def load_timeserver_key(use_new_keys=False):
if use_new_keys:
demo.generate_key('timeserver')
# Load in from the generated files (whether new or old).
timeserver_key = demo.import_private_key('timeserver')
tuf.formats.ANYKEY_SCHEMA.check_match(timeserver_key) # Is this redundant?
return timeserver_key
def load_or_generate_key(use_new_keys=False):
"""Load or generate an ECU's private key."""
global ecu_key
if use_new_keys:
demo.generate_key('secondary')
# Load in from the generated files.
key_pub = demo.import_public_key('secondary')
key_pri = demo.import_private_key('secondary')
ecu_key = uptane.common.canonical_key_from_pub_and_pri(key_pub, key_pri)
def load_timeserver_key(use_new_keys=False):
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[load_timeserver_key(use_new_keys)]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(
str('%s %s %s' %
(I_TO_PRINT, 'Loading timeserver key with use_new_keys:',
use_new_keys)))
#TODO: Until here
if use_new_keys:
demo.generate_key('timeserver')
# Load in from the generated files (whether new or old).
timeserver_key = demo.import_private_key('timeserver')
tuf.formats.ANYKEY_SCHEMA.check_match(timeserver_key) # Is this redundant?
return timeserver_key
def load_or_generate_key(vin, use_new_keys=False):
"""Load or generate an ECU's private key."""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[load_or_generate_key(use_new_keys)]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'Loading or generating keys with use_new_keys:', use_new_keys)))
#TODO: Until here
global ecu_key
if use_new_keys:
demo.generate_key(str('%s%s' % (vin, '_keyPair_secondary')))
# Load in from the generated files.
key_pub = demo.import_public_key(str('%s%s' % (vin, '_keyPair_secondary')))
key_pri = demo.import_private_key(str('%s%s' % (vin, '_keyPair_secondary')))
ecu_key = uptane.common.canonical_key_from_pub_and_pri(key_pub, key_pri)
def load_or_generate_key(use_new_keys=False):
"""Load or generate an ECU's private key."""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[load_or_generate_key()]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(
str('%s %s %s' %
(I_TO_PRINT, 'Loading or generating keys with use_new_keys:',
use_new_keys)))
#TODO: Until here
global ecu_key
if use_new_keys:
demo.generate_key('primary2')
# Load in from the generated files.
key_pub = demo.import_public_key('primary2')
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'primary_key_pub:', key_pub)))
#TODO: Until here
key_pri = demo.import_private_key('primary2')
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'primary_key_pri:', key_pri)))
#TODO: Until here
ecu_key = uptane.common.canonical_key_from_pub_and_pri(key_pub, key_pri)
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'ecu_key:', ecu_key)))
#TODO: Until here
#TODO: Print to be deleted
print(str('%s %s' % (I_TO_PRINT, 'Returning...')))
def clean_slate(use_new_keys=False):
global repo
print(LOG_PREFIX + 'Initializing repository')
# Create target files: file1.txt and infotainment_firmware.txt
if os.path.exists(demo.IMAGE_REPO_TARGETS_DIR):
shutil.rmtree(demo.IMAGE_REPO_TARGETS_DIR)
os.makedirs(demo.IMAGE_REPO_TARGETS_DIR)
fobj = open(os.path.join(demo.IMAGE_REPO_TARGETS_DIR, 'file1.txt'), 'w')
fobj.write('Contents of file1.txt')
fobj.close()
fobj = open(os.path.join(demo.IMAGE_REPO_TARGETS_DIR, 'infotainment_firmware.txt'), 'w')
fobj.write('Contents of infotainment_firmware.txt')
fobj.close()
# Create repo at './repomain'
repo = rt.create_new_repository(demo.IMAGE_REPO_NAME)
print(LOG_PREFIX + 'Loading all keys')
# Create keys and/or load keys into memory.
if use_new_keys:
demo.generate_key('mainroot')
demo.generate_key('maintimestamp')
demo.generate_key('mainsnapshot')
demo.generate_key('maintargets')
demo.generate_key('mainrole1')
key_root_pub = demo.import_public_key('mainroot')
key_root_pri = demo.import_private_key('mainroot')
key_timestamp_pub = demo.import_public_key('maintimestamp')
key_timestamp_pri = demo.import_private_key('maintimestamp')
key_snapshot_pub = demo.import_public_key('mainsnapshot')
key_snapshot_pri = demo.import_private_key('mainsnapshot')
key_targets_pub = demo.import_public_key('maintargets')
key_targets_pri = demo.import_private_key('maintargets')
key_role1_pub = demo.import_public_key('mainrole1')
key_role1_pri = demo.import_private_key('mainrole1')
