def test_6_sign_metadata_file(self):
# SETUP
original_get_metadata_directory = signercli._get_metadata_directory
original_prompt = signercli._prompt
original_get_password = signercli._get_password
# To test this method, an RSA key will be created with
# a password in addition to the existing RSA keys.
# Create temp directory for config file.
config_dir = self.make_temp_directory()
# Build a config file.
config_filepath = signerlib.build_config_file(config_dir, 365,
self.top_level_role_info)
# Create a temp repository and metadata directories.
repo_dir = self.make_temp_directory()
meta_dir = self.make_temp_directory(repo_dir)
# Create a directory containing target files.
targets_dir, targets_paths = \
self.make_temp_directory_with_data_files(directory=repo_dir)
# Patch signercli._get_metadata_directory().
self.mock_get_metadata_directory(directory=meta_dir)
# Patch signercli._get_password(). Used in _get_role_config_keyids().
self.get_passwords()
# Create keystore directory.
keystore_dir = self.create_temp_keystore_directory()
# Mock method for signercli._prompt().
self.make_metadata_mock_prompts(targ_dir=targets_dir,
conf_path=config_filepath)
# Create metadata files.
signercli.make_root_metadata(keystore_dir)
keystore.clear_keystore()
signercli.make_targets_metadata(keystore_dir)
keystore.clear_keystore()
signercli.make_release_metadata(keystore_dir)
keystore.clear_keystore()
signercli.make_timestamp_metadata(keystore_dir)
keystore.clear_keystore()
# Verify if the root, targets and release meta files were created.
root_meta_filepath = os.path.join(meta_dir, 'root.txt')
targets_meta_filepath = os.path.join(meta_dir, 'targets.txt')
release_meta_filepath = os.path.join(meta_dir, 'release.txt')
timestamp_meta_filepath = os.path.join(meta_dir, 'timestamp.txt')
self.assertTrue(os.path.exists(root_meta_filepath))
self.assertTrue(os.path.exists(targets_meta_filepath))
self.assertTrue(os.path.exists(release_meta_filepath))
self.assertTrue(os.path.exists(timestamp_meta_filepath))
# Create a new RSA key, indicate metadata filename.
new_keyid = self.generate_rsakey()
meta_filename = targets_meta_filepath
# Create keystore directory. New key is untouched.
keystore_dir = self.create_temp_keystore_directory(keystore_dicts=True)
# List of keyids to be returned by _get_keyids()
signing_keyids = []
# Method to patch signercli._get_keyids()
def _mock_get_keyids(junk):
return signing_keyids
# Method to patch signercli._prompt().
def _mock_prompt(msg, junk):
return meta_filename
# Patch signercli._get_keyids()
signercli._get_keyids = _mock_get_keyids
# Patch signercli._prompt().
signercli._prompt = _mock_prompt
# TESTS
# Test: no loaded keyids.
self.assertRaises(tuf.RepositoryError,
signercli.sign_metadata_file, keystore_dir)
# Load new keyid.
signing_keyids = [new_keyid]
# Test: normal case.
signercli.sign_metadata_file(keystore_dir)
# Verify the change.
self.assertTrue(os.path.exists(targets_meta_filepath))
# Load targets metadata from the file ('targets.txt').
targets_metadata = tuf.util.load_json_file(targets_meta_filepath)
keyid_exists = False
for signature in targets_metadata['signatures']:
if new_keyid == signature['keyid']:
keyid_exists = True
break
self.assertTrue(keyid_exists)
# RESTORE
signercli._get_password = original_get_password
signercli._prompt = original_prompt
signercli._get_metadata_directory = original_get_metadata_directory
def test_5_make_timestamp_metadata(self):
