'] for role in role_list: role_info[role] = info # At this point there is enough information to create TUF configuration # and metadata files. # Build the configuration file. conf_path = signerlib.build_config_file(metadata_dir, 365, role_info) # Generate the 'root.txt' metadata file. signerlib.build_root_file(conf_path, keyids, metadata_dir, version) # Generate the 'targets.txt' metadata file. signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version, expiration) # Generate the 'release.txt' metadata file. signerlib.build_release_file(keyids, metadata_dir, version, expiration) # Generate the 'timestamp.txt' metadata file. signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration) # Move the metadata to the client's 'current' and 'previous' directories. shutil.copytree(metadata_dir, current_dir) shutil.copytree(metadata_dir, previous_dir) # The repository is now setup! return keyids
def setUp(self): """ The target delegations tree is fixed as such: targets -> [T1, T2] T1 -> [T3] """ global version version = version+1 expiration = tuf.formats.format_time(time.time()+86400) root_repo, url, server_proc, keyids = util_test_tools.init_repo(tuf=True) # Server side repository. tuf_repo = os.path.join(root_repo, 'tuf_repo') keystore_dir = os.path.join(tuf_repo, 'keystore') metadata_dir = os.path.join(tuf_repo, 'metadata') targets_dir = os.path.join(tuf_repo, 'targets') # We need to provide clients with a way to reach the tuf repository. tuf_repo_relpath = os.path.basename(tuf_repo) tuf_url = url+tuf_repo_relpath # Add files to the server side repository. # target1 = 'targets_dir/[random].txt' # target2 = 'targets_dir/[random].txt' add_target = util_test_tools.add_file_to_repository target1_path = add_target(targets_dir, data='target1') target2_path = add_target(targets_dir, data='target2') # Target paths relative to the 'targets_dir'. # Ex: targetX = 'targets/delegator/delegatee.txt' target1 = os.path.relpath(target1_path, tuf_repo) target2 = os.path.relpath(target2_path, tuf_repo) # Relative to repository's targets directory. target_filepaths = [target1, target2] # Store in self only the variables relevant for tests. self.root_repo = root_repo self.tuf_repo = tuf_repo self.server_proc = server_proc self.target_filepaths = target_filepaths # Targets delegated from A to B. self.delegated_targets = {} # Targets actually signed by B. self.signed_targets = {} self.mirrors = { "mirror1": { "url_prefix": tuf_url, "metadata_path": "metadata", "targets_path": "targets", "confined_target_dirs": [""] } } # Aliases for targets roles. self.T0 = 'targets' self.T1 = 'targets/T1' self.T2 = 'targets/T2' self.T3 = 'targets/T1/T3' # Get tracked and assigned targets, and generate targets metadata. self.make_targets_metadata() assert hasattr(self, 'T0_metadata') assert hasattr(self, 'T1_metadata') assert hasattr(self, 'T2_metadata') assert hasattr(self, 'T3_metadata') # Make delegation directories at the server's repository. metadata_targets_dir = os.path.join(metadata_dir, 'targets') metadata_T1_dir = os.path.join(metadata_targets_dir, 'T1') os.makedirs(metadata_T1_dir) # Delegations metadata paths for the 3 delegated targets roles. T0_path = os.path.join(metadata_dir, 'targets.txt') T1_path = os.path.join(metadata_targets_dir, 'T1.txt') T2_path = os.path.join(metadata_targets_dir, 'T2.txt') T3_path = os.path.join(metadata_T1_dir, 'T3.txt') # Generate RSA keys for the 3 delegatees. key1 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T1') key2 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T2') key3 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T3') # ID for each of the 3 keys. key1_id = key1['keyid'] key2_id = key2['keyid'] key3_id = key3['keyid'] # ID, in a list, for each of the 3 keys. key1_ids = [key1_id] key2_ids = [key2_id] key3_ids = [key3_id] # Public-key JSON for each of the 3 keys. key1_val = tuf.rsa_key.create_in_metadata_format(key1['keyval']) key2_val = tuf.rsa_key.create_in_metadata_format(key2['keyval']) key3_val = tuf.rsa_key.create_in_metadata_format(key3['keyval']) # Create delegation role metadata for each of the 3 delegated targets roles. make_role_metadata = tuf.formats.make_role_metadata T1_targets = self.relpath_from_targets(self.delegated_targets[self.T1]) T1_role = make_role_metadata(key1_ids, 1, name=self.T1, paths=T1_targets) T2_targets = self.relpath_from_targets(self.delegated_targets[self.T2]) T2_role = make_role_metadata(key2_ids, 1, name=self.T2, paths=T2_targets) T3_targets = self.relpath_from_targets(self.delegated_targets[self.T3]) T3_role = make_role_metadata(key3_ids, 1, name=self.T3, paths=T3_targets) # Assign 'delegations' object for 'targets': self.T0_metadata['signed']['delegations'] = { 'keys': {key1_id: key1_val, key2_id: key2_val}, 'roles': [T1_role, T2_role] } # Assign 'delegations' object for 'targets/T1': self.T1_metadata['signed']['delegations'] = { 'keys': {key3_id: key3_val}, 'roles': [T3_role] } sign = signerlib.sign_metadata write = signerlib.write_metadata_file # Sign new metadata objects. T0_signable = sign(self.T0_metadata, keyids, T0_path) T1_signable = sign(self.T1_metadata, key1_ids, T1_path) T2_signable = sign(self.T2_metadata, key2_ids, T2_path) T3_signable = sign(self.T3_metadata, key3_ids, T3_path) # Save new metadata objects. write(T0_signable, T0_path) write(T1_signable, T1_path) write(T2_signable, T2_path) write(T3_signable, T3_path) # Timestamp a new release to reflect latest targets. signerlib.build_release_file(keyids, metadata_dir, version, expiration) signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration) # Unload all keys. keystore.clear_keystore()