# Add top level keys to the main repository.
repo.root.add_verification_key(key_root_pub)
repo.timestamp.add_verification_key(key_timestamp_pub)
repo.snapshot.add_verification_key(key_snapshot_pub)
repo.targets.add_verification_key(key_targets_pub)
repo.root.load_signing_key(key_root_pri)
repo.timestamp.load_signing_key(key_timestamp_pri)
repo.snapshot.load_signing_key(key_snapshot_pri)
repo.targets.load_signing_key(key_targets_pri)
# Perform delegation from Image Repo's targets role to Image Repo's role1
# role.
# TODO: <~> Re-enable delegations below. Currently, ASN1 conversion fails
# when there are delegations. This is, of course, untenable, but for now, it
# is more important to experiment with ASN1 than to have a sample delegation.
# Delegate to a new Supplier.
# repo.targets.delegate('role1', [key_role1_pub],
# [os.path.join(demo.IMAGE_REPO_NAME, 'targets/file1.txt'),
# os.path.join(demo.IMAGE_REPO_NAME, 'targets/infotainment_firmware.txt')],
# threshold=1, backtrack=True,
# restricted_paths=[os.path.join(demo.IMAGE_REPO_TARGETS_DIR, '*')])
# Add delegated role keys to repo
# repo.targets('role1').load_signing_key(key_role1_pri)
# Add some starting image files, primarily for use with the web frontend.
add_target_to_imagerepo('demo/images/INFO1.0.txt', 'INFO1.0.txt')
add_target_to_imagerepo('demo/images/TCU1.0.txt', 'TCU1.0.txt')
add_target_to_imagerepo('demo/images/TCU1.1.txt', 'TCU1.1.txt')
add_target_to_imagerepo('demo/images/TCU1.2.txt', 'TCU1.2.txt')
add_target_to_imagerepo('demo/images/BCU1.0.txt', 'BCU1.0.txt')
add_target_to_imagerepo('demo/images/BCU1.1.txt', 'BCU1.1.txt')
add_target_to_imagerepo('demo/images/BCU1.2.txt', 'BCU1.2.txt')
print(LOG_PREFIX + 'Signing and hosting initial repository metadata')
write_to_live()
host()
listen()
def revoke_compromised_keys():
"""
<Purpose>
Revoke the current Timestamp, Snapshot, and Targets keys, and add a new keys
for each role. This is a high-level version of the common function to
update a role key.
<Arguments>
None.
<Exceptions>
None.
<Side Effecs>
None.
<Returns>
None.
"""
global repo
# Pick names for the new Targets, Snapshot, and Timestamp keys. These will be
# the files created. We do this instead of overwriting the existing files
# because we want to be able to start over later with the same original state.
new_targets_keyname = 'new_maintargets'
new_timestamp_keyname = 'new_maintimestamp'
new_snapshot_keyname = 'new_mainsnapshot'
# Grab the old public keys.
old_targets_public_key = demo.import_public_key('maintargets')
old_timestamp_public_key = demo.import_public_key('maintimestamp')
old_snapshot_public_key = demo.import_public_key('mainsnapshot')
# Disassociate the old public keys from the roles.
repo.targets.remove_verification_key(old_targets_public_key)
repo.timestamp.remove_verification_key(old_timestamp_public_key)
repo.snapshot.remove_verification_key(old_snapshot_public_key)
# Generate new public and private keys and import them.
demo.generate_key(new_targets_keyname)
new_targets_public_key = demo.import_public_key(new_targets_keyname)
new_targets_private_key = demo.import_private_key(new_targets_keyname)
demo.generate_key(new_timestamp_keyname)
new_timestamp_public_key = demo.import_public_key(new_timestamp_keyname)
new_timestamp_private_key = demo.import_private_key(new_timestamp_keyname)
demo.generate_key(new_snapshot_keyname)
new_snapshot_public_key = demo.import_public_key(new_snapshot_keyname)
new_snapshot_private_key = demo.import_private_key(new_snapshot_keyname)
# Associate the new public keys with the roles.
repo.targets.add_verification_key(new_targets_public_key)
repo.timestamp.add_verification_key(new_timestamp_public_key)
repo.snapshot.add_verification_key(new_snapshot_public_key)
# Load the new signing keys to write metadata. The root key is unchanged,
# and in the demo it is already loaded. Since we only need the keyid,
# public keys can be used here.
repo.targets.unload_signing_key(old_targets_public_key)
repo.snapshot.unload_signing_key(old_snapshot_public_key)
repo.timestamp.unload_signing_key(old_timestamp_public_key)
