def build_server_repository(server_repository_dir, targets_dir):
# Make metadata directory inside client and server repository dir.
server_metadata_dir = os.path.join(server_repository_dir, 'metadata')
os.mkdir(server_metadata_dir)
# Make a keystore directory inside server's repository and populate it.
keystore_dir = os.path.join(server_repository_dir, 'keystore')
os.mkdir(keystore_dir)
create_keystore(keystore_dir)
# Build config file.
config_filepath = signerlib.build_config_file(
server_repository_dir, 365, unittest_toolbox.semi_roledict)
# Role:keyids dictionary.
role_keyids = {}
for role in unittest_toolbox.semi_roledict.keys():
role_keyids[role] = unittest_toolbox.semi_roledict[role]['keyids']
# Build root file.
signerlib.build_root_file(config_filepath, role_keyids['root'],
server_metadata_dir)
# Build targets file.
signerlib.build_targets_file(targets_dir, role_keyids['targets'],
server_metadata_dir)
# Build release file.
signerlib.build_release_file(role_keyids['release'], server_metadata_dir)
# Build timestamp file.
signerlib.build_timestamp_file(role_keyids['timestamp'],
server_metadata_dir)
def tuf_refresh_repo(root_repo, keyids):
"""
<Purpose>
Update TUF metadata files. Call this method whenever targets files have
changed in the 'reg_repo'.
"""
global version
expiration = tuf.formats.format_time(time.time()+86400)
reg_repo = os.path.join(root_repo, 'reg_repo')
tuf_repo = os.path.join(root_repo, 'tuf_repo')
targets_dir = os.path.join(tuf_repo, 'targets')
metadata_dir = os.path.join(tuf_repo, 'metadata')
for directory in [reg_repo, tuf_repo, targets_dir, metadata_dir]:
if not os.path.isdir(directory):
msg = ('Directory '+repr(directory)+' does not exist. '+
'Verify that all directories were setup properly.')
raise OSError(msg)
shutil.rmtree(targets_dir)
shutil.copytree(reg_repo, targets_dir)
version = version+1
# Regenerate the 'targets.txt' metadata file.
signerlib.build_targets_file([targets_dir], keyids, metadata_dir,
version, expiration)
# Regenerate the 'release.txt' metadata file.
signerlib.build_release_file(keyids, metadata_dir, version, expiration)
# Regenerate the 'timestamp.txt' metadata file.
signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)
def tuf_refresh_repo(root_repo, keyids):
"""
<Purpose>
Update TUF metadata files. Call this method whenever targets files have
changed in the 'reg_repo'.
"""
global version
expiration = tuf.formats.format_time(time.time() + 86400)
reg_repo = os.path.join(root_repo, 'reg_repo')
tuf_repo = os.path.join(root_repo, 'tuf_repo')
targets_dir = os.path.join(tuf_repo, 'targets')
metadata_dir = os.path.join(tuf_repo, 'metadata')
for directory in [reg_repo, tuf_repo, targets_dir, metadata_dir]:
if not os.path.isdir(directory):
msg = ('Directory ' + repr(directory) + ' does not exist. ' +
'Verify that all directories were setup properly.')
raise OSError(msg)
shutil.rmtree(targets_dir)
shutil.copytree(reg_repo, targets_dir)
version = version + 1
# Regenerate the 'targets.txt' metadata file.
signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version,
expiration)
# Regenerate the 'release.txt' metadata file.
signerlib.build_release_file(keyids, metadata_dir, version, expiration)
# Regenerate the 'timestamp.txt' metadata file.
signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)
def _create_root_and_targets_meta_files(self, repo_dir=None):
"""
This method generates temp root.txt and target.txt, it uses following
previously tested signerlib's methods:
build_root_file()
build_targets_file()
"""
if not repo_dir:
# Create repository directory.
repo_dir = self.make_temp_directory()
# Create metadata directory.
meta_dir = os.path.join(repo_dir, "metadata")
os.mkdir(meta_dir)
# Create root.txt.
junk, root_keyids, repo_dir, config_path = self._get_role_info("root", directory=repo_dir)
signerlib.build_root_file(config_path, root_keyids, meta_dir)
self.assertTrue(os.path.exists(os.path.join(meta_dir, "root.txt")))
# Create targets.txt.
junk, targets_keyids, repo_dir, target_files = self._get_role_info("targets", directory=repo_dir)
path_to_targets = os.path.join(repo_dir, "targets")
signerlib.build_targets_file(path_to_targets, targets_keyids, meta_dir)
self.assertTrue(os.path.exists(os.path.join(meta_dir, "root.txt")))
return meta_dir
def test_5_builds_targets_file(self):
"""
test_5_build_targets_file() relies on previously tested signerlib's
generate_targets_metadata(), sign_metadata() and write_metadata_file().
build_targets_file() basically joins these methods together to create
targets.txt.
