python-tuf/tests/test_api.py

# Copyright 2020, New York University and the TUF contributors
# SPDX-License-Identifier: MIT OR Apache-2.0
"""Unit tests for api/metadata.py"""

from __future__ import annotations

import json
import logging
import os
import shutil
import sys
import tempfile
import unittest
from copy import copy, deepcopy
from datetime import datetime, timedelta, timezone
from pathlib import Path
from typing import ClassVar

from securesystemslib import exceptions as sslib_exceptions
from securesystemslib.signer import (
    CryptoSigner,
    Key,
    SecretsHandler,
    Signer,
    SSlibKey,
)

from tests import utils
from tuf.api import exceptions
from tuf.api.dsse import SimpleEnvelope
from tuf.api.metadata import (
    TOP_LEVEL_ROLE_NAMES,
    DelegatedRole,
    Delegations,
    Metadata,
    MetaFile,
    Root,
    RootVerificationResult,
    Signature,
    Snapshot,
    SuccinctRoles,
    TargetFile,
    Targets,
    Timestamp,
    VerificationResult,
)
from tuf.api.serialization import DeserializationError, SerializationError
from tuf.api.serialization.json import JSONSerializer

logger = logging.getLogger(__name__)


class TestMetadata(unittest.TestCase):
    """Tests for public API of all classes in 'tuf/api/metadata.py'."""

    temporary_directory: ClassVar[str]
    repo_dir: ClassVar[str]
    keystore_dir: ClassVar[str]
    signers: ClassVar[dict[str, Signer]]

    @classmethod
    def setUpClass(cls) -> None:
        # Create a temporary directory to store the repository, metadata, and
        # target files.  'temporary_directory' must be deleted in
        # TearDownClass() so that temporary files are always removed, even when
        # exceptions occur.
        cls.temporary_directory = tempfile.mkdtemp(dir=os.getcwd())

        test_repo_data = os.path.join(
            os.path.dirname(os.path.realpath(__file__)), "repository_data"
        )

        cls.repo_dir = os.path.join(cls.temporary_directory, "repository")
        shutil.copytree(
            os.path.join(test_repo_data, "repository"), cls.repo_dir
        )

        cls.keystore_dir = os.path.join(cls.temporary_directory, "keystore")
        shutil.copytree(
            os.path.join(test_repo_data, "keystore"), cls.keystore_dir
        )

        path = os.path.join(cls.repo_dir, "metadata", "root.json")
        root = Metadata[Root].from_file(path).signed

        # Load signers

        cls.signers = {}
        for role in [Snapshot.type, Targets.type, Timestamp.type]:
            uri = f"file2:{os.path.join(cls.keystore_dir, role + '_key')}"
            role_obj = root.get_delegated_role(role)
            key = root.get_key(role_obj.keyids[0])
            cls.signers[role] = CryptoSigner.from_priv_key_uri(uri, key)

    @classmethod
    def tearDownClass(cls) -> None:
        # Remove the temporary repository directory, which should contain all
        # the metadata, targets, and key files generated for the test cases.
        shutil.rmtree(cls.temporary_directory)

    def test_generic_read(self) -> None:
        for metadata, inner_metadata_cls in [
            (Root.type, Root),
            (Snapshot.type, Snapshot),
            (Timestamp.type, Timestamp),
            (Targets.type, Targets),
        ]:
            # Load JSON-formatted metadata of each supported type from file
            # and from out-of-band read JSON string
            path = os.path.join(self.repo_dir, "metadata", metadata + ".json")
            md_obj = Metadata.from_file(path)
            with open(path, "rb") as f:
                md_obj2 = Metadata.from_bytes(f.read())

            # Assert that both methods instantiate the right inner class for
            # each metadata type and ...
            self.assertTrue(isinstance(md_obj.signed, inner_metadata_cls))
            self.assertTrue(isinstance(md_obj2.signed, inner_metadata_cls))

            # ... and return the same object (compared by dict representation)
            self.assertDictEqual(md_obj.to_dict(), md_obj2.to_dict())

        # Assert that it chokes correctly on an unknown metadata type
        bad_metadata_path = "bad-metadata.json"
        bad_metadata = {"signed": {"_type": "bad-metadata"}}
        bad_string = json.dumps(bad_metadata).encode("utf-8")
        with open(bad_metadata_path, "wb") as f:
            f.write(bad_string)

        with self.assertRaises(DeserializationError):
            Metadata.from_file(bad_metadata_path)
        with self.assertRaises(DeserializationError):
            Metadata.from_bytes(bad_string)

        os.remove(bad_metadata_path)

    def test_md_read_write_file_exceptions(self) -> None:
        # Test writing to a file with bad filename
        with self.assertRaises(exceptions.StorageError):
            Metadata.from_file("bad-metadata.json")

        # Test serializing to a file with bad filename
        with self.assertRaises(exceptions.StorageError):
            md = Metadata.from_file(
                os.path.join(self.repo_dir, "metadata", "root.json")
            )
            md.to_file("")

    def test_compact_json(self) -> None:
        path = os.path.join(self.repo_dir, "metadata", "targets.json")
        md_obj = Metadata.from_file(path)
        self.assertTrue(
            len(JSONSerializer(compact=True).serialize(md_obj))
            < len(JSONSerializer().serialize(md_obj))
        )

    def test_read_write_read_compare(self) -> None:
        for metadata in TOP_LEVEL_ROLE_NAMES:
            path = os.path.join(self.repo_dir, "metadata", metadata + ".json")
            md_obj = Metadata.from_file(path)

            path_2 = path + ".tmp"
            md_obj.to_file(path_2)
            md_obj_2 = Metadata.from_file(path_2)
            self.assertDictEqual(md_obj.to_dict(), md_obj_2.to_dict())

            os.remove(path_2)

    def test_serialize_with_validate(self) -> None:
        # Assert that by changing one required attribute validation will fail.
        root = Metadata.from_file(
            os.path.join(self.repo_dir, "metadata", "root.json")
        )
        root.signed.version = 0
        with self.assertRaises(SerializationError):
            root.to_bytes(JSONSerializer(validate=True))

    def test_to_from_bytes(self) -> None:
        for metadata in TOP_LEVEL_ROLE_NAMES:
            path = os.path.join(self.repo_dir, "metadata", metadata + ".json")
            with open(path, "rb") as f:
                metadata_bytes = f.read()
            md_obj = Metadata.from_bytes(metadata_bytes)
            # Compare that from_bytes/to_bytes doesn't change the content
            # for two cases for the serializer: noncompact and compact.

