def test_1__get_password(self):
# SETUP
original_getpass = signercli.getpass.getpass
password = self.random_string()
def _mock_getpass(junk1, junk2, pw=password):
return pw
# Patch getpass.getpass().
signercli.getpass.getpass = _mock_getpass
# Test: normal case.
self.assertEqual(signercli._get_password(), password)
# RESTORE
signercli.getpass.getpass = original_getpass
def update_metadata(keystore_path, project_root, root_cfg_path, server_dir, state=BUILD_ROOT):
logger.info(state)
# normalize the paths
metadata_root = os.path.join(server_dir, "meta")
targets_root = os.path.join(server_dir, "targets")
# build the keydb
key_db = keystore.KeyStore(keystore_path)
if TEST: key_db.load(['test'])
while True:
if TEST: break
line = signercli._get_password("Please input a decryption password for the keystore, or -- to stop: ")
if line != '--':
key_db.load([line])
else:
break
# get the config data
root_cfg = ConfigParser()
root_cfg.read(root_cfg_path)
fuzzy_root_keys = [key for key in root_cfg.get("root", "keyids").split(", ")]
fuzzy_targets_keys = [key for key in root_cfg.get("targets", "keyids").split(", ")]
fuzzy_release_keys = [key for key in root_cfg.get("release", "keyids").split(", ")]
fuzzy_timestamp_keys = [key for key in root_cfg.get("timestamp", "keyids").split(", ")]
# copy the project over to the targets root
if project_root != targets_root:
rmtree(targets_root)
logger.info("removed the tree")
copytree(project_root, targets_root)
logger.info("copied the tree")
# started
if state == BUILD_ROOT:
try:
build_root_txt(root_cfg_path, fuzzy_root_keys, key_db, metadata_root)
state += 1
except:
logger.info('Quickstart was unable to build root.txt. Please send the incomplete update to your root key holder.')
logger.info('They can continue the update process by running quickstart with the \'-step build_root\' argument')
state = FINISH
# built_root
logger.info("done with root")
if state == BUILD_TARGETS:
try:
build_targets_txt(targets_root, fuzzy_targets_keys, key_db, server_dir)
state += 1
print("BUILT TARGETS")
except:
logger.info('Quickstart was unable to build targets.txt. Please send the incomplete update to your targets key holder.')
logger.info('They can continue the update process by running quickstart with the \'-step build_targets\' argument')
state = FINISH
# built_targets
logger.info("done with targets")
if state == BUILD_RELEASE:
try:
build_release_txt(fuzzy_release_keys, key_db, metadata_root)
state += 1
except:
logger.info('Quickstart was unable to build release.txt. Please send the incomplete update to your release key holder.')
logger.info('They can continue the update process by running quickstart with the \'-step build_release\' argument')
state = FINISH
# built_release
logger.info("done with the release")
if state == BUILD_TIMESTAMP:
try:
build_timestamp_txt(fuzzy_timestamp_keys, key_db, metadata_root)
state += 1
except:
logger.info('Quickstart was unable to build timestamp.txt. Please send the incomplete update to your timestamp key holder.')
logger.info('They can continue the update process by running quickstart with the \'-step build_timestamp\' argument')
state = FINISH
# almost done
logger.info("done with the timestamp")
logger.info("done updating")
if not options.KEYSTORE_LOCATION:
options.KEYSTORE_LOCATION = get_keystore_location()
# build the keystore
key_db = keystore.KeyStore(options.KEYSTORE_LOCATION)
key_ids = {}
for k in ["root", "targets", "release", "timestamp"]:
threshold = getattr(options, k.upper() + "_THRESHOLD")
if not threshold and not options.DEFAULT_THRESHOLD:
threshold = get_threshold(k)
elif options.DEFAULT_THRESHOLD:
threshold = options.DEFAULT_THRESHOLD
for i in range(threshold):
key = signerlib.generate_key(options.DEFAULT_KEY_SIZE)
if TEST: password = '******'
else: password = signercli._get_password()
key_db.add_key(key, password)
try:
key_ids[k][0].append(key.get_key_id())
except KeyError:
key_ids[k] = ([key.get_key_id()], threshold)
key_db.save()
# get the server root
if not options.SERVER_ROOT_LOCATION:
options.SERVER_ROOT_LOCATION = get_server_root()
# build the server root
metadata_loc = options.SERVER_ROOT_LOCATION + pathsep + "meta"
print metadata_loc
targets_loc = options.SERVER_ROOT_LOCATION + pathsep + "targets"
print targets_loc
def update_metadata(keystore_path, project_root, root_cfg_path, server_dir, add_keys, remove_keys, thresholds, keysize, state=BUILD_ROOT):
logger.info(state)
# normalize the paths
metadata_root = os.path.join(server_dir, "meta")
targets_root = os.path.join(server_dir, "targets")
# build the keydb
key_db = keystore.KeyStore(keystore_path)
if TEST: key_db.load(['test'])
while True:
if TEST: break
line = signercli._get_password("Please input a decryption password for the keystore, or -- to stop: ")
if line != '--':
key_db.load([line])
else:
break
# these are the keys we'll sign with and those that will wind up in the
# root.cfg when we're done
fuzzy_keys = {'root': set(), 'targets': set(), 'release': set(), 'timestamp': set()}
if not thresholds:
thresholds = { 'root': 1,
'targets': 1,
'release': 1,
'timestamp': 1}
# generate any new keys
for role, add in add_keys.items():
if add:
key = signerlib.generate_key(keysize)
pw = signercli._get_password()
key_db.add_key(key, pw)
fuzzy_keys[role].add(key.get_key_id())
key_db.save()
# get the config data
root_cfg = ConfigParser()
root_cfg.read(root_cfg_path)
# read the config data
known_keys = list(key_db._keys)
for role in fuzzy_keys:
for key_id in root_cfg.get(role, "keyids").split(","):
if key_id in known_keys:
fuzzy_keys[role].add(key_id)
if not thresholds[role]:
thresholds[role] = root_cfg.get(role, 'threshold')
# remove any removed keys
for role in fuzzy_keys:
fuzzy_keys[role].discard(remove_keys[role])
# write the results back to the root.cfg
expiration = root_cfg.get('expiration', 'days')
keydata = {}
for role in fuzzy_keys:
previous_keys = set(root_cfg.get(role, 'keyids').split(','))
previous_keys.discard(remove_keys[role])
previous_keys |= set(fuzzy_keys[role])
if len(previous_keys) < thresholds[role]:
msg = "Number of keys for %s is less then threshold."
msg += "Threshold set: %s, keys provided: %s"
msg = msg % (role, thresholds[role], previous_keys)
log.error(msg)
return
keydata[role] = (previous_keys, thresholds[role])
build_root_cfg(server_dir, expiration, keydata)
# copy the project over to the targets root
if project_root != targets_root:
rmtree(targets_root)
logger.info("removed the tree")
copytree(project_root, targets_root)
logger.info("copied the tree")
# started
if state == BUILD_ROOT:
try:
build_root_txt(root_cfg_path, fuzzy_keys['root'], key_db, metadata_root)
state += 1
except Exception, e:
print e
logger.info('Quickstart was unable to build root.txt. Please send the incomplete update to your root key holder.')
logger.info('They can continue the update process by running quickstart with the \'-step build_root\' argument')
state = FINISH
if not options.KEYSTORE_LOCATION:
options.KEYSTORE_LOCATION = get_keystore_location()
# build the keystore
key_db = keystore.KeyStore(options.KEYSTORE_LOCATION)
key_ids = {}
for k in ["root", "targets", "release", "timestamp"]:
threshold = getattr(options, k.upper() + "_THRESHOLD")
if not threshold and not options.DEFAULT_THRESHOLD:
threshold = get_threshold(k)
elif options.DEFAULT_THRESHOLD:
threshold = options.DEFAULT_THRESHOLD
for i in range(threshold):
key = signerlib.generate_key(options.DEFAULT_KEY_SIZE)
if TEST: password = '******'
else: password = signercli._get_password('Password for %s key #%d: ' % (k, i+1))
key_db.add_key(key, password)
if not TEST: print 'keyid for %s key #%d: %s' % (k, i+1, key.get_key_id())
try:
key_ids[k][0].append(key.get_key_id())
except KeyError:
key_ids[k] = ([key.get_key_id()], threshold)
key_db.save()
# get the server root
if not options.SERVER_ROOT_LOCATION:
options.SERVER_ROOT_LOCATION = get_server_root()
# build the server root
metadata_loc = options.SERVER_ROOT_LOCATION + pathsep + "meta"
targets_loc = options.SERVER_ROOT_LOCATION + pathsep + "targets"
try: mkdir(options.SERVER_ROOT_LOCATION)
