コード例 #1
0
def generate_rsa_keys(passwords):
    """Return the IDs of RSA keys encrypted in order with the given passwords."""

    rsa_keys = []

    for password in passwords:
        # Generate the RSA key and save it to 'keystore_directory'.
        rsa_key = \
          signerlib.generate_and_save_rsa_key(keystore_directory=KEYSTORE_DIRECTORY,
                                              password=password, bits=KEY_SIZE)
        rsa_key_id = rsa_key['keyid']
        rsa_keys.append(rsa_key_id)

    return rsa_keys
コード例 #2
0
def generate_rsa_keys(passwords):
  """Return the IDs of RSA keys encrypted in order with the given passwords."""

  rsa_keys = []

  for password in passwords:
    # Generate the RSA key and save it to 'keystore_directory'.
    rsa_key = \
      signerlib.generate_and_save_rsa_key(keystore_directory=KEYSTORE_DIRECTORY,
                                          password=password, bits=KEY_SIZE)
    rsa_key_id = rsa_key['keyid']
    rsa_keys.append(rsa_key_id)

  return rsa_keys
コード例 #3
0
ファイル: test_signerlib.py プロジェクト: pombredanne/tuf
    def test_1_generate_and_save_rsa_key(self):
        """
    generate_and_save_rsa_key() is independent from all the other methods in
    signerlib.  In order to test this method all we need is to create a temp
    directory and a sample password.
    """

        # SETUP
        keystore_dir = self.make_temp_directory()
        password = self.random_string()

        # TESTS
        #  Test: Run generate_and_save_rsa_key().
        rsakey = signerlib.generate_and_save_rsa_key(keystore_dir, password)
        self.assertTrue(formats.RSAKEY_SCHEMA.matches(rsakey))

        #  Test: Check if rsa key file was created.
        key_path = os.path.join(keystore_dir, rsakey["keyid"] + ".key")
        self.assertTrue(os.path.exists(key_path))
コード例 #4
0
ファイル: test_signerlib.py プロジェクト: smith325/tuf
    def test_1_generate_and_save_rsa_key(self):
        """
    generate_and_save_rsa_key() is independent from all the other methods in
    signerlib.  In order to test this method all we need is to create a temp
    directory and a sample password.
    """

        # SETUP
        keystore_dir = self.make_temp_directory()
        password = self.random_string()

        # TESTS
        #  Test: Run generate_and_save_rsa_key().
        rsakey = signerlib.generate_and_save_rsa_key(keystore_dir, password)
        self.assertTrue(formats.RSAKEY_SCHEMA.matches(rsakey))

        #  Test: Check if rsa key file was created.
        key_path = os.path.join(keystore_dir, rsakey['keyid'] + '.key')
        self.assertTrue(os.path.exists(key_path))
コード例 #5
0
    def _make_delegation(rolename):
      expiration_date = tuf.formats.format_time(time.time()+86400)
      expiration_date = expiration_date[0:expiration_date.rfind(' UTC')]
      # Indicate which file client downloads.
      rel_filepath = os.path.relpath(roles[rolename]['filepath'], reg_repo)
      roles[rolename]['target_path'] = os.path.join(targets_dir, rel_filepath)
      rolepath, file_basename = os.path.split(roles[rolename]['filepath'])
      junk, role_relpath = os.path.split(rolepath)
      roles[rolename]['targets_dir'] = os.path.join(targets_dir, role_relpath)
      roles[rolename]['metadata_dir'] =  os.path.join(metadata_dir, 'targets')

      # Create a key to sign a new delegated role.
      password = roles[rolename]['password'][0]
      key = signerlib.generate_and_save_rsa_key(keystore_dir, password)
      roles[rolename]['keyid'] = [key['keyid']]
      roles[rolename]['dest_path'] = os.path.join(downloads_dir, file_basename)

      # Create delegation one.
      util_test_tools.create_delegation(tuf_repo, 
                                        roles[rolename]['targets_dir'], 
                                        roles[rolename]['keyid'], password, 
                                        'targets', rolename, expiration_date)

      # Update TUF repository.
      # util_test_tools.make_targets_meta(root_repo)
      util_test_tools.make_release_meta(root_repo)
      util_test_tools.make_timestamp_meta(root_repo)

      # Modify the url.  Remember that the interposition will intercept 
      # urls that have 'localhost:9999' hostname, which was specified in
      # the json interposition configuration file.  Look for 'hostname'
      # in 'util_test_tools.py'. Further, the 'file_basename' is the target
      # path relative to 'targets_dir'. 
      roles[rolename]['url'] = 'http://localhost:9999/'+rel_filepath

      # Perform a client download.
      urllib_tuf.urlretrieve(roles[rolename]['url'],
                             roles[rolename]['dest_path'])
コード例 #6
0
def init_tuf(root_repo):
  """
  <Purpose>
    Setup TUF directory structure and populated it with TUF metadata and 
    congfiguration files.