# Make sure that the root metadata is written on the next repository write,
# in addition to the other metadata. This should probably happen
# automatically.
# TODO: After the TUF fork merges, see if root is automatically marked dirty
# when the signing keys for top-level roles are reassigned.
repo.mark_dirty(['root'])
repo.targets.load_signing_key(new_targets_private_key)
repo.snapshot.load_signing_key(new_snapshot_private_key)
repo.timestamp.load_signing_key(new_timestamp_private_key)
# Write all the metadata changes to disk (metadata.staged) and copy them to
# the hosted metadata directory.
write_to_live()
def clean_slate(use_new_keys=False):
global repo
# Create target files: file1.txt and infotainment_firmware.txt
if os.path.exists(demo.MAIN_REPO_TARGETS_DIR):
shutil.rmtree(demo.MAIN_REPO_TARGETS_DIR)
os.makedirs(demo.MAIN_REPO_TARGETS_DIR)
fobj = open(os.path.join(demo.MAIN_REPO_TARGETS_DIR, 'file1.txt'), 'w')
fobj.write('Contents of file1.txt')
fobj.close()
fobj = open(
os.path.join(demo.MAIN_REPO_TARGETS_DIR, 'infotainment_firmware.txt'),
'w')
fobj.write('Contents of infotainment_firmware.txt')
fobj.close()
# Create repo at './repomain'
repo = rt.create_new_repository(demo.MAIN_REPO_NAME)
# Create keys and/or load keys into memory.
if use_new_keys:
demo.generate_key('mainroot')
demo.generate_key('maintimestamp')
demo.generate_key('mainsnapshot')
demo.generate_key('maintargets')
demo.generate_key('mainrole1')
key_root_pub = demo.import_public_key('mainroot')
key_root_pri = demo.import_private_key('mainroot')
key_timestamp_pub = demo.import_public_key('maintimestamp')
key_timestamp_pri = demo.import_private_key('maintimestamp')
key_snapshot_pub = demo.import_public_key('mainsnapshot')
key_snapshot_pri = demo.import_private_key('mainsnapshot')
key_targets_pub = demo.import_public_key('maintargets')
key_targets_pri = demo.import_private_key('maintargets')
key_role1_pub = demo.import_public_key('mainrole1')
key_role1_pri = demo.import_private_key('mainrole1')
# Add top level keys to the main repository.
repo.root.add_verification_key(key_root_pub)
repo.timestamp.add_verification_key(key_timestamp_pub)
repo.snapshot.add_verification_key(key_snapshot_pub)
repo.targets.add_verification_key(key_targets_pub)
repo.root.load_signing_key(key_root_pri)
repo.timestamp.load_signing_key(key_timestamp_pri)
repo.snapshot.load_signing_key(key_snapshot_pri)
repo.targets.load_signing_key(key_targets_pri)
# Perform delegation from mainrepo's targets role to mainrepo's role1 role.
# Delegate to a new Supplier.
repo.targets.delegate('role1', [key_role1_pub], [
os.path.join(demo.MAIN_REPO_NAME, 'targets/file1.txt'),
os.path.join(demo.MAIN_REPO_NAME, 'targets/infotainment_firmware.txt')
],
threshold=1,
backtrack=True,
restricted_paths=[
os.path.join(demo.MAIN_REPO_TARGETS_DIR, '*')
])
# Add delegated role keys to repo
repo.targets('role1').load_signing_key(key_role1_pri)
def clean_slate(use_new_keys=False,
additional_root_key=False,
additional_targets_key=False):
global repo
global director_service_instance
# ----------------
# REPOSITORY SETUP:
# ----------------
# Create repo at './repodirector'
repo = rt.create_new_repository(demo.DIRECTOR_REPO_NAME)
