def test_functionary_keys(self): """Test adding and listing functionary keys (securesystemslib and gpg). """ layout = Layout() self.assertEqual(len(layout.get_functionary_key_id_list()), 0) layout.add_functionary_keys_from_paths( [self.pubkey_path1, self.pubkey_path2]) layout.add_functionary_keys_from_gpg_keyids( [self.gpg_key_768C43, self.gpg_key_85DA58], gpg_home=self.gnupg_home) layout._validate_keys() self.assertEqual(len(layout.get_functionary_key_id_list()), 4) # Must be a valid key object with self.assertRaises(securesystemslib.exceptions.FormatError): layout.add_functionary_key("abcd") # Must be pubkey and not private key with self.assertRaises(securesystemslib.exceptions.Error): layout.add_functionary_key_from_path(self.key_path) # Must be a valid path with self.assertRaises(securesystemslib.exceptions.FormatError): layout.add_functionary_key_from_path(123) # Must be a valid keyid with self.assertRaises(securesystemslib.exceptions.FormatError): layout.add_functionary_key_from_gpg_keyid("abcdefg") # Must be a list of paths with self.assertRaises(securesystemslib.exceptions.FormatError): layout.add_functionary_keys_from_paths("abcd") with self.assertRaises(securesystemslib.exceptions.FormatError): layout.add_functionary_keys_from_paths([1]) # Must be a list of keyids with self.assertRaises(securesystemslib.exceptions.FormatError): layout.add_functionary_keys_from_gpg_keyids(None) with self.assertRaises(securesystemslib.exceptions.FormatError): layout.add_functionary_keys_from_gpg_keyids(["abcdefg"])
#!/usr/bin/python from in_toto.models.layout import Layout, Step from in_toto.models.metadata import Metablock from in_toto.util import generate_and_write_rsa_keypair, import_rsa_key_from_file generate_and_write_rsa_keypair("build_key") build_key = import_rsa_key_from_file("build_key.pub") layout = Layout() build = Step(name="build") build.expected_materials.append(['ALLOW', 'package.json']) build.expected_materials.append(['ALLOW', 'index.js']) build.expected_command = ['npm', 'install'] layout.steps.append(build) layout.add_functionary_key(build_key) build.pubkeys.append(build_key['keyid']) generate_and_write_rsa_keypair("root_key") root_key = import_rsa_key_from_file("root_key") metablock = Metablock(signed=layout) metablock.sign(root_key) metablock.dump("root.layout")
build_key = import_rsa_key_from_file("build_key.pub") analyze_key = import_rsa_key_from_file("analyze_key.pub") # create a layout layout = Layout() # create the bulid step and add restrictions build = Step(name='build') build.expected_materials.append(["ALLOW", "src/*"]) build.expected_products.append(["CREATE", "foo"]) build.expected_command = ['gcc', '-o foo', 'src/*'] build.pubkeys.append(build_key['keyid']) # create the analyze step and add restrictions analyze = Step(name='analyze') analyze.expected_materials.append( ['MATCH', 'foo', 'WITH', 'PRODUCTS', 'FROM', 'build']) analyze.expected_command = ['valgrind', './foo'] analyze.pubkeys.append(analyze_key['keyid']) # add the steps to the layout and register their keys layout.steps.append(build) layout.steps.append(analyze) layout.add_functionary_key(build_key) layout.add_functionary_key(analyze_key) # add it to a signable payload and dump it. metablock = Metablock(signed=layout) metablock.sign(root_key) metablock.dump("root.layout")