def test_get_signature_status_below_threshold_unauthorized_sigs(self): signable = {'signatures' : [], 'signed' : 'test'} # Two keys sign it, but one of them is only trusted for a different # role. tuf.sig.add_signature(signable, KEYS[0]) tuf.sig.add_signature(signable, KEYS[1]) keydb = tuf.keydb.KeyDB() keydb.add_key(KEYS[0]) keydb.add_key(KEYS[1]) threshold = 2 roleinfo = tuf.formats.make_role_meta( [KEYS[0].get_key_id(), KEYS[2].get_key_id()], threshold) keydb.add_role('Root', roleinfo) roleinfo = tuf.formats.make_role_meta( [KEYS[1].get_key_id(), KEYS[2].get_key_id()], threshold) keydb.add_role('Release', roleinfo) sig_status = tuf.sig.get_signature_status(signable, keydb, 'Root') self.assertEqual(2, sig_status.threshold) self.assertEqual([KEYS[0].get_key_id()], sig_status.good) self.assertEqual([], sig_status.bad) self.assertEqual([], sig_status.unrecognized) self.assertEqual([KEYS[1].get_key_id()], sig_status.unauthorized) self.assertEqual([], sig_status.uknown_method) self.assertFalse(sig_status.is_valid())
def test_check_signatures_single_key(self): signable = {'signatures' : [], 'signed' : 'test'} tuf.sig.add_signature(signable, KEYS[0]) keydb = tuf.keydb.KeyDB() keydb.add_key(KEYS[0]) threshold = 1 roleinfo = tuf.formats.make_role_meta( [KEYS[0].get_key_id()], threshold) keydb.add_role('Root', roleinfo) # This will call is_valid() and raise an exception if it's not. sig_status = tuf.sig.check_signatures(signable, keydb, 'Root') self.assertTrue(sig_status.is_valid())
def test_check_signatures_unrecognized_sig(self): signable = {'signatures' : [], 'signed' : 'test'} # Two keys sign it, but only one of them will be trusted. tuf.sig.add_signature(signable, KEYS[0]) tuf.sig.add_signature(signable, KEYS[2]) keydb = tuf.keydb.KeyDB() keydb.add_key(KEYS[0]) keydb.add_key(KEYS[1]) threshold = 2 roleinfo = tuf.formats.make_role_meta( [KEYS[0].get_key_id(), KEYS[1].get_key_id()], threshold) keydb.add_role('Root', roleinfo) args = (signable, keydb, 'Root') self.assertRaises(tuf.BadSignature, tuf.sig.check_signatures, *args)
def test_get_signature_status_single_key(self): signable = {'signatures' : [], 'signed' : 'test'} tuf.sig.add_signature(signable, KEYS[0]) keydb = tuf.keydb.KeyDB() keydb.add_key(KEYS[0]) threshold = 1 roleinfo = tuf.formats.make_role_meta( [KEYS[0].get_key_id()], threshold) keydb.add_role('Root', roleinfo) sig_status = tuf.sig.get_signature_status(signable, keydb, 'Root') self.assertEqual(1, sig_status.threshold) self.assertEqual([KEYS[0].get_key_id()], sig_status.good) self.assertEqual([], sig_status.bad) self.assertEqual([], sig_status.unrecognized) self.assertEqual([], sig_status.unauthorized) self.assertEqual([], sig_status.uknown_method) self.assertTrue(sig_status.is_valid())