def build_server_repository(server_repository_dir, targets_dir):

    #  Make metadata directory inside client and server repository dir.
    server_metadata_dir = os.path.join(server_repository_dir, 'metadata')
    os.mkdir(server_metadata_dir)

    #  Make a keystore directory inside server's repository and populate it.
    keystore_dir = os.path.join(server_repository_dir, 'keystore')
    os.mkdir(keystore_dir)
    create_keystore(keystore_dir)

    #  Build config file.
    config_filepath = signerlib.build_config_file(
        server_repository_dir, 365, unittest_toolbox.semi_roledict)

    #  Role:keyids dictionary.
    role_keyids = {}
    for role in unittest_toolbox.semi_roledict.keys():
        role_keyids[role] = unittest_toolbox.semi_roledict[role]['keyids']

    #  Build root file.
    signerlib.build_root_file(config_filepath, role_keyids['root'],
                              server_metadata_dir)

    #  Build targets file.
    signerlib.build_targets_file(targets_dir, role_keyids['targets'],
                                 server_metadata_dir)

    #  Build release file.
    signerlib.build_release_file(role_keyids['release'], server_metadata_dir)

    #  Build timestamp file.
    signerlib.build_timestamp_file(role_keyids['timestamp'],
                                   server_metadata_dir)
def tuf_refresh_repo(root_repo, keyids):
  """
  <Purpose>
    Update TUF metadata files.  Call this method whenever targets files have
    changed in the 'reg_repo'.

  """

  global version
  expiration = tuf.formats.format_time(time.time()+86400)

  reg_repo = os.path.join(root_repo, 'reg_repo')
  tuf_repo = os.path.join(root_repo, 'tuf_repo')
  targets_dir = os.path.join(tuf_repo, 'targets')
  metadata_dir = os.path.join(tuf_repo, 'metadata')

  for directory in [reg_repo, tuf_repo, targets_dir, metadata_dir]:
    if not os.path.isdir(directory):
      msg = ('Directory '+repr(directory)+' does not exist.  '+
             'Verify that all directories were setup properly.')
      raise OSError(msg)

  shutil.rmtree(targets_dir)
  shutil.copytree(reg_repo, targets_dir)

  version = version+1
  # Regenerate the 'targets.txt' metadata file.
  signerlib.build_targets_file([targets_dir], keyids, metadata_dir,
                               version, expiration)

  # Regenerate the 'release.txt' metadata file.
  signerlib.build_release_file(keyids, metadata_dir, version, expiration)

  # Regenerate the 'timestamp.txt' metadata file.
  signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)
def tuf_refresh_repo(root_repo, keyids):
    """
  <Purpose>
    Update TUF metadata files.  Call this method whenever targets files have
    changed in the 'reg_repo'.

  """

    global version
    expiration = tuf.formats.format_time(time.time() + 86400)

    reg_repo = os.path.join(root_repo, 'reg_repo')
    tuf_repo = os.path.join(root_repo, 'tuf_repo')
    targets_dir = os.path.join(tuf_repo, 'targets')
    metadata_dir = os.path.join(tuf_repo, 'metadata')

    for directory in [reg_repo, tuf_repo, targets_dir, metadata_dir]:
        if not os.path.isdir(directory):
            msg = ('Directory ' + repr(directory) + ' does not exist.  ' +
                   'Verify that all directories were setup properly.')
            raise OSError(msg)

    shutil.rmtree(targets_dir)
    shutil.copytree(reg_repo, targets_dir)

    version = version + 1
    # Regenerate the 'targets.txt' metadata file.
    signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version,
                                 expiration)

    # Regenerate the 'release.txt' metadata file.
    signerlib.build_release_file(keyids, metadata_dir, version, expiration)

    # Regenerate the 'timestamp.txt' metadata file.
    signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)
Пример #4
0
    def _create_root_and_targets_meta_files(self, repo_dir=None):
        """
    This method generates temp root.txt and target.txt, it uses following
    previously tested signerlib's methods:
      build_root_file()
      build_targets_file()
    """

        if not repo_dir:
            # Create repository directory.
            repo_dir = self.make_temp_directory()

        # Create metadata directory.
        meta_dir = os.path.join(repo_dir, "metadata")
        os.mkdir(meta_dir)

        # Create root.txt.
        junk, root_keyids, repo_dir, config_path = self._get_role_info("root", directory=repo_dir)
        signerlib.build_root_file(config_path, root_keyids, meta_dir)
        self.assertTrue(os.path.exists(os.path.join(meta_dir, "root.txt")))

        # Create targets.txt.
        junk, targets_keyids, repo_dir, target_files = self._get_role_info("targets", directory=repo_dir)
        path_to_targets = os.path.join(repo_dir, "targets")
        signerlib.build_targets_file(path_to_targets, targets_keyids, meta_dir)
        self.assertTrue(os.path.exists(os.path.join(meta_dir, "root.txt")))

        return meta_dir
Пример #5
0
  def test_5_builds_targets_file(self):
    """
    test_5_build_targets_file() relies on previously tested signerlib's
    generate_targets_metadata(), sign_metadata() and write_metadata_file().
    build_targets_file() basically joins these methods together to create
    targets.txt.
    """

