def test_functionary_keys(self):
"""Test adding and listing functionary keys (securesystemslib and gpg). """
layout = Layout()
self.assertEqual(len(layout.get_functionary_key_id_list()), 0)
layout.add_functionary_keys_from_paths(
[self.pubkey_path1, self.pubkey_path2])
layout.add_functionary_keys_from_gpg_keyids(
[self.gpg_key_768C43, self.gpg_key_85DA58],
gpg_home=self.gnupg_home)
layout._validate_keys()
self.assertEqual(len(layout.get_functionary_key_id_list()), 4)
# Must be a valid key object
with self.assertRaises(securesystemslib.exceptions.FormatError):
layout.add_functionary_key("abcd")
# Must be pubkey and not private key
with self.assertRaises(securesystemslib.exceptions.Error):
layout.add_functionary_key_from_path(self.key_path)
# Must be a valid path
with self.assertRaises(securesystemslib.exceptions.FormatError):
layout.add_functionary_key_from_path(123)
# Must be a valid keyid
with self.assertRaises(securesystemslib.exceptions.FormatError):
layout.add_functionary_key_from_gpg_keyid("abcdefg")
# Must be a list of paths
with self.assertRaises(securesystemslib.exceptions.FormatError):
layout.add_functionary_keys_from_paths("abcd")
with self.assertRaises(securesystemslib.exceptions.FormatError):
layout.add_functionary_keys_from_paths([1])
# Must be a list of keyids
with self.assertRaises(securesystemslib.exceptions.FormatError):
layout.add_functionary_keys_from_gpg_keyids(None)
with self.assertRaises(securesystemslib.exceptions.FormatError):
layout.add_functionary_keys_from_gpg_keyids(["abcdefg"])
#!/usr/bin/python
from in_toto.models.layout import Layout, Step
from in_toto.models.metadata import Metablock
from in_toto.util import generate_and_write_rsa_keypair, import_rsa_key_from_file
generate_and_write_rsa_keypair("build_key")
build_key = import_rsa_key_from_file("build_key.pub")
layout = Layout()
build = Step(name="build")
build.expected_materials.append(['ALLOW', 'package.json'])
build.expected_materials.append(['ALLOW', 'index.js'])
build.expected_command = ['npm', 'install']
layout.steps.append(build)
layout.add_functionary_key(build_key)
build.pubkeys.append(build_key['keyid'])
generate_and_write_rsa_keypair("root_key")
root_key = import_rsa_key_from_file("root_key")
metablock = Metablock(signed=layout)
metablock.sign(root_key)
metablock.dump("root.layout")
build_key = import_rsa_key_from_file("build_key.pub")
analyze_key = import_rsa_key_from_file("analyze_key.pub")
# create a layout
layout = Layout()
# create the bulid step and add restrictions
build = Step(name='build')
build.expected_materials.append(["ALLOW", "src/*"])
build.expected_products.append(["CREATE", "foo"])
build.expected_command = ['gcc', '-o foo', 'src/*']
build.pubkeys.append(build_key['keyid'])
# create the analyze step and add restrictions
analyze = Step(name='analyze')
analyze.expected_materials.append(
['MATCH', 'foo', 'WITH', 'PRODUCTS', 'FROM', 'build'])
analyze.expected_command = ['valgrind', './foo']
analyze.pubkeys.append(analyze_key['keyid'])
# add the steps to the layout and register their keys
layout.steps.append(build)
layout.steps.append(analyze)
layout.add_functionary_key(build_key)
layout.add_functionary_key(analyze_key)
# add it to a signable payload and dump it.
metablock = Metablock(signed=layout)
metablock.sign(root_key)
metablock.dump("root.layout")