# Create keys and/or load keys into memory.
if use_new_keys:
demo.generate_key('directorroot')
demo.generate_key('directortimestamp')
demo.generate_key('directorsnapshot')
demo.generate_key('director') # targets
if additional_root_key:
demo.generate_key('directorroot2')
if additional_targets_key:
demo.generate_key('director2')
key_dirroot_pub = demo.import_public_key('directorroot')
key_dirroot_pri = demo.import_private_key('directorroot')
key_dirtime_pub = demo.import_public_key('directortimestamp')
key_dirtime_pri = demo.import_private_key('directortimestamp')
key_dirsnap_pub = demo.import_public_key('directorsnapshot')
key_dirsnap_pri = demo.import_private_key('directorsnapshot')
key_dirtarg_pub = demo.import_public_key('director')
key_dirtarg_pri = demo.import_private_key('director')
key_dirroot2_pub = None
key_dirroot2_pri = None
if additional_root_key:
key_dirroot2_pub = demo.import_public_key('directorroot2')
key_dirroot2_pri = demo.import_private_key('directorroot2')
if additional_targets_key:
key_dirtarg2_pub = demo.import_public_key('director2')
key_dirtarg2_pri = demo.import_private_key('director2')
# Add top level keys to the main repository.
repo.root.add_verification_key(key_dirroot_pub)
repo.timestamp.add_verification_key(key_dirtime_pub)
repo.snapshot.add_verification_key(key_dirsnap_pub)
repo.targets.add_verification_key(key_dirtarg_pub)
repo.root.load_signing_key(key_dirroot_pri)
repo.timestamp.load_signing_key(key_dirtime_pri)
repo.snapshot.load_signing_key(key_dirsnap_pri)
repo.targets.load_signing_key(key_dirtarg_pri)
if additional_targets_key:
repo.targets.add_verification_key(key_dirtarg2_pub)
repo.targets.load_signing_key(key_dirtarg2_pri)
if additional_root_key:
repo.root.add_verification_key(key_dirroot2_pub)
repo.root.load_signing_key(key_dirroot2_pri)
# Add target to director.
# FOR NOW, we symlink the targets files on the director.
# In the future, we probably have to have the repository tools add a function
# like targets.add_target_from_metadata that doesn't require an actual target
# file to exist, but instead provides metadata on some hypothetical file that
# the director may not physically hold.
if os.path.exists(
os.path.join(demo.DIRECTOR_REPO_TARGETS_DIR,
'infotainment_firmware.txt')):
os.remove(
os.path.join(demo.DIRECTOR_REPO_TARGETS_DIR,
'infotainment_firmware.txt'))
os.symlink(
os.path.join(demo.MAIN_REPO_TARGETS_DIR, 'infotainment_firmware.txt'),
os.path.join(demo.DIRECTOR_REPO_TARGETS_DIR,
'infotainment_firmware.txt'))
fobj = open(
os.path.join(demo.DIRECTOR_REPO_TARGETS_DIR, 'additional_file.txt'),
'w')
fobj.write('Contents of additional_file.txt')
fobj.close()
repo.targets.add_target(os.path.join(demo.DIRECTOR_REPO_TARGETS_DIR,
'infotainment_firmware.txt'),
custom={"ecu-serial-number": "ecu11111"})
#repo.targets.add_target(
# os.path.join(demo.DIRECTOR_REPO_TARGETS_DIR, 'additional_file.txt'),
# custom={"ecu-serial-number": "ecu11111"})
# --------------
# SERVICES SETUP:
# --------------
# Create the demo Director instance.
director_service_instance = director.Director(
key_root=key_dirroot_pri,
key_timestamp=key_dirtime_pri,
key_snapshot=key_dirsnap_pri,
key_targets=key_dirtarg_pri,
ecu_public_keys=dict())
# Start with a hard-coded key for a single ECU for now.
test_ecu_public_key = demo.import_public_key('secondary')
test_ecu_serial = 'ecu11111'
director_service_instance.register_ecu_serial(test_ecu_serial,
test_ecu_public_key)
def clean_slate(use_new_keys=False):
global director_service_instance
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[clean_slate(use_new_keys)]: ' + ENDCOLORS
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'cleaning slate with use_new_keys:', use_new_keys)))
#TODO: Until here
director_dir = os.path.join(uptane.WORKING_DIR, 'director')
#TODO: Print to be deleted
print(str('%s %s %s %s' % (I_TO_PRINT, 'Adding: ', director_dir, 'to os.path')))
#TODO: Until here
# Create a directory for the Director's files.
if os.path.exists(director_dir):
shutil.rmtree(director_dir)
os.makedirs(director_dir)