# SETUP
original_get_metadata_directory = signercli._get_metadata_directory
original_prompt = signercli._prompt
original_get_password = signercli._get_password
# In order to build timestamp metadata file (timestamp.txt),
# root, targets and release metadata files (root.txt, targets.txt
# release.txt) must exist in the metadata directory.
# Create temp directory for config file.
config_dir = self.make_temp_directory()
# Build a config file.
config_filepath = signerlib.build_config_file(config_dir, 365,
self.top_level_role_info)
# Create a temp repository and metadata directories.
repo_dir = self.make_temp_directory()
meta_dir = self.make_temp_directory(repo_dir)
# Create a directory containing target files.
targets_dir, targets_paths = \
self.make_temp_directory_with_data_files(directory=repo_dir)
# Patch signercli._get_metadata_directory().
self.mock_get_metadata_directory(directory=meta_dir)
# Patch signercli._get_password(). Used in _get_role_config_keyids().
self.get_passwords()
# Create keystore directory.
keystore_dir = self.create_temp_keystore_directory()
# Mock method for signercli._prompt().
self.make_metadata_mock_prompts(targ_dir=targets_dir,
conf_path=config_filepath)
# TESTS
# Test: no root.txt in the metadata dir.
signercli.make_targets_metadata(keystore_dir)
# Verify if the targets metadata file was created.
keystore.clear_keystore()
self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt')))
self.assertRaises(tuf.RepositoryError, signercli.make_timestamp_metadata,
keystore_dir)
os.remove(os.path.join(meta_dir,'targets.txt'))
keystore.clear_keystore()
# Test: no targets.txt in the metadatadir.
signercli.make_root_metadata(keystore_dir)
# Verify if the root metadata file was created.
keystore.clear_keystore()
self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
self.assertRaises(tuf.RepositoryError, signercli.make_timestamp_metadata,
keystore_dir)
os.remove(os.path.join(meta_dir,'root.txt'))
keystore.clear_keystore()
# Test: no release.txt in the metadatadir.
signercli.make_root_metadata(keystore_dir)
keystore.clear_keystore()
signercli.make_targets_metadata(keystore_dir)
keystore.clear_keystore()
# Verify that 'tuf.Repository' is raised due to a missing release.txt.
self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt')))
self.assertRaises(tuf.RepositoryError, signercli.make_timestamp_metadata,
keystore_dir)
os.remove(os.path.join(meta_dir,'root.txt'))
os.remove(os.path.join(meta_dir,'targets.txt'))
keystore.clear_keystore()
# Test: normal case.
signercli.make_root_metadata(keystore_dir)
keystore.clear_keystore()
signercli.make_targets_metadata(keystore_dir)
keystore.clear_keystore()
signercli.make_release_metadata(keystore_dir)
keystore.clear_keystore()
signercli.make_timestamp_metadata(keystore_dir)
keystore.clear_keystore()
# Verify if the root, targets and release metadata files were created.
self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))
self.assertTrue(os.path.exists(os.path.join(meta_dir, 'targets.txt')))
self.assertTrue(os.path.exists(os.path.join(meta_dir, 'release.txt')))
self.assertTrue(os.path.exists(os.path.join(meta_dir, 'timestamp.txt')))
# Test: invalid config path.
# Supply a non-existing config file path.
self.make_metadata_mock_prompts(targ_dir=targets_dir,
conf_path=self.random_path())
self.assertRaises(tuf.RepositoryError,
signercli.make_release_metadata, keystore_dir)
# Restore the config file path.
self.make_metadata_mock_prompts(targ_dir=targets_dir,
conf_path=config_filepath)
# Test: incorrect 'release' passwords.
# Clear keystore's dictionaries.
keystore.clear_keystore()
keyids = self.top_level_role_info['release']['keyids']
for keyid in keyids:
saved_pw = self.rsa_passwords[keyid]
self.rsa_passwords[keyid] = self.random_string()
self.assertRaises(tuf.RepositoryError,
signercli.make_release_metadata, keystore_dir)
self.rsa_passwords[keyid] = saved_pw
# RESTORE
signercli._get_password = original_get_password
signercli._get_metadata_directory = original_get_metadata_directory
