def _make_role_metadata_wrapper(root_repo, func): original_get_metadata_directory = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password tuf_repo = os.path.join(root_repo, 'tuf_repo') reg_repo = os.path.join(root_repo, 'reg_repo') targets_dir = os.path.join(tuf_repo, 'targets') metadata_dir = os.path.join(tuf_repo, 'metadata') keystore_dir = os.path.join(tuf_repo, 'keystore') conf_path = os.path.join(metadata_dir, 'config.cfg') _get_metadata_directory(metadata_dir) _get_password('test') if func.__name__ == 'make_targets_metadata': shutil.rmtree(targets_dir) shutil.copytree(reg_repo, targets_dir) _make_metadata_mock_prompts(targets_dir, conf_path) else: _make_metadata_mock_prompts(reg_repo, conf_path) func(keystore_dir) keystore.clear_keystore() signercli._get_password = original_get_password signercli._prompt = original_prompt signercli._get_metadata_directory = original_get_metadata_directory
def _make_role_metadata_wrapper(root_repo, func): expiration = tuf.formats.format_time(time.time() + 86400) expiration = expiration[0:expiration.rfind(' UTC')] original_get_metadata_directory = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password tuf_repo = os.path.join(root_repo, 'tuf_repo') reg_repo = os.path.join(root_repo, 'reg_repo') targets_dir = os.path.join(tuf_repo, 'targets') metadata_dir = os.path.join(tuf_repo, 'metadata') keystore_dir = os.path.join(tuf_repo, 'keystore') conf_path = os.path.join(metadata_dir, 'config.cfg') _get_metadata_directory(metadata_dir) _get_password(PASSWD) if func.__name__ == 'make_targets_metadata': shutil.rmtree(targets_dir) shutil.copytree(reg_repo, targets_dir) _make_metadata_mock_prompts(targets_dir, conf_path, expiration) else: _make_metadata_mock_prompts(reg_repo, conf_path, expiration) func(keystore_dir) keystore.clear_keystore() signercli._get_password = original_get_password signercli._prompt = original_prompt signercli._get_metadata_directory = original_get_metadata_directory
def _make_role_metadata_wrapper(root_repo, func): expiration = tuf.formats.format_time(time.time()+86400) expiration = expiration[0:expiration.rfind(' UTC')] original_get_metadata_directory = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password tuf_repo = os.path.join(root_repo, 'tuf_repo') reg_repo = os.path.join(root_repo, 'reg_repo') targets_dir = os.path.join(tuf_repo, 'targets') metadata_dir = os.path.join(tuf_repo, 'metadata') keystore_dir = os.path.join(tuf_repo, 'keystore') conf_path = os.path.join(metadata_dir, 'config.cfg') _get_metadata_directory(metadata_dir) _get_password(PASSWD) if func.__name__ == 'make_targets_metadata': shutil.rmtree(targets_dir) shutil.copytree(reg_repo, targets_dir) _make_metadata_mock_prompts(targets_dir, conf_path, expiration) else: _make_metadata_mock_prompts(reg_repo, conf_path, expiration) func(keystore_dir) keystore.clear_keystore() signercli._get_password = original_get_password signercli._prompt = original_prompt signercli._get_metadata_directory = original_get_metadata_directory
def cleanup(root_repo, server_process=None): if server_process is not None: if server_process.returncode is None: server_process.kill() logger.info('Server terminated.\n') # Clear the keystore. keystore.clear_keystore() # Deconfigure interposition. interpose_json = os.path.join(root_repo, 'tuf.interposition.json') if os.path.exists(interpose_json): tuf.interposition.deconfigure(filename=interpose_json) # Removing repository directory. try: shutil.rmtree(root_repo) except OSError, e: pass
def cleanup(root_repo, server_process=None): global tuf_configurations if server_process is not None: if server_process.returncode is None: server_process.kill() logger.info('Server terminated.\n') # Clear the keystore. keystore.clear_keystore() # Deconfigure interposition. if tuf_configurations is not None: tuf.interposition.deconfigure(tuf_configurations) tuf_configurations = None # Removing repository directory. try: shutil.rmtree(root_repo) except OSError, e: pass
def test_2__get_role_config_keyids(self): # SETUP original_get_password = signercli._get_password # Create temp directory for config file. config_dir = self.make_temp_directory() # Build a config file. config_filepath = signerlib.build_config_file(config_dir, 365, self.top_level_role_info) # Create a temp keystore directory. keystore_dir = self.create_temp_keystore_directory() # Patch '_get_password' method. self.get_passwords() # TESTS for role in self.role_list: # Test: normal cases. keystore.clear_keystore() signercli._get_role_config_keyids(config_filepath, keystore_dir, role) # Test: incorrect passwords. keystore.clear_keystore() role_keyids = self.top_level_role_info[role]['keyids'] for keyid in role_keyids: saved_pw = self.rsa_passwords[keyid] self.rsa_passwords[keyid] = self.random_string() self.assertRaises(tuf.Error, signercli._get_role_config_keyids, config_filepath, keystore_dir, role) # Restore the password. self.rsa_passwords[keyid] = saved_pw # Test: non-existing config file path. keystore.clear_keystore() self.assertRaises(tuf.Error, signercli._get_role_config_keyids, self.random_path(), keystore_dir, 'release') # Test: non-existing role. keystore.clear_keystore() self.assertRaises(tuf.Error, signercli._get_role_config_keyids, config_filepath, keystore_dir, 'no_such_role') # RESTORE signercli._get_password = original_get_password
def build_server_repository(server_repository_dir, targets_dir): """ <Purpose> 'build_server_repository' builds a complete repository based on target files provided in the 'targets_dir'. Delegated roles are included. """ # Save the originals of the functions patched by this function. # The patched functions will be restored prior to returning. original_get_metadata = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password original_get_keyids = signercli._get_keyids server_metadata_dir = os.path.join(server_repository_dir, 'metadata') keystore_dir = os.path.join(server_repository_dir, 'keystore') # Remove 'server_metadata_dir' and 'keystore_dir' if they already exist. if os.path.exists(server_metadata_dir): shutil.rmtree(server_metadata_dir) if os.path.exists(keystore_dir): shutil.rmtree(keystore_dir) # Make metadata directory inside server repository dir. os.mkdir(server_metadata_dir) # Make a keystore directory inside server's repository and populate it. os.mkdir(keystore_dir) _create_keystore(keystore_dir) # Build config