def _get_role_info(self, role, directory=None): """ This method generates role's metadata dictionary, it uses previously tested signerlib's methods. Note that at everything maintains the order. Nothing that has not been tested previously is used in any of the following conditions. <Arguments> directory: Directory of a config file. <Returns> Tuple (role's metadata(not signed), role's keyids, directory, optional) """ # The version number and expiration date for metadata files created. version = 8 expiration_date = '1985-10-26 01:20:00 UTC' if not directory: # Create a temp directory to hold a config file. directory = self.make_temp_directory() # Get role's keyids. role_keyids = self.top_level_role_info[role]['keyids'] if role == 'root': # Create config file using previously tested build_config_file(). config_path = signerlib.build_config_file(directory, 365, self.top_level_role_info) # Patch keystore's get_key method. tuf.repo.keystore.get_key = self.get_keystore_key # Create root metadata. root_meta = signerlib.generate_root_metadata(config_path, version) return root_meta, role_keyids, directory, config_path elif role == 'targets': # Generate target files. # 'repo_dir' represents repository base. # 'target_files' represents a list of relative target paths. repo_dir, target_files = \ self.make_temp_directory_with_data_files(directory=directory) # Patch keystore's get_key method. tuf.repo.keystore.get_key = self.get_keystore_key # Run the 'signerlib.generate_targets_metadata'. Test its return value. # Its return value should correspond to tuf.formats.SIGNABLE_SCHEMA targets_meta = signerlib.generate_targets_metadata(repo_dir, target_files, version, expiration_date) return targets_meta, role_keyids, repo_dir, target_files elif role == 'release': # Generate 'root.txt' and 'targets.txt' with targets directory in # the repository containing files and directories. meta_dir = self._create_root_and_targets_meta_files() release_meta = signerlib.generate_release_metadata(meta_dir, version, expiration_date) return release_meta, role_keyids, meta_dir elif role == 'timestamp': # Generate 'release.txt' which includes creation of 'root.txt', # 'targets.txt' and target files. junk, release_keyids, meta_dir = self._get_role_info('release') signerlib.build_release_file(release_keyids, meta_dir, version, expiration_date) release_filepath = os.path.join(meta_dir, 'release.txt') # Generate timestamp metadata. timestamp_meta = signerlib.generate_timestamp_metadata(release_filepath, version, expiration_date) return timestamp_meta, role_keyids, meta_dir else: logger.warning('\nUnrecognized top-level role.')
def _get_role_info(self, role, directory=None): """ This method generates role's metadata dictionary, it uses previously tested signerlib's methods. Note that at everything maintains the order. Nothing that has not been tested previously is used in any of the following conditions. <Arguments> directory: Directory of a config file. <Returns> Tuple (role's metadata(not signed), role's keyids, directory, optional) """ if not directory: # Create a temp directory to hold a config file. directory = self.make_temp_directory() # Get role's keyids. role_keyids = self.top_level_role_info[role]["keyids"] if role == "root": # Create config file using previously tested build_config_file(). config_path = signerlib.build_config_file(directory, 365, self.top_level_role_info) # Patch keystore's get_key method. tuf.repo.keystore.get_key = self.get_keystore_key # Create root metadata. root_meta = signerlib.generate_root_metadata(config_path) return root_meta, role_keyids, directory, config_path elif role == "targets": # Generate target files. # 'repo_dir' represents repository base. # 'target_files' represents a list of relative target paths. repo_dir, target_files = self.make_temp_directory_with_data_files(directory=directory) # Patch keystore's get_key method. tuf.repo.keystore.get_key = self.get_keystore_key # Run the 'signerlib.generate_targets_metadata'. Test its return value. # Its return value should correspond to tuf.formats.SIGNABLE_SCHEMA targets_meta = signerlib.generate_targets_metadata(repo_dir, target_files) return targets_meta, role_keyids, repo_dir, target_files elif role == "release": # Generate 'root.txt' and 'targets.txt' with targets directory in # the repository containing files and directories. meta_dir = self._create_root_and_targets_meta_files() release_meta = signerlib.generate_release_metadata(meta_dir) return release_meta, role_keyids, meta_dir elif role == "timestamp": # Generate 'release.txt' which includes creation of 'root.txt', # 'targets.txt' and target files. junk, release_keyids, meta_dir = self._get_role_info("release") signerlib.build_release_file(release_keyids, meta_dir) release_filepath = os.path.join(meta_dir, "release.txt") # Generate timestamp metadata. timestamp_meta = signerlib.generate_timestamp_metadata(release_filepath) return timestamp_meta, role_keyids, meta_dir else: print "\nUnrecognized top-level role."
