def generate_rsa_keys(passwords): """Return the IDs of RSA keys encrypted in order with the given passwords.""" rsa_keys = [] for password in passwords: # Generate the RSA key and save it to 'keystore_directory'. rsa_key = \ signerlib.generate_and_save_rsa_key(keystore_directory=KEYSTORE_DIRECTORY, password=password, bits=KEY_SIZE) rsa_key_id = rsa_key['keyid'] rsa_keys.append(rsa_key_id) return rsa_keys
def test_1_generate_and_save_rsa_key(self): """ generate_and_save_rsa_key() is independent from all the other methods in signerlib. In order to test this method all we need is to create a temp directory and a sample password. """ # SETUP keystore_dir = self.make_temp_directory() password = self.random_string() # TESTS # Test: Run generate_and_save_rsa_key(). rsakey = signerlib.generate_and_save_rsa_key(keystore_dir, password) self.assertTrue(formats.RSAKEY_SCHEMA.matches(rsakey)) # Test: Check if rsa key file was created. key_path = os.path.join(keystore_dir, rsakey["keyid"] + ".key") self.assertTrue(os.path.exists(key_path))
def test_1_generate_and_save_rsa_key(self): """ generate_and_save_rsa_key() is independent from all the other methods in signerlib. In order to test this method all we need is to create a temp directory and a sample password. """ # SETUP keystore_dir = self.make_temp_directory() password = self.random_string() # TESTS # Test: Run generate_and_save_rsa_key(). rsakey = signerlib.generate_and_save_rsa_key(keystore_dir, password) self.assertTrue(formats.RSAKEY_SCHEMA.matches(rsakey)) # Test: Check if rsa key file was created. key_path = os.path.join(keystore_dir, rsakey['keyid'] + '.key') self.assertTrue(os.path.exists(key_path))
def _make_delegation(rolename): expiration_date = tuf.formats.format_time(time.time()+86400) expiration_date = expiration_date[0:expiration_date.rfind(' UTC')] # Indicate which file client downloads. rel_filepath = os.path.relpath(roles[rolename]['filepath'], reg_repo) roles[rolename]['target_path'] = os.path.join(targets_dir, rel_filepath) rolepath, file_basename = os.path.split(roles[rolename]['filepath']) junk, role_relpath = os.path.split(rolepath) roles[rolename]['targets_dir'] = os.path.join(targets_dir, role_relpath) roles[rolename]['metadata_dir'] = os.path.join(metadata_dir, 'targets') # Create a key to sign a new delegated role. password = roles[rolename]['password'][0] key = signerlib.generate_and_save_rsa_key(keystore_dir, password) roles[rolename]['keyid'] = [key['keyid']] roles[rolename]['dest_path'] = os.path.join(downloads_dir, file_basename) # Create delegation one. util_test_tools.create_delegation(tuf_repo, roles[rolename]['targets_dir'], roles[rolename]['keyid'], password, 'targets', rolename, expiration_date) # Update TUF repository. # util_test_tools.make_targets_meta(root_repo) util_test_tools.make_release_meta(root_repo) util_test_tools.make_timestamp_meta(root_repo) # Modify the url. Remember that the interposition will intercept # urls that have 'localhost:9999' hostname, which was specified in # the json interposition configuration file. Look for 'hostname' # in 'util_test_tools.py'. Further, the 'file_basename' is the target # path relative to 'targets_dir'. roles[rolename]['url'] = 'http://localhost:9999/'+rel_filepath # Perform a client download. urllib_tuf.urlretrieve(roles[rolename]['url'], roles[rolename]['dest_path'])
def init_tuf(root_repo): """ <Purpose> Setup TUF directory structure and populated it with TUF metadata and congfiguration files. """ threshold = 1 global version version = version+1 expiration = tuf.formats.format_time(time.time()+86400) # Setup TUF-repo directory structure. tuf_repo = os.path.join(root_repo, 'tuf_repo') keystore_dir = os.path.join(tuf_repo, 'keystore') metadata_dir = os.path.join(tuf_repo, 'metadata') targets_dir = os.path.join(tuf_repo, 'targets') os.mkdir(tuf_repo) os.mkdir(keystore_dir) os.mkdir(metadata_dir) shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir) # Setting TUF-client directory structure. # 'tuf.client.updater.py' expects the 'current' and 'previous' # directories to exist under client's 'metadata' directory. tuf_client = os.path.join(root_repo, 'tuf_client') tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata') current_dir = os.path.join(tuf_client_metadata_dir, 'current') previous_dir = os.path.join(tuf_client_metadata_dir, 'previous') os.makedirs(tuf_client_metadata_dir) # Generate at least one rsa key. key = signerlib.generate_and_save_rsa_key(keystore_dir, PASSWD) keyids = [key['keyid']] # Set role info. info = {'keyids': [key['keyid']], 'threshold': threshold} # 'role_info' dictionary looks like this: # {role : {'keyids : [keyid1, ...] , 'threshold' : 1}} # In our case 'role_info[keyids]' will only have on entry since only one # is being used. role_info = {} role_list = ['root', 'targets', 'release', 'timestamp'] for role in role_list: role_info[role] = info # At this point there is enough information to create TUF configuration # and metadata files. # Build the configuration file. conf_path = signerlib.build_config_file(metadata_dir, 365, role_info) # Generate the 'root.txt' metadata file. signerlib.build_root_file(conf_path, keyids, metadata_dir, version) # Generate the 'targets.txt' metadata file. signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version, expiration) # Generate the 'release.txt' metadata file. signerlib.build_release_file(keyids, metadata_dir, version, expiration) # Generate the 'timestamp.txt' metadata file. signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration) # Move the metadata to the client's 'current' and 'previous' directories. shutil.copytree(metadata_dir, current_dir) shutil.copytree(metadata_dir, previous_dir) # The repository is now setup! return keyids
def setUp(self): """ The target delegations tree is fixed as such: targets -> [T1, T2] T1 -> [T3] """ global version version = version+1 expiration = tuf.formats.format_time(time.time()+86400) root_repo, url, server_proc, keyids = util_test_tools.init_repo(tuf=True) # Server side repository. tuf_repo = os.path.join(root_repo, 'tuf_repo') keystore_dir = os.path.join(tuf_repo, 'keystore') metadata_dir = os.path.join(tuf_repo, 'metadata') targets_dir = os.path.join(tuf_repo, 'targets') # We need to provide clients with a way to reach the tuf repository. tuf_repo_relpath = os.path.basename(tuf_repo) tuf_url = url+tuf_repo_relpath # Add files to the server side repository. # target1 = 'targets_dir/[random].txt' # target2 = 'targets_dir/[random].txt' add_target = util_test_tools.add_file_to_repository target1_path = add_target(targets_dir, data='target1') target2_path = add_target(targets_dir, data='target2') # Target paths relative to the 'targets_dir'. # Ex: targetX = 'targets/delegator/delegatee.txt' target1 = os.path.relpath(target1_path, tuf_repo) target2 = os.path.relpath(target2_path, tuf_repo) # Relative to repository's targets directory. target_filepaths = [target1, target2] # Store in self only the variables relevant for tests. self.root_repo = root_repo self.tuf_repo = tuf_repo self.server_proc = server_proc self.target_filepaths = target_filepaths # Targets delegated from A to B. self.delegated_targets = {} # Targets actually signed by B. self.signed_targets = {} self.mirrors = { "mirror1": { "url_prefix": tuf_url, "metadata_path": "metadata", "targets_path": "targets", "confined_target_dirs": [""] } } # Aliases for targets roles. self.T0 = 'targets' self.T1 = 'targets/T1' self.T2 = 'targets/T2' self.T3 = 'targets/T1/T3' # Get tracked and assigned targets, and generate targets metadata. self.make_targets_metadata() assert hasattr(self, 'T0_metadata') assert hasattr(self, 'T1_metadata') assert hasattr(self, 'T2_metadata') assert hasattr(self, 'T3_metadata') # Make delegation directories at the server's repository. metadata_targets_dir = os.path.join(metadata_dir, 'targets') metadata_T1_dir = os.path.join(metadata_targets_dir, 'T1') os.makedirs(metadata_T1_dir) # Delegations metadata paths for the 3 delegated targets roles. T0_path = os.path.join(metadata_dir, 'targets.txt') T1_path = os.path.join(metadata_targets_dir, 'T1.txt') T2_path = os.path.join(metadata_targets_dir, 'T2.txt') T3_path = os.path.join(metadata_T1_dir, 'T3.txt') # Generate RSA keys for the 3 delegatees. key1 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T1') key2 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T2') key3 