file. build_config = signerlib.build_config_file top_level_role_info = unittest_toolbox.Modified_TestCase.top_level_role_info config_filepath = build_config(server_repository_dir, 365, top_level_role_info) # BUILD ROLE FILES. # Build root file. signerlib.build_root_file(config_filepath, role_keyids['root'], server_metadata_dir) # Build targets file. signerlib.build_targets_file(targets_dir, role_keyids['targets'], server_metadata_dir) # MAKE DELEGATIONS. # We will need to patch a few signercli prompts. # Specifically, signercli.make_delegations() asks user input for: # metadata directory, delegated targets directory, parent role, # passwords for parent role's keyids, delegated role's name, and # the keyid to be assigned to the delegated role. Take a look at # signercli's make_delegation() to gain bit more insight in what is # happening. # 'load_key' is a reference to the 'load_keystore_from_keyfiles function'. load_keys = keystore.load_keystore_from_keyfiles # Setup first level delegated role. delegated_level1 = os.path.join(targets_dir, 'delegated_level1') delegated_targets_dir = delegated_level1 parent_role = 'targets' delegated_role_name = 'delegated_role1' signing_keyids = role_keyids['targets/delegated_role1'] # Patching the 'signercli' prompts. # Mock method for signercli._get_metadata_directory(). def _mock_get_metadata_directory(): return server_metadata_dir # Mock method for signercli._prompt(). def _mock_prompt(msg, junk): if msg.startswith('\nThe directory entered'): return delegated_targets_dir elif msg.startswith('\nChoose and enter the parent'): return parent_role elif msg.endswith('\nEnter the delegated role\'s name: '): return delegated_role_name else: error_msg = ('Prompt: '+'\''+msg+'\''+ ' did not match any predefined mock prompts.') sys.exit(error_msg) # Mock method for signercli._get_password(). def _mock_get_password(msg): for keyid in unittest_toolbox.Modified_TestCase.rsa_keyids: if msg.endswith('('+keyid+'): '): return unittest_toolbox.Modified_TestCase.rsa_passwords[keyid] # Method to patch signercli._get_keyids() def _mock_get_keyids(junk): if signing_keyids: for keyid in signing_keyids: password = unittest_toolbox.Modified_TestCase.rsa_passwords[keyid] # Load the keyfile. load_keys(keystore_dir, [keyid], [password]) return signing_keyids # Patch signercli._get_metadata_directory(). signercli._get_metadata_directory = _mock_get_metadata_directory # Patch signercli._prompt(). signercli._prompt = _mock_prompt # Patch signercli._get_password(). signercli._get_password = _mock_get_password # Patch signercli._get_keyids(). signercli._get_keyids = _mock_get_keyids # Clear kestore's dictionaries, by detaching them from unittest_toolbox's # dictionaries. keystore._keystore = {} keystore._key_passwords = {} # Make first level delegation. signercli.make_delegation(keystore_dir) # Setup second level delegated role. delegated_level2 = os.path.join(delegated_level1, 'delegated_level2') delegated_targets_dir = delegated_level2 parent_role = 'targets/delegated_role1' delegated_role_name = 'delegated_role2' signing_keyids = role_keyids['targets/delegated_role1/delegated_role2'] # Clear kestore's dictionaries. keystore.clear_keystore() # Make second level delegation. signercli.make_delegation(keystore_dir) keystore._keystore = unittest_toolbox.Modified_TestCase.rsa_keystore keystore._key_passwords = unittest_toolbox.Modified_TestCase.rsa_passwords # Build release file. signerlib.build_release_file(role_keyids['release'], server_metadata_dir) # Build timestamp file. signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir) keystore._keystore = {} keystore._key_passwords = {} # RESTORE signercli._get_metadata_directory = original_get_metadata signercli._prompt = original_prompt signercli._get_password = original_get_password signercli._get_keyids = original_get_keyids
def create_delegation(tuf_repo, delegated_targets_path, keyid, keyid_password, parent_role, new_role_name, expiration_date): keystore_dir = os.path.join(tuf_repo, 'keystore') metadata_dir = os.path.join(tuf_repo, 'metadata') original_get_metadata_directory = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password original_get_keyids = signercli._get_keyids # Patch signercli._get_metadata_directory() _get_metadata_directory(metadata_dir) # Mock method for signercli._prompt(). def _mock_prompt(msg, junk, targets_path=delegated_targets_path, parent_role=parent_role, new_role_name=new_role_name, expiration=expiration_date): if msg.startswith('\nThe paths entered below should be located'): return targets_path elif msg.startswith('\nChoose and enter the parent'): return parent_role elif msg.startswith('\nEnter the delegated role\'s name: '): return new_role_name elif msg.startswith('\nCurrent time: '): return expiration else: error_msg = ('Prompt: '+'\''+msg+'\''+ ' did not match any predefined mock prompts.') sys.exit(error_msg) # Patch signercli._prompt(). signercli._prompt = _mock_prompt # Mock method for signercli._get_password(). def _mock_get_password(msg, keyid=keyid, password=keyid_password): _keyid = keyid[0] if msg.endswith('('+_keyid+'): '): return keyid_password else: return PASSWD # password for targets' keyid. # Patch signercli._get_password(). signercli._get_password = _mock_get_password # Method to patch signercli._get_keyids() def _mock_get_keyid(junk, keyid=keyid): return keyid # Patch signercli._get_keyids(). signercli._get_keyids = _mock_get_keyid signercli.make_delegation(keystore_dir) keystore.clear_keystore() signercli._get_keyids = original_get_keyids signercli._get_password = original_get_password signercli._prompt = original_prompt signercli._get_metadata_directory = original_get_metadata_directory