"""
# SETUP
signed_targets_meta, targets_info = self._get_signed_role_info('targets')
# 'targets_info' is a tuple that includes targets meta, repository dir,
# list of target files.
targets_keyids = targets_info[1]
repo_dir = targets_info[2]
meta_dir = os.path.join(repo_dir, 'metadata')
os.mkdir(meta_dir)
targets_file_path = os.path.join(meta_dir, 'targets.txt')
targets_dir = os.path.join(repo_dir, 'targets')
# TESTS
# Test: normal case.
try:
signerlib.build_targets_file(targets_dir, targets_keyids, meta_dir)
except Exception, e:
raise
def test_5_build_targets_file(self):
"""
test_5_build_targets_file() relies on previously tested signerlib's
generate_targets_metadata(), sign_metadata() and write_metadata_file().
build_targets_file() basically joins these methods together to create
targets.txt.
"""
# SETUP
original_get_key = tuf.repo.keystore.get_key
version = 8
expiration_date = '1985-10-26 01:20:00 UTC'
signed_targets_meta, targets_info = self._get_signed_role_info(
'targets')
# 'targets_info' is a tuple that includes targets meta, repository dir,
# list of target files.
targets_keyids = targets_info[1]
repo_dir = targets_info[2]
meta_dir = os.path.join(repo_dir, 'metadata')
os.mkdir(meta_dir)
targets_dir = os.path.join(repo_dir, 'targets')
# TESTS
# Test: normal case.
targets_filepath = signerlib.build_targets_file([targets_dir],
targets_keyids,
meta_dir, version,
expiration_date)
# Check existence of the file and validity of it's content.
self.assertTrue(os.path.exists(targets_filepath))
file_content = tuf.util.load_json_file(targets_filepath)
self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content))
targets_metadata = file_content['signed']
self.assertTrue(tuf.formats.TARGETS_SCHEMA.matches(targets_metadata))
# Test: various exceptions.
self.assertRaises(tuf.FormatError,
signerlib.build_targets_file, [targets_dir],
self.random_string(), meta_dir, version,
expiration_date)
self.assertRaises(
(tuf.FormatError, tuf.Error),
signerlib.build_targets_file, [targets_dir], targets_keyids,
self.random_path(), version, expiration_date)
self.assertRaises((tuf.FormatError, tuf.Error),
signerlib.build_targets_file,
[targets_dir], targets_keyids, meta_dir,
self.random_string(), expiration_date)
self.assertRaises((tuf.FormatError, tuf.Error),
signerlib.build_targets_file, [targets_dir],
targets_keyids, meta_dir, version,
self.random_string())
# RESTORE
tuf.repo.keystore.get_key = original_get_key
def _create_root_and_targets_meta_files(self, repo_dir=None):
"""
This method generates temp root.txt and target.txt, it uses following
previously tested signerlib's methods:
build_root_file()
build_targets_file()
"""
# The version number and expiration date for the root and target
# metadata created.
version = 8
expiration_date = '1985-10-26 01:20:00 UTC'
if not repo_dir:
# Create repository directory.
repo_dir = self.make_temp_directory()
# Create metadata directory.
meta_dir = os.path.join(repo_dir, 'metadata')
os.mkdir(meta_dir)
# Create root.txt.
junk, root_keyids, repo_dir, config_path = \
self._get_role_info('root', directory=repo_dir)
signerlib.build_root_file(config_path, root_keyids, meta_dir, version)
self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
# Create targets.txt.
junk, targets_keyids, repo_dir, target_files = \
self._get_role_info('targets', directory=repo_dir)
path_to_targets = os.path.join(repo_dir, 'targets')
signerlib.build_targets_file([path_to_targets], targets_keyids, meta_dir,
version, expiration_date)
self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
return meta_dir
def build_server_repository(server_repository_dir, targets_dir):
# Make metadata directory inside client and server repository dir.
server_metadata_dir = os.path.join(server_repository_dir, 'metadata')
os.mkdir(server_metadata_dir)
# Make a keystore directory inside server's repository and populate it.
keystore_dir = os.path.join(server_repository_dir, 'keystore')
os.mkdir(keystore_dir)
create_keystore(keystore_dir)
# Build config file.
config_filepath = signerlib.build_config_file(server_repository_dir, 365,
unittest_toolbox.semi_roledict)
# Role:keyids dictionary.
role_keyids = {}
for role in unittest_toolbox.semi_roledict.keys():
role_keyids[role] = unittest_toolbox.semi_roledict[role]['keyids']
# Build root file.
signerlib.build_root_file(config_filepath, role_keyids['root'],
server_metadata_dir)
# Build targets file.
signerlib.build_targets_file(targets_dir, role_keyids['targets'],
server_metadata_dir)
# Build release file.
signerlib.build_release_file(role_keyids['release'], server_metadata_dir)
