Exemple #1
0
    def test_3_generate_root_metadata(self):
        """
    test_3_build_root_metadata() is based on two other signerlib methods
    i.e. build_config_file() and read_config_file().  Hence, 3rd level.
    """

        # SETUP
        original_get_key = tuf.repo.keystore.get_key
        build_config = signerlib.build_config_file
        version = 8

        #  Create a temp directory to hold a config file.
        config_dir = self.make_temp_directory()

        #  Create config file using previously tested build_config_file().
        config_path = build_config(config_dir, 365, self.top_level_role_info)

        #  Create a config file without a 'targets' role section.
        notargets_conf_dir = self.make_temp_directory()
        saved_targets_role = self.top_level_role_info['targets']
        del self.top_level_role_info['targets']
        notargets_conf_path = build_config(notargets_conf_dir, 365,
                                           self.top_level_role_info)

        #  Restore top_level_role_info to initial state.
        self.top_level_role_info['targets'] = saved_targets_role

        # TESTS
        #  Test: What if keystore is not set up?
        self.assertRaises(tuf.UnknownKeyError,
                          signerlib.generate_root_metadata, config_path,
                          version)

        #  Patch keystore's get_key method.  No harm is done here since correct
        #  arguments are passed and keystore methods are tested separately.
        tuf.repo.keystore.get_key = self.get_keystore_key

        #  Test: normal case.  Pass a correct config path.
        root_meta = signerlib.generate_root_metadata(config_path, version)

        #  Check if the returned dictionary corresponds to SIGNABLE_SCHEMA.
        self.assertTrue(formats.SIGNABLE_SCHEMA.matches(root_meta))

        #  Test: bogus arguments.
        self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
                          notargets_conf_path, version)
        self.assertRaises(tuf.Error, signerlib.generate_root_metadata, '',
                          version)
        self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
                          self.random_string(), version)
        self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
                          {self.random_string(): self.random_string()},
                          version)
        self.assertRaises(tuf.FormatError, signerlib.generate_root_metadata,
                          config_path, self.random_string())

        # RESTORE
        tuf.repo.keystore.get_key = original_get_key
Exemple #2
0
  def test_3_generate_root_metadata(self):
    """
    test_3_build_root_metadata() is based on two other signerlib methods
    i.e. build_config_file() and read_config_file().  Hence, 3rd level.
    """

    # SETUP
    original_get_key = tuf.repo.keystore.get_key
    build_config = signerlib.build_config_file
    version = 8

    #  Create a temp directory to hold a config file.
    config_dir = self.make_temp_directory()

    #  Create config file using previously tested build_config_file().
    config_path = build_config(config_dir, 365, self.top_level_role_info)

    #  Create a config file without a 'targets' role section.
    notargets_conf_dir = self.make_temp_directory()
    saved_targets_role = self.top_level_role_info['targets']
    del self.top_level_role_info['targets']
    notargets_conf_path = build_config(notargets_conf_dir, 365,
                                       self.top_level_role_info)

    #  Restore top_level_role_info to initial state.
    self.top_level_role_info['targets'] = saved_targets_role


    # TESTS
    #  Test: What if keystore is not set up?
    self.assertRaises(tuf.UnknownKeyError, signerlib.generate_root_metadata,
                      config_path, version)

    #  Patch keystore's get_key method.  No harm is done here since correct
    #  arguments are passed and keystore methods are tested separately.
    tuf.repo.keystore.get_key = self.get_keystore_key

    #  Test: normal case.  Pass a correct config path.
    root_meta = signerlib.generate_root_metadata(config_path, version)

    #  Check if the returned dictionary corresponds to SIGNABLE_SCHEMA.
    self.assertTrue(formats.SIGNABLE_SCHEMA.matches(root_meta))

    #  Test: bogus arguments.
    self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
                      notargets_conf_path, version)
    self.assertRaises(tuf.Error, signerlib.generate_root_metadata, '', version)
    self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
                      self.random_string(), version)
    self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
                      {self.random_string(): self.random_string()}, version)
    self.assertRaises(tuf.FormatError, signerlib.generate_root_metadata,
                      config_path, self.random_string())    
                          