# Create keys and/or load keys into memory.
print(LOG_PREFIX + 'Loading all keys')
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'Create keys and/or load keys into memory.\n\t\t[use_new_keys]:', use_new_keys)))
#TODO: Until here
#TODO: Print to be deleted
#TODO: Force the creation of new keys
#use_new_keys = True
#print(str('%s %s %s %s' % ('\n\n\n', I_TO_PRINT, 'Forcing the creation of new keys by setting use_new_keys:', use_new_keys)))
#TODO: Until here
if use_new_keys:
demo.generate_key('directorroot')
demo.generate_key('directortimestamp')
demo.generate_key('directorsnapshot')
demo.generate_key('director') # targets
key_dirroot_pub = demo.import_public_key('directorroot')
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirroot_pub]:', key_dirroot_pub)))
#TODO: Until here
key_dirroot_pri = demo.import_private_key('directorroot')
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirroot_pri]:', key_dirroot_pri)))
#TODO: Until here
key_dirtime_pub = demo.import_public_key('directortimestamp')
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirtime_pub]:', key_dirtime_pub)))
#TODO: Until here
key_dirtime_pri = demo.import_private_key('directortimestamp')
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirtime_pri]:', key_dirtime_pri)))
#TODO: Until here
key_dirsnap_pub = demo.import_public_key('directorsnapshot')
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirsnap_pub]:', key_dirsnap_pub)))
#TODO: Until here
key_dirsnap_pri = demo.import_private_key('directorsnapshot')
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirsnap_pri]:', key_dirsnap_pri)))
#TODO: Until here
key_dirtarg_pub = demo.import_public_key('director')
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirtarg_pub]:', key_dirtarg_pub)))
#TODO: Until here
key_dirtarg_pri = demo.import_private_key('director')
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'imported [key_dirtarg_pri]:', key_dirtarg_pri)))
#TODO: Until here
print(LOG_PREFIX + 'Initializing vehicle repositories')
#TODO: Print to be deleted
print(str('%s %s' % (I_TO_PRINT, 'Creating demo Director instance')))
#TODO: Until here
# Create the demo Director instance.
director_service_instance = director.Director(
director_repos_dir=director_dir,
key_root_pri=key_dirroot_pri,
key_root_pub=key_dirroot_pub,
key_timestamp_pri=key_dirtime_pri,
key_timestamp_pub=key_dirtime_pub,
key_snapshot_pri=key_dirsnap_pri,
key_snapshot_pub=key_dirsnap_pub,
key_targets_pri=key_dirtarg_pri,
key_targets_pub=key_dirtarg_pub)
for vin in KNOWN_VINS.keys():
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'Adding new vehicle to director instance with vin: ', vin)))
#TODO: Until here
# Create VIN instance in Director's server
director_service_instance.add_new_vehicle(vin)
# Generate key pair for this new VIN
#demo.generate_key(str(vin + '_keyPair'))
# Import its public key
test_ecu_public_key = demo.import_public_key(str(vin + '_keyPair'))
# Get ECU's serial
test_ecu_serial = KNOWN_VINS[vin]
# Register ECU Serial
director_service_instance.register_ecu_serial(test_ecu_serial, test_ecu_public_key, vin=vin)
# Vincular fitxer infotainment_firmware.txt
for vin in inventory.ecus_by_vin:
for ecu in inventory.ecus_by_vin[vin]:
add_target_to_director(os.path.join(demo.IMAGE_REPO_TARGETS_DIR, 'infotainment_firmware.txt'),
'infotainment_firmware.txt',
vin,
ecu)
# You can tell the Director about ECUs this way:
# test_ecu_public_key = demo.import_public_key('secondary')
# test_ecu_serial = 'ecu11111'
# director_service_instance.register_ecu_serial(
# test_ecu_serial, test_ecu_public_key, vin='111')
#TODO: Print to be deleted
#print(I_TO_PRINT + 'Adding first files')
#TODO: Until here
# Add a first target file, for use by every ECU in every vehicle in that the
# Director starts off with. (Currently 3)
# This copies the file to each vehicle repository's targets directory from
# the Image Repository.
# for vin in inventory.ecus_by_vin:
# for ecu in inventory.ecus_by_vin[vin]:
# add_target_to_director(
# os.path.join(demo.IMAGE_REPO_TARGETS_DIR, 'infotainment_firmware.txt'),
# 'infotainment_firmware.txt',
# vin,
# ecu)
print(LOG_PREFIX + 'Signing and hosting initial repository metadata')
write_to_live()
host()
listen()
def revoke_compromised_keys():
"""
<Purpose>
Revoke the current Timestamp, Snapshot, and Targets keys for all vehicles,
and generate a new key for each role. This is a high-level version of the
common function to update a role key. The director service instance is also
updated with the key changes.