    # SETUP
    signed_targets_meta, targets_info = self._get_signed_role_info('targets')

    #  'targets_info' is a tuple that includes targets meta, repository dir,
    #  list of target files.
    targets_keyids = targets_info[1]
    repo_dir = targets_info[2]
    meta_dir = os.path.join(repo_dir, 'metadata')
    os.mkdir(meta_dir)
    targets_file_path = os.path.join(meta_dir, 'targets.txt')
    targets_dir = os.path.join(repo_dir, 'targets')



    # TESTS
    #  Test: normal case.
    try:
      signerlib.build_targets_file(targets_dir, targets_keyids, meta_dir)
    except Exception, e:
      raise
Пример #6
0
    def test_5_build_targets_file(self):
        """
    test_5_build_targets_file() relies on previously tested signerlib's
    generate_targets_metadata(), sign_metadata() and write_metadata_file().
    build_targets_file() basically joins these methods together to create
    targets.txt.
    """

        # SETUP
        original_get_key = tuf.repo.keystore.get_key
        version = 8
        expiration_date = '1985-10-26 01:20:00 UTC'

        signed_targets_meta, targets_info = self._get_signed_role_info(
            'targets')

        #  'targets_info' is a tuple that includes targets meta, repository dir,
        #  list of target files.
        targets_keyids = targets_info[1]
        repo_dir = targets_info[2]
        meta_dir = os.path.join(repo_dir, 'metadata')
        os.mkdir(meta_dir)
        targets_dir = os.path.join(repo_dir, 'targets')

        # TESTS
        #  Test: normal case.
        targets_filepath = signerlib.build_targets_file([targets_dir],
                                                        targets_keyids,
                                                        meta_dir, version,
                                                        expiration_date)

        #  Check existence of the file and validity of it's content.
        self.assertTrue(os.path.exists(targets_filepath))
        file_content = tuf.util.load_json_file(targets_filepath)
        self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content))
        targets_metadata = file_content['signed']
        self.assertTrue(tuf.formats.TARGETS_SCHEMA.matches(targets_metadata))

        #  Test: various exceptions.
        self.assertRaises(tuf.FormatError,
                          signerlib.build_targets_file, [targets_dir],
                          self.random_string(), meta_dir, version,
                          expiration_date)
        self.assertRaises(
            (tuf.FormatError, tuf.Error),
            signerlib.build_targets_file, [targets_dir], targets_keyids,
            self.random_path(), version, expiration_date)
        self.assertRaises((tuf.FormatError, tuf.Error),
                          signerlib.build_targets_file,
                          [targets_dir], targets_keyids, meta_dir,
                          self.random_string(), expiration_date)
        self.assertRaises((tuf.FormatError, tuf.Error),
                          signerlib.build_targets_file, [targets_dir],
                          targets_keyids, meta_dir, version,
                          self.random_string())

        # RESTORE
        tuf.repo.keystore.get_key = original_get_key
Пример #7
0
  def _create_root_and_targets_meta_files(self, repo_dir=None):
    """
    This method generates temp root.txt and target.txt, it uses following
    previously tested signerlib's methods:
      build_root_file()
      build_targets_file()
    """

    # The version number and expiration date for the root and target
    # metadata created.
    version = 8
    expiration_date = '1985-10-26 01:20:00 UTC'

    if not repo_dir:
      # Create repository directory.
      repo_dir = self.make_temp_directory()

    # Create metadata directory.
    meta_dir = os.path.join(repo_dir, 'metadata')
    os.mkdir(meta_dir)

    # Create root.txt.
    junk, root_keyids, repo_dir, config_path = \
        self._get_role_info('root', directory=repo_dir)
    signerlib.build_root_file(config_path, root_keyids, meta_dir, version)
    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))

    # Create targets.txt.
    junk, targets_keyids, repo_dir, target_files = \
        self._get_role_info('targets', directory=repo_dir)
    path_to_targets = os.path.join(repo_dir, 'targets')
    signerlib.build_targets_file([path_to_targets], targets_keyids, meta_dir,
                                 version, expiration_date)
    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))

    return meta_dir
Пример #8
0
def build_server_repository(server_repository_dir, targets_dir):

  #  Make metadata directory inside client and server repository dir.
  server_metadata_dir = os.path.join(server_repository_dir, 'metadata')
  os.mkdir(server_metadata_dir)


  #  Make a keystore directory inside server's repository and populate it.
  keystore_dir = os.path.join(server_repository_dir, 'keystore')
  os.mkdir(keystore_dir)
  create_keystore(keystore_dir)


  #  Build config file.
  config_filepath = signerlib.build_config_file(server_repository_dir, 365,
                                                unittest_toolbox.semi_roledict)


  #  Role:keyids dictionary.
  role_keyids = {}
  for role in unittest_toolbox.semi_roledict.keys():
    role_keyids[role] = unittest_toolbox.semi_roledict[role]['keyids']

  #  Build root file.
  signerlib.build_root_file(config_filepath, role_keyids['root'],
                            server_metadata_dir)

  #  Build targets file.
  signerlib.build_targets_file(targets_dir, role_keyids['targets'],
                            server_metadata_dir)

  #  Build release file.
  signerlib.build_release_file(role_keyids['release'], server_metadata_dir)

  #  Build timestamp file.
  signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir)
Пример #9
0
  def _create_root_and_targets_meta_files(self, repo_dir=None):
    """
    This method generates temp root.txt and target.txt, it uses following
    previously tested signerlib's methods:
      build_root_file()
      build_targets_file()
    """