# Build timestamp file.
signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir)
def _create_root_and_targets_meta_files(self, repo_dir=None):
"""
This method generates temp root.txt and target.txt, it uses following
previously tested signerlib's methods:
build_root_file()
build_targets_file()
"""
# The version number and expiration date for the root and target
# metadata created.
version = 8
expiration_date = '1985-10-26 01:20:00 UTC'
if not repo_dir:
# Create repository directory.
repo_dir = self.make_temp_directory()
# Create metadata directory.
meta_dir = os.path.join(repo_dir, 'metadata')
os.mkdir(meta_dir)
# Create root.txt.
junk, root_keyids, repo_dir, config_path = \
self._get_role_info('root', directory=repo_dir)
signerlib.build_root_file(config_path, root_keyids, meta_dir, version)
self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
# Create targets.txt.
junk, targets_keyids, repo_dir, target_files = \
self._get_role_info('targets', directory=repo_dir)
path_to_targets = os.path.join(repo_dir, 'targets')
signerlib.build_targets_file([path_to_targets], targets_keyids, meta_dir,
version, expiration_date)
self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
return meta_dir
def test_5_build_targets_file(self):
"""
test_5_build_targets_file() relies on previously tested signerlib's
generate_targets_metadata(), sign_metadata() and write_metadata_file().
build_targets_file() basically joins these methods together to create
targets.txt.
"""
# SETUP
original_get_key = tuf.repo.keystore.get_key
version = 8
expiration_date = '1985-10-26 01:20:00 UTC'
signed_targets_meta, targets_info = self._get_signed_role_info('targets')
# 'targets_info' is a tuple that includes targets meta, repository dir,
# list of target files.
targets_keyids = targets_info[1]
repo_dir = targets_info[2]
meta_dir = os.path.join(repo_dir, 'metadata')
os.mkdir(meta_dir)
targets_dir = os.path.join(repo_dir, 'targets')
# TESTS
# Test: normal case.
targets_filepath = signerlib.build_targets_file([targets_dir],
targets_keyids, meta_dir,
version, expiration_date)
# Check existence of the file and validity of it's content.
self.assertTrue(os.path.exists(targets_filepath))
file_content = tuf.util.load_json_file(targets_filepath)
self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content))
targets_metadata = file_content['signed']
self.assertTrue(tuf.formats.TARGETS_SCHEMA.matches(targets_metadata))
# Test: various exceptions.
self.assertRaises(tuf.FormatError, signerlib.build_targets_file,
[targets_dir], self.random_string(), meta_dir, version, expiration_date)
self.assertRaises((tuf.FormatError, tuf.Error), signerlib.build_targets_file,
[targets_dir], targets_keyids, self.random_path(), version, expiration_date)
self.assertRaises((tuf.FormatError, tuf.Error), signerlib.build_targets_file,
[targets_dir], targets_keyids, meta_dir, self.random_string(), expiration_date)
self.assertRaises((tuf.FormatError, tuf.Error), signerlib.build_targets_file,
[targets_dir], targets_keyids, meta_dir, version, self.random_string())
# RESTORE
tuf.repo.keystore.get_key = original_get_key
def test_9_get_target_keyids(self):
# SETUP
original_get_key = tuf.repo.keystore.get_key
version = 8
expiration_date = '1985-10-26 01:20:00 UTC'
# Create metadata directory and targets metadata file.
meta_dir = self._create_root_and_targets_meta_files()
signed_targets_meta, targets_info = self._get_signed_role_info(
'targets')
# 'targets_info' is a tuple that includes targets meta, repository dir,
# list of target files.
targets_keyids = targets_info[1]
repo_dir = targets_info[2]
meta_dir = os.path.join(repo_dir, 'metadata')
os.mkdir(meta_dir)
targets_dir = os.path.join(repo_dir, 'targets')
# TESTS
# Test: normal case.
targets_filepath = signerlib.build_targets_file([targets_dir],
targets_keyids,
meta_dir, version,
expiration_date)
# Check existence of the file and validity of it's content.
self.assertTrue(os.path.exists(targets_filepath))
file_content = tuf.util.load_json_file(targets_filepath)
self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content))
targets_metadata = file_content['signed']
self.assertTrue(tuf.formats.TARGETS_SCHEMA.matches(targets_metadata))
# TODO: Generate some delegation metadata files.
# Test: normal case.
_target_keyids = signerlib.get_target_keyids(meta_dir)
for keyid in targets_keyids:
self.assertTrue(keyid in _target_keyids['targets'])
# RESTORE
tuf.repo.keystore.get_key = original_get_key
def test_9_get_target_keyids(self):
# SETUP
original_get_key = tuf.repo.keystore.get_key
version = 8
expiration_date = '1985-10-26 01:20:00 UTC'
# Create metadata directory and targets metadata file.
meta_dir = self._create_root_and_targets_meta_files()
signed_targets_meta, targets_info = self._get_signed_role_info('targets')
# 'targets_info' is a tuple that includes targets meta, repository dir,
# list of target files.
targets_keyids = targets_info[1]
repo_dir = targets_info[2]
meta_dir = os.path.join(repo_dir, 'metadata')
os.mkdir(meta_dir)
targets_dir = os.path.join(repo_dir, 'targets')
# TESTS
# Test: normal case.
targets_filepath = signerlib.build_targets_file([targets_dir],
targets_keyids, meta_dir,
version, expiration_date)
# Check existence of the file and validity of it's content.
self.assertTrue(os.path.exists(targets_filepath))
file_content = tuf.util.load_json_file(targets_filepath)
self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content))
targets_metadata = file_content['signed']
self.assertTrue(tuf.formats.TARGETS_SCHEMA.matches(targets_metadata))