  """ 

  threshold = 1
  global version
  version = version+1
  expiration = tuf.formats.format_time(time.time()+86400)

  # Setup TUF-repo directory structure.
  tuf_repo = os.path.join(root_repo, 'tuf_repo')
  keystore_dir = os.path.join(tuf_repo, 'keystore')
  metadata_dir = os.path.join(tuf_repo, 'metadata')
  targets_dir = os.path.join(tuf_repo, 'targets')

  os.mkdir(tuf_repo)
  os.mkdir(keystore_dir)
  os.mkdir(metadata_dir)
  shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir)

  # Setting TUF-client directory structure.
  # 'tuf.client.updater.py' expects the 'current' and 'previous'
  # directories to exist under client's 'metadata' directory.
  tuf_client = os.path.join(root_repo, 'tuf_client')
  tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata')
  current_dir = os.path.join(tuf_client_metadata_dir, 'current')
  previous_dir = os.path.join(tuf_client_metadata_dir, 'previous')
  os.makedirs(tuf_client_metadata_dir)

  # Generate at least one rsa key.
  key = signerlib.generate_and_save_rsa_key(keystore_dir, PASSWD)
  keyids = [key['keyid']]

  # Set role info.
  info = {'keyids': [key['keyid']], 'threshold': threshold}

  # 'role_info' dictionary looks like this:
  # {role : {'keyids : [keyid1, ...] , 'threshold' : 1}}
  # In our case 'role_info[keyids]' will only have on entry since only one
  # is being used.
  role_info = {}
  role_list = ['root', 'targets', 'release', 'timestamp']
  for role in role_list:
    role_info[role] = info

  # At this point there is enough information to create TUF configuration 
  # and metadata files.

  # Build the configuration file.
  conf_path = signerlib.build_config_file(metadata_dir, 365, role_info)

  # Generate the 'root.txt' metadata file.
  signerlib.build_root_file(conf_path, keyids, metadata_dir, version)

  # Generate the 'targets.txt' metadata file. 
  signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version,
                               expiration)

  # Generate the 'release.txt' metadata file.
  signerlib.build_release_file(keyids, metadata_dir, version, expiration)

  # Generate the 'timestamp.txt' metadata file.
  signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)

  # Move the metadata to the client's 'current' and 'previous' directories.
  shutil.copytree(metadata_dir, current_dir)
  shutil.copytree(metadata_dir, previous_dir)

  # The repository is now setup!
  return keyids
コード例 #7
0
ファイル: test_delegations.py プロジェクト: zanefisher/tuf
  def setUp(self):
    """
    The target delegations tree is fixed as such:
      targets -> [T1, T2]
      T1 -> [T3]
    """
    global version
    version = version+1
    expiration = tuf.formats.format_time(time.time()+86400)

    root_repo, url, server_proc, keyids = util_test_tools.init_repo(tuf=True)

    # Server side repository.
    tuf_repo = os.path.join(root_repo, 'tuf_repo')
    keystore_dir = os.path.join(tuf_repo, 'keystore')
    metadata_dir = os.path.join(tuf_repo, 'metadata')
    targets_dir = os.path.join(tuf_repo, 'targets')

    # We need to provide clients with a way to reach the tuf repository.
    tuf_repo_relpath = os.path.basename(tuf_repo)
    tuf_url = url+tuf_repo_relpath

    # Add files to the server side repository.
    # target1 = 'targets_dir/[random].txt'
    # target2 = 'targets_dir/[random].txt'
    add_target = util_test_tools.add_file_to_repository
    target1_path = add_target(targets_dir, data='target1')
    target2_path = add_target(targets_dir, data='target2')