    # The version number and expiration date for the root and target
    # metadata created.
    version = 8
    expiration_date = '1985-10-26 01:20:00 UTC'

    if not repo_dir:
      # Create repository directory.
      repo_dir = self.make_temp_directory()

    # Create metadata directory.
    meta_dir = os.path.join(repo_dir, 'metadata')
    os.mkdir(meta_dir)

    # Create root.txt.
    junk, root_keyids, repo_dir, config_path = \
        self._get_role_info('root', directory=repo_dir)
    signerlib.build_root_file(config_path, root_keyids, meta_dir, version)
    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))

    # Create targets.txt.
    junk, targets_keyids, repo_dir, target_files = \
        self._get_role_info('targets', directory=repo_dir)
    path_to_targets = os.path.join(repo_dir, 'targets')
    signerlib.build_targets_file([path_to_targets], targets_keyids, meta_dir,
                                 version, expiration_date)
    self.assertTrue(os.path.exists(os.path.join(meta_dir, 'root.txt')))

    return meta_dir
Пример #10
0
  def test_5_build_targets_file(self):
    """
    test_5_build_targets_file() relies on previously tested signerlib's
    generate_targets_metadata(), sign_metadata() and write_metadata_file().
    build_targets_file() basically joins these methods together to create
    targets.txt.
    """

    # SETUP
    original_get_key = tuf.repo.keystore.get_key
    version = 8
    expiration_date = '1985-10-26 01:20:00 UTC'

    signed_targets_meta, targets_info = self._get_signed_role_info('targets')

    #  'targets_info' is a tuple that includes targets meta, repository dir,
    #  list of target files.
    targets_keyids = targets_info[1]
    repo_dir = targets_info[2]
    meta_dir = os.path.join(repo_dir, 'metadata')
    os.mkdir(meta_dir)
    targets_dir = os.path.join(repo_dir, 'targets')

    # TESTS
    #  Test: normal case.
    targets_filepath = signerlib.build_targets_file([targets_dir],
                                                    targets_keyids, meta_dir,
                                                    version, expiration_date)

    #  Check existence of the file and validity of it's content.
    self.assertTrue(os.path.exists(targets_filepath))
    file_content = tuf.util.load_json_file(targets_filepath)
    self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content))
    targets_metadata = file_content['signed']
    self.assertTrue(tuf.formats.TARGETS_SCHEMA.matches(targets_metadata))

    #  Test: various exceptions.
    self.assertRaises(tuf.FormatError, signerlib.build_targets_file,
        [targets_dir], self.random_string(), meta_dir, version, expiration_date)
    self.assertRaises((tuf.FormatError, tuf.Error), signerlib.build_targets_file,
        [targets_dir], targets_keyids, self.random_path(), version, expiration_date)
    self.assertRaises((tuf.FormatError, tuf.Error), signerlib.build_targets_file,
        [targets_dir], targets_keyids, meta_dir, self.random_string(), expiration_date)
    self.assertRaises((tuf.FormatError, tuf.Error), signerlib.build_targets_file,
        [targets_dir], targets_keyids, meta_dir, version, self.random_string())

    # RESTORE
    tuf.repo.keystore.get_key = original_get_key
Пример #11
0
    def test_9_get_target_keyids(self):

        # SETUP
        original_get_key = tuf.repo.keystore.get_key
        version = 8
        expiration_date = '1985-10-26 01:20:00 UTC'

        #  Create metadata directory and targets metadata file.
        meta_dir = self._create_root_and_targets_meta_files()

        signed_targets_meta, targets_info = self._get_signed_role_info(
            'targets')

        #  'targets_info' is a tuple that includes targets meta, repository dir,
        #  list of target files.
        targets_keyids = targets_info[1]
        repo_dir = targets_info[2]
        meta_dir = os.path.join(repo_dir, 'metadata')
        os.mkdir(meta_dir)
        targets_dir = os.path.join(repo_dir, 'targets')

        # TESTS
        #  Test: normal case.
        targets_filepath = signerlib.build_targets_file([targets_dir],
                                                        targets_keyids,
                                                        meta_dir, version,
                                                        expiration_date)

        #  Check existence of the file and validity of it's content.
        self.assertTrue(os.path.exists(targets_filepath))
        file_content = tuf.util.load_json_file(targets_filepath)
        self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content))
        targets_metadata = file_content['signed']
        self.assertTrue(tuf.formats.TARGETS_SCHEMA.matches(targets_metadata))
        #  TODO: Generate some delegation metadata files.

        #  Test: normal case.
        _target_keyids = signerlib.get_target_keyids(meta_dir)
        for keyid in targets_keyids:
            self.assertTrue(keyid in _target_keyids['targets'])

        # RESTORE
        tuf.repo.keystore.get_key = original_get_key
Пример #12
0
  def test_9_get_target_keyids(self):

    # SETUP
    original_get_key = tuf.repo.keystore.get_key
    version = 8
    expiration_date = '1985-10-26 01:20:00 UTC'
    
    #  Create metadata directory and targets metadata file.
    meta_dir = self._create_root_and_targets_meta_files()

    signed_targets_meta, targets_info = self._get_signed_role_info('targets')

    #  'targets_info' is a tuple that includes targets meta, repository dir,
    #  list of target files.
    targets_keyids = targets_info[1]
    repo_dir = targets_info[2]
    meta_dir = os.path.join(repo_dir, 'metadata')
    os.mkdir(meta_dir)
    targets_dir = os.path.join(repo_dir, 'targets')

    # TESTS
    #  Test: normal case.
    targets_filepath = signerlib.build_targets_file([targets_dir],
                                                    targets_keyids, meta_dir,
                                                    version, expiration_date)

    #  Check existence of the file and validity of it's content.
    self.assertTrue(os.path.exists(targets_filepath))
    file_content = tuf.util.load_json_file(targets_filepath)
    self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(file_content))
    targets_metadata = file_content['signed']
    self.assertTrue(tuf.formats.TARGETS_SCHEMA.matches(targets_metadata))
    #  TODO: Generate some delegation metadata files.
    