# TODO: Generate some delegation metadata files.
# Test: normal case.
_target_keyids = signerlib.get_target_keyids(meta_dir)
for keyid in targets_keyids:
self.assertTrue(keyid in _target_keyids['targets'])
# RESTORE
tuf.repo.keystore.get_key = original_get_key
def build_server_repository(server_repository_dir, targets_dir):
"""
<Purpose>
'build_server_repository' builds a complete repository based on target
files provided in the 'targets_dir'. Delegated roles are included.
"""
# Save the originals of the functions patched by this function.
# The patched functions will be restored prior to returning.
original_get_metadata = signercli._get_metadata_directory
original_prompt = signercli._prompt
original_get_password = signercli._get_password
original_get_keyids = signercli._get_keyids
server_metadata_dir = os.path.join(server_repository_dir, 'metadata')
keystore_dir = os.path.join(server_repository_dir, 'keystore')
# Remove 'server_metadata_dir' and 'keystore_dir' if they already exist.
if os.path.exists(server_metadata_dir):
shutil.rmtree(server_metadata_dir)
if os.path.exists(keystore_dir):
shutil.rmtree(keystore_dir)
# Make metadata directory inside server repository dir.
os.mkdir(server_metadata_dir)
# Make a keystore directory inside server's repository and populate it.
os.mkdir(keystore_dir)
_create_keystore(keystore_dir)
# Build config file.
build_config = signerlib.build_config_file
top_level_role_info = unittest_toolbox.Modified_TestCase.top_level_role_info
config_filepath = build_config(server_repository_dir, 365, top_level_role_info)
# BUILD ROLE FILES.
# Build root file.
signerlib.build_root_file(config_filepath, role_keyids['root'],
server_metadata_dir)
# Build targets file.
signerlib.build_targets_file(targets_dir, role_keyids['targets'],
server_metadata_dir)
# MAKE DELEGATIONS.
# We will need to patch a few signercli prompts.
# Specifically, signercli.make_delegations() asks user input for:
# metadata directory, delegated targets directory, parent role,
# passwords for parent role's keyids, delegated role's name, and
# the keyid to be assigned to the delegated role. Take a look at
# signercli's make_delegation() to gain bit more insight in what is
# happening.
# 'load_key' is a reference to the 'load_keystore_from_keyfiles function'.
load_keys = keystore.load_keystore_from_keyfiles
# Setup first level delegated role.
delegated_level1 = os.path.join(targets_dir, 'delegated_level1')
delegated_targets_dir = delegated_level1
parent_role = 'targets'
delegated_role_name = 'delegated_role1'
signing_keyids = role_keyids['targets/delegated_role1']
# Patching the 'signercli' prompts.
# Mock method for signercli._get_metadata_directory().
def _mock_get_metadata_directory():
return server_metadata_dir
# Mock method for signercli._prompt().
def _mock_prompt(msg, junk):
if msg.startswith('\nThe directory entered'):
return delegated_targets_dir
elif msg.startswith('\nChoose and enter the parent'):
return parent_role
elif msg.endswith('\nEnter the delegated role\'s name: '):
return delegated_role_name
else:
error_msg = ('Prompt: '+'\''+msg+'\''+
' did not match any predefined mock prompts.')
sys.exit(error_msg)
# Mock method for signercli._get_password().
def _mock_get_password(msg):
for keyid in unittest_toolbox.Modified_TestCase.rsa_keyids:
if msg.endswith('('+keyid+'): '):
return unittest_toolbox.Modified_TestCase.rsa_passwords[keyid]
# Method to patch signercli._get_keyids()
def _mock_get_keyids(junk):
if signing_keyids:
for keyid in signing_keyids:
password = unittest_toolbox.Modified_TestCase.rsa_passwords[keyid]
# Load the keyfile.
load_keys(keystore_dir, [keyid], [password])