    # Target paths relative to the 'targets_dir'.
    # Ex: targetX = 'targets/delegator/delegatee.txt'
    target1 = os.path.relpath(target1_path, tuf_repo)
    target2 = os.path.relpath(target2_path, tuf_repo)

    # Relative to repository's targets directory.
    target_filepaths = [target1, target2]

    # Store in self only the variables relevant for tests.
    self.root_repo = root_repo
    self.tuf_repo = tuf_repo
    self.server_proc = server_proc
    self.target_filepaths = target_filepaths
    # Targets delegated from A to B.
    self.delegated_targets = {}
    # Targets actually signed by B.
    self.signed_targets = {}
    self.mirrors = {
      "mirror1": {
        "url_prefix": tuf_url,
        "metadata_path": "metadata",
        "targets_path": "targets",
        "confined_target_dirs": [""]
      }
    }
    # Aliases for targets roles.
    self.T0 = 'targets'
    self.T1 = 'targets/T1'
    self.T2 = 'targets/T2'
    self.T3 = 'targets/T1/T3'

    # Get tracked and assigned targets, and generate targets metadata.
    self.make_targets_metadata()
    assert hasattr(self, 'T0_metadata')
    assert hasattr(self, 'T1_metadata')
    assert hasattr(self, 'T2_metadata')
    assert hasattr(self, 'T3_metadata')

    # Make delegation directories at the server's repository.
    metadata_targets_dir = os.path.join(metadata_dir, 'targets')
    metadata_T1_dir = os.path.join(metadata_targets_dir, 'T1')
    os.makedirs(metadata_T1_dir)

    # Delegations metadata paths for the 3 delegated targets roles.
    T0_path = os.path.join(metadata_dir, 'targets.txt')
    T1_path = os.path.join(metadata_targets_dir, 'T1.txt')
    T2_path = os.path.join(metadata_targets_dir, 'T2.txt')
    T3_path = os.path.join(metadata_T1_dir, 'T3.txt')

    # Generate RSA keys for the 3 delegatees.
    key1 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T1')
    key2 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T2')
    key3 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T3')

    # ID for each of the 3 keys.
    key1_id = key1['keyid']
    key2_id = key2['keyid']
    key3_id = key3['keyid']

    # ID, in a list, for each of the 3 keys.
    key1_ids = [key1_id]
    key2_ids = [key2_id]
    key3_ids = [key3_id]

    # Public-key JSON for each of the 3 keys.
    key1_val = tuf.rsa_key.create_in_metadata_format(key1['keyval'])
    key2_val = tuf.rsa_key.create_in_metadata_format(key2['keyval'])
    key3_val = tuf.rsa_key.create_in_metadata_format(key3['keyval'])

    # Create delegation role metadata for each of the 3 delegated targets roles.
    make_role_metadata = tuf.formats.make_role_metadata

    T1_targets = self.relpath_from_targets(self.delegated_targets[self.T1])
    T1_role = make_role_metadata(key1_ids, 1, name=self.T1, paths=T1_targets)

    T2_targets = self.relpath_from_targets(self.delegated_targets[self.T2])
    T2_role = make_role_metadata(key2_ids, 1, name=self.T2, paths=T2_targets)

    T3_targets = self.relpath_from_targets(self.delegated_targets[self.T3])
    T3_role = make_role_metadata(key3_ids, 1, name=self.T3, paths=T3_targets)

    # Assign 'delegations' object for 'targets':
    self.T0_metadata['signed']['delegations'] = {
      'keys': {key1_id: key1_val, key2_id: key2_val},
      'roles': [T1_role, T2_role]
    }

    # Assign 'delegations' object for 'targets/T1':
    self.T1_metadata['signed']['delegations'] = {
      'keys': {key3_id: key3_val},
      'roles': [T3_role]
    }

    sign = signerlib.sign_metadata
    write = signerlib.write_metadata_file

    # Sign new metadata objects.
    T0_signable = sign(self.T0_metadata, keyids, T0_path)
    T1_signable = sign(self.T1_metadata, key1_ids, T1_path)
    T2_signable = sign(self.T2_metadata, key2_ids, T2_path)
    T3_signable = sign(self.T3_metadata, key3_ids, T3_path)
    # Save new metadata objects.
    write(T0_signable, T0_path)
    write(T1_signable, T1_path)
    write(T2_signable, T2_path)
    write(T3_signable, T3_path)