<Arguments>
None.
<Exceptions>
None.
<Side Effecs>
None.
<Returns>
None.
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[revoke_compromised_keys()]: ' + ENDCOLORS
#TODO: Print to be deleted
print(str('%s %s' % (I_TO_PRINT, 'Revoke the current Timestamp, Snapshots, and Targets keys for all vehicles, and generate a new key for each role. This is a high-level version of the common function to update a role key. The director service instance is also updated with the key changes.')))
#TODO: Until here
global director_service_instance
# Generate news keys for the Targets, Snapshot, and Timestamp roles. Make
# sure that the director service instance is updated to use the new keys.
# The 'director' name actually references the targets role.
# TODO: Change Director's targets key to 'directortargets' from 'director'.
new_targets_keyname = 'new_director'
new_timestamp_keyname = 'new_directortimestamp'
new_snapshot_keyname = 'new_directorsnapshot'
# References are needed for the old and new keys later below when we modify
# the repository. Generate new keys for the Targets role...
demo.generate_key(new_targets_keyname)
new_targets_public_key = demo.import_public_key(new_targets_keyname)
new_targets_private_key = demo.import_private_key(new_targets_keyname)
old_targets_public_key = director_service_instance.key_dirtarg_pub
# Timestamp...
demo.generate_key(new_timestamp_keyname)
new_timestamp_public_key = demo.import_public_key(new_timestamp_keyname)
new_timestamp_private_key = demo.import_private_key(new_timestamp_keyname)
old_timestamp_public_key = director_service_instance.key_dirtime_pub
# And Snapshot.
demo.generate_key(new_snapshot_keyname)
new_snapshot_public_key = demo.import_public_key(new_snapshot_keyname)
new_snapshot_private_key = demo.import_private_key(new_snapshot_keyname)
old_snapshot_public_key = director_service_instance.key_dirsnap_pub
# Set the new public and private Targets keys in the director service.
# These keys are shared between all vehicle repositories.
director_service_instance.key_dirtarg_pub = new_targets_public_key
director_service_instance.key_dirtarg_pri = new_targets_private_key
director_service_instance.key_dirtime_pub = new_timestamp_public_key
director_service_instance.key_dirtime_pri = new_timestamp_private_key
director_service_instance.key_dirsnap_pub = new_snapshot_public_key
director_service_instance.key_dirsnap_pri = new_snapshot_private_key
for vin in director_service_instance.vehicle_repositories:
repository = director_service_instance.vehicle_repositories[vin]
repo_dir = repository._repository_directory
# Swap verification keys for the three roles.
repository.targets.remove_verification_key(old_targets_public_key)
repository.targets.add_verification_key(new_targets_public_key)
repository.timestamp.remove_verification_key(old_timestamp_public_key)
repository.timestamp.add_verification_key(new_timestamp_public_key)
repository.snapshot.remove_verification_key(old_snapshot_public_key)
repository.snapshot.add_verification_key(new_snapshot_public_key)
# Unload the old signing keys so that the new metadata only contains
# signatures produced by the new signing keys. Since this is based on
# keyid, the public key can be used.
repository.targets.unload_signing_key(old_targets_public_key)
repository.snapshot.unload_signing_key(old_snapshot_public_key)
repository.timestamp.unload_signing_key(old_timestamp_public_key)
# Load the new signing keys to write metadata. The root key is unchanged,
# and in the demo it is already loaded.
repository.targets.load_signing_key(new_targets_private_key)
repository.snapshot.load_signing_key(new_snapshot_private_key)
repository.timestamp.load_signing_key(new_timestamp_private_key)