def test_6_sign_metadata_file(self): # SETUP original_get_metadata_directory = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password # To test this method, an RSA key will be created with # a password in addition to the existing RSA keys. # Create temp directory for config file. config_dir = self.make_temp_directory() # Build a config file. config_filepath = signerlib.build_config_file(config_dir, 365, self.top_level_role_info) # Create a temp repository and metadata directories. repo_dir = self.make_temp_directory() meta_dir = self.make_temp_directory(repo_dir) # Create a directory containing target files. targets_dir, targets_paths = \ self.make_temp_directory_with_data_files(directory=repo_dir) # Patch signercli._get_metadata_directory(). self.mock_get_metadata_directory(directory=meta_dir) # Patch signercli._get_password(). Used in _get_role_config_keyids(). self.get_passwords() # Create keystore directory. keystore_dir = self.create_temp_keystore_directory() # Mock method for signercli._prompt(). self.make_metadata_mock_prompts(targ_dir=targets_dir, conf_path=config_filepath) # Create metadata files. signercli.make_root_metadata(keystore_dir) keystore.clear_keystore() signercli.make_targets_metadata(keystore_dir) keystore.clear_keystore() signercli.make_release_metadata(keystore_dir) keystore.clear_keystore() signercli.make_timestamp_metadata(keystore_dir) keystore.clear_keystore() # Verify if the root, targets and release meta files were created. root_meta_filepath = os.path.join(meta_dir, 'root.txt') targets_meta_filepath = os.path.join(meta_dir, 'targets.txt') release_meta_filepath = os.path.join(meta_dir, 'release.txt') timestamp_meta_filepath = os.path.join(meta_dir, 'timestamp.txt') self.assertTrue(os.path.exists(root_meta_filepath)) self.assertTrue(os.path.exists(targets_meta_filepath)) self.assertTrue(os.path.exists(release_meta_filepath)) self.assertTrue(os.path.exists(timestamp_meta_filepath)) # Create a new RSA key, indicate metadata filename. new_keyid = self.generate_rsakey() meta_filename = targets_meta_filepath # Create keystore directory. New key is untouched. keystore_dir = self.create_temp_keystore_directory(keystore_dicts=True) # List of keyids to be returned by _get_keyids() signing_keyids = [] # Method to patch signercli._get_keyids() def _mock_get_keyids(junk): return signing_keyids # Method to patch signercli._prompt(). def _mock_prompt(msg, junk): return meta_filename # Patch signercli._get_keyids() signercli._get_keyids = _mock_get_keyids # Patch signercli._prompt(). signercli._prompt = _mock_prompt # TESTS # Test: no loaded keyids. self.assertRaises(tuf.RepositoryError, signercli.sign_metadata_file, keystore_dir) # Load new keyid. signing_keyids = [new_keyid] # Test: normal case. signercli.sign_metadata_file(keystore_dir) # Verify the change. self.assertTrue(os.path.exists(targets_meta_filepath)) # Load targets metadata from the file ('targets.txt'). targets_metadata = tuf.util.load_json_file(targets_meta_filepath) keyid_exists = False for signature in targets_metadata['signatures']: if new_keyid == signature['keyid']: keyid_exists = True break self.assertTrue(keyid_exists) # RESTORE signercli._get_password = original_get_password signercli._prompt = original_prompt signercli._get_metadata_directory = original_get_metadata_directory
def build_server_repository(server_repository_dir, targets_dir): """ <Purpose> 'build_server_repository' builds a complete repository based on target files provided in the 'targets_dir'. Delegated roles are included. """ # Save the originals of the functions patched by this function. # The patched functions will be restored prior to returning. original_get_metadata = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password original_get_keyids = signercli._get_keyids # The expiration date for created metadata, required by the 'signercli.py' # script. The expiration date is set to 259200 seconds ahead of the current # time. Set all the metadata versions numbers to 1. expiration_date = tuf.formats.format_time(time.time() + 259200) expiration_date = expiration_date[0:expiration_date.rfind(' UTC')] version = 1 server_metadata_dir = os.path.join(server_repository_dir, 'metadata') keystore_dir = os.path.join(server_repository_dir, 'keystore') # Remove 'server_metadata_dir' and 'keystore_dir' if they already exist. if os.path.exists(server_metadata_dir): shutil.rmtree(server_metadata_dir) if os.path.exists(keystore_dir): shutil.rmtree(keystore_dir) # Make metadata directory inside server repository dir. os.mkdir(server_metadata_dir) # Make a keystore directory inside server's repository and populate it. os.mkdir(keystore_dir) _create_keystore(keystore_dir) # Build config file. build_config = signerlib.build_config_file top_level_role_info = unittest_toolbox.Modified_TestCase.top_level_role_info config_filepath = build_config(server_repository_dir, 365, top_level_role_info) # BUILD ROLE FILES. # Build root file. signerlib.build_root_file(config_filepath, role_keyids['root'], server_metadata_dir, version) # Build targets file. signerlib.build_targets_file([targets_dir], role_keyids['targets'], server_metadata_dir, version, expiration_date + ' UTC') # MAKE DELEGATIONS. # We will need to patch a few signercli prompts. # Specifically, signercli.make_delegations() asks user input for: # metadata directory, delegated targets directory, parent role, # passwords for parent role's keyids, delegated role's name, and # the keyid to be assigned to the delegated role. Take a look at # signercli's make_delegation() to gain bit more insight in what is # happening. # 'load_key' is a reference to the 'load_keystore_from_keyfiles function'. load_keys = keystore.load_keystore_from_keyfiles # Setup first level delegated role. delegated_level1 = os.path.join(targets_dir, 'delegated_level1') delegated_targets_dir = delegated_level1 parent_role = 'targets' delegated_role_name = 'delegated_role1' signing_keyids = role_keyids['targets/delegated_role1'] # Patching the 'signercli' prompts. # Mock method for signercli._get_metadata_directory(). def _mock_get_metadata_directory(): return server_metadata_dir # Mock method for signercli._prompt(). def _mock_prompt(msg, junk): if msg.startswith('\nThe paths entered'): return delegated_targets_dir elif msg.startswith('\nChoose and enter the parent'): return parent_role elif msg.startswith('\nEnter the delegated role\'s name: '): return delegated_role_name elif msg.startswith('\nCurrent time:'): return expiration_date else: error_msg = ('Prompt: ' + '\'' + msg + '\'' + ' did not match any predefined mock prompts.') sys.exit(error_msg) # Mock method for signercli._get_password(). def _mock_get_password(msg): for keyid in unittest_toolbox.Modified_TestCase.rsa_keyids: if msg.endswith('(' + keyid + '): '): return unittest_toolbox.Modified_TestCase.rsa_passwords[keyid] # Method to patch signercli._get_keyids() def _mock_get_keyids(junk): if signing_keyids: for keyid in signing_keyids: password = unittest_toolbox.Modified_TestCase.rsa_passwords[ keyid] # Load the