def test_3_generate_root_metadata(self):
"""
test_3_build_root_metadata() is based on two other signerlib methods
i.e. build_config_file() and read_config_file(). Hence, 3rd level.
"""
# SETUP
original_get_key = tuf.repo.keystore.get_key
build_config = signerlib.build_config_file
version = 8
# Create a temp directory to hold a config file.
config_dir = self.make_temp_directory()
# Create config file using previously tested build_config_file().
config_path = build_config(config_dir, 365, self.top_level_role_info)
# Create a config file without a 'targets' role section.
notargets_conf_dir = self.make_temp_directory()
saved_targets_role = self.top_level_role_info['targets']
del self.top_level_role_info['targets']
notargets_conf_path = build_config(notargets_conf_dir, 365,
self.top_level_role_info)
# Restore top_level_role_info to initial state.
self.top_level_role_info['targets'] = saved_targets_role
# TESTS
# Test: What if keystore is not set up?
self.assertRaises(tuf.UnknownKeyError,
signerlib.generate_root_metadata, config_path,
version)
# Patch keystore's get_key method. No harm is done here since correct
# arguments are passed and keystore methods are tested separately.
tuf.repo.keystore.get_key = self.get_keystore_key
# Test: normal case. Pass a correct config path.
root_meta = signerlib.generate_root_metadata(config_path, version)
# Check if the returned dictionary corresponds to SIGNABLE_SCHEMA.
self.assertTrue(formats.SIGNABLE_SCHEMA.matches(root_meta))
# Test: bogus arguments.
self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
notargets_conf_path, version)
self.assertRaises(tuf.Error, signerlib.generate_root_metadata, '',
version)
self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
self.random_string(), version)
self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
{self.random_string(): self.random_string()},
version)
self.assertRaises(tuf.FormatError, signerlib.generate_root_metadata,
config_path, self.random_string())
# RESTORE
tuf.repo.keystore.get_key = original_get_key
def test_3_generate_root_metadata(self):
"""
test_3_build_root_metadata() is based on two other signerlib methods
i.e. build_config_file() and read_config_file(). Hence, 3rd level.
"""
# SETUP
original_get_key = tuf.repo.keystore.get_key
build_config = signerlib.build_config_file
version = 8
# Create a temp directory to hold a config file.
config_dir = self.make_temp_directory()
# Create config file using previously tested build_config_file().
config_path = build_config(config_dir, 365, self.top_level_role_info)
# Create a config file without a 'targets' role section.
notargets_conf_dir = self.make_temp_directory()
saved_targets_role = self.top_level_role_info['targets']
del self.top_level_role_info['targets']
notargets_conf_path = build_config(notargets_conf_dir, 365,
self.top_level_role_info)
# Restore top_level_role_info to initial state.
self.top_level_role_info['targets'] = saved_targets_role
# TESTS
# Test: What if keystore is not set up?
self.assertRaises(tuf.UnknownKeyError, signerlib.generate_root_metadata,
config_path, version)
# Patch keystore's get_key method. No harm is done here since correct
# arguments are passed and keystore methods are tested separately.
tuf.repo.keystore.get_key = self.get_keystore_key
# Test: normal case. Pass a correct config path.
root_meta = signerlib.generate_root_metadata(config_path, version)
# Check if the returned dictionary corresponds to SIGNABLE_SCHEMA.
self.assertTrue(formats.SIGNABLE_SCHEMA.matches(root_meta))
# Test: bogus arguments.
self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
notargets_conf_path, version)
self.assertRaises(tuf.Error, signerlib.generate_root_metadata, '', version)
self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
self.random_string(), version)
self.assertRaises(tuf.Error, signerlib.generate_root_metadata,
{self.random_string(): self.random_string()}, version)
self.assertRaises(tuf.FormatError, signerlib.generate_root_metadata,
config_path, self.random_string())
# RESTORE
tuf.repo.keystore.get_key = original_get_key
def test_1__sign_and_write_metadata(self):
# SETUP
# Role to test.
role = 'root'
# Create temp directory.
temp_dir = self.make_temp_directory()
# File name.
filename = os.path.join(temp_dir, role+'.txt')
# Role's keyids.
keyids = self.top_level_role_info[role]['keyids']
# Create a temp keystore directory.
keystore_dir =\
self.create_temp_keystore_directory(keystore_dicts=True)
# Create temp directory for config file.
config_dir = self.make_temp_directory()
# Build config file.
config_filepath = signerlib.build_config_file(config_dir, 365,
self.top_level_role_info)
# Create role's metadata.
signable_meta = signerlib.generate_root_metadata(config_filepath)
# TESTS
# Test: normal case.
signercli._sign_and_write_metadata(signable_meta, keyids, filename)
# Verify that the root meta file was created.
self.assertTrue(os.path.exists(filename))
Errors = (tuf.Error, tuf.FormatError)
# Test: invalid metadata.
self.assertRaises(Errors, signercli._sign_and_write_metadata,
self.random_string(), keyids, filename)
# Test: invalid keyids
invalid_keyids = self.random_string()
self.assertRaises(Errors, signercli._sign_and_write_metadata,
signable_meta, invalid_keyids, filename)
# Test: invalid filename
self.assertRaises(Errors, signercli._sign_and_write_metadata,
signable_meta, invalid_keyids, True)
def test_3_generate_root_metadata(self):
"""
test_3_build_root_metadata() is based on two other signerlib methods
i.e. build_config_file() and read_config_file(). Hence, 3rd level.