    #  Test: normal case.
    _target_keyids = signerlib.get_target_keyids(meta_dir)
    for keyid in targets_keyids:
      self.assertTrue(keyid in _target_keyids['targets'])

    # RESTORE
    tuf.repo.keystore.get_key = original_get_key
Пример #13
0
def build_server_repository(server_repository_dir, targets_dir):
  """
  <Purpose>
    'build_server_repository' builds a complete repository based on target
    files provided in the 'targets_dir'.  Delegated roles are included.
  """

  # Save the originals of the functions patched by this function.
  # The patched functions will be restored prior to returning.
  original_get_metadata = signercli._get_metadata_directory
  original_prompt = signercli._prompt
  original_get_password = signercli._get_password
  original_get_keyids = signercli._get_keyids
  
  server_metadata_dir = os.path.join(server_repository_dir, 'metadata')
  keystore_dir = os.path.join(server_repository_dir, 'keystore')

  #  Remove 'server_metadata_dir' and 'keystore_dir' if they already exist.
  if os.path.exists(server_metadata_dir):
    shutil.rmtree(server_metadata_dir)
  if os.path.exists(keystore_dir):
    shutil.rmtree(keystore_dir)

  #  Make metadata directory inside server repository dir.
  os.mkdir(server_metadata_dir)

  #  Make a keystore directory inside server's repository and populate it.
  os.mkdir(keystore_dir)
  _create_keystore(keystore_dir)

  #  Build config file.
  build_config = signerlib.build_config_file
  top_level_role_info = unittest_toolbox.Modified_TestCase.top_level_role_info
  config_filepath = build_config(server_repository_dir, 365, top_level_role_info)


  # BUILD ROLE FILES.
  #  Build root file.
  signerlib.build_root_file(config_filepath, role_keyids['root'],
                            server_metadata_dir)

  #  Build targets file.
  signerlib.build_targets_file(targets_dir, role_keyids['targets'],
                            server_metadata_dir)

  # MAKE DELEGATIONS.
  #  We will need to patch a few signercli prompts.
  #  Specifically, signercli.make_delegations() asks user input for:
  #  metadata directory, delegated targets directory, parent role,
  #  passwords for parent role's keyids, delegated role's name, and
  #  the keyid to be assigned to the delegated role.  Take a look at
  #  signercli's make_delegation() to gain bit more insight in what is
  #  happening.

  # 'load_key' is a reference to the 'load_keystore_from_keyfiles function'.
  load_keys = keystore.load_keystore_from_keyfiles

  #  Setup first level delegated role.
  delegated_level1 = os.path.join(targets_dir, 'delegated_level1')
  delegated_targets_dir = delegated_level1
  parent_role = 'targets'
  delegated_role_name = 'delegated_role1'
  signing_keyids = role_keyids['targets/delegated_role1'] 
  

  #  Patching the 'signercli' prompts.
  
  #  Mock method for signercli._get_metadata_directory().
  def _mock_get_metadata_directory():
    return server_metadata_dir

  #  Mock method for signercli._prompt().
  def _mock_prompt(msg, junk):
    if msg.startswith('\nThe directory entered'):
      return delegated_targets_dir
    elif msg.startswith('\nChoose and enter the parent'):
      return parent_role
    elif msg.endswith('\nEnter the delegated role\'s name: '):
      return delegated_role_name
    else:
      error_msg = ('Prompt: '+'\''+msg+'\''+
                   ' did not match any predefined mock prompts.')
      sys.exit(error_msg)
   
  #  Mock method for signercli._get_password().
  def _mock_get_password(msg):
    for keyid in unittest_toolbox.Modified_TestCase.rsa_keyids:
      if msg.endswith('('+keyid+'): '):
        return unittest_toolbox.Modified_TestCase.rsa_passwords[keyid]


  #  Method to patch signercli._get_keyids()
  def _mock_get_keyids(junk):
    if signing_keyids:
      for keyid in signing_keyids:
        password = unittest_toolbox.Modified_TestCase.rsa_passwords[keyid]
        #  Load the keyfile.
        load_keys(keystore_dir, [keyid], [password])
    return signing_keyids


  #  Patch signercli._get_metadata_directory().
  signercli._get_metadata_directory = _mock_get_metadata_directory
  
  #  Patch signercli._prompt().
  signercli._prompt = _mock_prompt

  #  Patch signercli._get_password().
  signercli._get_password = _mock_get_password

  #  Patch signercli._get_keyids().
  signercli._get_keyids = _mock_get_keyids
 
  #  Clear kestore's dictionaries, by detaching them from unittest_toolbox's
  #  dictionaries.
  keystore._keystore = {}
  keystore._key_passwords = {}