return signing_keyids
# Patch signercli._get_metadata_directory().
signercli._get_metadata_directory = _mock_get_metadata_directory
# Patch signercli._prompt().
signercli._prompt = _mock_prompt
# Patch signercli._get_password().
signercli._get_password = _mock_get_password
# Patch signercli._get_keyids().
signercli._get_keyids = _mock_get_keyids
# Clear kestore's dictionaries, by detaching them from unittest_toolbox's
# dictionaries.
keystore._keystore = {}
keystore._key_passwords = {}
# Make first level delegation.
signercli.make_delegation(keystore_dir)
# Setup second level delegated role.
delegated_level2 = os.path.join(delegated_level1, 'delegated_level2')
delegated_targets_dir = delegated_level2
parent_role = 'targets/delegated_role1'
delegated_role_name = 'delegated_role2'
signing_keyids = role_keyids['targets/delegated_role1/delegated_role2']
# Clear kestore's dictionaries.
keystore.clear_keystore()
# Make second level delegation.
signercli.make_delegation(keystore_dir)
keystore._keystore = unittest_toolbox.Modified_TestCase.rsa_keystore
keystore._key_passwords = unittest_toolbox.Modified_TestCase.rsa_passwords
# Build release file.
signerlib.build_release_file(role_keyids['release'], server_metadata_dir)
# Build timestamp file.
signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir)
keystore._keystore = {}
keystore._key_passwords = {}
# RESTORE
signercli._get_metadata_directory = original_get_metadata
signercli._prompt = original_prompt
signercli._get_password = original_get_password
signercli._get_keyids = original_get_keyids
def init_tuf(root_repo):
"""
<Purpose>
Setup TUF directory structure and populated it with TUF metadata and
congfiguration files.
"""
threshold = 1
global version
version = version + 1
expiration = tuf.formats.format_time(time.time() + 86400)
# Setup TUF-repo directory structure.
tuf_repo = os.path.join(root_repo, 'tuf_repo')
keystore_dir = os.path.join(tuf_repo, 'keystore')
metadata_dir = os.path.join(tuf_repo, 'metadata')
targets_dir = os.path.join(tuf_repo, 'targets')
os.mkdir(tuf_repo)
os.mkdir(keystore_dir)
os.mkdir(metadata_dir)
shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir)
# Setting TUF-client directory structure.
# 'tuf.client.updater.py' expects the 'current' and 'previous'
# directories to exist under client's 'metadata' directory.
tuf_client = os.path.join(root_repo, 'tuf_client')
tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata')
current_dir = os.path.join(tuf_client_metadata_dir, 'current')
previous_dir = os.path.join(tuf_client_metadata_dir, 'previous')
os.makedirs(tuf_client_metadata_dir)
# Generate at least one rsa key.
key = signerlib.generate_and_save_rsa_key(keystore_dir, PASSWD)
keyids = [key['keyid']]
# Set role info.
info = {'keyids': [key['keyid']], 'threshold': threshold}
# 'role_info' dictionary looks like this:
# {role : {'keyids : [keyid1, ...] , 'threshold' : 1}}
# In our case 'role_info[keyids]' will only have on entry since only one
# is being used.
role_info = {}
role_list = ['root', 'targets', 'release', 'timestamp']
for role in role_list:
role_info[role] = info
# At this point there is enough information to create TUF configuration
# and metadata files.
# Build the configuration file.
conf_path = signerlib.build_config_file(metadata_dir, 365, role_info)
# Generate the 'root.txt' metadata file.
signerlib.build_root_file(conf_path, keyids, metadata_dir, version)
# Generate the 'targets.txt' metadata file.
signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version,
expiration)
# Generate the 'release.txt' metadata file.
signerlib.build_release_file(keyids, metadata_dir, version, expiration)
# Generate the 'timestamp.txt' metadata file.
signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)
# Move the metadata to the client's 'current' and 'previous' directories.
shutil.copytree(metadata_dir, current_dir)
shutil.copytree(metadata_dir, previous_dir)
# The repository is now setup!
return keyids
def init_tuf(root_repo):
"""
<Purpose>
Setup TUF directory structure and populated it with TUF metadata and
congfiguration files.
"""
threshold = 1
global version
version = version+1
expiration = tuf.formats.format_time(time.time()+86400)
# Setup TUF-repo directory structure.
tuf_repo = os.path.join(root_repo, 'tuf_repo')
keystore_dir = os.path.join(tuf_repo, 'keystore')
metadata_dir = os.path.join(tuf_repo, 'metadata')
targets_dir = os.path.join(tuf_repo, 'targets')
os.mkdir(tuf_repo)
os.mkdir(keystore_dir)
os.mkdir(metadata_dir)
shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir)
# Setting TUF-client directory structure.
# 'tuf.client.updater.py' expects the 'current' and 'previous'
# directories to exist under client's 'metadata' directory.
tuf_client = os.path.join(root_repo, 'tuf_client')
tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata')
current_dir = os.path.join(tuf_client_metadata_dir, 'current')
previous_dir = os.path.join(tuf_client_metadata_dir, 'previous')
os.makedirs(tuf_client_metadata_dir)
# Generate at least one rsa key.
key = signerlib.generate_and_save_rsa_key(keystore_dir, PASSWD)
keyids = [key['keyid']]
# Set role info.
info = {'keyids': [key['keyid']], 'threshold': threshold}
# 'role_info' dictionary looks like this:
# {role : {'keyids : [keyid1, ...] , 'threshold' : 1}}
# In our case 'role_info[keyids]' will only have on entry since only one
# is being used.
role_info = {}
role_list = ['root', 'targets', 'release', 'timestamp']
for role in role_list:
role_info[role] = info
# At this point there is enough information to create TUF configuration
# and metadata files.
# Build the configuration file.
conf_path = signerlib.build_config_file(metadata_dir, 365, role_info)
# Generate the 'root.txt' metadata file.
signerlib.build_root_file(conf_path, keyids, metadata_dir, version)
# Generate the 'targets.txt' metadata file.
signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version,
expiration)
# Generate the 'release.txt' metadata file.
signerlib.build_release_file(keyids, metadata_dir, version, expiration)
# Generate the 'timestamp.txt' metadata file.
signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)
# Move the metadata to the client's 'current' and 'previous' directories.
shutil.copytree(metadata_dir, current_dir)
shutil.copytree(metadata_dir, previous_dir)
# The repository is now setup!
return keyids
def build_server_repository(server_repository_dir, targets_dir):
"""
<Purpose>
'build_server_repository' builds a complete repository based on target
files provided in the 'targets_dir'. Delegated roles are included.
"""
# Save the originals of the functions patched by this function.
# The patched functions will be restored prior to returning.
original_get_metadata = signercli._get_metadata_directory
original_prompt = signercli._prompt
original_get_password = signercli._get_password
original_get_keyids = signercli._get_keyids
# The expiration date for created metadata, required by the 'signercli.py'
# script. The expiration date is set to 259200 seconds ahead of the current
# time. Set all the metadata versions numbers to 1.
expiration_date = tuf.formats.format_time(time.time() + 259200)
expiration_date = expiration_date[0:expiration_date.rfind(' UTC')]
version = 1
server_metadata_dir = os.path.join(server_repository_dir, 'metadata')
keystore_dir = os.path.join(server_repository_dir, 'keystore')
# Remove 'server_metadata_dir' and 'keystore_dir' if they already exist.
if os.path.exists(server_metadata_dir):
shutil.rmtree(server_metadata_dir)
if os.path.exists(keystore_dir):
shutil.rmtree(keystore_dir)
# Make metadata directory inside server repository dir.
os.mkdir(server_metadata_dir)
# Make a keystore directory inside server's repository and populate it.
os.mkdir(keystore_dir)
_create_keystore(keystore_dir)
# Build config file.
build_config = signerlib.build_config_file
top_level_role_info = unittest_toolbox.Modified_TestCase.top_level_role_info
config_filepath = build_config(server_repository_dir, 365,
top_level_role_info)
# BUILD ROLE FILES.
# Build root file.
signerlib.build_root_file(config_filepath, role_keyids['root'],
server_metadata_dir, version)
# Build targets file.
signerlib.build_targets_file([targets_dir], role_keyids['targets'],
server_metadata_dir, version,
expiration_date + ' UTC')
# MAKE DELEGATIONS.
# We will need to patch a few signercli prompts.
# Specifically, signercli.make_delegations() asks user input for:
# metadata directory, delegated targets directory, parent role,
# passwords for parent role's keyids, delegated role's name, and
# the keyid to be assigned to the delegated role. Take a look at
# signercli's make_delegation() to gain bit more insight in what is
# happening.
# 'load_key' is a reference to the 'load_keystore_from_keyfiles function'.
load_keys = keystore.load_keystore_from_keyfiles
# Setup first level delegated role.
delegated_level1 = os.path.join(targets_dir, 'delegated_level1')
delegated_targets_dir = delegated_level1
parent_role = 'targets'
delegated_role_name = 'delegated_role1'
signing_keyids = role_keyids['targets/delegated_role1']
# Patching the 'signercli' prompts.
# Mock method for signercli._get_metadata_directory().
def _mock_get_metadata_directory():
return server_metadata_dir
# Mock method for signercli._prompt().
def _mock_prompt(msg, junk):
if msg.startswith('\nThe paths entered'):
return delegated_targets_dir
elif msg.startswith('\nChoose and enter the parent'):
return parent_role
elif msg.startswith('\nEnter the delegated role\'s name: '):
return delegated_role_name
elif msg.startswith('\nCurrent time:'):
return expiration_date
else:
error_msg = ('Prompt: ' + '\'' + msg + '\'' +
' did not match any predefined mock prompts.')