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T3') # ID for each of the 3 keys. key1_id = key1['keyid'] key2_id = key2['keyid'] key3_id = key3['keyid'] # ID, in a list, for each of the 3 keys. key1_ids = [key1_id] key2_ids = [key2_id] key3_ids = [key3_id] # Public-key JSON for each of the 3 keys. key1_val = tuf.rsa_key.create_in_metadata_format(key1['keyval']) key2_val = tuf.rsa_key.create_in_metadata_format(key2['keyval']) key3_val = tuf.rsa_key.create_in_metadata_format(key3['keyval']) # Create delegation role metadata for each of the 3 delegated targets roles. make_role_metadata = tuf.formats.make_role_metadata T1_targets = self.relpath_from_targets(self.delegated_targets[self.T1]) T1_role = make_role_metadata(key1_ids, 1, name=self.T1, paths=T1_targets) T2_targets = self.relpath_from_targets(self.delegated_targets[self.T2]) T2_role = make_role_metadata(key2_ids, 1, name=self.T2, paths=T2_targets) T3_targets = self.relpath_from_targets(self.delegated_targets[self.T3]) T3_role = make_role_metadata(key3_ids, 1, name=self.T3, paths=T3_targets) # Assign 'delegations' object for 'targets': self.T0_metadata['signed']['delegations'] = { 'keys': {key1_id: key1_val, key2_id: key2_val}, 'roles': [T1_role, T2_role] } # Assign 'delegations' object for 'targets/T1': self.T1_metadata['signed']['delegations'] = { 'keys': {key3_id: key3_val}, 'roles': [T3_role] } sign = signerlib.sign_metadata write = signerlib.write_metadata_file # Sign new metadata objects. T0_signable = sign(self.T0_metadata, keyids, T0_path) T1_signable = sign(self.T1_metadata, key1_ids, T1_path) T2_signable = sign(self.T2_metadata, key2_ids, T2_path) T3_signable = sign(self.T3_metadata, key3_ids, T3_path) # Save new metadata objects. write(T0_signable, T0_path) write(T1_signable, T1_path) write(T2_signable, T2_path) write(T3_signable, T3_path) # Timestamp a new release to reflect latest targets. signerlib.build_release_file(keyids, metadata_dir, version, expiration) signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration) # Unload all keys. keystore.clear_keystore()
def setUp(self): """ The target delegations tree is fixed as such: targets -> [T1, T2] T1 -> [T3] """ global version version = version + 1 expiration = tuf.formats.format_time(time.time() + 86400) root_repo, url, server_proc, keyids = util_test_tools.init_repo( tuf=True) # Server side repository. tuf_repo = os.path.join(root_repo, 'tuf_repo') keystore_dir = os.path.join(tuf_repo, 'keystore') metadata_dir = os.path.join(tuf_repo, 'metadata') targets_dir = os.path.join(tuf_repo, 'targets') # We need to provide clients with a way to reach the tuf repository. tuf_repo_relpath = os.path.basename(tuf_repo) tuf_url = url + tuf_repo_relpath # Add files to the server side repository. # target1 = 'targets_dir/[random].txt' # target2 = 'targets_dir/[random].txt' add_target = util_test_tools.add_file_to_repository target1_path = add_target(targets_dir, data='target1') target2_path = add_target(targets_dir, data='target2') # Target paths relative to the 'targets_dir'. # Ex: targetX = 'targets/delegator/delegatee.txt' target1 = os.path.relpath(target1_path, tuf_repo) target2 = os.path.relpath(target2_path, tuf_repo) # Relative to repository's targets directory. target_filepaths = [target1, target2] # Store in self only the variables relevant for tests. self.root_repo = root_repo self.tuf_repo = tuf_repo self.server_proc = server_proc self.target_filepaths = target_filepaths # Targets delegated from A to B. self.delegated_targets = {} # Targets actually signed by B. self.signed_targets = {} self.mirrors = { "mirror1": { "url_prefix": tuf_url, "metadata_path": "metadata", "targets_path": "targets", "confined_target_dirs": [""] } } # Aliases for targets roles. self.T0 = 'targets' self.T1 = 'targets/T1' self.T2 = 'targets/T2' self.T3 = 'targets/T1/T3' # Get tracked and assigned targets, and generate targets metadata. self.make_targets_metadata() assert hasattr(self, 'T0_metadata') assert hasattr(self, 'T1_metadata') assert hasattr(self, 'T2_metadata') assert hasattr(self, 'T3_metadata') # Make delegation directories at the server's repository. metadata_targets_dir = os.path.join(metadata_dir, 'targets') metadata_T1_dir = os.path.join(metadata_targets_dir, 'T1') os.makedirs(metadata_T1_dir) # Delegations metadata paths for the 3 delegated targets roles. T0_path = os.path.join(metadata_dir, 'targets.txt') T1_path = os.path.join(metadata_targets_dir, 'T1.txt') T2_path = os.path.join(metadata_targets_dir, 'T2.txt') T3_path = os.path.join(metadata_T1_dir, 'T3.txt') # Generate RSA keys for the 3 delegatees. key1 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T1') key2 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T2') key3 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T3') # ID for each of the 3 keys. key1_id = key1['keyid'] key2_id = key2['keyid'] key3_id = key3['keyid'] # ID, in a list, for each of the 3 keys. key1_ids = [key1_id] key2_ids = [key2_id] key3_ids = [key3_id] # Public-key JSON for each of the 3 keys. key1_val = tuf.rsa_key.create_in_metadata_format(key1['keyval']) key2_val = tuf.rsa_key.create_in_metadata_format(key2['keyval']) key3_val = tuf.rsa_key.create_in_metadata_format(key3['keyval']) # Create delegation role metadata for each of the 3 delegated targets roles. make_role_metadata = tuf.formats.make_role_metadata T1_targets = self.relpath_from_targets(self.delegated_targets[self.T1]) T1_role = make_role_metadata(key1_ids, 1, name=self.T1, paths=T1_targets) T2_targets = self.relpath_from_targets(self.delegated_targets[self.T2]) T2_role = make_role_metadata(key2_ids, 1, name=self.T2, paths=T2_targets) T3_targets = self.relpath_from_targets(self.delegated_targets[self.T3]) T3_role = make_role_metadata(key3_ids, 1, name=self.T3, paths=T3_targets) # Assign 'delegations' object for 'targets': self.T0_metadata['signed']['delegations'] = { 'keys': { key1_id: key1_val, key2_id: key2_val }, 'roles': [T1_role, T2_role] } # Assign 'delegations' object for 'targets/T1': self.T1_metadata['signed']['delegations'] = { 'keys': { key3_id: key3_val }, 'roles': [T3_role] } sign = signerlib.sign_metadata write = signerlib.write_metadata_file # Sign new metadata objects. T0_signable = sign(self.T0_metadata, keyids, T0_path) T1_signable = sign(self.T1_metadata, key1_ids, T1_path) T2_signable = sign(self.T2_metadata, key2_ids, T2_path) T3_signable = sign(self.T3_metadata, key3_ids, T3_path) # Save new metadata objects. write(T0_signable, T0_path) write(T1_signable, T1_path) write(T2_signable, T2_path) write(T3_signable, T3_path) # Timestamp a new release to reflect latest targets. signerlib.build_release_file(keyids, metadata_dir, version, expiration) signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration) # Unload all keys. keystore.clear_keystore()
def init_tuf(root_repo): """ <Purpose> Setup TUF directory structure and populated it with TUF metadata and congfiguration files. """ threshold = 1 global version version = version + 1 expiration = tuf.formats.format_time(time.time() + 86400) # Setup TUF-repo directory structure. tuf_repo = os.path.join(root_repo, 'tuf_repo') keystore_dir = os.path.join(tuf_repo, 'keystore') metadata_dir = os.path.join(tuf_repo, 'metadata') targets_dir = os.path.join(tuf_repo, 'targets') os.mkdir(tuf_repo) os.mkdir(keystore_dir) os.mkdir(metadata_dir) shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir) # Setting TUF-client directory structure. # 'tuf.client.updater.py' expects the 'current' and 'previous' # directories to exist under client's 'metadata' directory. tuf_client = os.path.join(root_repo, 'tuf_client') tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata') current_dir = os.path.join(tuf_client_metadata_dir, 'current') previous_dir = os.path.join(tuf_client_metadata_dir, 'previous') os.makedirs(tuf_client_metadata_dir) # Generate at least one rsa key. key = signerlib.generate_and_save_rsa_key(keystore_dir, PASSWD) keyids = [key['keyid']] # Set role info. info = {'keyids': [key['keyid']], 'threshold': threshold} # 'role_info' dictionary looks like this: # {role : {'keyids : [keyid1, ...] , 'threshold' : 1}} # In our case 'role_info[keyids]' will only have on entry since only one # is being used. role_info = {} role_list = ['root', 'targets', 'release', 'timestamp'] for role in role_list: role_info[role] = info # At this point there is enough information to create