    # RESTORE
    tuf.repo.keystore.get_key = original_get_key
Exemple #3
0
  def test_1__sign_and_write_metadata(self):

    # SETUP
    #  Role to test.
    role = 'root'

    #  Create temp directory.
    temp_dir = self.make_temp_directory()

    #  File name.
    filename = os.path.join(temp_dir, role+'.txt')

    #  Role's keyids.
    keyids = self.top_level_role_info[role]['keyids']

    #  Create a temp keystore directory.
    keystore_dir =\
        self.create_temp_keystore_directory(keystore_dicts=True)

    #  Create temp directory for config file.
    config_dir = self.make_temp_directory()

    #  Build config file.
    config_filepath = signerlib.build_config_file(config_dir, 365,
                                                  self.top_level_role_info)

    #  Create role's metadata.
    signable_meta = signerlib.generate_root_metadata(config_filepath)


    # TESTS
    #  Test: normal case.
    signercli._sign_and_write_metadata(signable_meta, keyids, filename)

    #  Verify that the root meta file was created.
    self.assertTrue(os.path.exists(filename))

    Errors = (tuf.Error, tuf.FormatError)

    #  Test: invalid metadata.
    self.assertRaises(Errors, signercli._sign_and_write_metadata,
                      self.random_string(), keyids, filename)

    #  Test: invalid keyids
    invalid_keyids = self.random_string()
    self.assertRaises(Errors, signercli._sign_and_write_metadata,
                      signable_meta, invalid_keyids, filename)

    #  Test: invalid filename
    self.assertRaises(Errors, signercli._sign_and_write_metadata,
                      signable_meta, invalid_keyids, True)
Exemple #4
0
  def test_3_generate_root_metadata(self):
    """
      test_3_build_root_metadata() is based on two other signerlib methods
      i.e. build_config_file() and read_config_file().  Hence, 3rd level.
    """

    # SETUP
    build_config = signerlib.build_config_file

    #  Create a temp directory to hold a config file.
    config_dir = self.make_temp_directory()

    #  Create config file using previously tested build_config_file().
    config_path = build_config(config_dir, 365, self.semi_roledict)

    #  Create a config file without a 'targets' role section.
    notargets_conf_dir = self.make_temp_directory()
    saved_targets_role = self.semi_roledict['targets']
    del self.semi_roledict['targets']
    notargets_conf_path = build_config(notargets_conf_dir, 365,
                                       self.semi_roledict)

    #  Restore semi_roledict to initial state.
    self.semi_roledict['targets'] = saved_targets_role



    # TESTS
    #  Test: What if keystore is not set up?
    self.assertRaises(tuf.UnknownKeyError, signerlib.generate_root_metadata,
                      config_path)


    #  Patch keystore's get_key method.  No harm is done here since correct
    #  arguments are passed and keystore methods are tested separately.
    signerlib.tuf.repo.keystore.get_key = self.get_keystore_key

    #  Test: normal case.  Pass a correct config path.
    try:
      root_meta = signerlib.generate_root_metadata(config_path)
    except Exception, e:
      raise
Exemple #5
0
    def _get_role_info(self, role, directory=None):
        """
    This method generates role's metadata dictionary, it uses previously
    tested signerlib's methods.  Note that at everything maintains the order.
    Nothing that has not been tested previously is used in any of the
    following conditions.

    <Arguments>
      directory:
        Directory of a config file.

    <Returns>
      Tuple (role's metadata(not signed), role's keyids, directory, optional)

    """

        if not directory:
            # Create a temp directory to hold a config file.
            directory = self.make_temp_directory()

        # Get role's keyids.
        role_keyids = self.top_level_role_info[role]["keyids"]

        if role == "root":
            #  Create config file using previously tested build_config_file().
            config_path = signerlib.build_config_file(directory, 365, self.top_level_role_info)

            #  Patch keystore's get_key method.
            tuf.repo.keystore.get_key = self.get_keystore_key

            #  Create root metadata.
            root_meta = signerlib.generate_root_metadata(config_path)
            return root_meta, role_keyids, directory, config_path

        elif role == "targets":
            # Generate target files.
            # 'repo_dir' represents repository base.
            # 'target_files' represents a list of relative target paths.
            repo_dir, target_files = self.make_temp_directory_with_data_files(directory=directory)