            # Case 1: test noncompact by overriding the default serializer.
            self.assertEqual(md_obj.to_bytes(JSONSerializer()), metadata_bytes)

            # Case 2: test compact by using the default serializer.
            obj_bytes = md_obj.to_bytes()
            metadata_obj_2 = Metadata.from_bytes(obj_bytes)
            self.assertEqual(metadata_obj_2.to_bytes(), obj_bytes)

    def test_sign_verify(self) -> None:
        path = os.path.join(self.repo_dir, "metadata")
        root = Metadata[Root].from_file(os.path.join(path, "root.json")).signed

        # Locate the public keys we need from root
        targets_keyid = next(iter(root.roles[Targets.type].keyids))
        targets_key = root.keys[targets_keyid]
        snapshot_keyid = next(iter(root.roles[Snapshot.type].keyids))
        snapshot_key = root.keys[snapshot_keyid]
        timestamp_keyid = next(iter(root.roles[Timestamp.type].keyids))
        timestamp_key = root.keys[timestamp_keyid]

        # Load sample metadata (targets) and assert ...
        md_obj = Metadata.from_file(os.path.join(path, "targets.json"))
        sig = md_obj.signatures[targets_keyid]
        data = md_obj.signed_bytes

        # ... it has a single existing signature,
        self.assertEqual(len(md_obj.signatures), 1)
        # ... which is valid for the correct key.
        targets_key.verify_signature(sig, data)
        with self.assertRaises(sslib_exceptions.VerificationError):
            snapshot_key.verify_signature(sig, data)

        # Append a new signature with the unrelated key and assert that ...
        snapshot_sig = md_obj.sign(self.signers[Snapshot.type], append=True)
        # ... there are now two signatures, and
        self.assertEqual(len(md_obj.signatures), 2)
        # ... both are valid for the corresponding keys.
        targets_key.verify_signature(sig, data)
        snapshot_key.verify_signature(snapshot_sig, data)
        # ... the returned (appended) signature is for snapshot key
        self.assertEqual(snapshot_sig.keyid, snapshot_keyid)

        # Create and assign (don't append) a new signature and assert that ...
        ts_sig = md_obj.sign(self.signers[Timestamp.type], append=False)
        # ... there now is only one signature,
        self.assertEqual(len(md_obj.signatures), 1)
        # ... valid for that key.
        timestamp_key.verify_signature(ts_sig, data)
        with self.assertRaises(sslib_exceptions.VerificationError):
            targets_key.verify_signature(ts_sig, data)

    def test_sign_failures(self) -> None:
        # Test throwing UnsignedMetadataError because of signing problems
        md = Metadata.from_file(
            os.path.join(self.repo_dir, "metadata", "snapshot.json")
        )

        class FailingSigner(Signer):
            @classmethod
            def from_priv_key_uri(
                cls,
                _priv_key_uri: str,
                _public_key: Key,
                _secrets_handler: SecretsHandler | None = None,
            ) -> Signer:
                raise RuntimeError("Not a real signer")

            @property
            def public_key(self) -> Key:
                raise RuntimeError("Not a real signer")

            def sign(self, _payload: bytes) -> Signature:
                raise RuntimeError("signing failed")

        failing_signer = FailingSigner()

        with self.assertRaises(exceptions.UnsignedMetadataError):
            md.sign(failing_signer)

    def test_key_verify_failures(self) -> None:
        root_path = os.path.join(self.repo_dir, "metadata", "root.json")
        root = Metadata[Root].from_file(root_path).signed

        # Locate the timestamp public key we need from root
        timestamp_keyid = next(iter(root.roles[Timestamp.type].keyids))
        timestamp_key = root.keys[timestamp_keyid]

        # Load sample metadata (timestamp)
        path = os.path.join(self.repo_dir, "metadata", "timestamp.json")
        md_obj = Metadata.from_file(path)
        sig = md_obj.signatures[timestamp_keyid]
        data = md_obj.signed_bytes

        # Test failure on unknown scheme (securesystemslib
        # UnsupportedAlgorithmError)
        scheme = timestamp_key.scheme
        timestamp_key.scheme = "foo"
        with self.assertRaises(sslib_exceptions.VerificationError):
            timestamp_key.verify_signature(sig, data)
        timestamp_key.scheme = scheme

        # Test failure on broken public key data (securesystemslib
        # CryptoError)
        public = timestamp_key.keyval["public"]
        timestamp_key.keyval["public"] = "ffff"
        with self.assertRaises(sslib_exceptions.VerificationError):
            timestamp_key.verify_signature(sig, data)
        timestamp_key.keyval["public"] = public

        # Test failure with invalid signature (securesystemslib
        # FormatError)
        incorrect_sig = copy(sig)
        incorrect_sig.signature = "foo"
        with self.assertRaises(sslib_exceptions.VerificationError):
            timestamp_key.verify_signature(incorrect_sig, data)

        # Test failure with valid but incorrect signature
        incorrect_sig.signature = "ff" * 64
        with self.assertRaises(sslib_exceptions.UnverifiedSignatureError):
            timestamp_key.verify_signature(incorrect_sig, data)

    def test_metadata_signed_is_expired(self) -> None:
        # Use of Snapshot is arbitrary, we're just testing the base class
        # features with real data
        snapshot_path = os.path.join(self.repo_dir, "metadata", "snapshot.json")
        md = Metadata.from_file(snapshot_path)

        expected_expiry = datetime(2030, 1, 1, 0, 0, tzinfo=timezone.utc)
        self.assertEqual(md.signed.expires, expected_expiry)

        # Test is_expired with reference_time provided
        is_expired = md.signed.is_expired(md.signed.expires)
        self.assertTrue(is_expired)
        is_expired = md.signed.is_expired(md.signed.expires + timedelta(days=1))
        self.assertTrue(is_expired)
        is_expired = md.signed.is_expired(md.signed.expires - timedelta(days=1))
        self.assertFalse(is_expired)