  #  Make first level delegation.
  signercli.make_delegation(keystore_dir)

  #  Setup second level delegated role.
  delegated_level2 =  os.path.join(delegated_level1, 'delegated_level2')
  delegated_targets_dir = delegated_level2
  parent_role = 'targets/delegated_role1'
  delegated_role_name = 'delegated_role2'
  signing_keyids = role_keyids['targets/delegated_role1/delegated_role2']

  #  Clear kestore's dictionaries.
  keystore.clear_keystore()

  #  Make second level delegation.
  signercli.make_delegation(keystore_dir)


  keystore._keystore = unittest_toolbox.Modified_TestCase.rsa_keystore
  keystore._key_passwords = unittest_toolbox.Modified_TestCase.rsa_passwords

  #  Build release file.
  signerlib.build_release_file(role_keyids['release'], server_metadata_dir)

  #  Build timestamp file.
  signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir)

  keystore._keystore = {}
  keystore._key_passwords = {}

  # RESTORE
  signercli._get_metadata_directory = original_get_metadata
  signercli._prompt = original_prompt
  signercli._get_password = original_get_password
  signercli._get_keyids = original_get_keyids
Пример #14
0
def init_tuf(root_repo):
    """
  <Purpose>
    Setup TUF directory structure and populated it with TUF metadata and 
    congfiguration files.

  """

    threshold = 1
    global version
    version = version + 1
    expiration = tuf.formats.format_time(time.time() + 86400)

    # Setup TUF-repo directory structure.
    tuf_repo = os.path.join(root_repo, 'tuf_repo')
    keystore_dir = os.path.join(tuf_repo, 'keystore')
    metadata_dir = os.path.join(tuf_repo, 'metadata')
    targets_dir = os.path.join(tuf_repo, 'targets')

    os.mkdir(tuf_repo)
    os.mkdir(keystore_dir)
    os.mkdir(metadata_dir)
    shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir)

    # Setting TUF-client directory structure.
    # 'tuf.client.updater.py' expects the 'current' and 'previous'
    # directories to exist under client's 'metadata' directory.
    tuf_client = os.path.join(root_repo, 'tuf_client')
    tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata')
    current_dir = os.path.join(tuf_client_metadata_dir, 'current')
    previous_dir = os.path.join(tuf_client_metadata_dir, 'previous')
    os.makedirs(tuf_client_metadata_dir)

    # Generate at least one rsa key.
    key = signerlib.generate_and_save_rsa_key(keystore_dir, PASSWD)
    keyids = [key['keyid']]

    # Set role info.
    info = {'keyids': [key['keyid']], 'threshold': threshold}

    # 'role_info' dictionary looks like this:
    # {role : {'keyids : [keyid1, ...] , 'threshold' : 1}}
    # In our case 'role_info[keyids]' will only have on entry since only one
    # is being used.
    role_info = {}
    role_list = ['root', 'targets', 'release', 'timestamp']
    for role in role_list:
        role_info[role] = info

    # At this point there is enough information to create TUF configuration
    # and metadata files.

    # Build the configuration file.
    conf_path = signerlib.build_config_file(metadata_dir, 365, role_info)

    # Generate the 'root.txt' metadata file.
    signerlib.build_root_file(conf_path, keyids, metadata_dir, version)

    # Generate the 'targets.txt' metadata file.
    signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version,
                                 expiration)

    # Generate the 'release.txt' metadata file.
    signerlib.build_release_file(keyids, metadata_dir, version, expiration)

    # Generate the 'timestamp.txt' metadata file.
    signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)

    # Move the metadata to the client's 'current' and 'previous' directories.
    shutil.copytree(metadata_dir, current_dir)
    shutil.copytree(metadata_dir, previous_dir)

    # The repository is now setup!
    return keyids
Пример #15
0
def init_tuf(root_repo):
  """
  <Purpose>
    Setup TUF directory structure and populated it with TUF metadata and 
    congfiguration files.

  """ 

  threshold = 1
  global version
  version = version+1
  expiration = tuf.formats.format_time(time.time()+86400)

  # Setup TUF-repo directory structure.
  tuf_repo = os.path.join(root_repo, 'tuf_repo')
  keystore_dir = os.path.join(tuf_repo, 'keystore')
  metadata_dir = os.path.join(tuf_repo, 'metadata')
  targets_dir = os.path.join(tuf_repo, 'targets')

  os.mkdir(tuf_repo)
  os.mkdir(keystore_dir)
  os.mkdir(metadata_dir)
  shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir)

  # Setting TUF-client directory structure.
  # 'tuf.client.updater.py' expects the 'current' and 'previous'
  # directories to exist under client's 'metadata' directory.
  tuf_client = os.path.join(root_repo, 'tuf_client')
  tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata')
  current_dir = os.path.join(tuf_client_metadata_dir, 'current')
  previous_dir = os.path.join(tuf_client_metadata_dir, 'previous')
  os.makedirs(tuf_client_metadata_dir)

  # Generate at least one rsa key.
  key = signerlib.generate_and_save_rsa_key(keystore_dir, PASSWD)
  keyids = [key['keyid']]

