def test_no_key_arguments(self): """Test record stop without passing one required key argument. """ with self.assertRaises(ValueError): in_toto_record_stop(self.step_name, [], signing_key=None, gpg_keyid=None, gpg_use_default=False)
def test_create_metadata_verify_signature(self): """Test record start creates metadata with expected signature. """ in_toto_record_start(self.step_name, [], self.key) in_toto_record_stop(self.step_name, [], self.key) link = Metablock.load(self.link_name) link.verify_signature(self.key) os.remove(self.link_name)
def test_normalize_line_endings(self): """Test cross-platform line ending normalization. """ paths = [] try: # Create three artifacts with same content but different line endings for line_ending in [b"\n", b"\r", b"\r\n"]: fd, path = tempfile.mkstemp() paths.append(path) os.write(fd, b"hello" + line_ending + b"toto") os.close(fd) # Call in_toto_record start and stop and record artifacts as # materials and products with line ending normalization on in_toto_record_start(self.step_name, paths, self.key, normalize_line_endings=True) in_toto_record_stop(self.step_name, paths, self.key, normalize_line_endings=True) link = Metablock.load(self.link_name).signed # Check that all three hashes in materials and products are equal for artifact_dict in [link.materials, link.products]: hash_dicts = list(artifact_dict.values()) self.assertTrue(hash_dicts[1:] == hash_dicts[:-1]) # Clean up finally: for path in paths: os.remove(path)
def test_create_metadata_with_expected_cwd(self): """Test record start/stop run, verify cwd. """ in_toto_record_start(self.step_name, [], self.key) in_toto_record_stop(self.step_name, [self.test_product], self.key) link = Metablock.load(self.link_name) self.assertEquals(link.signed.environment["workdir"], os.getcwd()) os.remove(self.link_name)
def in_toto_record_stop(step_name, key, product_list): """ <Purpose> Calls runlib.in_toto_record_stop and handles exceptions <Arguments> step_name: A unique name to relate link metadata with a step defined in the layout. key: Private key to sign link metadata. Format is securesystemslib.formats.KEY_SCHEMA product_list: List of file or directory paths that should be recorded as products. <Exceptions> SystemExit if any exception occurs <Side Effects> Calls sys.exit(1) if an exception is raised <Returns> None. """ try: runlib.in_toto_record_stop(step_name, key, product_list) except Exception as e: log.error("in stop record - {}".format(e)) sys.exit(1)
def test_create_metadata_with_expected_product(self): """Test record stop records expected product. """ in_toto_record_start(self.step_name, self.key, []) in_toto_record_stop(self.step_name, self.key, [self.test_product]) link = Metablock.load(self.link_name) self.assertEquals(link.signed.products.keys(), [self.test_product]) os.remove(self.link_name)
def test_nonexistent_directory(self): """Test record stop with nonexistent metadata directory""" with self.assertRaises(FileNotFoundError): in_toto_record_start(self.step_name, [], self.key) in_toto_record_stop(self.step_name, [], self.key, metadata_directory='nonexistentDir')
def test_missing_unfinished_file(self): """Test record stop exits on missing unfinished file, no link recorded. """ with self.assertRaises(IOError): in_toto_record_stop(self.step_name, [], self.key) with self.assertRaises(IOError): # pylint: disable-next=consider-using-with open(self.link_name, "r", encoding="utf8")
def test_replace_unfinished_metadata(self): """Test record stop removes unfinished file and creates link file. """ in_toto_record_start(self.step_name, [], self.key) in_toto_record_stop(self.step_name, [], self.key) with self.assertRaises(IOError): open(self.link_name_unfinished, "r") open(self.link_name, "r") os.remove(self.link_name)
def test_nonexistent_directory(self): """Test record stop with nonexistent metadata directory""" expected_error = IOError if sys.version_info < (3, 0) \ else FileNotFoundError with self.assertRaises(expected_error): in_toto_record_start(self.step_name, [], self.key) in_toto_record_stop(self.step_name, [], self.key, metadata_directory='nonexistentDir')
def test_replace_unfinished_metadata(self): """Test record stop removes unfinished file and creates link file. """ in_toto_record_start(self.step_name, [], self.key) in_toto_record_stop(self.step_name, [], self.key) with self.assertRaises(IOError): # pylint: disable-next=consider-using-with open(self.link_name_unfinished, "r", encoding="utf8") self.assertTrue(os.path.isfile(self.link_name)) os.remove(self.link_name)
def test_read_only_metadata_directory(self): """Test record stop with read only metadata directory""" tmp_dir = os.path.realpath(tempfile.mkdtemp()) # make the directory read only os.chmod(tmp_dir, stat.S_IREAD) with self.assertRaises(PermissionError): in_toto_record_start(self.step_name, [], self.key) in_toto_record_stop(self.step_name, [], self.key, metadata_directory=tmp_dir) os.rmdir(tmp_dir)
def test_not_a_directory(self): """Test record stop, passed metadata directory is not a dir""" fd, path = tempfile.mkstemp() os.write(fd, b"hello in-toto") os.close(fd) # Windows will raise FileNotFoundError instead of NotADirectoryError with self.assertRaises((NotADirectoryError, FileNotFoundError)): in_toto_record_start(self.step_name, [], self.key) in_toto_record_stop(self.step_name, [], self.key, metadata_directory=path) os.remove(path)
def test_wrong_signature_in_unfinished_metadata(self): """Test record stop exits on wrong signature, no link recorded. """ in_toto_record_start(self.step_name, [], self.key) link_name = UNFINISHED_FILENAME_FORMAT.format(step_name=self.step_name, keyid=self.key["keyid"]) changed_link_name = UNFINISHED_FILENAME_FORMAT.format( step_name=self.step_name, keyid=self.key2["keyid"]) os.rename(link_name, changed_link_name) with self.assertRaises(SignatureVerificationError): in_toto_record_stop(self.step_name, [], self.key2) with self.assertRaises(IOError): open(self.link_name, "r") os.rename(changed_link_name, link_name) os.remove(self.link_name_unfinished)
def test_compare_metadata_with_and_without_metadata_directory(self): """Test record stop with and without metadata directory, compare the expected product""" tmp_dir = os.path.realpath(tempfile.mkdtemp(dir=os.getcwd())) in_toto_record_start(self.step_name, [], self.key) in_toto_record_stop(self.step_name, [self.test_product], self.key, metadata_directory=tmp_dir) link_path = os.path.join(tmp_dir, self.link_name) link_with_md = Metablock.load(link_path) in_toto_record_start(self.step_name, [], self.key) in_toto_record_stop(self.step_name, [self.test_product], self.key) link_without_md = Metablock.load(self.link_name) self.assertEqual(link_with_md.signed, link_without_md.signed) os.remove(link_path) os.remove(self.link_name)
def test_missing_unfinished_file(self): """Test record stop exits on missing unfinished file, no link recorded. """ with self.assertRaises(IOError): in_toto_record_stop(self.step_name, [], self.key) with self.assertRaises(IOError): open(self.link_name, "r")