    # Timestamp a new release to reflect latest targets.
    signerlib.build_release_file(keyids, metadata_dir, version, expiration)
    signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)

    # Unload all keys.
    keystore.clear_keystore()
コード例 #8
0
ファイル: test_delegations.py プロジェクト: smith325/tuf
    def setUp(self):
        """
    The target delegations tree is fixed as such:
      targets -> [T1, T2]
      T1 -> [T3]
    """
        global version
        version = version + 1
        expiration = tuf.formats.format_time(time.time() + 86400)

        root_repo, url, server_proc, keyids = util_test_tools.init_repo(
            tuf=True)

        # Server side repository.
        tuf_repo = os.path.join(root_repo, 'tuf_repo')
        keystore_dir = os.path.join(tuf_repo, 'keystore')
        metadata_dir = os.path.join(tuf_repo, 'metadata')
        targets_dir = os.path.join(tuf_repo, 'targets')

        # We need to provide clients with a way to reach the tuf repository.
        tuf_repo_relpath = os.path.basename(tuf_repo)
        tuf_url = url + tuf_repo_relpath

        # Add files to the server side repository.
        # target1 = 'targets_dir/[random].txt'
        # target2 = 'targets_dir/[random].txt'
        add_target = util_test_tools.add_file_to_repository
        target1_path = add_target(targets_dir, data='target1')
        target2_path = add_target(targets_dir, data='target2')

        # Target paths relative to the 'targets_dir'.
        # Ex: targetX = 'targets/delegator/delegatee.txt'
        target1 = os.path.relpath(target1_path, tuf_repo)
        target2 = os.path.relpath(target2_path, tuf_repo)

        # Relative to repository's targets directory.
        target_filepaths = [target1, target2]

        # Store in self only the variables relevant for tests.
        self.root_repo = root_repo
        self.tuf_repo = tuf_repo
        self.server_proc = server_proc
        self.target_filepaths = target_filepaths
        # Targets delegated from A to B.
        self.delegated_targets = {}
        # Targets actually signed by B.
        self.signed_targets = {}
        self.mirrors = {
            "mirror1": {
                "url_prefix": tuf_url,
                "metadata_path": "metadata",
                "targets_path": "targets",
                "confined_target_dirs": [""]
            }
        }
        # Aliases for targets roles.
        self.T0 = 'targets'
        self.T1 = 'targets/T1'
        self.T2 = 'targets/T2'
        self.T3 = 'targets/T1/T3'

        # Get tracked and assigned targets, and generate targets metadata.
        self.make_targets_metadata()
        assert hasattr(self, 'T0_metadata')
        assert hasattr(self, 'T1_metadata')
        assert hasattr(self, 'T2_metadata')
        assert hasattr(self, 'T3_metadata')

        # Make delegation directories at the server's repository.
        metadata_targets_dir = os.path.join(metadata_dir, 'targets')
        metadata_T1_dir = os.path.join(metadata_targets_dir, 'T1')
        os.makedirs(metadata_T1_dir)

        # Delegations metadata paths for the 3 delegated targets roles.
        T0_path = os.path.join(metadata_dir, 'targets.txt')
        T1_path = os.path.join(metadata_targets_dir, 'T1.txt')
        T2_path = os.path.join(metadata_targets_dir, 'T2.txt')
        T3_path = os.path.join(metadata_T1_dir, 'T3.txt')

        # Generate RSA keys for the 3 delegatees.
        key1 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T1')
        key2 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T2')
        key3 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T3')

        # ID for each of the 3 keys.
        key1_id = key1['keyid']
        key2_id = key2['keyid']
        key3_id = key3['keyid']

        # ID, in a list, for each of the 3 keys.
        key1_ids = [key1_id]
        key2_ids = [key2_id]
        key3_ids = [key3_id]

        # Public-key JSON for each of the 3 keys.
        key1_val = tuf.rsa_key.create_in_metadata_format(key1['keyval'])
        key2_val = tuf.rsa_key.create_in_metadata_format(key2['keyval'])
        key3_val = tuf.rsa_key.create_in_metadata_format(key3['keyval'])

        # Create delegation role metadata for each of the 3 delegated targets roles.
        make_role_metadata = tuf.formats.make_role_metadata