def build_server_repository(server_repository_dir, targets_dir): """ <Purpose> 'build_server_repository' builds a complete repository based on target files provided in the 'targets_dir'. Delegated roles are included. """ # Save the originals of the functions patched by this function. # The patched functions will be restored prior to returning. original_get_metadata = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password original_get_keyids = signercli._get_keyids server_metadata_dir = os.path.join(server_repository_dir, 'metadata') keystore_dir = os.path.join(server_repository_dir, 'keystore') # Remove 'server_metadata_dir' and 'keystore_dir' if they already exist. if os.path.exists(server_metadata_dir): shutil.rmtree(server_metadata_dir) if os.path.exists(keystore_dir): shutil.rmtree(keystore_dir) # Make metadata directory inside server repository dir. os.mkdir(server_metadata_dir) # Make a keystore directory inside server's repository and populate it. os.mkdir(keystore_dir) _create_keystore(keystore_dir) # Build config file. build_config = signerlib.build_config_file top_level_role_info = unittest_toolbox.Modified_TestCase.top_level_role_info config_filepath = build_config(server_repository_dir, 365, top_level_role_info) # BUILD ROLE FILES. # Build root file. signerlib.build_root_file(config_filepath, role_keyids['root'], server_metadata_dir) # Build targets file. signerlib.build_targets_file(targets_dir, role_keyids['targets'], server_metadata_dir) # MAKE DELEGATIONS. # We will need to patch a few signercli prompts. # Specifically, signercli.make_delegations() asks user input for: # metadata directory, delegated targets directory, parent role, # passwords for parent role's keyids, delegated role's name, and # the keyid to be assigned to the delegated role. Take a look at # signercli's make_delegation() to gain bit more insight in what is # happening. # 'load_key' is a reference to the 'load_keystore_from_keyfiles function'. load_keys = keystore.load_keystore_from_keyfiles # Setup first level delegated role. delegated_level1 = os.path.join(targets_dir, 'delegated_level1') delegated_targets_dir = delegated_level1 parent_role = 'targets' delegated_role_name = 'delegated_role1' signing_keyids = role_keyids['targets/delegated_role1'] # Patching the 'signercli' prompts. # Mock method for signercli._get_metadata_directory(). def _mock_get_metadata_directory(): return server_metadata_dir # Mock method for signercli._prompt(). def _mock_prompt(msg, junk): if msg.startswith('\nThe directory entered'): return delegated_targets_dir elif msg.startswith('\nChoose and enter the parent'): return parent_role elif msg.endswith('\nEnter the delegated role\'s name: '): return delegated_role_name else: error_msg = ('Prompt: '+'\''+msg+'\''+ ' did not match any predefined mock prompts.') sys.exit(error_msg) # Mock method for signercli._get_password(). def _mock_get_password(msg): for keyid in unittest_toolbox.Modified_TestCase.rsa_keyids: if msg.endswith('('+keyid+'): '): return unittest_toolbox.Modified_TestCase.rsa_passwords[keyid] # Method to patch signercli._get_keyids() def _mock_get_keyids(junk): if signing_keyids: for keyid in signing_keyids: password = unittest_toolbox.Modified_TestCase.rsa_passwords[keyid] # Load the keyfile. load_keys(keystore_dir, [keyid], [password]) return signing_keyids # Patch signercli._get_metadata_directory(). signercli._get_metadata_directory = _mock_get_metadata_directory # Patch signercli._prompt(). signercli._prompt = _mock_prompt # Patch signercli._get_password(). signercli._get_password = _mock_get_password # Patch signercli._get_keyids(). signercli._get_keyids = _mock_get_keyids # Clear kestore's dictionaries, by detaching them from unittest_toolbox's # dictionaries. keystore._keystore = {} keystore._key_passwords = {} # Make first level delegation. signercli.make_delegation(keystore_dir) # Setup second level delegated role. delegated_level2 = os.path.join(delegated_level1, 'delegated_level2') delegated_targets_dir = delegated_level2 parent_role = 'targets/delegated_role1' delegated_role_name = 'delegated_role2' signing_keyids = role_keyids['targets/delegated_role1/delegated_role2'] # Clear kestore's dictionaries. keystore.clear_keystore() # Make second level delegation. signercli.make_delegation(keystore_dir) keystore._keystore = unittest_toolbox.Modified_TestCase.rsa_keystore keystore._key_passwords = unittest_toolbox.Modified_TestCase.rsa_passwords # Build release file. signerlib.build_release_file(role_keyids['release'], server_metadata_dir) # Build timestamp file. signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir) keystore._keystore = {} keystore._key_passwords = {} # RESTORE signercli._get_metadata_directory = original_get_metadata signercli._prompt = original_prompt signercli._get_password = original_get_password signercli._get_keyids = original_get_keyids