        # Test is_expired without reference_time,
        # manipulating md.signed.expires
        expires = md.signed.expires
        md.signed.expires = datetime.now(timezone.utc)
        is_expired = md.signed.is_expired()
        self.assertTrue(is_expired)
        md.signed.expires = datetime.now(timezone.utc) + timedelta(days=1)
        is_expired = md.signed.is_expired()
        self.assertFalse(is_expired)
        md.signed.expires = expires

    def test_metadata_verify_delegate(self) -> None:
        root_path = os.path.join(self.repo_dir, "metadata", "root.json")
        root = Metadata[Root].from_file(root_path)
        snapshot_path = os.path.join(self.repo_dir, "metadata", "snapshot.json")
        snapshot = Metadata[Snapshot].from_file(snapshot_path)
        targets_path = os.path.join(self.repo_dir, "metadata", "targets.json")
        targets = Metadata[Targets].from_file(targets_path)
        role1_path = os.path.join(self.repo_dir, "metadata", "role1.json")
        role1 = Metadata[Targets].from_file(role1_path)
        role2_path = os.path.join(self.repo_dir, "metadata", "role2.json")
        role2 = Metadata[Targets].from_file(role2_path)

        # test the expected delegation tree
        root.verify_delegate(Root.type, root)
        root.verify_delegate(Snapshot.type, snapshot)
        root.verify_delegate(Targets.type, targets)
        targets.verify_delegate("role1", role1)
        role1.verify_delegate("role2", role2)

        # only root and targets can verify delegates
        with self.assertRaises(TypeError):
            snapshot.verify_delegate(Snapshot.type, snapshot)
        # verify fails for roles that are not delegated by delegator
        with self.assertRaises(ValueError):
            root.verify_delegate("role1", role1)
        with self.assertRaises(ValueError):
            targets.verify_delegate(Targets.type, targets)
        # verify fails when delegator has no delegations
        with self.assertRaises(ValueError):
            role2.verify_delegate("role1", role1)

    def test_signed_verify_delegate(self) -> None:
        root_path = os.path.join(self.repo_dir, "metadata", "root.json")
        root_md = Metadata[Root].from_file(root_path)
        root = root_md.signed
        snapshot_path = os.path.join(self.repo_dir, "metadata", "snapshot.json")
        snapshot_md = Metadata[Snapshot].from_file(snapshot_path)
        snapshot = snapshot_md.signed
        targets_path = os.path.join(self.repo_dir, "metadata", "targets.json")
        targets_md = Metadata[Targets].from_file(targets_path)
        targets = targets_md.signed
        role1_path = os.path.join(self.repo_dir, "metadata", "role1.json")
        role1_md = Metadata[Targets].from_file(role1_path)
        role1 = role1_md.signed
        role2_path = os.path.join(self.repo_dir, "metadata", "role2.json")
        role2_md = Metadata[Targets].from_file(role2_path)
        role2 = role2_md.signed

        # test the expected delegation tree
        root.verify_delegate(
            Root.type, root_md.signed_bytes, root_md.signatures
        )
        root.verify_delegate(
            Snapshot.type, snapshot_md.signed_bytes, snapshot_md.signatures
        )
        root.verify_delegate(
            Targets.type, targets_md.signed_bytes, targets_md.signatures
        )
        targets.verify_delegate(
            "role1", role1_md.signed_bytes, role1_md.signatures
        )
        role1.verify_delegate(
            "role2", role2_md.signed_bytes, role2_md.signatures
        )

        # only root and targets can verify delegates
        with self.assertRaises(AttributeError):
            snapshot.verify_delegate(
                Snapshot.type, snapshot_md.signed_bytes, snapshot_md.signatures
            )
        # verify fails for roles that are not delegated by delegator
        with self.assertRaises(ValueError):
            root.verify_delegate(
                "role1", role1_md.signed_bytes, role1_md.signatures
            )
        with self.assertRaises(ValueError):
            targets.verify_delegate(
                Targets.type, targets_md.signed_bytes, targets_md.signatures
            )
        # verify fails when delegator has no delegations
        with self.assertRaises(ValueError):
            role2.verify_delegate(
                "role1", role1_md.signed_bytes, role1_md.signatures
            )

        # verify fails when delegate content is modified
        expires = snapshot.expires
        snapshot.expires = expires + timedelta(days=1)
        with self.assertRaises(exceptions.UnsignedMetadataError):
            root.verify_delegate(
                Snapshot.type, snapshot_md.signed_bytes, snapshot_md.signatures
            )
        snapshot.expires = expires

        # verify fails if sslib verify fails with VerificationError
        # (in this case signature is malformed)
        keyid = next(iter(root.roles[Snapshot.type].keyids))
        good_sig = snapshot_md.signatures[keyid].signature
        snapshot_md.signatures[keyid].signature = "foo"
        with self.assertRaises(exceptions.UnsignedMetadataError):
            root.verify_delegate(
                Snapshot.type, snapshot_md.signed_bytes, snapshot_md.signatures
            )
        snapshot_md.signatures[keyid].signature = good_sig

        # verify fails if roles keys do not sign the metadata
        with self.assertRaises(exceptions.UnsignedMetadataError):
            root.verify_delegate(
                Timestamp.type, snapshot_md.signed_bytes, snapshot_md.signatures
            )

        # Add a key to snapshot role, make sure the new sig fails to verify
        ts_keyid = next(iter(root.roles[Timestamp.type].keyids))
        root.add_key(root.keys[ts_keyid], Snapshot.type)
        snapshot_md.signatures[ts_keyid] = Signature(ts_keyid, "ff" * 64)

        # verify succeeds if threshold is reached even if some signatures
        # fail to verify
        root.verify_delegate(
            Snapshot.type, snapshot_md.signed_bytes, snapshot_md.signatures
        )

        # verify fails if threshold of signatures is not reached
        root.roles[Snapshot.type].threshold = 2
        with self.assertRaises(exceptions.UnsignedMetadataError):
            root.verify_delegate(
                Snapshot.type, snapshot_md.signed_bytes, snapshot_md.signatures
            )