        T1_targets = self.relpath_from_targets(self.delegated_targets[self.T1])
        T1_role = make_role_metadata(key1_ids,
                                     1,
                                     name=self.T1,
                                     paths=T1_targets)

        T2_targets = self.relpath_from_targets(self.delegated_targets[self.T2])
        T2_role = make_role_metadata(key2_ids,
                                     1,
                                     name=self.T2,
                                     paths=T2_targets)

        T3_targets = self.relpath_from_targets(self.delegated_targets[self.T3])
        T3_role = make_role_metadata(key3_ids,
                                     1,
                                     name=self.T3,
                                     paths=T3_targets)

        # Assign 'delegations' object for 'targets':
        self.T0_metadata['signed']['delegations'] = {
            'keys': {
                key1_id: key1_val,
                key2_id: key2_val
            },
            'roles': [T1_role, T2_role]
        }

        # Assign 'delegations' object for 'targets/T1':
        self.T1_metadata['signed']['delegations'] = {
            'keys': {
                key3_id: key3_val
            },
            'roles': [T3_role]
        }

        sign = signerlib.sign_metadata
        write = signerlib.write_metadata_file

        # Sign new metadata objects.
        T0_signable = sign(self.T0_metadata, keyids, T0_path)
        T1_signable = sign(self.T1_metadata, key1_ids, T1_path)
        T2_signable = sign(self.T2_metadata, key2_ids, T2_path)
        T3_signable = sign(self.T3_metadata, key3_ids, T3_path)
        # Save new metadata objects.
        write(T0_signable, T0_path)
        write(T1_signable, T1_path)
        write(T2_signable, T2_path)
        write(T3_signable, T3_path)

        # Timestamp a new release to reflect latest targets.
        signerlib.build_release_file(keyids, metadata_dir, version, expiration)
        signerlib.build_timestamp_file(keyids, metadata_dir, version,
                                       expiration)

        # Unload all keys.
        keystore.clear_keystore()
コード例 #9
0
def init_tuf(root_repo):
    """
  <Purpose>
    Setup TUF directory structure and populated it with TUF metadata and 
    congfiguration files.

  """

    threshold = 1
    global version
    version = version + 1
    expiration = tuf.formats.format_time(time.time() + 86400)

    # Setup TUF-repo directory structure.
    tuf_repo = os.path.join(root_repo, 'tuf_repo')
    keystore_dir = os.path.join(tuf_repo, 'keystore')
    metadata_dir = os.path.join(tuf_repo, 'metadata')
    targets_dir = os.path.join(tuf_repo, 'targets')

    os.mkdir(tuf_repo)
    os.mkdir(keystore_dir)
    os.mkdir(metadata_dir)
    shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir)

    # Setting TUF-client directory structure.
    # 'tuf.client.updater.py' expects the 'current' and 'previous'
    # directories to exist under client's 'metadata' directory.
    tuf_client = os.path.join(root_repo, 'tuf_client')
    tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata')
    current_dir = os.path.join(tuf_client_metadata_dir, 'current')
    previous_dir = os.path.join(tuf_client_metadata_dir, 'previous')
    os.makedirs(tuf_client_metadata_dir)

    # Generate at least one rsa key.
    key = signerlib.generate_and_save_rsa_key(keystore_dir, PASSWD)
    keyids = [key['keyid']]

    # Set role info.
    info = {'keyids': [key['keyid']], 'threshold': threshold}

    # 'role_info' dictionary looks like this:
    # {role : {'keyids : [keyid1, ...] , 'threshold' : 1}}
    # In our case 'role_info[keyids]' will only have on entry since only one
    # is being used.
    role_info = {}
    role_list = ['root', 'targets', 'release', 'timestamp']
    for role in role_list:
        role_info[role] = info

    # At this point there is enough information to create TUF configuration
    # and metadata files.

    # Build the configuration file.
    conf_path = signerlib.build_config_file(metadata_dir, 365, role_info)

    # Generate the 'root.txt' metadata file.
    signerlib.build_root_file(conf_path, keyids, metadata_dir, version)

    # Generate the 'targets.txt' metadata file.
    signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version,
                                 expiration)

    # Generate the 'release.txt' metadata file.
    signerlib.build_release_file(keyids, metadata_dir, version, expiration)

    # Generate the 'timestamp.txt' metadata file.
    signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)

    # Move the metadata to the client's 'current' and 'previous' directories.
    shutil.copytree(metadata_dir, current_dir)
    shutil.copytree(metadata_dir, previous_dir)

    # The repository is now setup!
    return keyids
コード例 #10
0
ファイル: util_test_tools.py プロジェクト: pombredanne/tuf
def init_tuf(root_repo, url, port):
  """
  <Purpose>
    Setup TUF directory structure and populated it with TUF metadata and 
    congfiguration files.