            #  Patch keystore's get_key method.
            tuf.repo.keystore.get_key = self.get_keystore_key

            # Run the 'signerlib.generate_targets_metadata'.  Test its return value.
            # Its return value should correspond to tuf.formats.SIGNABLE_SCHEMA
            targets_meta = signerlib.generate_targets_metadata(repo_dir, target_files)
            return targets_meta, role_keyids, repo_dir, target_files

        elif role == "release":
            # Generate 'root.txt' and 'targets.txt' with targets directory in
            # the repository containing files and directories.
            meta_dir = self._create_root_and_targets_meta_files()
            release_meta = signerlib.generate_release_metadata(meta_dir)
            return release_meta, role_keyids, meta_dir

        elif role == "timestamp":
            # Generate 'release.txt' which includes creation of 'root.txt',
            # 'targets.txt' and target files.
            junk, release_keyids, meta_dir = self._get_role_info("release")
            signerlib.build_release_file(release_keyids, meta_dir)
            release_filepath = os.path.join(meta_dir, "release.txt")

            # Generate timestamp metadata.
            timestamp_meta = signerlib.generate_timestamp_metadata(release_filepath)
            return timestamp_meta, role_keyids, meta_dir

        else:
            print "\nUnrecognized top-level role."
Exemple #6
0
  def _get_role_info(self, role, directory=None):
    """
    This method generates role's metadata dictionary, it uses previously
    tested signerlib's methods.  Note that at everything maintains the order.
    Nothing that has not been tested previously is used in any of the
    following conditions.

    <Arguments>
      directory:
        Directory of a config file.

    <Returns>
      Tuple (role's metadata(not signed), role's keyids, directory, optional)

    """
    
    # The version number and expiration date for metadata files created.
    version = 8
    expiration_date = '1985-10-26 01:20:00 UTC'


    if not directory:
      # Create a temp directory to hold a config file.
      directory = self.make_temp_directory()

    # Get role's keyids.
    role_keyids = self.top_level_role_info[role]['keyids']


    if role == 'root':
      #  Create config file using previously tested build_config_file().
      config_path = signerlib.build_config_file(directory, 365,
                                                self.top_level_role_info)

      #  Patch keystore's get_key method.
      tuf.repo.keystore.get_key = self.get_keystore_key

      #  Create root metadata.
      root_meta = signerlib.generate_root_metadata(config_path, version)
      return root_meta, role_keyids, directory, config_path

    elif role == 'targets':
      # Generate target files.
      # 'repo_dir' represents repository base.
      # 'target_files' represents a list of relative target paths.
      repo_dir, target_files = \
          self.make_temp_directory_with_data_files(directory=directory)

      #  Patch keystore's get_key method.
      tuf.repo.keystore.get_key = self.get_keystore_key
      
      # Run the 'signerlib.generate_targets_metadata'.  Test its return value.
      # Its return value should correspond to tuf.formats.SIGNABLE_SCHEMA
      targets_meta = signerlib.generate_targets_metadata(repo_dir, target_files,
                                                         version, 
                                                         expiration_date)
      return targets_meta, role_keyids, repo_dir, target_files

    elif role == 'release':
      # Generate 'root.txt' and 'targets.txt' with targets directory in
      # the repository containing files and directories.
      meta_dir = self._create_root_and_targets_meta_files()
      release_meta = signerlib.generate_release_metadata(meta_dir, version,
                                                         expiration_date)
      return release_meta, role_keyids, meta_dir

    elif role == 'timestamp':
      # Generate 'release.txt' which includes creation of 'root.txt',
      # 'targets.txt' and target files.
      junk, release_keyids, meta_dir = self._get_role_info('release')
      signerlib.build_release_file(release_keyids, meta_dir, version,
                                   expiration_date)
      release_filepath = os.path.join(meta_dir, 'release.txt')

      # Generate timestamp metadata.
      timestamp_meta = signerlib.generate_timestamp_metadata(release_filepath,
                                                             version,
                                                             expiration_date)
      return timestamp_meta, role_keyids, meta_dir

    else:
      logger.warning('\nUnrecognized top-level role.')