        # verify succeeds when we correct the new signature and reach the
        # threshold of 2 keys
        snapshot_md.sign(self.signers[Timestamp.type], append=True)
        root.verify_delegate(
            Snapshot.type, snapshot_md.signed_bytes, snapshot_md.signatures
        )

    def test_verification_result(self) -> None:
        key = SSlibKey("", "", "", {"public": ""})
        vr = VerificationResult(3, {"a": key}, {"b": key})
        self.assertEqual(vr.missing, 2)
        self.assertFalse(vr.verified)
        self.assertFalse(vr)

        # Add a signature
        vr.signed["c"] = key
        self.assertEqual(vr.missing, 1)
        self.assertFalse(vr.verified)
        self.assertFalse(vr)

        # Add last missing signature
        vr.signed["d"] = key
        self.assertEqual(vr.missing, 0)
        self.assertTrue(vr.verified)
        self.assertTrue(vr)

        # Add one more signature
        vr.signed["e"] = key
        self.assertEqual(vr.missing, 0)
        self.assertTrue(vr.verified)
        self.assertTrue(vr)

    def test_root_verification_result(self) -> None:
        key = SSlibKey("", "", "", {"public": ""})
        vr1 = VerificationResult(3, {"a": key}, {"b": key})
        vr2 = VerificationResult(1, {"c": key}, {"b": key})

        vr = RootVerificationResult(vr1, vr2)
        self.assertEqual(vr.signed, {"a": key, "c": key})
        self.assertEqual(vr.unsigned, {"b": key})
        self.assertFalse(vr.verified)
        self.assertFalse(vr)

        vr1.signed["c"] = key
        vr1.signed["f"] = key
        self.assertEqual(vr.signed, {"a": key, "c": key, "f": key})
        self.assertEqual(vr.unsigned, {"b": key})
        self.assertTrue(vr.verified)
        self.assertTrue(vr)

    def test_signed_get_verification_result(self) -> None:
        # Setup: Load test metadata and keys
        root_path = os.path.join(self.repo_dir, "metadata", "root.json")
        root = Metadata[Root].from_file(root_path)

        key1_id = root.signed.roles[Root.type].keyids[0]
        key1 = root.signed.get_key(key1_id)

        key2_id = root.signed.roles[Timestamp.type].keyids[0]
        key2 = root.signed.get_key(key2_id)

        key3_id = "123456789abcdefg"

        key4_id = self.signers[Snapshot.type].public_key.keyid

        # Test: 1 authorized key, 1 valid signature
        result = root.signed.get_verification_result(
            Root.type, root.signed_bytes, root.signatures
        )
        self.assertTrue(result)
        self.assertEqual(result.signed, {key1_id: key1})
        self.assertEqual(result.unsigned, {})

        # Test: 2 authorized keys, 1 invalid signature
        # Adding a key, i.e. metadata change, invalidates existing signature
        root.signed.add_key(key2, Root.type)
        result = root.signed.get_verification_result(
            Root.type, root.signed_bytes, root.signatures
        )
        self.assertFalse(result)
        self.assertEqual(result.signed, {})
        self.assertEqual(result.unsigned, {key1_id: key1, key2_id: key2})

        # Test: 3 authorized keys, 1 invalid signature, 1 key missing key data
        # Adding a keyid w/o key, fails verification but this key is not listed
        # in unsigned
        root.signed.roles[Root.type].keyids.append(key3_id)
        result = root.signed.get_verification_result(
            Root.type, root.signed_bytes, root.signatures
        )
        self.assertFalse(result)
        self.assertEqual(result.signed, {})
        self.assertEqual(result.unsigned, {key1_id: key1, key2_id: key2})

        # Test: 3 authorized keys, 1 valid signature, 1 invalid signature, 1
        # key missing key data
        root.sign(self.signers[Timestamp.type], append=True)
        result = root.signed.get_verification_result(
            Root.type, root.signed_bytes, root.signatures
        )
        self.assertTrue(result)
        self.assertEqual(result.signed, {key2_id: key2})
        self.assertEqual(result.unsigned, {key1_id: key1})

        # Test: 3 authorized keys, 1 valid signature, 1 invalid signature, 1
        # key missing key data, 1 ignored unrelated signature
        root.sign(self.signers[Snapshot.type], append=True)
        self.assertEqual(
            set(root.signatures.keys()), {key1_id, key2_id, key4_id}
        )
        self.assertTrue(result)
        self.assertEqual(result.signed, {key2_id: key2})
        self.assertEqual(result.unsigned, {key1_id: key1})

        # See test_signed_verify_delegate for more related tests ...

    def test_root_get_root_verification_result(self) -> None:
        # Setup: Load test metadata and keys
        root_path = os.path.join(self.repo_dir, "metadata", "root.json")
        root = Metadata[Root].from_file(root_path)

        key1_id = root.signed.roles[Root.type].keyids[0]
        key1 = root.signed.get_key(key1_id)

        key2_id = root.signed.roles[Timestamp.type].keyids[0]
        key2 = root.signed.get_key(key2_id)

        # Test: Verify with no previous root version
        result = root.signed.get_root_verification_result(
            None, root.signed_bytes, root.signatures
        )
        self.assertTrue(result)
        self.assertEqual(result.signed, {key1_id: key1})
        self.assertEqual(result.unsigned, {})

        # Test: Verify with other root that is not version N-1
        prev_root: Metadata[Root] = deepcopy(root)
        with self.assertRaises(ValueError):
            result = root.signed.get_root_verification_result(
                prev_root.signed, root.signed_bytes, root.signatures
            )

        # Test: Verify with previous root
        prev_root.signed.version -= 1
        result = root.signed.get_root_verification_result(
            prev_root.signed, root.signed_bytes, root.signatures
        )
        self.assertTrue(result)
        self.assertEqual(result.signed, {key1_id: key1})
        self.assertEqual(result.unsigned, {})