  # Set role info.
  info = {'keyids': [key['keyid']], 'threshold': threshold}

  # 'role_info' dictionary looks like this:
  # {role : {'keyids : [keyid1, ...] , 'threshold' : 1}}
  # In our case 'role_info[keyids]' will only have on entry since only one
  # is being used.
  role_info = {}
  role_list = ['root', 'targets', 'release', 'timestamp']
  for role in role_list:
    role_info[role] = info

  # At this point there is enough information to create TUF configuration 
  # and metadata files.

  # Build the configuration file.
  conf_path = signerlib.build_config_file(metadata_dir, 365, role_info)

  # Generate the 'root.txt' metadata file.
  signerlib.build_root_file(conf_path, keyids, metadata_dir, version)

  # Generate the 'targets.txt' metadata file. 
  signerlib.build_targets_file([targets_dir], keyids, metadata_dir, version,
                               expiration)

  # Generate the 'release.txt' metadata file.
  signerlib.build_release_file(keyids, metadata_dir, version, expiration)

  # Generate the 'timestamp.txt' metadata file.
  signerlib.build_timestamp_file(keyids, metadata_dir, version, expiration)

  # Move the metadata to the client's 'current' and 'previous' directories.
  shutil.copytree(metadata_dir, current_dir)
  shutil.copytree(metadata_dir, previous_dir)

  # The repository is now setup!
  return keyids
def build_server_repository(server_repository_dir, targets_dir):
    """
  <Purpose>
    'build_server_repository' builds a complete repository based on target
    files provided in the 'targets_dir'.  Delegated roles are included.
  """

    # Save the originals of the functions patched by this function.
    # The patched functions will be restored prior to returning.
    original_get_metadata = signercli._get_metadata_directory
    original_prompt = signercli._prompt
    original_get_password = signercli._get_password
    original_get_keyids = signercli._get_keyids

    # The expiration date for created metadata, required by the 'signercli.py'
    # script.  The expiration date is set to 259200 seconds ahead of the current
    # time.  Set all the metadata versions numbers to 1.
    expiration_date = tuf.formats.format_time(time.time() + 259200)
    expiration_date = expiration_date[0:expiration_date.rfind(' UTC')]
    version = 1

    server_metadata_dir = os.path.join(server_repository_dir, 'metadata')
    keystore_dir = os.path.join(server_repository_dir, 'keystore')

    #  Remove 'server_metadata_dir' and 'keystore_dir' if they already exist.
    if os.path.exists(server_metadata_dir):
        shutil.rmtree(server_metadata_dir)
    if os.path.exists(keystore_dir):
        shutil.rmtree(keystore_dir)

    #  Make metadata directory inside server repository dir.
    os.mkdir(server_metadata_dir)

    #  Make a keystore directory inside server's repository and populate it.
    os.mkdir(keystore_dir)
    _create_keystore(keystore_dir)

    #  Build config file.
    build_config = signerlib.build_config_file
    top_level_role_info = unittest_toolbox.Modified_TestCase.top_level_role_info
    config_filepath = build_config(server_repository_dir, 365,
                                   top_level_role_info)

    # BUILD ROLE FILES.
    #  Build root file.
    signerlib.build_root_file(config_filepath, role_keyids['root'],
                              server_metadata_dir, version)

    #  Build targets file.
    signerlib.build_targets_file([targets_dir], role_keyids['targets'],
                                 server_metadata_dir, version,
                                 expiration_date + ' UTC')

    # MAKE DELEGATIONS.
    #  We will need to patch a few signercli prompts.
    #  Specifically, signercli.make_delegations() asks user input for:
    #  metadata directory, delegated targets directory, parent role,
    #  passwords for parent role's keyids, delegated role's name, and
    #  the keyid to be assigned to the delegated role.  Take a look at
    #  signercli's make_delegation() to gain bit more insight in what is
    #  happening.

    # 'load_key' is a reference to the 'load_keystore_from_keyfiles function'.
    load_keys = keystore.load_keystore_from_keyfiles

    #  Setup first level delegated role.
    delegated_level1 = os.path.join(targets_dir, 'delegated_level1')
    delegated_targets_dir = delegated_level1
    parent_role = 'targets'
    delegated_role_name = 'delegated_role1'
    signing_keyids = role_keyids['targets/delegated_role1']

    #  Patching the 'signercli' prompts.

    #  Mock method for signercli._get_metadata_directory().
    def _mock_get_metadata_directory():
        return server_metadata_dir

    #  Mock method for signercli._prompt().
    def _mock_prompt(msg, junk):
        if msg.startswith('\nThe paths entered'):
            return delegated_targets_dir
        elif msg.startswith('\nChoose and enter the parent'):
            return parent_role
        elif msg.startswith('\nEnter the delegated role\'s name: '):
            return delegated_role_name
        elif msg.startswith('\nCurrent time:'):
            return expiration_date
        else:
            error_msg = ('Prompt: ' + '\'' + msg + '\'' +
                         ' did not match any predefined mock prompts.')
            sys.exit(error_msg)

    #  Mock method for signercli._get_password().
    def _mock_get_password(msg):
        for keyid in unittest_toolbox.Modified_TestCase.rsa_keyids:
            if msg.endswith('(' + keyid + '): '):
                return unittest_toolbox.Modified_TestCase.rsa_passwords[keyid]

    #  Method to patch signercli._get_keyids()
    def _mock_get_keyids(junk):
        if signing_keyids:
            for keyid in signing_keyids:
                password = unittest_toolbox.Modified_TestCase.rsa_passwords[
                    keyid]
                #  Load the keyfile.
                load_keys(keystore_dir, [keyid], [password])
        return signing_keyids