keyfile. load_keys(keystore_dir, [keyid], [password]) return signing_keyids # Patch signercli._get_metadata_directory(). signercli._get_metadata_directory = _mock_get_metadata_directory # Patch signercli._prompt(). signercli._prompt = _mock_prompt # Patch signercli._get_password(). signercli._get_password = _mock_get_password # Patch signercli._get_keyids(). signercli._get_keyids = _mock_get_keyids # Clear kestore's dictionaries, by detaching them from unittest_toolbox's # dictionaries. keystore._keystore = {} keystore._derived_keys = {} # Make first level delegation. signercli.make_delegation(keystore_dir) # Setup second level delegated role. delegated_level2 = os.path.join(delegated_level1, 'delegated_level2') delegated_targets_dir = delegated_level2 parent_role = 'targets/delegated_role1' delegated_role_name = 'delegated_role2' signing_keyids = role_keyids['targets/delegated_role1/delegated_role2'] # Clear kestore's dictionaries. keystore.clear_keystore() # Make second level delegation. signercli.make_delegation(keystore_dir) keystore._keystore = unittest_toolbox.Modified_TestCase.rsa_keystore keystore._derived_keys = unittest_toolbox.Modified_TestCase.rsa_passwords # Build release file. signerlib.build_release_file(role_keyids['release'], server_metadata_dir, version, expiration_date + ' UTC') # Build timestamp file. signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir, version, expiration_date + ' UTC') keystore._keystore = {} keystore._derived_keys = {} # RESTORE signercli._get_metadata_directory = original_get_metadata signercli._prompt = original_prompt signercli._get_password = original_get_password signercli._get_keyids = original_get_keyids
def setUp(self): """ The target delegations tree is fixed as such: targets -> [T1, T2] T1 -> [T3] """ global version version = version+1 expiration = tuf.formats.format_time(time.time()+86400) root_repo, url, server_proc, keyids = util_test_tools.init_repo(tuf=True) # Server side repository. tuf_repo = os.path.join(root_repo, 'tuf_repo') keystore_dir = os.path.join(tuf_repo, 'keystore') metadata_dir = os.path.join(tuf_repo, 'metadata') targets_dir = os.path.join(tuf_repo, 'targets') # We need to provide clients with a way to reach the tuf repository. tuf_repo_relpath = os.path.basename(tuf_repo) tuf_url = url+tuf_repo_relpath # Add files to the server side repository. # target1 = 'targets_dir/[random].txt' # target2 = 'targets_dir/[random].txt' add_target = util_test_tools.add_file_to_repository target1_path = add_target(targets_dir, data='target1') target2_path = add_target(targets_dir, data='target2') # Target paths relative to the 'targets_dir'. # Ex: targetX = 'targets/delegator/delegatee.txt' target1 = os.path.relpath(target1_path, tuf_repo) target2 = os.path.relpath(target2_path, tuf_repo) # Relative to repository's targets directory. target_filepaths = [target1, target2] # Store in self only the variables relevant for tests. self.root_repo = root_repo self.tuf_repo = tuf_repo self.server_proc = server_proc self.target_filepaths = target_filepaths # Targets delegated from A to B. self.delegated_targets = {} # Targets actually signed by B. self.signed_targets = {} self.mirrors = { "mirror1": { "url_prefix": tuf_url, "metadata_path": "metadata", "targets_path": "targets", "confined_target_dirs": [""] } } # Aliases for targets roles. self.T0 = 'targets' self.T1 = 'targets/T1' self.T2 = 'targets/T2' self.T3 = 'targets/T1/T3' # Get tracked and assigned targets, and generate targets metadata. self.make_targets_metadata() assert hasattr(self, 'T0_metadata') assert hasattr(self, 'T1_metadata') assert hasattr(self, 'T2_metadata') assert hasattr(self, 'T3_metadata') # Make delegation directories at the server's repository. metadata_targets_dir = os.path.join(metadata_dir, 'targets') metadata_T1_dir = os.path.join(metadata_targets_dir, 'T1') os.makedirs(metadata_T1_dir) # Delegations metadata paths for the 3 delegated targets roles. T0_path = os.path.join(metadata_dir, 'targets.txt') T1_path = os.path.join(metadata_targets_dir, 'T1.txt') T2_path = os.path.join(metadata_targets_dir, 'T2.txt') T3_path = os.path.join(metadata_T1_dir, 'T3.txt') # Generate RSA keys for the 3 delegatees. key1 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T1') key2 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T2') key3 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T3') # ID for each of the 3 keys. key1_id = key1['keyid'] key2_id = key2['keyid'] key3_id = key3['keyid'] # ID, in a list, for each of the 3 keys. key1_ids = [key1_id] key2_ids = [key2_id] key3_ids = [key3_id] # Public-key JSON for each of the 3 keys. key1_val = tuf.rsa_key.create_in_metadata_format(key1['keyval']) key2_val = tuf.rsa_key.create_in_metadata_format(key2['keyval']) key3_val = tuf.rsa_key.create_in_metadata_format(key3['keyval']) # Create delegation role metadata for each of the 3 delegated targets roles. make_role_metadata = tuf.formats.make_role_metadata T1_targets = self.relpath_from_targets(self.delegated_targets[self.T1]) T1_role = make_role_metadata(key1_ids, 1, name=self.T1, paths=T1_targets) T2_targets = self.relpath_from_targets(self.delegated_targets[self.T2]) T2_role = make_role_metadata(key2_ids, 1, name=self.T2, paths=T2_targets) T3_targets = self.relpath_from_targets(self.delegated_targets[self.T3]) T3_role = make_role_metadata(key3_ids, 1, name=self.T3, paths=T3_targets) # Assign 'delegations' object for 'targets': self.T0_metadata['signed']['delegations'] = { 'keys': {key1_id: key1_val, key2_id: key2_val}, 'roles': [T1_role, T2_role] } # Assign 'delegations' object for 'targets/T1': self.T1_metadata['signed']['delegations'] = { 'keys': {key3_id: key3_val}, 'roles': [T3_role] } sign = signerlib.sign_metadata write = signerlib.write_metadata_file # Sign new metadata objects. T0_signable = sign(self.T0_metadata, keyids, T0_path) T1_signable = sign(self.T1_metadata, key1_ids, T1_path) T2_signable = sign(self.T2_metadata, key2_ids, T2_path) T3_signable = sign(self.T3_metadata, key3_ids, T3_path) # Save new metadata objects. write(T0_signable, T0_path) write(T1_signable, T1_path) write(T2_signable, T2_path) write(T3_signable, T3_path) # Timestamp a new release to reflect latest targets. signerlib.build_release_file(keyids, metadata_dir, version, expiration) signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration) # Unload all keys. keystore.clear_keystore()