# The root role is not automatically marked as dirty when the verification
# keys are updated via repository.<non-root-role>.add_verification_key().
# TODO: Verify this behavior with the latest version of the TUF codebase.
repository.mark_dirty(['root'])
# Push the changes to "live".
write_to_live()
def clean_slate(use_new_keys=False):
global repo
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[clean_slate()]: ' + ENDCOLORS
_print = True
#TODO: Print to be deleted
if _print:
print(
str('%s %s %s' % (I_TO_PRINT, 'Cleaning slate with use_new_keys:',
use_new_keys)))
#TODO: Until here
print(LOG_PREFIX + 'Initializing repository')
# Create target files: file1.txt and infotainment_firmware.txt
#TODO: Print to be deleted
if _print: print(I_TO_PRINT + 'Target files: %s' % target_files.keys())
#TODO: Until here
if os.path.exists(demo.IMAGE_REPO_TARGETS_DIR):
#TODO: Print to be deleted
if _print:
print(I_TO_PRINT + 'Removing files: ' +
demo.IMAGE_REPO_TARGETS_DIR)
#TODO: Until here
shutil.rmtree(demo.IMAGE_REPO_TARGETS_DIR)
#TODO: Print to be deleted
if _print:
print(I_TO_PRINT + 'Creating directories: ' +
demo.IMAGE_REPO_TARGETS_DIR)
#TODO: Until here
os.makedirs(demo.IMAGE_REPO_TARGETS_DIR)
#TODO: Print to be deleted
if _print:
print(I_TO_PRINT + 'Writing content for: %s' % target_files.keys())
#TODO: Until here
for target in target_files.keys():
#TODO: Print to be deleted
if _print: print(I_TO_PRINT + 'Target --> %s' % target)
#TODO: Until here
fobj = open(os.path.join(demo.IMAGE_REPO_TARGETS_DIR, target), 'w')
fobj.write(target_files[target])
fobj.close()
# Create repo at './repomain'
#TODO: Print to be deleted
if _print:
print(I_TO_PRINT + 'Creating new repository at: ' +
demo.IMAGE_REPO_NAME)
#TODO: Until here
repo = rt.create_new_repository(demo.IMAGE_REPO_NAME)
print(LOG_PREFIX + 'Loading all keys')
# Create keys and/or load keys into memory.
if use_new_keys:
demo.generate_key('mainroot')
demo.generate_key('maintimestamp')
demo.generate_key('mainsnapshot')
demo.generate_key('maintargets')
demo.generate_key('mainrole1')
#TODO: Print to be deleted
if _print:
print(
I_TO_PRINT +
'Loading keys for TOP-LEVEL roles: root, timestamp, snapshots, targets, role1'
)
#TODO: Until here
key_root_pub = demo.import_public_key('mainroot')
#TODO: Print to be deleted
if _print:
print(str('%s %s %s' % (I_TO_PRINT, 'key_root_pub:', key_root_pub)))
#TODO: Until here
key_root_pri = demo.import_private_key('mainroot')
#TODO: Print to be deleted
if _print:
print(str('%s %s %s' % (I_TO_PRINT, 'key_root_pri:', key_root_pri)))
#TODO: Until here
key_timestamp_pub = demo.import_public_key('maintimestamp')
#TODO: Print to be deleted
if _print:
print(
str('%s %s %s' %
(I_TO_PRINT, 'key_timestamp_pub:', key_timestamp_pub)))
#TODO: Until here
key_timestamp_pri = demo.import_private_key('maintimestamp')
#TODO: Print to be deleted
if _print:
print(
str('%s %s %s' %
(I_TO_PRINT, 'key_timestamp_pri:', key_timestamp_pri)))
#TODO: Until here
key_snapshot_pub = demo.import_public_key('mainsnapshot')
#TODO: Print to be deleted
if _print:
print(
str('%s %s %s' %
(I_TO_PRINT, 'key_snapshot_pub:', key_snapshot_pub)))
#TODO: Until here
key_snapshot_pri = demo.import_private_key('mainsnapshot')
#TODO: Print to be deleted
if _print:
print(
str('%s %s %s' %
(I_TO_PRINT, 'key_snapshot_pri:', key_snapshot_pri)))
#TODO: Until here
key_targets_pub = demo.import_public_key('maintargets')
#TODO: Print to be deleted
if _print:
print(
str('%s %s %s' %
(I_TO_PRINT, 'key_targets_pub:', key_targets_pub)))
#TODO: Until here
key_targets_pri = demo.import_private_key('maintargets')
#TODO: Print to be deleted
if _print:
print(
str('%s %s %s' %
(I_TO_PRINT, 'key_targets_pri:', key_targets_pri)))
#TODO: Until here
key_role1_pub = demo.import_public_key('mainrole1')
#TODO: Print to be deleted
if _print:
print(str('%s %s %s' % (I_TO_PRINT, 'key_role1_pub:', key_role1_pub)))
#TODO: Until here
key_role1_pri = demo.import_private_key('mainrole1')
#TODO: Print to be deleted
if _print:
print(str('%s %s %s' % (I_TO_PRINT, 'key_role1_pri:', key_role1_pri)))
#TODO: Until here
#TODO: Print to be deleted
if _print:
print(
str('\n%s %s' %
(I_TO_PRINT, 'Adding TOP-LEVEL keys to the main repository')))