        # Test: Add a signer to previous root (threshold still 1)
        prev_root.signed.add_key(key2, Root.type)
        result = root.signed.get_root_verification_result(
            prev_root.signed, root.signed_bytes, root.signatures
        )
        self.assertTrue(result)
        self.assertEqual(result.signed, {key1_id: key1})
        self.assertEqual(result.unsigned, {key2_id: key2})

        # Test: Increase threshold in previous root
        prev_root.signed.roles[Root.type].threshold += 1
        result = root.signed.get_root_verification_result(
            prev_root.signed, root.signed_bytes, root.signatures
        )
        self.assertFalse(result)
        self.assertEqual(result.signed, {key1_id: key1})
        self.assertEqual(result.unsigned, {key2_id: key2})

        # Test: Sign root with both keys
        root.sign(self.signers[Timestamp.type], append=True)
        result = root.signed.get_root_verification_result(
            prev_root.signed, root.signed_bytes, root.signatures
        )
        self.assertTrue(result)
        self.assertEqual(result.signed, {key1_id: key1, key2_id: key2})
        self.assertEqual(result.unsigned, {})

        # Test: Sign root with an unrelated key
        root.sign(self.signers[Snapshot.type], append=True)
        result = root.signed.get_root_verification_result(
            prev_root.signed, root.signed_bytes, root.signatures
        )
        self.assertTrue(result)
        self.assertEqual(result.signed, {key1_id: key1, key2_id: key2})
        self.assertEqual(result.unsigned, {})

        # Test: Remove key1 from previous root
        prev_root.signed.revoke_key(key1_id, Root.type)
        result = root.signed.get_root_verification_result(
            prev_root.signed, root.signed_bytes, root.signatures
        )
        self.assertFalse(result)
        self.assertEqual(result.signed, {key1_id: key1, key2_id: key2})
        self.assertEqual(result.unsigned, {})

        # Test: Lower threshold in previous root
        prev_root.signed.roles[Root.type].threshold -= 1
        result = root.signed.get_root_verification_result(
            prev_root.signed, root.signed_bytes, root.signatures
        )
        self.assertTrue(result)
        self.assertEqual(result.signed, {key1_id: key1, key2_id: key2})
        self.assertEqual(result.unsigned, {})

    def test_root_add_key_and_revoke_key(self) -> None:
        root_path = os.path.join(self.repo_dir, "metadata", "root.json")
        root = Metadata[Root].from_file(root_path)

        # Create a new key
        signer = CryptoSigner.generate_ecdsa()
        key = signer.public_key

        # Assert that root does not contain the new key
        self.assertNotIn(key.keyid, root.signed.roles[Root.type].keyids)
        self.assertNotIn(key.keyid, root.signed.keys)

        # Assert that add_key with old argument order will raise an error
        with self.assertRaises(ValueError):
            root.signed.add_key(Root.type, key)  # type: ignore [arg-type]

        # Add new root key
        root.signed.add_key(key, Root.type)

        # Assert that key is added
        self.assertIn(key.keyid, root.signed.roles[Root.type].keyids)
        self.assertIn(key.keyid, root.signed.keys)

        # Confirm that the newly added key does not break
        # the object serialization
        root.to_dict()

        # Try adding the same key again and assert its ignored.
        pre_add_keyid = root.signed.roles[Root.type].keyids.copy()
        root.signed.add_key(key, Root.type)
        self.assertEqual(pre_add_keyid, root.signed.roles[Root.type].keyids)

        # Add the same key to targets role as well
        root.signed.add_key(key, Targets.type)

        # Add the same key to a nonexistent role.
        with self.assertRaises(ValueError):
            root.signed.add_key(key, "nosuchrole")

        # Remove the key from root role (targets role still uses it)
        root.signed.revoke_key(key.keyid, Root.type)
        self.assertNotIn(key.keyid, root.signed.roles[Root.type].keyids)
        self.assertIn(key.keyid, root.signed.keys)

        # Remove the key from targets as well
        root.signed.revoke_key(key.keyid, Targets.type)
        self.assertNotIn(key.keyid, root.signed.roles[Targets.type].keyids)
        self.assertNotIn(key.keyid, root.signed.keys)

        with self.assertRaises(ValueError):
            root.signed.revoke_key("nosuchkey", Root.type)
        with self.assertRaises(ValueError):
            root.signed.revoke_key(key.keyid, "nosuchrole")

    def test_is_target_in_pathpattern(self) -> None:
        supported_use_cases = [
            ("foo.tgz", "foo.tgz"),
            ("foo.tgz", "*"),
            ("foo.tgz", "*.tgz"),
            ("foo-version-a.tgz", "foo-version-?.tgz"),
            ("targets/foo.tgz", "targets/*.tgz"),
            ("foo/bar/zoo/k.tgz", "foo/bar/zoo/*"),
            ("foo/bar/zoo/k.tgz", "foo/*/zoo/*"),
            ("foo/bar/zoo/k.tgz", "*/*/*/*"),
            ("foo/bar", "f?o/bar"),
            ("foo/bar", "*o/bar"),
        ]
        for targetpath, pathpattern in supported_use_cases:
            self.assertTrue(
                DelegatedRole._is_target_in_pathpattern(targetpath, pathpattern)
            )

        invalid_use_cases = [
            ("targets/foo.tgz", "*.tgz"),
            ("/foo.tgz", "*.tgz"),
            ("targets/foo.tgz", "*"),
            ("foo-version-alpha.tgz", "foo-version-?.tgz"),
            ("foo//bar", "*/bar"),
            ("foo/bar", "f?/bar"),
            ("FOO.tgz", "foo.tgz"),
            ("foo/bar", "Foo/*"),
        ]
        for targetpath, pathpattern in invalid_use_cases:
            self.assertFalse(
                DelegatedRole._is_target_in_pathpattern(targetpath, pathpattern)
            )

    def test_targets_key_api(self) -> None:
        targets_path = os.path.join(self.repo_dir, "metadata", "targets.json")
        targets: Targets = Metadata[Targets].from_file(targets_path).signed