def build_server_repository(server_repository_dir, targets_dir): # Make metadata directory inside client and server repository dir. server_metadata_dir = os.path.join(server_repository_dir, 'metadata') os.mkdir(server_metadata_dir) # Make a keystore directory inside server's repository and populate it. keystore_dir = os.path.join(server_repository_dir, 'keystore') os.mkdir(keystore_dir) create_keystore(keystore_dir) # Build config file. build_config = signerlib.build_config_file config_filepath = build_config(server_repository_dir, 365, TestCase_Tools.top_level_role_info) # Role:keyids dictionary. role_keyids = {} for role in TestCase_Tools.semi_roledict.keys(): role_keyids[role] = TestCase_Tools.semi_roledict[role]['keyids'] # BUILD ROLE FILES. # Build root file. signerlib.build_root_file(config_filepath, role_keyids['root'], server_metadata_dir) # Build targets file. signerlib.build_targets_file(targets_dir, role_keyids['targets'], server_metadata_dir) # Build release file. signerlib.build_release_file(role_keyids['release'], server_metadata_dir) # Build timestamp file. signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir) # MAKE DELEGATIONS. # We will need to patch a few signercli prompts. # Specifically, signercli.make_delegations() asks user input for: # metadata directory, delegated targets directory, parent role, # passwords for parent role's keyids, delegated role's name, and # the keyid to be assigned to the delegated role. Take a look at # signercli's make_delegation() to gain bit more insight in what is # happening. # 'load_key' is a reference to the 'load_keystore_from_keyfiles function'. load_keys = keystore.load_keystore_from_keyfiles # Setup first level delegated role. delegated_level1 = os.path.join(targets_dir, 'delegated_level1') delegated_targets_dir = delegated_level1 parent_role = 'targets' delegated_role_name = 'delegated_role1' signing_keyids = role_keyids['targets/delegated_role1'] # Patching the prompts. # Mock method for signercli._get_metadata_directory(). def _mock_get_metadata_directory(): return server_metadata_dir # Mock method for signercli._prompt(). def _mock_prompt(msg, junk): if msg.startswith('\nNOTE: The directory entered'): return delegated_targets_dir elif msg.startswith('\nChoose and enter the parent'): return parent_role elif msg.endswith('\nEnter the delegated role\'s name: '): return delegated_role_name else: error_msg = ('Prompt: '+'\''+msg+'\''+ ' did not match any predefined mock prompts.') sys.exit(error_msg) # Mock method for signercli._get_password(). def _mock_get_password(msg): for keyid in TestCase_Tools.rsa_keyids: if msg.endswith('('+keyid+'): '): return TestCase_Tools.rsa_passwords[keyid] # Method to patch signercli._get_keyids() def _mock_get_keyids(junk): if signing_keyids: for keyid in signing_keyids: password = TestCase_Tools.rsa_passwords[keyid] # Load the keyfile. load_keys(keystore_dir, [keyid], [password]) return signing_keyids # Patch signercli._get_metadata_directory(). signercli._get_metadata_directory = _mock_get_metadata_directory # Patch signercli._prompt(). signercli._prompt = _mock_prompt # Patch signercli._get_password(). signercli._get_password = _mock_get_password # Patch signercli._get_keyids(). signercli._get_keyids = _mock_get_keyids # Clear kestore's dictionaries, by detaching them from unittest_toolbox's # dictionaries. keystore._keystore = {} keystore._key_passwords = {} # Make first level delegation. signercli.make_delegation(keystore_dir) # Setup first level delegated role. delegated_level2 = os.path.join(delegated_level1, 'delegated_level2') delegated_targets_dir = delegated_level2 parent_role = 'targets/delegated_role1' delegated_role_name = 'delegated_role2' signing_keyids = role_keyids['targets/delegated_role1/delegated_role2'] # Clear kestore's dictionaries. keystore.clear_keystore() # Make second level delegation. signercli.make_delegation(keystore_dir)
def setUp(self): """ The target delegations tree is fixed as such: targets -> [T1, T2] T1 -> [T3] """ global version version = version + 1 expiration = tuf.formats.format_time(time.time() + 86400) root_repo, url, server_proc, keyids = util_test_tools.init_repo( tuf=True) # Server side repository. tuf_repo = os.path.join(root_repo, 'tuf_repo') keystore_dir = os.path.join(tuf_repo, 'keystore') metadata_dir = os.path.join(tuf_repo, 'metadata') targets_dir = os.path.join(tuf_repo, 'targets') # We need to provide clients with a way to reach the tuf repository. tuf_repo_relpath = os.path.basename(tuf_repo) tuf_url = url + tuf_repo_relpath # Add files to the server side repository. # target1 = 'targets_dir/[random].txt' # target2 = 'targets_dir/[random].txt' add_target = util_test_tools.add_file_to_repository target1_path = add_target(targets_dir, data='target1') target2_path = add_target(targets_dir, data='target2') # Target paths relative to the 'targets_dir'. # Ex: targetX = 'targets/delegator/delegatee.txt' target1 = os.path.relpath(target1_path, tuf_repo) target2 = os.path.relpath(target2_path, tuf_repo) # Relative to repository's targets directory. target_filepaths = [target1, target2] # Store in self only the variables relevant for tests. self.root_repo = root_repo self.tuf_repo = tuf_repo self.server_proc = server_proc self.target_filepaths = target_filepaths # Targets delegated from A to B. self.delegated_targets = {} # Targets actually signed by B. self.signed_targets = {} self.mirrors = { "mirror1": { "url_prefix": tuf_url, "metadata_path": "metadata", "targets_path": "targets", "confined_target_dirs": [""] } } # Aliases for targets roles. self.T0 = 'targets' self.T1 = 'targets/T1' self.T2 = 'targets/T2' self.T3 = 'targets/T1/T3' # Get tracked and assigned targets, and generate targets metadata. self.make_targets_metadata() assert hasattr(self, 'T0_metadata') assert hasattr(self, 'T1_metadata') assert hasattr(self, 'T2_metadata') assert hasattr(self, 'T3_metadata') # Make delegation directories at the server's repository. metadata_targets_dir = os.path.join(metadata_dir, 'targets') metadata_T1_dir = os.path.join(metadata_targets_dir, 'T1') os.makedirs(metadata_T1_dir) # Delegations metadata paths for the 3 delegated targets roles. T0_path = os.path.join(metadata_dir, 'targets.txt') T1_path = os.path.join(metadata_targets_dir, 'T1.txt') T2_path = os.path.join(metadata_targets_dir, 'T2.txt') T3_path = os.path.join(metadata_T1_dir, 'T3.txt') # Generate RSA keys for the 3 delegatees. key1 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T1') key2 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T2') key3 = signerlib.generate_and_save_rsa_key(keystore_dir, 'T3') # ID for each of the 3 keys. key1_id = key1['keyid'] key2_id = key2['keyid'] key3_id = key3['keyid'] # ID, in a list, for each of the 3 keys. key1_ids = [key1_id] key2_ids = [key2_id] key3_ids = [key3_id] # Public-key JSON for each of the 3 keys. key1_val = tuf.rsa_key.create_in_metadata_format(key1['keyval']) key2_val = tuf.rsa_key.create_in_metadata_format(key2['keyval']) key3_val = tuf.rsa_key.create_in_metadata_format(key3['keyval']) # Create delegation role metadata for each of the 3 delegated targets roles. make_role_metadata = tuf.formats.make_role_metadata T1_targets = self.relpath_from_targets(self.delegated_targets[self.T1]) T1_role = make_role_metadata(key1_ids, 1, name=self.T1, paths=T1_targets) T2_targets = self.relpath_from_targets(self.delegated_targets[self.T2]) T2_role = make_role_metadata(key2_ids, 1, name=self.T2, paths=T2_targets) T3_targets = self.relpath_from_targets(self.delegated_targets[self.T3]) T3_role = make_role_metadata(key3_ids, 1, name=self.T3, paths=T3_targets) # Assign 'delegations' object for 'targets': self.T0_metadata['signed']['delegations'] = { 'keys': { key1_id: key1_val, key2_id: key2_val }, 'roles': [T1_role, T2_role] } # Assign 'delegations' object for 'targets/T1': self.T1_metadata['signed']['delegations'] = { 'keys': { key3_id: key3_val }, 'roles': [T3_role] } sign = signerlib.sign_metadata write = signerlib.write_metadata_file # Sign new metadata objects. T0_signable = sign(self.T0_metadata, keyids, T0_path) T1_signable = sign(self.T1_metadata, key1_ids, T1_path) T2_signable = sign(self.T2_metadata, key2_ids, T2_path) T3_signable = sign(self.T3_metadata, key3_ids, T3_path) # Save new metadata objects. write(T0_signable, T0_path) write(T1_signable, T1_path) write(T2_signable, T2_path) write(T3_signable, T3_path) # Timestamp a new release to reflect latest targets. signerlib.build_release_file(keyids, metadata_dir, version, expiration) signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration) # Unload all keys. keystore.clear_keystore()
def create_delegation(tuf_repo, delegated_targets_path, keyid, keyid_password, parent_role, new_role_name, expiration_date): keystore_dir = os.path.join(tuf_repo, 'keystore') metadata_dir = os.path.join(tuf_repo, 'metadata') original_get_metadata_directory = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password original_get_keyids = signercli._get_keyids # Patch signercli._get_metadata_directory() _get_metadata_directory(metadata_dir) # Mock method for signercli._prompt(). def _mock_prompt(msg, junk, targets_path=delegated_targets_path, parent_role=parent_role, new_role_name=new_role_name, expiration=expiration_date): if msg.startswith('\nThe paths entered below should be located'): return targets_path elif msg.startswith('\nChoose and enter the parent'): return parent_role elif msg.startswith('\nEnter the delegated role\'s name: '): return new_role_name elif msg.startswith('\nCurrent time: '): return expiration else: error_msg = ('Prompt: ' + '\'' + msg + '\'' + ' did not match any predefined mock prompts.') sys.exit(error_msg) # Patch signercli._prompt(). signercli._prompt = _mock_prompt # Mock method for signercli._get_password(). def _mock_get_password(msg, keyid=keyid, password=keyid_password): _keyid = keyid[0] if msg.endswith('(' + _keyid + '): '): return keyid_password else: return PASSWD # password for targets' keyid. # Patch signercli._get_password(). signercli._get_password = _mock_get_password # Method to patch signercli._get_keyids() def _mock_get_keyid(junk, keyid=keyid): return keyid # Patch signercli._get_keyids(). signercli._get_keyids = _mock_get_keyid signercli.make_delegation(keystore_dir) keystore.clear_keystore() signercli._get_keyids = original_get_keyids signercli._get_password = original_get_password signercli._prompt = original_prompt signercli._get_metadata_directory = original_get_metadata_directory
def test_7_make_delegation(self): # SETUP original_get_metadata_directory = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password # Create a temp repository and metadata directories. repo_dir = self.make_temp_directory() meta_dir = self.make_temp_directory(directory=repo_dir) # Create targets directories. targets_dir, targets_paths =\ self.make_temp_directory_with_data_files(directory=repo_dir) delegated_targets_dir = os.path.join(targets_dir,'targets', 'delegated_level1') # Assign parent role and name of the delegated role. parent_role = 'targets' delegated_role = 'delegated_role_1' # Create couple new RSA keys for delegation levels 1 and 2. new_keyid_1 = self.generate_rsakey() new_keyid_2 = self.generate_rsakey() # Create temp directory for config file. config_dir = self.make_temp_directory() # Build a config file. config_filepath = signerlib.build_config_file(config_dir, 365, self.top_level_role_info) # Patch signercli._get_metadata_directory(). self.mock_get_metadata_directory(directory=meta_dir) # Patch signercli._get_password(). Get passwords for parent's keyids. self.get_passwords() # Create keystore directory. keystore_dir = self.create_temp_keystore_directory() # Mock method for signercli._prompt() to generate targets.txt file. self.make_metadata_mock_prompts(targ_dir=targets_dir, conf_path=config_filepath) # List of keyids to be returned by _get_keyids() signing_keyids = [new_keyid_1] # Load keystore. load_keystore = keystore.load_keystore_from_keyfiles # Build the root metadata file (root.txt). signercli.make_root_metadata(keystore_dir) # Build targets metadata file (targets.txt). signercli.make_targets_metadata(keystore_dir) # Clear kestore's dictionaries. keystore.clear_keystore() # Mock method for signercli._prompt(). def _mock_prompt(msg, junk): if msg.startswith('\nThe directory entered'): return delegated_targets_dir elif msg.startswith('\nChoose and enter the parent'): return parent_role elif msg.endswith('\nEnter the delegated role\'s name: '): return delegated_role else: error_msg = ('Prompt: '+'\''+msg+'\''+ ' did not match any predefined mock prompts.') self.fail(error_msg) # Mock method for signercli._get_password(). def _mock_get_password(msg): for keyid in self.rsa_keyids: if