def build_server_repository(server_repository_dir, targets_dir): # Make metadata directory inside client and server repository dir. server_metadata_dir = os.path.join(server_repository_dir, 'metadata') os.mkdir(server_metadata_dir) # Make a keystore directory inside server's repository and populate it. keystore_dir = os.path.join(server_repository_dir, 'keystore') os.mkdir(keystore_dir) create_keystore(keystore_dir) # Build config file. build_config = signerlib.build_config_file config_filepath = build_config(server_repository_dir, 365, TestCase_Tools.top_level_role_info) # Role:keyids dictionary. role_keyids = {} for role in TestCase_Tools.semi_roledict.keys(): role_keyids[role] = TestCase_Tools.semi_roledict[role]['keyids'] # BUILD ROLE FILES. # Build root file. signerlib.build_root_file(config_filepath, role_keyids['root'], server_metadata_dir) # Build targets file. signerlib.build_targets_file(targets_dir, role_keyids['targets'], server_metadata_dir) # Build release file. signerlib.build_release_file(role_keyids['release'], server_metadata_dir) # Build timestamp file. signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir) # MAKE DELEGATIONS. # We will need to patch a few signercli prompts. # Specifically, signercli.make_delegations() asks user input for: # metadata directory, delegated targets directory, parent role, # passwords for parent role's keyids, delegated role's name, and # the keyid to be assigned to the delegated role. Take a look at # signercli's make_delegation() to gain bit more insight in what is # happening. # 'load_key' is a reference to the 'load_keystore_from_keyfiles function'. load_keys = keystore.load_keystore_from_keyfiles # Setup first level delegated role. delegated_level1 = os.path.join(targets_dir, 'delegated_level1') delegated_targets_dir = delegated_level1 parent_role = 'targets' delegated_role_name = 'delegated_role1' signing_keyids = role_keyids['targets/delegated_role1'] # Patching the prompts. # Mock method for signercli._get_metadata_directory(). def _mock_get_metadata_directory(): return server_metadata_dir # Mock method for signercli._prompt(). def _mock_prompt(msg, junk): if msg.startswith('\nNOTE: The directory entered'): return delegated_targets_dir elif msg.startswith('\nChoose and enter the parent'): return parent_role elif msg.endswith('\nEnter the delegated role\'s name: '): return delegated_role_name else: error_msg = ('Prompt: '+'\''+msg+'\''+ ' did not match any predefined mock prompts.') sys.exit(error_msg) # Mock method for signercli._get_password(). def _mock_get_password(msg): for keyid in TestCase_Tools.rsa_keyids: if msg.endswith('('+keyid+'): '): return TestCase_Tools.rsa_passwords[keyid] # Method to patch signercli._get_keyids() def _mock_get_keyids(junk): if signing_keyids: for keyid in signing_keyids: password = TestCase_Tools.rsa_passwords[keyid] # Load the keyfile. load_keys(keystore_dir, [keyid], [password]) return signing_keyids # Patch signercli._get_metadata_directory(). signercli._get_metadata_directory = _mock_get_metadata_directory # Patch signercli._prompt(). signercli._prompt = _mock_prompt # Patch signercli._get_password(). signercli._get_password = _mock_get_password # Patch signercli._get_keyids(). signercli._get_keyids = _mock_get_keyids # Clear kestore's dictionaries, by detaching them from unittest_toolbox's # dictionaries. keystore._keystore = {} keystore._key_passwords = {} # Make first level delegation. signercli.make_delegation(keystore_dir) # Setup first level delegated role. delegated_level2 = os.path.join(delegated_level1, 'delegated_level2') delegated_targets_dir = delegated_level2 parent_role = 'targets/delegated_role1' delegated_role_name = 'delegated_role2' signing_keyids = role_keyids['targets/delegated_role1/delegated_role2'] # Clear kestore's dictionaries. keystore.clear_keystore() # Make second level delegation. signercli.make_delegation(keystore_dir)