        # Add a new delegated role "role2" in targets
        delegated_role = DelegatedRole.from_dict(
            {
                "keyids": [],
                "name": "role2",
                "paths": ["fn3", "fn4"],
                "terminating": False,
                "threshold": 1,
            }
        )
        assert isinstance(targets.delegations, Delegations)
        assert isinstance(targets.delegations.roles, dict)
        targets.delegations.roles["role2"] = delegated_role

        key_dict = {
            "keytype": "ed25519",
            "keyval": {
                "public": "edcd0a32a07dce33f7c7873aaffbff36d20ea30787574ead335eefd337e4dacd"
            },
            "scheme": "ed25519",
        }
        key = Key.from_dict("id2", key_dict)

        # Assert that add_key with old argument order will raise an error
        with self.assertRaises(ValueError):
            targets.add_key(Root.type, key)  # type: ignore [arg-type]

        # Assert that delegated role "role1" does not contain the new key
        self.assertNotIn(key.keyid, targets.delegations.roles["role1"].keyids)
        targets.add_key(key, "role1")

        # Assert that the new key is added to the delegated role "role1"
        self.assertIn(key.keyid, targets.delegations.roles["role1"].keyids)

        # Confirm that the newly added key does not break the obj serialization
        targets.to_dict()

        # Try adding the same key again and assert its ignored.
        past_keyid = targets.delegations.roles["role1"].keyids.copy()
        targets.add_key(key, "role1")
        self.assertEqual(past_keyid, targets.delegations.roles["role1"].keyids)

        # Try adding a key to a delegated role that doesn't exists
        with self.assertRaises(ValueError):
            targets.add_key(key, "nosuchrole")

        # Add the same key to "role2" as well
        targets.add_key(key, "role2")

        # Remove the key from "role1" role ("role2" still uses it)
        targets.revoke_key(key.keyid, "role1")

        # Assert that delegated role "role1" doesn't contain the key.
        self.assertNotIn(key.keyid, targets.delegations.roles["role1"].keyids)
        self.assertIn(key.keyid, targets.delegations.roles["role2"].keyids)

        # Remove the key from "role2" as well
        targets.revoke_key(key.keyid, "role2")
        self.assertNotIn(key.keyid, targets.delegations.roles["role2"].keyids)

        # Try remove key not used by "role1"
        with self.assertRaises(ValueError):
            targets.revoke_key(key.keyid, "role1")

        # Try removing a key from delegated role that doesn't exists
        with self.assertRaises(ValueError):
            targets.revoke_key(key.keyid, "nosuchrole")

        # Remove delegations as a whole
        targets.delegations = None
        # Test that calling add_key and revoke_key throws an error
        # and that delegations is still None after each of the api calls
        with self.assertRaises(ValueError):
            targets.add_key(key, "role1")
        self.assertTrue(targets.delegations is None)
        with self.assertRaises(ValueError):
            targets.revoke_key(key.keyid, "role1")
        self.assertTrue(targets.delegations is None)

    def test_targets_key_api_with_succinct_roles(self) -> None:
        targets_path = os.path.join(self.repo_dir, "metadata", "targets.json")
        targets: Targets = Metadata[Targets].from_file(targets_path).signed
        key_dict = {
            "keytype": "ed25519",
            "keyval": {
                "public": "edcd0a32a07dce33f7c7873aaffbff36d20ea30787574ead335eefd337e4dacd"
            },
            "scheme": "ed25519",
        }
        key = Key.from_dict("id2", key_dict)

        # Remove delegated roles.
        assert targets.delegations is not None
        assert targets.delegations.roles is not None
        targets.delegations.roles = None
        targets.delegations.keys = {}

        # Add succinct_roles information.
        targets.delegations.succinct_roles = SuccinctRoles([], 1, 8, "foo")
        self.assertEqual(len(targets.delegations.keys), 0)
        self.assertEqual(len(targets.delegations.succinct_roles.keyids), 0)

        # Add a key to succinct_roles and verify it's saved.
        targets.add_key(key)
        self.assertIn(key.keyid, targets.delegations.keys)
        self.assertIn(key.keyid, targets.delegations.succinct_roles.keyids)
        self.assertEqual(len(targets.delegations.keys), 1)

        # Try adding the same key again and verify that noting is added.
        targets.add_key(key)
        self.assertEqual(len(targets.delegations.keys), 1)

        # Remove the key and verify it's not stored anymore.
        targets.revoke_key(key.keyid)
        self.assertNotIn(key.keyid, targets.delegations.keys)
        self.assertNotIn(key.keyid, targets.delegations.succinct_roles.keyids)
        self.assertEqual(len(targets.delegations.keys), 0)

        # Try removing it again.
        with self.assertRaises(ValueError):
            targets.revoke_key(key.keyid)

    def test_length_and_hash_validation(self) -> None:
        # Test metadata files' hash and length verification.
        # Use timestamp to get a MetaFile object and snapshot
        # for untrusted metadata file to verify.
        timestamp_path = os.path.join(
            self.repo_dir, "metadata", "timestamp.json"
        )
        timestamp = Metadata[Timestamp].from_file(timestamp_path)
        snapshot_metafile = timestamp.signed.snapshot_meta

        snapshot_path = os.path.join(self.repo_dir, "metadata", "snapshot.json")

        with open(snapshot_path, "rb") as file:
            # test with  data as a file object
            snapshot_metafile.verify_length_and_hashes(file)
            file.seek(0)
            data = file.read()
            # test with data as bytes
            snapshot_metafile.verify_length_and_hashes(data)

            # test with custom blake algorithm
            snapshot_metafile.hashes = {
                "blake2b-256": "963a3c31aad8e2a91cfc603fdba12555e48dd0312674ac48cce2c19c243236a1"
            }
            snapshot_metafile.verify_length_and_hashes(data)

            # test exceptions
            expected_length = snapshot_metafile.length
            snapshot_metafile.length = 2345
            with self.assertRaises(exceptions.LengthOrHashMismatchError):
                snapshot_metafile.verify_length_and_hashes(data)

            snapshot_metafile.length = expected_length
            snapshot_metafile.hashes = {"sha256": "incorrecthash"}
            with self.assertRaises(exceptions.LengthOrHashMismatchError):
                snapshot_metafile.verify_length_and_hashes(data)

            snapshot_metafile.hashes = {
                "unsupported-alg": "8f88e2ba48b412c3843e9bb26e1b6f8fc9e98aceb0fbaa97ba37b4c98717d7ab"
            }
            with self.assertRaises(exceptions.LengthOrHashMismatchError):
                snapshot_metafile.verify_length_and_hashes(data)