msg.endswith('('+keyid+'): '): return self.rsa_passwords[keyid] # Method to patch signercli._get_keyids() def _mock_get_keyids(junk): if signing_keyids: for keyid in signing_keyids: password = self.rsa_passwords[keyid] # Load the keyfile. load_keystore(keystore_dir, [keyid], [password]) return signing_keyids # Patch signercli._prompt(). signercli._prompt = _mock_prompt # Patch signercli._get_password(). signercli._get_password = _mock_get_password # Patch signercli._get_keyids(). signercli._get_keyids = _mock_get_keyids # TESTS # Test: invalid parent role. # Assign a non-existing parent role. parent_role = self.random_string() self.assertRaises(tuf.RepositoryError, signercli.make_delegation, keystore_dir) # Restore parent role. parent_role = 'targets' # Test: invalid password(s) for parent's keyids. keystore.clear_keystore() parent_keyids = self.top_level_role_info[parent_role]['keyids'] for keyid in parent_keyids: saved_pw = self.rsa_passwords[keyid] self.rsa_passwords[keyid] = self.random_string() self.assertRaises(tuf.RepositoryError, signercli.make_delegation, keystore_dir) self.rsa_passwords[keyid] = saved_pw # Test: delegated_keyids == 0. keystore.clear_keystore() # Load 0 keyids (== 0). signing_keyids = [] self.assertRaises(tuf.RepositoryError, signercli.make_delegation, keystore_dir) keystore.clear_keystore() # Restore signing_keyids (== 1). signing_keyids = [new_keyid_1] # Test: normal case 1. # Testing first level delegation. signercli.make_delegation(keystore_dir) # Verify delegated metadata file exists. delegated_meta_file = os.path.join(meta_dir, parent_role, delegated_role+'.txt') self.assertTrue(os.path.exists(delegated_meta_file)) # Test: normal case 2. # Testing second level delegation. keystore.clear_keystore() # Make necessary adjustments for the test. signing_keyids = [new_keyid_2] delegated_targets_dir = os.path.join(delegated_targets_dir, 'delegated_level2') parent_role = os.path.join(parent_role, delegated_role) delegated_role = 'delegated_role_2' signercli.make_delegation(keystore_dir) # Verify delegated metadata file exists. delegated_meta_file = os.path.join(meta_dir, parent_role, delegated_role+'.txt') self.assertTrue(os.path.exists(delegated_meta_file)) # Test: normal case 3. # Testing delegated_keyids > 1. # Ensure make_delegation() sets 'threshold' = 2 for the delegated role. keystore.clear_keystore() # Populate 'signing_keyids' with multiple keys, so the # the delegated metadata is set to a threshold > 1. signing_keyids = [new_keyid_1, new_keyid_2] parent_role = 'targets' delegated_role = 'delegated_role_1' signercli.make_delegation(keystore_dir) # Verify delegated metadata file exists. delegated_meta_file = os.path.join(meta_dir, parent_role, delegated_role+'.txt') self.assertTrue(os.path.exists(delegated_meta_file)) # Verify the threshold value of the delegated metadata file # by inspecting the parent role's 'delegations' field. parent_role_file = os.path.join(meta_dir, parent_role+'.txt') signable = signerlib.read_metadata_file(parent_role_file) delegated_rolename = parent_role+'/'+delegated_role threshold = signable['signed']['delegations']['roles']\ [delegated_rolename]['threshold'] self.assertTrue(threshold == 2) # RESTORE signercli._get_password = original_get_password signercli._prompt = original_prompt signercli._get_metadata_directory = original_get_metadata_directory
def test_2__get_all_config_keyids(self): # SETUP original_get_password = signercli._get_password # Create temp directory for config file. config_dir = self.make_temp_directory() # Build the config file needed by '_get_all_config_keyids. config_filepath = signerlib.build_config_file(config_dir, 365, self.top_level_role_info) # Create a temp keystore directory. keystore_dir = self.create_temp_keystore_directory() # 'sample_keyid' used to test invalid keyid. sample_keyid = self.rsa_keyids[0] # Patch signercli._get_password() self.get_passwords() # TESTS # Test: an incorrect password. saved_pw = self.rsa_passwords[sample_keyid] self.rsa_passwords[sample_keyid] = self.random_string() self.assertRaises(tuf.Error, signercli._get_all_config_keyids, config_filepath, keystore_dir) # Restore the password. self.rsa_passwords[sample_keyid] = saved_pw # Test: missing top-level role in the config file. # Clear keystore's dictionaries. keystore.clear_keystore() # Remove a role from 'top_level_role_info' which is used to construct # config file. targets_holder = self.top_level_role_info['targets'] del self.top_level_role_info['targets'] # Build config file without 'targets' role. config_filepath = signerlib.build_config_file(config_dir, 365, self.top_level_role_info) self.assertRaises(tuf.Error, signercli._get_all_config_keyids, config_filepath, keystore_dir) # Rebuild config file and 'top_level_role_info'. self.top_level_role_info['targets'] = targets_holder config_filepath = signerlib.build_config_file(config_dir, 365, self.top_level_role_info) # Test: non-existing config file path. keystore.clear_keystore() self.assertRaises(tuf.Error, signercli._get_all_config_keyids, self.random_path(), keystore_dir) # Test: normal case. keystore.clear_keystore() signercli._get_all_config_keyids(config_filepath, keystore_dir) # RESTORE signercli._get_password = original_get_password
def test_4_make_release_metadata(self): # SETUP original_get_metadata_directory = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password # In order to build release metadata file (release.txt), # root and targets metadata files (root.txt, targets.txt) # must exist in the metadata directory. # Create temp directory for config file. config_dir = self.make_temp_directory() # Build a config file. config_filepath = signerlib.build_config_file(config_dir, 365, self.top_level_role_info) # Create a temp repository and metadata directories. repo_dir = self.make_temp_directory() meta_dir = self.make_temp_directory(repo_dir) # Create a directory containing target files. targets_dir, targets_paths = \ self.make_temp_directory_with_data_files(directory=repo_dir) # Patch signercli._get_metadata_directory(). self.mock_get_metadata_directory(directory=meta_dir) # Patch signercli._get_password(). Used in _get_role_config_keyids(). self.get_passwords() # Create keystore directory. keystore_dir = self.create_temp_keystore_directory() # Mock method for signercli._prompt(). self.make_metadata_mock_prompts(targ_dir=targets_dir, conf_path=config_filepath) # TESTS # Test: no root.txt in the metadata dir. signercli.make_targets_metadata(keystore_dir) # Verify that 'tuf.RepositoryError' is raised due to a missing root.txt. keystore.clear_keystore() self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt'))) self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata, keystore_dir) os.remove(os.path.join(meta_dir,'targets.txt')) keystore.clear_keystore() # Test: no targets.txt in the metadatadir. signercli.make_root_metadata(keystore_dir) keystore.clear_keystore() # Verify that 'tuf.RepositoryError' is raised due to a missing targets.txt. self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt'))) self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata, keystore_dir) os.remove(os.path.join(meta_dir,'root.txt')) keystore.clear_keystore() # Test: normal case. signercli.make_root_metadata(keystore_dir) keystore.clear_keystore() signercli.make_targets_metadata(keystore_dir) keystore.clear_keystore() signercli.make_release_metadata(keystore_dir) keystore.clear_keystore() # Verify if the root, targets and release meta files were created. self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt'))) self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt'))) self.assertTrue(os.path.exists(os.path.join(meta_dir, 'release.txt'))) # Test: invalid config path. # Supply a non-existing config file path. self.make_metadata_mock_prompts(targ_dir=targets_dir, conf_path=self.random_path()) self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata, keystore_dir) # Restore the config file path. self.make_metadata_mock_prompts(targ_dir=targets_dir, conf_path=config_filepath) # Test: incorrect 'release' passwords. # Clear keystore's dictionaries. keystore.clear_keystore() keyids = self.top_level_role_info['release']['keyids'] for keyid in keyids: saved_pw = self.rsa_passwords[keyid] self.rsa_passwords[keyid] = self.random_string() self.assertRaises(tuf.RepositoryError, signercli.make_release_metadata, keystore_dir) self.rsa_passwords[keyid] = saved_pw # RESTORE signercli._get_password = original_get_password signercli._prompt = original_prompt signercli._get_metadata_directory = original_get_metadata_directory
def test_3_make_root_metadata(self): # SETUP original_get_metadata_directory = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password # Create temp directory for config file. config_dir = self.make_temp_directory() # Build a config file. config_filepath = signerlib.build_config_file(config_dir, 365, self.top_level_role_info) # Create a temp metadata directory. meta_dir = self.make_temp_directory() # Patch signercli._get_metadata_directory(). self.mock_get_metadata_directory(directory=meta_dir) # Patch signercli._prompt(). self.mock_prompt(config_filepath) # Patch signercli._get_password(). self.get_passwords() # Create keystore directory. keystore_dir = self.create_temp_keystore_directory() # TESTS # Test: normal case. signercli.make_root_metadata(keystore_dir) # Verify that the root metadata path was created. self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt'))) # Test: invalid config path. # Clear keystore's dictionaries. keystore.clear_keystore() # Supply a non-existing path to signercli._prompt(). self.mock_prompt(self.random_path()) self.assertRaises(tuf.RepositoryError, signercli.make_root_metadata, keystore_dir) # Re-patch signercli._prompt() with valid config path. self.mock_prompt(config_filepath) # Test: incorrect 'root' passwords. # Clear keystore's dictionaries. keystore.clear_keystore() keyids = self.top_level_role_info['root']['keyids'] for keyid in keyids: saved_pw = self.rsa_passwords[keyid] self.rsa_passwords[keyid] = self.random_string() self.assertRaises(tuf.RepositoryError, signercli.make_root_metadata, keystore_dir) self.rsa_passwords[keyid] = saved_pw # RESTORE signercli._get_password = original_get_password signercli._prompt = original_prompt signercli._get_metadata_directory = original_get_metadata_directory
def test_4_change_password(self): # SETUP original_get_metadata_directory = signercli._get_metadata_directory original_prompt = signercli._prompt original_get_password = signercli._get_password # Create keystore and repo directories. keystore_dir = self.create_temp_keystore_directory() repo_dir = self.make_temp_directory() # Create temp directory for config file. config_dir = self.make_temp_directory() # Build a config file. config_filepath = signerlib.build_config_file(config_dir, 365, self.top_level_role_info) # Create a temp metadata directory. meta_dir = self.make_temp_directory() # Patch signercli._get_metadata_directory(). self.mock_get_metadata_directory(directory=meta_dir) # Patch signercli._prompt(). self.mock_prompt(config_filepath) # Patch '_get_password' method. self.get_passwords() signercli.make_root_metadata(keystore_dir) # Create a directory containing target files. targets_dir, targets_paths =\ self.make_temp_directory_with_data_files(directory=repo_dir) # Mock method for signercli._prompt(). self.make_metadata_mock_prompts(targ_dir=targets_dir, conf_path=config_filepath) signercli.make_targets_metadata(keystore_dir) test_keyid = self.rsa_keyids[0] self.mock_prompt(test_keyid) # Specify old password and create a new password. old_password = self.rsa_passwords[test_keyid] new_password = self.random_string() # Mock method for signercli._get_password() def _mock_get_password(msg, confirm=False, old_pw=old_password, new_pw=new_password): if msg.startswith('\nEnter the old password for the keyid: '): return old_pw else: return new_pw # Patch signercli._get_password. signercli._get_password = _mock_get_password # TESTS # Test: normal case. signercli.change_password(keystore_dir) # Verify password change. self.assertEqual(keystore._key_passwords[test_keyid], new_password) # Test: non-existing keyid. keystore.clear_keystore() self.mock_prompt(self.random_string(15)) self.assertRaises(tuf.RepositoryError, signercli.change_password, keystore_dir) # Restore the prompt input to existing keyid. self.mock_prompt(test_keyid) # Test: non-existing old password. keystore.clear_keystore() old_password = self.random_string() self.assertRaises(tuf.RepositoryError, signercli.change_password, keystore_dir) # RESTORE signercli._get_password = original_get_password signercli._prompt = original_prompt signercli._get_metadata_directory = original_get_metadata_directory