TUF configuration # and metadata files. # Build the configuration file. conf_path = signerlib.build_config_file(metadata_dir, 365, role_info) # Generate the 'root.txt' metadata file. signerlib.build_root_file(conf_path, keyids, metadata_dir, version) # Generate the 'targets.txt' metadata file. signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version, expiration) # Generate the 'release.txt' metadata file. signerlib.build_release_file(keyids, metadata_dir, version, expiration) # Generate the 'timestamp.txt' metadata file. signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration) # Move the metadata to the client's 'current' and 'previous' directories. shutil.copytree(metadata_dir, current_dir) shutil.copytree(metadata_dir, previous_dir) # The repository is now setup! return keyids
def init_tuf(root_repo, url, port): """ <Purpose> Setup TUF directory structure and populated it with TUF metadata and congfiguration files. """ passwd = 'test' threshold = 1 # Setup TUF-repo directory structure. tuf_repo = os.path.join(root_repo, 'tuf_repo') keystore_dir = os.path.join(tuf_repo, 'keystore') metadata_dir = os.path.join(tuf_repo, 'metadata') targets_dir = os.path.join(tuf_repo, 'targets') os.mkdir(tuf_repo) os.mkdir(keystore_dir) os.mkdir(metadata_dir) shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir) # Setting TUF-client directory structure. # 'tuf.client.updater.py' expects the 'current' and 'previous' # directories to exist under client's 'metadata' directory. tuf_client = os.path.join(root_repo, 'tuf_client') tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata') current_dir = os.path.join(tuf_client_metadata_dir, 'current') previous_dir = os.path.join(tuf_client_metadata_dir, 'previous') os.makedirs(tuf_client_metadata_dir) # Generate at least one rsa key. key = signerlib.generate_and_save_rsa_key(keystore_dir, passwd) keyids = [key['keyid']] # Set role info. info = {'keyids': [key['keyid']], 'threshold': threshold} # 'role_info' dictionary looks like this: # {role : {'keyids : [keyid1, ...] , 'threshold' : 1}} # In our case 'role_info[keyids]' will only have on entry since only one # is being used. role_info = {} role_list = ['root', 'targets', 'release', 'timestamp'] for role in role_list: role_info[role] = info # At this point there is enough information to create TUF configuration # and metadata files. # Build the configuration file. conf_path = signerlib.build_config_file(metadata_dir, 365, role_info) # Generate the 'root.txt' metadata file. signerlib.build_root_file(conf_path, keyids, metadata_dir) # Generate the 'targets.txt' metadata file. signerlib.build_targets_file(targets_dir, keyids, metadata_dir) # Generate the 'release.txt' metadata file. signerlib.build_release_file(keyids, metadata_dir) # Generate the 'timestamp.txt' metadata file. signerlib.build_timestamp_file(keyids, metadata_dir) # Move the metadata to the client's 'current' and 'previous' directories. shutil.copytree(metadata_dir, current_dir) shutil.copytree(metadata_dir, previous_dir) # The repository is now setup! # Here is a mirrors dictionary that will allow a client to seek out # places to download the metadata and targets from. tuf_repo_relpath = os.path.basename(tuf_repo) tuf_url = url+tuf_repo_relpath mirrors = {'mirror1': {'url_prefix': tuf_url, 'metadata_path': 'metadata', 'targets_path': 'targets', 'confined_target_dirs': ['']}} # Adjusting configuration file (tuf.conf.py). tuf.conf.repository_directory = tuf_client # In order to implement interposition we need to have a config file with # the following dictionary JSON-serialized. # tuf_url: http://localhost:port/root_repo/tuf_repo/ hostname = 'localhost:9999' interposition_dict = {"configurations": {hostname: {"repository_directory": tuf_client+'/', "repository_mirrors" : {"mirror1": {"url_prefix": tuf_url, "metadata_path": "metadata", "targets_path": "targets", "confined_target_dirs": [ "" ]}}}}} # "target_paths": [ { "(.*\\.html)": "{0}" } ] junk, interpose_json = tempfile.mkstemp(prefix='conf_', dir=root_repo) with open(interpose_json, 'wb') as fileobj: tuf.util.json.dump(interposition_dict, fileobj) tuf.interposition.configure(filename=interpose_json) return keyids