sys.exit(error_msg)
# Mock method for signercli._get_password().
def _mock_get_password(msg):
for keyid in unittest_toolbox.Modified_TestCase.rsa_keyids:
if msg.endswith('(' + keyid + '): '):
return unittest_toolbox.Modified_TestCase.rsa_passwords[keyid]
# Method to patch signercli._get_keyids()
def _mock_get_keyids(junk):
if signing_keyids:
for keyid in signing_keyids:
password = unittest_toolbox.Modified_TestCase.rsa_passwords[
keyid]
# Load the keyfile.
load_keys(keystore_dir, [keyid], [password])
return signing_keyids
# Patch signercli._get_metadata_directory().
signercli._get_metadata_directory = _mock_get_metadata_directory
# Patch signercli._prompt().
signercli._prompt = _mock_prompt
# Patch signercli._get_password().
signercli._get_password = _mock_get_password
# Patch signercli._get_keyids().
signercli._get_keyids = _mock_get_keyids
# Clear kestore's dictionaries, by detaching them from unittest_toolbox's
# dictionaries.
keystore._keystore = {}
keystore._derived_keys = {}
# Make first level delegation.
signercli.make_delegation(keystore_dir)
# Setup second level delegated role.
delegated_level2 = os.path.join(delegated_level1, 'delegated_level2')
delegated_targets_dir = delegated_level2
parent_role = 'targets/delegated_role1'
delegated_role_name = 'delegated_role2'
signing_keyids = role_keyids['targets/delegated_role1/delegated_role2']
# Clear kestore's dictionaries.
keystore.clear_keystore()
# Make second level delegation.
signercli.make_delegation(keystore_dir)
keystore._keystore = unittest_toolbox.Modified_TestCase.rsa_keystore
keystore._derived_keys = unittest_toolbox.Modified_TestCase.rsa_passwords
# Build release file.
signerlib.build_release_file(role_keyids['release'], server_metadata_dir,
version, expiration_date + ' UTC')
# Build timestamp file.
signerlib.build_timestamp_file(role_keyids['timestamp'],
server_metadata_dir, version,
expiration_date + ' UTC')
keystore._keystore = {}
keystore._derived_keys = {}
# RESTORE
signercli._get_metadata_directory = original_get_metadata
signercli._prompt = original_prompt
signercli._get_password = original_get_password
signercli._get_keyids = original_get_keyids
def build_server_repository(server_repository_dir, targets_dir):
# Make metadata directory inside client and server repository dir.
server_metadata_dir = os.path.join(server_repository_dir, 'metadata')
os.mkdir(server_metadata_dir)
# Make a keystore directory inside server's repository and populate it.
keystore_dir = os.path.join(server_repository_dir, 'keystore')
os.mkdir(keystore_dir)
create_keystore(keystore_dir)
# Build config file.
build_config = signerlib.build_config_file
config_filepath = build_config(server_repository_dir, 365,
TestCase_Tools.top_level_role_info)
# Role:keyids dictionary.
role_keyids = {}
for role in TestCase_Tools.semi_roledict.keys():
role_keyids[role] = TestCase_Tools.semi_roledict[role]['keyids']
# BUILD ROLE FILES.
# Build root file.
signerlib.build_root_file(config_filepath, role_keyids['root'],
server_metadata_dir)
# Build targets file.
signerlib.build_targets_file(targets_dir, role_keyids['targets'],
server_metadata_dir)
# Build release file.
signerlib.build_release_file(role_keyids['release'], server_metadata_dir)
# Build timestamp file.
signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir)
# MAKE DELEGATIONS.
# We will need to patch a few signercli prompts.
# Specifically, signercli.make_delegations() asks user input for:
# metadata directory, delegated targets directory, parent role,
# passwords for parent role's keyids, delegated role's name, and
# the keyid to be assigned to the delegated role. Take a look at
# signercli's make_delegation() to gain bit more insight in what is
# happening.
# 'load_key' is a reference to the 'load_keystore_from_keyfiles function'.
load_keys = keystore.load_keystore_from_keyfiles
# Setup first level delegated role.
delegated_level1 = os.path.join(targets_dir, 'delegated_level1')
delegated_targets_dir = delegated_level1
parent_role = 'targets'
delegated_role_name = 'delegated_role1'
signing_keyids = role_keyids['targets/delegated_role1']
# Patching the prompts.
# Mock method for signercli._get_metadata_directory().
def _mock_get_metadata_directory():
return server_metadata_dir
# Mock method for signercli._prompt().
def _mock_prompt(msg, junk):
if msg.startswith('\nNOTE: The directory entered'):
return delegated_targets_dir
elif msg.startswith('\nChoose and enter the parent'):
return parent_role
elif msg.endswith('\nEnter the delegated role\'s name: '):
return delegated_role_name
else:
error_msg = ('Prompt: '+'\''+msg+'\''+
' did not match any predefined mock prompts.')