  """ 

  passwd = 'test'
  threshold = 1

  # Setup TUF-repo directory structure.
  tuf_repo = os.path.join(root_repo, 'tuf_repo')
  keystore_dir = os.path.join(tuf_repo, 'keystore')
  metadata_dir = os.path.join(tuf_repo, 'metadata')
  targets_dir = os.path.join(tuf_repo, 'targets')

  os.mkdir(tuf_repo)
  os.mkdir(keystore_dir)
  os.mkdir(metadata_dir)
  shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir)

  # Setting TUF-client directory structure.
  # 'tuf.client.updater.py' expects the 'current' and 'previous'
  # directories to exist under client's 'metadata' directory.
  tuf_client = os.path.join(root_repo, 'tuf_client')
  tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata')
  current_dir = os.path.join(tuf_client_metadata_dir, 'current')
  previous_dir = os.path.join(tuf_client_metadata_dir, 'previous')
  os.makedirs(tuf_client_metadata_dir)

  # Generate at least one rsa key.
  key = signerlib.generate_and_save_rsa_key(keystore_dir, passwd)
  keyids = [key['keyid']]

  # Set role info.
  info = {'keyids': [key['keyid']], 'threshold': threshold}

  # 'role_info' dictionary looks like this:
  # {role : {'keyids : [keyid1, ...] , 'threshold' : 1}}
  # In our case 'role_info[keyids]' will only have on entry since only one
  # is being used.
  role_info = {}
  role_list = ['root', 'targets', 'release', 'timestamp']
  for role in role_list:
    role_info[role] = info

  # At this point there is enough information to create TUF configuration 
  # and metadata files.

  # Build the configuration file.
  conf_path = signerlib.build_config_file(metadata_dir, 365, role_info)

  # Generate the 'root.txt' metadata file.
  signerlib.build_root_file(conf_path, keyids, metadata_dir)

  # Generate the 'targets.txt' metadata file. 
  signerlib.build_targets_file(targets_dir, keyids, metadata_dir)

  # Generate the 'release.txt' metadata file.
  signerlib.build_release_file(keyids, metadata_dir)

  # Generate the 'timestamp.txt' metadata file.
  signerlib.build_timestamp_file(keyids, metadata_dir)

  # Move the metadata to the client's 'current' and 'previous' directories.
  shutil.copytree(metadata_dir, current_dir)
  shutil.copytree(metadata_dir, previous_dir)

  # The repository is now setup!

  # Here is a mirrors dictionary that will allow a client to seek out
  # places to download the metadata and targets from.
  tuf_repo_relpath = os.path.basename(tuf_repo)
  tuf_url = url+tuf_repo_relpath
  mirrors = {'mirror1': {'url_prefix': tuf_url,
                         'metadata_path': 'metadata',
                         'targets_path': 'targets',
                         'confined_target_dirs': ['']}}

  # Adjusting configuration file (tuf.conf.py).
  tuf.conf.repository_directory = tuf_client

  # In order to implement interposition we need to have a config file with
  # the following dictionary JSON-serialized.
  # tuf_url: http://localhost:port/root_repo/tuf_repo/
  hostname = 'localhost:9999'

  interposition_dict = {"configurations":
                          {hostname: 
                            {"repository_directory": tuf_client+'/',
                             "repository_mirrors" : 
                              {"mirror1": 
                                {"url_prefix": tuf_url,
                                 "metadata_path": "metadata",
                                 "targets_path": "targets",
                                 "confined_target_dirs": [ "" ]}}}}}

  #                               "target_paths": [ { "(.*\\.html)": "{0}" } ]

  junk, interpose_json = tempfile.mkstemp(prefix='conf_', dir=root_repo)
  with open(interpose_json, 'wb') as fileobj:
    tuf.util.json.dump(interposition_dict, fileobj)

  tuf.interposition.configure(filename=interpose_json)

  return keyids