            # Test wrong algorithm format (sslib.FormatError)
            snapshot_metafile.hashes = {
                256: "8f88e2ba48b412c3843e9bb26e1b6f8fc9e98aceb0fbaa97ba37b4c98717d7ab"  # type: ignore[dict-item]
            }
            with self.assertRaises(exceptions.LengthOrHashMismatchError):
                snapshot_metafile.verify_length_and_hashes(data)

            # test optional length and hashes
            snapshot_metafile.length = None
            snapshot_metafile.hashes = None
            snapshot_metafile.verify_length_and_hashes(data)

        # Test target files' hash and length verification
        targets_path = os.path.join(self.repo_dir, "metadata", "targets.json")
        targets = Metadata[Targets].from_file(targets_path)
        file1_targetfile = targets.signed.targets["file1.txt"]
        filepath = os.path.join(self.repo_dir, Targets.type, "file1.txt")

        with open(filepath, "rb") as file1:
            file1_targetfile.verify_length_and_hashes(file1)

            # test exceptions
            expected_length = file1_targetfile.length
            file1_targetfile.length = 2345
            with self.assertRaises(exceptions.LengthOrHashMismatchError):
                file1_targetfile.verify_length_and_hashes(file1)

            file1_targetfile.length = expected_length
            file1_targetfile.hashes = {"sha256": "incorrecthash"}
            with self.assertRaises(exceptions.LengthOrHashMismatchError):
                file1_targetfile.verify_length_and_hashes(file1)

    def test_targetfile_from_file(self) -> None:
        # Test with an existing file and valid hash algorithm
        file_path = os.path.join(self.repo_dir, Targets.type, "file1.txt")
        targetfile_from_file = TargetFile.from_file(
            file_path, file_path, ["sha256"]
        )

        with open(file_path, "rb") as file:
            targetfile_from_file.verify_length_and_hashes(file)

        # Test with a non-existing file
        file_path = os.path.join(self.repo_dir, Targets.type, "file123.txt")
        with self.assertRaises(FileNotFoundError):
            TargetFile.from_file(file_path, file_path, ["sha256"])

        # Test with an unsupported algorithm
        file_path = os.path.join(self.repo_dir, Targets.type, "file1.txt")
        with self.assertRaises(ValueError):
            TargetFile.from_file(file_path, file_path, ["123"])

    def test_targetfile_custom(self) -> None:
        # Test creating TargetFile and accessing custom.
        targetfile = TargetFile(
            100, {"sha256": "abc"}, "file.txt", {"custom": "foo"}
        )
        self.assertEqual(targetfile.custom, "foo")

    def test_targetfile_from_data(self) -> None:
        data = b"Inline test content"
        target_file_path = os.path.join(
            self.repo_dir, Targets.type, "file1.txt"
        )

        # Test with a valid hash algorithm
        targetfile_from_data = TargetFile.from_data(
            target_file_path, data, ["sha256"]
        )
        targetfile_from_data.verify_length_and_hashes(data)

        # Test with no algorithms specified
        targetfile_from_data = TargetFile.from_data(target_file_path, data)
        targetfile_from_data.verify_length_and_hashes(data)

        # Test with custom blake hash algorithm
        targetfile_from_data = TargetFile.from_data(
            target_file_path, data, ["blake2b-256"]
        )
        targetfile_from_data.verify_length_and_hashes(data)

    def test_metafile_from_data(self) -> None:
        data = b"Inline test content"

        # Test with a valid hash algorithm
        metafile = MetaFile.from_data(1, data, ["sha256"])
        metafile.verify_length_and_hashes(data)

        # Test with an invalid hash algorithm
        with self.assertRaises(ValueError):
            metafile = MetaFile.from_data(1, data, ["invalid_algorithm"])
            metafile.verify_length_and_hashes(data)

        self.assertEqual(
            metafile,
            MetaFile(
                1,
                19,
                {
                    "sha256": "fcee2e6d56ab08eab279016f7db7e4e1d172ccea78e15f4cf8bd939991a418fa"
                },
            ),
        )

        # Test with custom blake hash algorithm
        metafile = MetaFile.from_data(1, data, ["blake2b-256"])
        metafile.verify_length_and_hashes(data)

    def test_targetfile_get_prefixed_paths(self) -> None:
        target = TargetFile(100, {"sha256": "abc", "md5": "def"}, "a/b/f.ext")
        self.assertEqual(
            target.get_prefixed_paths(), ["a/b/abc.f.ext", "a/b/def.f.ext"]
        )

        target = TargetFile(100, {"sha256": "abc", "md5": "def"}, "")
        self.assertEqual(target.get_prefixed_paths(), ["abc.", "def."])

        target = TargetFile(100, {"sha256": "abc", "md5": "def"}, "a/b/")
        self.assertEqual(target.get_prefixed_paths(), ["a/b/abc.", "a/b/def."])

        target = TargetFile(100, {"sha256": "abc", "md5": "def"}, "f.ext")
        self.assertEqual(
            target.get_prefixed_paths(), ["abc.f.ext", "def.f.ext"]
        )

        target = TargetFile(100, {"sha256": "abc", "md5": "def"}, "a/b/.ext")
        self.assertEqual(
            target.get_prefixed_paths(), ["a/b/abc..ext", "a/b/def..ext"]
        )

        target = TargetFile(100, {"sha256": "abc"}, "/root/file.ext")
        self.assertEqual(target.get_prefixed_paths(), ["/root/abc.file.ext"])

        target = TargetFile(100, {"sha256": "abc"}, "/")
        self.assertEqual(target.get_prefixed_paths(), ["/abc."])

    def test_is_delegated_role(self) -> None:
        # test path matches
        # see more extensive tests in test_is_target_in_pathpattern()
        for paths in [
            ["a/path"],
            ["otherpath", "a/path"],
            ["*/?ath"],
        ]:
            role = DelegatedRole("", [], 1, False, paths, None)
            self.assertFalse(role.is_delegated_path("a/non-matching path"))
            self.assertTrue(role.is_delegated_path("a/path"))