    #  Patch signercli._get_metadata_directory().
    signercli._get_metadata_directory = _mock_get_metadata_directory

    #  Patch signercli._prompt().
    signercli._prompt = _mock_prompt

    #  Patch signercli._get_password().
    signercli._get_password = _mock_get_password

    #  Patch signercli._get_keyids().
    signercli._get_keyids = _mock_get_keyids

    #  Clear kestore's dictionaries, by detaching them from unittest_toolbox's
    #  dictionaries.
    keystore._keystore = {}
    keystore._derived_keys = {}

    #  Make first level delegation.
    signercli.make_delegation(keystore_dir)

    #  Setup second level delegated role.
    delegated_level2 = os.path.join(delegated_level1, 'delegated_level2')
    delegated_targets_dir = delegated_level2
    parent_role = 'targets/delegated_role1'
    delegated_role_name = 'delegated_role2'
    signing_keyids = role_keyids['targets/delegated_role1/delegated_role2']

    #  Clear kestore's dictionaries.
    keystore.clear_keystore()

    #  Make second level delegation.
    signercli.make_delegation(keystore_dir)

    keystore._keystore = unittest_toolbox.Modified_TestCase.rsa_keystore
    keystore._derived_keys = unittest_toolbox.Modified_TestCase.rsa_passwords

    #  Build release file.
    signerlib.build_release_file(role_keyids['release'], server_metadata_dir,
                                 version, expiration_date + ' UTC')

    #  Build timestamp file.
    signerlib.build_timestamp_file(role_keyids['timestamp'],
                                   server_metadata_dir, version,
                                   expiration_date + ' UTC')

    keystore._keystore = {}
    keystore._derived_keys = {}

    # RESTORE
    signercli._get_metadata_directory = original_get_metadata
    signercli._prompt = original_prompt
    signercli._get_password = original_get_password
    signercli._get_keyids = original_get_keyids
Пример #17
0
def build_server_repository(server_repository_dir, targets_dir):

  #  Make metadata directory inside client and server repository dir.
  server_metadata_dir = os.path.join(server_repository_dir, 'metadata')
  os.mkdir(server_metadata_dir)


  #  Make a keystore directory inside server's repository and populate it.
  keystore_dir = os.path.join(server_repository_dir, 'keystore')
  os.mkdir(keystore_dir)
  create_keystore(keystore_dir)


  #  Build config file.
  build_config = signerlib.build_config_file
  config_filepath = build_config(server_repository_dir, 365,
                                 TestCase_Tools.top_level_role_info)


  #  Role:keyids dictionary.
  role_keyids = {}
  for role in TestCase_Tools.semi_roledict.keys():
    role_keyids[role] = TestCase_Tools.semi_roledict[role]['keyids']



  # BUILD ROLE FILES.
  #  Build root file.
  signerlib.build_root_file(config_filepath, role_keyids['root'],
                            server_metadata_dir)

  #  Build targets file.
  signerlib.build_targets_file(targets_dir, role_keyids['targets'],
                            server_metadata_dir)

  #  Build release file.
  signerlib.build_release_file(role_keyids['release'], server_metadata_dir)

  #  Build timestamp file.
  signerlib.build_timestamp_file(role_keyids['timestamp'], server_metadata_dir)



  # MAKE DELEGATIONS.
  #  We will need to patch a few signercli prompts.
  #  Specifically, signercli.make_delegations() asks user input for:
  #  metadata directory, delegated targets directory, parent role,
  #  passwords for parent role's keyids, delegated role's name, and
  #  the keyid to be assigned to the delegated role.  Take a look at
  #  signercli's make_delegation() to gain bit more insight in what is
  #  happening.

  # 'load_key' is a reference to the 'load_keystore_from_keyfiles function'.
  load_keys = keystore.load_keystore_from_keyfiles

  #  Setup first level delegated role.
  delegated_level1 = os.path.join(targets_dir, 'delegated_level1')
  delegated_targets_dir = delegated_level1
  parent_role = 'targets'
  delegated_role_name = 'delegated_role1'
  signing_keyids = role_keyids['targets/delegated_role1'] 
  

  #  Patching the prompts.
  
  #  Mock method for signercli._get_metadata_directory().
  def _mock_get_metadata_directory():
    return server_metadata_dir

  #  Mock method for signercli._prompt().
  def _mock_prompt(msg, junk):
    if msg.startswith('\nNOTE: The directory entered'):
      return delegated_targets_dir
    elif msg.startswith('\nChoose and enter the parent'):
      return parent_role
    elif msg.endswith('\nEnter the delegated role\'s name: '):
      return delegated_role_name
    else:
      error_msg = ('Prompt: '+'\''+msg+'\''+
                   ' did not match any predefined mock prompts.')
      sys.exit(error_msg)
   
  #  Mock method for signercli._get_password().
  def _mock_get_password(msg):
    for keyid in TestCase_Tools.rsa_keyids:
      if msg.endswith('('+keyid+'): '):
        return TestCase_Tools.rsa_passwords[keyid]


  #  Method to patch signercli._get_keyids()
  def _mock_get_keyids(junk):
    if signing_keyids:
      for keyid in signing_keyids:
        password = TestCase_Tools.rsa_passwords[keyid]
        #  Load the keyfile.
        load_keys(keystore_dir, [keyid], [password])
    return signing_keyids


