def test_no_key_arguments(self):
"""Test record stop without passing one required key argument. """
with self.assertRaises(ValueError):
in_toto_record_stop(self.step_name, [],
signing_key=None,
gpg_keyid=None,
gpg_use_default=False)
def test_create_metadata_verify_signature(self):
"""Test record start creates metadata with expected signature. """
in_toto_record_start(self.step_name, [], self.key)
in_toto_record_stop(self.step_name, [], self.key)
link = Metablock.load(self.link_name)
link.verify_signature(self.key)
os.remove(self.link_name)
def test_normalize_line_endings(self):
"""Test cross-platform line ending normalization. """
paths = []
try:
# Create three artifacts with same content but different line endings
for line_ending in [b"\n", b"\r", b"\r\n"]:
fd, path = tempfile.mkstemp()
paths.append(path)
os.write(fd, b"hello" + line_ending + b"toto")
os.close(fd)
# Call in_toto_record start and stop and record artifacts as
# materials and products with line ending normalization on
in_toto_record_start(self.step_name,
paths,
self.key,
normalize_line_endings=True)
in_toto_record_stop(self.step_name,
paths,
self.key,
normalize_line_endings=True)
link = Metablock.load(self.link_name).signed
# Check that all three hashes in materials and products are equal
for artifact_dict in [link.materials, link.products]:
hash_dicts = list(artifact_dict.values())
self.assertTrue(hash_dicts[1:] == hash_dicts[:-1])
# Clean up
finally:
for path in paths:
os.remove(path)
def test_create_metadata_with_expected_cwd(self):
"""Test record start/stop run, verify cwd. """
in_toto_record_start(self.step_name, [], self.key)
in_toto_record_stop(self.step_name, [self.test_product], self.key)
link = Metablock.load(self.link_name)
self.assertEquals(link.signed.environment["workdir"], os.getcwd())
os.remove(self.link_name)
def in_toto_record_stop(step_name, key, product_list):
"""
<Purpose>
Calls runlib.in_toto_record_stop and handles exceptions
<Arguments>
step_name:
A unique name to relate link metadata with a step defined in the
layout.
key:
Private key to sign link metadata.
Format is securesystemslib.formats.KEY_SCHEMA
product_list:
List of file or directory paths that should be recorded as products.
<Exceptions>
SystemExit if any exception occurs
<Side Effects>
Calls sys.exit(1) if an exception is raised
<Returns>
None.
"""
try:
runlib.in_toto_record_stop(step_name, key, product_list)
except Exception as e:
log.error("in stop record - {}".format(e))
sys.exit(1)
def test_create_metadata_with_expected_product(self):
"""Test record stop records expected product. """
in_toto_record_start(self.step_name, self.key, [])
in_toto_record_stop(self.step_name, self.key, [self.test_product])
link = Metablock.load(self.link_name)
self.assertEquals(link.signed.products.keys(), [self.test_product])
os.remove(self.link_name)
def test_nonexistent_directory(self):
"""Test record stop with nonexistent metadata directory"""
with self.assertRaises(FileNotFoundError):
in_toto_record_start(self.step_name, [], self.key)
in_toto_record_stop(self.step_name, [],
self.key,
metadata_directory='nonexistentDir')
def test_missing_unfinished_file(self):
"""Test record stop exits on missing unfinished file, no link recorded. """
with self.assertRaises(IOError):
in_toto_record_stop(self.step_name, [], self.key)
with self.assertRaises(IOError):
# pylint: disable-next=consider-using-with
open(self.link_name, "r", encoding="utf8")
def test_replace_unfinished_metadata(self):
"""Test record stop removes unfinished file and creates link file. """
in_toto_record_start(self.step_name, [], self.key)
in_toto_record_stop(self.step_name, [], self.key)
with self.assertRaises(IOError):
open(self.link_name_unfinished, "r")
open(self.link_name, "r")
os.remove(self.link_name)
def test_nonexistent_directory(self):
"""Test record stop with nonexistent metadata directory"""
expected_error = IOError if sys.version_info < (3, 0) \
else FileNotFoundError
with self.assertRaises(expected_error):
in_toto_record_start(self.step_name, [], self.key)
in_toto_record_stop(self.step_name, [],
self.key,
metadata_directory='nonexistentDir')
def test_replace_unfinished_metadata(self):
"""Test record stop removes unfinished file and creates link file. """
in_toto_record_start(self.step_name, [], self.key)
in_toto_record_stop(self.step_name, [], self.key)
with self.assertRaises(IOError):
# pylint: disable-next=consider-using-with
open(self.link_name_unfinished, "r", encoding="utf8")
self.assertTrue(os.path.isfile(self.link_name))
os.remove(self.link_name)
def test_read_only_metadata_directory(self):
"""Test record stop with read only metadata directory"""
tmp_dir = os.path.realpath(tempfile.mkdtemp())
# make the directory read only
os.chmod(tmp_dir, stat.S_IREAD)
with self.assertRaises(PermissionError):
in_toto_record_start(self.step_name, [], self.key)
in_toto_record_stop(self.step_name, [], self.key,
metadata_directory=tmp_dir)
os.rmdir(tmp_dir)
def test_not_a_directory(self):
"""Test record stop, passed metadata directory is not a dir"""
fd, path = tempfile.mkstemp()
os.write(fd, b"hello in-toto")
os.close(fd)
# Windows will raise FileNotFoundError instead of NotADirectoryError
with self.assertRaises((NotADirectoryError, FileNotFoundError)):
in_toto_record_start(self.step_name, [], self.key)
in_toto_record_stop(self.step_name, [], self.key,
metadata_directory=path)
os.remove(path)
def test_wrong_signature_in_unfinished_metadata(self):
"""Test record stop exits on wrong signature, no link recorded. """
in_toto_record_start(self.step_name, [], self.key)
link_name = UNFINISHED_FILENAME_FORMAT.format(step_name=self.step_name,
keyid=self.key["keyid"])
changed_link_name = UNFINISHED_FILENAME_FORMAT.format(
step_name=self.step_name, keyid=self.key2["keyid"])
os.rename(link_name, changed_link_name)
with self.assertRaises(SignatureVerificationError):
in_toto_record_stop(self.step_name, [], self.key2)
with self.assertRaises(IOError):
open(self.link_name, "r")
os.rename(changed_link_name, link_name)
os.remove(self.link_name_unfinished)
def test_compare_metadata_with_and_without_metadata_directory(self):
"""Test record stop with and without metadata directory,
compare the expected product"""
tmp_dir = os.path.realpath(tempfile.mkdtemp(dir=os.getcwd()))
in_toto_record_start(self.step_name, [], self.key)
in_toto_record_stop(self.step_name, [self.test_product], self.key,
metadata_directory=tmp_dir)
link_path = os.path.join(tmp_dir, self.link_name)
link_with_md = Metablock.load(link_path)
in_toto_record_start(self.step_name, [], self.key)
in_toto_record_stop(self.step_name, [self.test_product], self.key)
link_without_md = Metablock.load(self.link_name)
self.assertEqual(link_with_md.signed, link_without_md.signed)
os.remove(link_path)
os.remove(self.link_name)
def test_missing_unfinished_file(self):
"""Test record stop exits on missing unfinished file, no link recorded. """
with self.assertRaises(IOError):
in_toto_record_stop(self.step_name, [], self.key)
with self.assertRaises(IOError):
open(self.link_name, "r")