#TODO: Until here
# Add top level keys to the main repository.
#TODO: Print to be deleted
if _print:
print(str('%s %s' % (I_TO_PRINT, 'Adding verification key_root_pub')))
#TODO: Until here
repo.root.add_verification_key(key_root_pub)
#TODO: Print to be deleted
if _print:
print(
str('%s %s' %
(I_TO_PRINT, 'Adding verification key_timestamp_pub')))
#TODO: Until here
repo.timestamp.add_verification_key(key_timestamp_pub)
#TODO: Print to be deleted
if _print:
print(
str('%s %s' %
(I_TO_PRINT, 'Adding verification key_snapshot_pub')))
#TODO: Until here
repo.snapshot.add_verification_key(key_snapshot_pub)
#TODO: Print to be deleted
if _print:
print(
str('%s %s' % (I_TO_PRINT, 'Adding verification key_targets_pub')))
#TODO: Until here
repo.targets.add_verification_key(key_targets_pub)
#TODO: Print to be deleted
if _print:
print(str('%s %s' % (I_TO_PRINT, 'Adding signing key_root_pri')))
#TODO: Until here
repo.root.load_signing_key(key_root_pri)
#TODO: Print to be deleted
if _print:
print(str('%s %s' % (I_TO_PRINT, 'Adding signing key_timestamp_pri')))
#TODO: Until here
repo.timestamp.load_signing_key(key_timestamp_pri)
#TODO: Print to be deleted
if _print:
print(str('%s %s' % (I_TO_PRINT, 'Adding signing key_snapshot_pri')))
#TODO: Until here
repo.snapshot.load_signing_key(key_snapshot_pri)
#TODO: Print to be deleted
if _print:
print(str('%s %s' % (I_TO_PRINT, 'Adding signing key_targets_pri')))
#TODO: Until here
repo.targets.load_signing_key(key_targets_pri)
# Perform delegation from Image Repo's targets role to Image Repo's role1
# role.
# TODO: <~> Re-enable delegations below. Currently, ASN1 conversion fails
# when there are delegations. This is, of course, untenable, but for now, it
# is more important to experiment with ASN1 than to have a sample delegation.
# Delegate to a new Supplier.
# repo.targets.delegate('role1', [key_role1_pub],
# [os.path.join(demo.IMAGE_REPO_NAME, 'targets/file1.txt'),
# os.path.join(demo.IMAGE_REPO_NAME, 'targets/infotainment_firmware.txt')],
# threshold=1, backtrack=True,
# restricted_paths=[os.path.join(demo.IMAGE_REPO_TARGETS_DIR, '*')])
# Add delegated role keys to repo
# repo.targets('role1').load_signing_key(key_role1_pri)
#TODO: Print to be deleted
if _print:
print(I_TO_PRINT + 'Adding some already created targets to imagerepo')
#TODO: Until here
# Add some starting image files, primarily for use with the web frontend.
# add_target_to_imagerepo('demo/images/CommonINFO1.0.txt', 'CommonINFO1.0.txt')
add_target_to_imagerepo('demo/images/infotainment_firmware.txt',
'infotainment_firmware.txt')
add_target_to_imagerepo('demo/images/URV1.0.txt', 'URV1.0.txt')
add_target_to_imagerepo('demo/images/URV1.1.txt', 'URV1.1.txt')
add_target_to_imagerepo('demo/images/URV1.2.txt', 'URV1.2.txt')
add_target_to_imagerepo('demo/images/UOC1.0.txt', 'UOC1.0.txt')
add_target_to_imagerepo('demo/images/UOC1.1.txt', 'UOC1.1.txt')
add_target_to_imagerepo('demo/images/UOC1.2.txt', 'UOC1.2.txt')
add_target_to_imagerepo('demo/images/UOCMod1_new_firmware.img',
'UOCMod1_new_firmware.img')
print(LOG_PREFIX + 'Signing and hosting initial repository metadata')
write_to_live()
host()
listen()