  #  Patch signercli._get_metadata_directory().
  signercli._get_metadata_directory = _mock_get_metadata_directory
  
  #  Patch signercli._prompt().
  signercli._prompt = _mock_prompt

  #  Patch signercli._get_password().
  signercli._get_password = _mock_get_password

  #  Patch signercli._get_keyids().
  signercli._get_keyids = _mock_get_keyids

 
  #  Clear kestore's dictionaries, by detaching them from unittest_toolbox's
  #  dictionaries.
  keystore._keystore = {}
  keystore._key_passwords = {}

  #  Make first level delegation.
  signercli.make_delegation(keystore_dir)


  #  Setup first level delegated role.
  delegated_level2 =  os.path.join(delegated_level1, 'delegated_level2')
  delegated_targets_dir = delegated_level2
  parent_role = 'targets/delegated_role1'
  delegated_role_name = 'delegated_role2'
  signing_keyids = role_keyids['targets/delegated_role1/delegated_role2']

  #  Clear kestore's dictionaries.
  keystore.clear_keystore()

  #  Make second level delegation.
  signercli.make_delegation(keystore_dir)
Пример #18
0
def init_tuf(root_repo, url, port):
  """
  <Purpose>
    Setup TUF directory structure and populated it with TUF metadata and 
    congfiguration files.

  """ 

  passwd = 'test'
  threshold = 1

  # Setup TUF-repo directory structure.
  tuf_repo = os.path.join(root_repo, 'tuf_repo')
  keystore_dir = os.path.join(tuf_repo, 'keystore')
  metadata_dir = os.path.join(tuf_repo, 'metadata')
  targets_dir = os.path.join(tuf_repo, 'targets')

  os.mkdir(tuf_repo)
  os.mkdir(keystore_dir)
  os.mkdir(metadata_dir)
  shutil.copytree(os.path.join(root_repo, 'reg_repo'), targets_dir)

  # Setting TUF-client directory structure.
  # 'tuf.client.updater.py' expects the 'current' and 'previous'
  # directories to exist under client's 'metadata' directory.
  tuf_client = os.path.join(root_repo, 'tuf_client')
  tuf_client_metadata_dir = os.path.join(tuf_client, 'metadata')
  current_dir = os.path.join(tuf_client_metadata_dir, 'current')
  previous_dir = os.path.join(tuf_client_metadata_dir, 'previous')
  os.makedirs(tuf_client_metadata_dir)

  # Generate at least one rsa key.
  key = signerlib.generate_and_save_rsa_key(keystore_dir, passwd)
  keyids = [key['keyid']]

  # Set role info.
  info = {'keyids': [key['keyid']], 'threshold': threshold}

  # 'role_info' dictionary looks like this:
  # {role : {'keyids : [keyid1, ...] , 'threshold' : 1}}
  # In our case 'role_info[keyids]' will only have on entry since only one
  # is being used.
  role_info = {}
  role_list = ['root', 'targets', 'release', 'timestamp']
  for role in role_list:
    role_info[role] = info

  # At this point there is enough information to create TUF configuration 
  # and metadata files.

  # Build the configuration file.
  conf_path = signerlib.build_config_file(metadata_dir, 365, role_info)

  # Generate the 'root.txt' metadata file.
  signerlib.build_root_file(conf_path, keyids, metadata_dir)

  # Generate the 'targets.txt' metadata file. 
  signerlib.build_targets_file(targets_dir, keyids, metadata_dir)

  # Generate the 'release.txt' metadata file.
  signerlib.build_release_file(keyids, metadata_dir)

  # Generate the 'timestamp.txt' metadata file.
  signerlib.build_timestamp_file(keyids, metadata_dir)

  # Move the metadata to the client's 'current' and 'previous' directories.
  shutil.copytree(metadata_dir, current_dir)
  shutil.copytree(metadata_dir, previous_dir)

  # The repository is now setup!

  # Here is a mirrors dictionary that will allow a client to seek out
  # places to download the metadata and targets from.
  tuf_repo_relpath = os.path.basename(tuf_repo)
  tuf_url = url+tuf_repo_relpath
  mirrors = {'mirror1': {'url_prefix': tuf_url,
                         'metadata_path': 'metadata',
                         'targets_path': 'targets',
                         'confined_target_dirs': ['']}}

  # Adjusting configuration file (tuf.conf.py).
  tuf.conf.repository_directory = tuf_client

  # In order to implement interposition we need to have a config file with
  # the following dictionary JSON-serialized.
  # tuf_url: http://localhost:port/root_repo/tuf_repo/
  hostname = 'localhost:9999'

  interposition_dict = {"configurations":
                          {hostname: 
                            {"repository_directory": tuf_client+'/',
                             "repository_mirrors" : 
                              {"mirror1": 
                                {"url_prefix": tuf_url,
                                 "metadata_path": "metadata",
                                 "targets_path": "targets",
                                 "confined_target_dirs": [ "" ]}}}}}

  #                               "target_paths": [ { "(.*\\.html)": "{0}" } ]

  junk, interpose_json = tempfile.mkstemp(prefix='conf_', dir=root_repo)
  with open(interpose_json, 'wb') as fileobj:
    tuf.util.json.dump(interposition_dict, fileobj)

  tuf.interposition.configure(filename=interpose_json)

  return keyids