"""
# SETUP
build_config = signerlib.build_config_file
# Create a temp directory to hold a config file.
config_dir = self.make_temp_directory()
# Create config file using previously tested build_config_file().
config_path = build_config(config_dir, 365, self.semi_roledict)
# Create a config file without a 'targets' role section.
notargets_conf_dir = self.make_temp_directory()
saved_targets_role = self.semi_roledict['targets']
del self.semi_roledict['targets']
notargets_conf_path = build_config(notargets_conf_dir, 365,
self.semi_roledict)
# Restore semi_roledict to initial state.
self.semi_roledict['targets'] = saved_targets_role
# TESTS
# Test: What if keystore is not set up?
self.assertRaises(tuf.UnknownKeyError, signerlib.generate_root_metadata,
config_path)
# Patch keystore's get_key method. No harm is done here since correct
# arguments are passed and keystore methods are tested separately.
signerlib.tuf.repo.keystore.get_key = self.get_keystore_key
# Test: normal case. Pass a correct config path.
try:
root_meta = signerlib.generate_root_metadata(config_path)
except Exception, e:
raise
def _get_role_info(self, role, directory=None):
"""
This method generates role's metadata dictionary, it uses previously
tested signerlib's methods. Note that at everything maintains the order.
Nothing that has not been tested previously is used in any of the
following conditions.
<Arguments>
directory:
Directory of a config file.
<Returns>
Tuple (role's metadata(not signed), role's keyids, directory, optional)
"""
if not directory:
# Create a temp directory to hold a config file.
directory = self.make_temp_directory()
# Get role's keyids.
role_keyids = self.top_level_role_info[role]["keyids"]
if role == "root":
# Create config file using previously tested build_config_file().
config_path = signerlib.build_config_file(directory, 365, self.top_level_role_info)
# Patch keystore's get_key method.
tuf.repo.keystore.get_key = self.get_keystore_key
# Create root metadata.
root_meta = signerlib.generate_root_metadata(config_path)
return root_meta, role_keyids, directory, config_path
elif role == "targets":
# Generate target files.
# 'repo_dir' represents repository base.
# 'target_files' represents a list of relative target paths.
repo_dir, target_files = self.make_temp_directory_with_data_files(directory=directory)
# Patch keystore's get_key method.
tuf.repo.keystore.get_key = self.get_keystore_key
# Run the 'signerlib.generate_targets_metadata'. Test its return value.
# Its return value should correspond to tuf.formats.SIGNABLE_SCHEMA
targets_meta = signerlib.generate_targets_metadata(repo_dir, target_files)
return targets_meta, role_keyids, repo_dir, target_files
elif role == "release":
# Generate 'root.txt' and 'targets.txt' with targets directory in
# the repository containing files and directories.
meta_dir = self._create_root_and_targets_meta_files()
release_meta = signerlib.generate_release_metadata(meta_dir)
return release_meta, role_keyids, meta_dir
elif role == "timestamp":
# Generate 'release.txt' which includes creation of 'root.txt',
# 'targets.txt' and target files.
junk, release_keyids, meta_dir = self._get_role_info("release")
signerlib.build_release_file(release_keyids, meta_dir)
release_filepath = os.path.join(meta_dir, "release.txt")
# Generate timestamp metadata.
timestamp_meta = signerlib.generate_timestamp_metadata(release_filepath)
return timestamp_meta, role_keyids, meta_dir
else:
print "\nUnrecognized top-level role."
def _get_role_info(self, role, directory=None):
"""
This method generates role's metadata dictionary, it uses previously
tested signerlib's methods. Note that at everything maintains the order.
Nothing that has not been tested previously is used in any of the
following conditions.
<Arguments>
directory:
Directory of a config file.
<Returns>
Tuple (role's metadata(not signed), role's keyids, directory, optional)
"""
# The version number and expiration date for metadata files created.
version = 8
expiration_date = '1985-10-26 01:20:00 UTC'
if not directory:
# Create a temp directory to hold a config file.
directory = self.make_temp_directory()
# Get role's keyids.
role_keyids = self.top_level_role_info[role]['keyids']
if role == 'root':
# Create config file using previously tested build_config_file().
config_path = signerlib.build_config_file(directory, 365,
self.top_level_role_info)
# Patch keystore's get_key method.
tuf.repo.keystore.get_key = self.get_keystore_key
# Create root metadata.
root_meta = signerlib.generate_root_metadata(config_path, version)
return root_meta, role_keyids, directory, config_path
elif role == 'targets':
# Generate target files.
# 'repo_dir' represents repository base.
# 'target_files' represents a list of relative target paths.
repo_dir, target_files = \
self.make_temp_directory_with_data_files(directory=directory)
# Patch keystore's get_key method.
tuf.repo.keystore.get_key = self.get_keystore_key
# Run the 'signerlib.generate_targets_metadata'. Test its return value.
# Its return value should correspond to tuf.formats.SIGNABLE_SCHEMA
targets_meta = signerlib.generate_targets_metadata(repo_dir, target_files,
version,
expiration_date)
return targets_meta, role_keyids, repo_dir, target_files
elif role == 'release':
# Generate 'root.txt' and 'targets.txt' with targets directory in
# the repository containing files and directories.
meta_dir = self._create_root_and_targets_meta_files()
release_meta = signerlib.generate_release_metadata(meta_dir, version,
expiration_date)
return release_meta, role_keyids, meta_dir
elif role == 'timestamp':
# Generate 'release.txt' which includes creation of 'root.txt',
# 'targets.txt' and target files.
junk, release_keyids, meta_dir = self._get_role_info('release')
signerlib.build_release_file(release_keyids, meta_dir, version,
expiration_date)
release_filepath = os.path.join(meta_dir, 'release.txt')
# Generate timestamp metadata.
timestamp_meta = signerlib.generate_timestamp_metadata(release_filepath,
version,
expiration_date)
return timestamp_meta, role_keyids, meta_dir
else:
logger.warning('\nUnrecognized top-level role.')