sys.exit(error_msg)
# Mock method for signercli._get_password().
def _mock_get_password(msg):
for keyid in TestCase_Tools.rsa_keyids:
if msg.endswith('('+keyid+'): '):
return TestCase_Tools.rsa_passwords[keyid]
# Method to patch signercli._get_keyids()
def _mock_get_keyids(junk):
if signing_keyids:
for keyid in signing_keyids:
password = TestCase_Tools.rsa_passwords[keyid]
# Load the keyfile.
load_keys(keystore_dir, [keyid], [password])
return signing_keyids
# Patch signercli._get_metadata_directory().
signercli._get_metadata_directory = _mock_get_metadata_directory
# Patch signercli._prompt().
signercli._prompt = _mock_prompt
# Patch signercli._get_password().
signercli._get_password = _mock_get_password
# Patch signercli._get_keyids().
signercli._get_keyids = _mock_get_keyids
# Clear kestore's dictionaries, by detaching them from unittest_toolbox's
# dictionaries.
keystore._keystore = {}
keystore._key_passwords = {}
# Make first level delegation.
signercli.make_delegation(keystore_dir)
# Setup first level delegated role.
delegated_level2 = os.path.join(delegated_level1, 'delegated_level2')
delegated_targets_dir = delegated_level2
parent_role = 'targets/delegated_role1'
delegated_role_name = 'delegated_role2'
signing_keyids = role_keyids['targets/delegated_role1/delegated_role2']
# Clear kestore's dictionaries.
keystore.clear_keystore()
# Make second level delegation.
signercli.make_delegation(keystore_dir)
def init_tuf(root_repo, url, port):
"""
<Purpose>
Setup TUF directory structure and populated it with TUF metadata and
congfiguration files.
"""
passwd = 'test'
threshold = 1
# Setup TUF-repo directory structure.
tuf_repo = os.path.join(root_repo, 'tuf_repo')
keystore_dir = os.path.join(tuf_repo, 'keystore')
metadata_dir = os.path.join(tuf_repo, 'metadata')
targets_dir = os.path.join(tuf_repo, 'targets')
os.mkdir(tuf_repo)
os.mkdir(keystore_dir)
os.mkdir(metadata_dir)
shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir)
# Setting TUF-client directory structure.
# 'tuf.client.updater.py' expects the 'current' and 'previous'
# directories to exist under client's 'metadata' directory.
tuf_client = os.path.join(root_repo, 'tuf_client')
tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata')
current_dir = os.path.join(tuf_client_metadata_dir, 'current')
previous_dir = os.path.join(tuf_client_metadata_dir, 'previous')
os.makedirs(tuf_client_metadata_dir)
# Generate at least one rsa key.
key = signerlib.generate_and_save_rsa_key(keystore_dir, passwd)
keyids = [key['keyid']]
# Set role info.
info = {'keyids': [key['keyid']], 'threshold': threshold}
# 'role_info' dictionary looks like this:
# {role : {'keyids : [keyid1, ...] , 'threshold' : 1}}
# In our case 'role_info[keyids]' will only have on entry since only one
# is being used.
role_info = {}
role_list = ['root', 'targets', 'release', 'timestamp']
for role in role_list:
role_info[role] = info
# At this point there is enough information to create TUF configuration
# and metadata files.
# Build the configuration file.
conf_path = signerlib.build_config_file(metadata_dir, 365, role_info)
# Generate the 'root.txt' metadata file.
signerlib.build_root_file(conf_path, keyids, metadata_dir)
# Generate the 'targets.txt' metadata file.
signerlib.build_targets_file(targets_dir, keyids, metadata_dir)
# Generate the 'release.txt' metadata file.
signerlib.build_release_file(keyids, metadata_dir)
# Generate the 'timestamp.txt' metadata file.
signerlib.build_timestamp_file(keyids, metadata_dir)
# Move the metadata to the client's 'current' and 'previous' directories.
shutil.copytree(metadata_dir, current_dir)
shutil.copytree(metadata_dir, previous_dir)
# The repository is now setup!
# Here is a mirrors dictionary that will allow a client to seek out
# places to download the metadata and targets from.
tuf_repo_relpath = os.path.basename(tuf_repo)
tuf_url = url+tuf_repo_relpath
mirrors = {'mirror1': {'url_prefix': tuf_url,
'metadata_path': 'metadata',
'targets_path': 'targets',
'confined_target_dirs': ['']}}
# Adjusting configuration file (tuf.conf.py).
tuf.conf.repository_directory = tuf_client
# In order to implement interposition we need to have a config file with
# the following dictionary JSON-serialized.
# tuf_url: http://localhost:port/root_repo/tuf_repo/
hostname = 'localhost:9999'
interposition_dict = {"configurations":
{hostname:
{"repository_directory": tuf_client+'/',
"repository_mirrors" :
{"mirror1":
{"url_prefix": tuf_url,
"metadata_path": "metadata",
"targets_path": "targets",
"confined_target_dirs": [ "" ]}}}}}
# "target_paths": [ { "(.*\\.html)": "{0}" } ]
junk, interpose_json = tempfile.mkstemp(prefix='conf_', dir=root_repo)
with open(interpose_json, 'wb') as fileobj:
tuf.util.json.dump(interposition_dict, fileobj)
tuf.interposition.configure(filename=interpose_json)
return keyids