        # test path hash prefix matches: sha256 sum of "a/path" is 927b0ecf9...
        for hash_prefixes in [
            ["927b0ecf9"],
            ["other prefix", "927b0ecf9"],
            ["927b0"],
            ["92"],
        ]:
            role = DelegatedRole("", [], 1, False, None, hash_prefixes)
            self.assertFalse(role.is_delegated_path("a/non-matching path"))
            self.assertTrue(role.is_delegated_path("a/path"))

    def test_is_delegated_role_in_succinct_roles(self) -> None:
        succinct_roles = SuccinctRoles([], 1, 5, "bin")
        false_role_name_examples = [
            "foo",
            "bin-",
            "bin-s",
            "bin-0t",
            "bin-20",
            "bin-100",
        ]
        for role_name in false_role_name_examples:
            msg = f"Error for {role_name}"
            self.assertFalse(succinct_roles.is_delegated_role(role_name), msg)

        # delegated role name suffixes are in hex format.
        true_name_examples = ["bin-00", "bin-0f", "bin-1f"]
        for role_name in true_name_examples:
            msg = f"Error for {role_name}"
            self.assertTrue(succinct_roles.is_delegated_role(role_name), msg)

    def test_get_roles_in_succinct_roles(self) -> None:
        succinct_roles = SuccinctRoles([], 1, 16, "bin")
        # bin names are in hex format and 4 hex digits are enough to represent
        # all bins between 0 and 2^16 - 1 meaning suffix_len must be 4
        expected_suffix_length = 4
        self.assertEqual(succinct_roles.suffix_len, expected_suffix_length)
        for bin_numer, role_name in enumerate(succinct_roles.get_roles()):
            # This adds zero-padding if the bin_numer is represented by a hex
            # number with a length less than expected_suffix_length.
            expected_bin_suffix = f"{bin_numer:0{expected_suffix_length}x}"
            self.assertEqual(role_name, f"bin-{expected_bin_suffix}")

    def test_delegations_get_delegated_role(self) -> None:
        delegations = Delegations({}, {})
        targets = Targets(delegations=delegations)

        with self.assertRaises(ValueError):
            targets.get_delegated_role("abc")

        # test "normal" delegated role (path or path_hash_prefix)
        role = DelegatedRole("delegated", [], 1, False, [])
        delegations.roles = {"delegated": role}
        with self.assertRaises(ValueError):
            targets.get_delegated_role("not-delegated")
        self.assertEqual(targets.get_delegated_role("delegated"), role)
        delegations.roles = None

        # test succinct delegation
        bit_len = 3
        role2 = SuccinctRoles([], 1, bit_len, "prefix")
        delegations.succinct_roles = role2
        for name in ["prefix-", "prefix--1", f"prefix-{2**bit_len:0x}"]:
            with self.assertRaises(ValueError, msg=f"role name '{name}'"):
                targets.get_delegated_role(name)
        for i in range(2**bit_len):
            self.assertEqual(
                targets.get_delegated_role(f"prefix-{i:0x}"), role2
            )


class TestSimpleEnvelope(unittest.TestCase):
    """Tests for public API in 'tuf/api/dsse.py'."""

    @classmethod
    def setUpClass(cls) -> None:
        repo_data_dir = Path(utils.TESTS_DIR) / "repository_data"
        cls.metadata_dir = repo_data_dir / "repository" / "metadata"
        cls.keystore_dir = repo_data_dir / "keystore"
        cls.signers = {}
        root_path = os.path.join(cls.metadata_dir, "root.json")
        root: Root = Metadata.from_file(root_path).signed

        for role in [Snapshot, Targets, Timestamp]:
            uri = f"file2:{os.path.join(cls.keystore_dir, role.type + '_key')}"
            role_obj = root.get_delegated_role(role.type)
            key = root.get_key(role_obj.keyids[0])
            cls.signers[role.type] = CryptoSigner.from_priv_key_uri(uri, key)

    def test_serialization(self) -> None:
        """Basic de/serialization test.

        1. Load test metadata for each role
        2. Wrap metadata payloads in envelope serializing the payload
        3. Serialize envelope
        4. De-serialize envelope
        5. De-serialize payload

        """
        for role in [Root, Timestamp, Snapshot, Targets]:
            metadata_path = self.metadata_dir / f"{role.type}.json"
            metadata = Metadata.from_file(str(metadata_path))
            self.assertIsInstance(metadata.signed, role)

            envelope = SimpleEnvelope.from_signed(metadata.signed)
            envelope_bytes = envelope.to_bytes()

            envelope2 = SimpleEnvelope.from_bytes(envelope_bytes)
            payload = envelope2.get_signed()
            self.assertEqual(metadata.signed, payload)

    def test_fail_envelope_serialization(self) -> None:
        envelope = SimpleEnvelope(b"foo", "bar", [])  # type: ignore[arg-type]
        with self.assertRaises(SerializationError):
            envelope.to_bytes()

    def test_fail_envelope_deserialization(self) -> None:
        with self.assertRaises(DeserializationError):
            SimpleEnvelope.from_bytes(b"[")

    def test_fail_payload_serialization(self) -> None:
        with self.assertRaises(SerializationError):
            SimpleEnvelope.from_signed("foo")  # type: ignore[type-var]

    def test_fail_payload_deserialization(self) -> None:
        payloads = [b"[", b'{"_type": "foo"}']
        for payload in payloads:
            envelope = SimpleEnvelope(payload, "bar", {})
            with self.assertRaises(DeserializationError):
                envelope.get_signed()

    def test_verify_delegate(self) -> None:
        """Basic verification test.

        1. Load test metadata for each role
        2. Wrap non-root payloads in envelope serializing the payload
        3. Sign with correct delegated key
        4. Verify delegate with root

        """
        root_path = self.metadata_dir / "root.json"
        root = Metadata[Root].from_file(str(root_path)).signed

        for role in [Timestamp, Snapshot, Targets]:
            metadata_path = self.metadata_dir / f"{role.type}.json"
            metadata = Metadata.from_file(str(metadata_path))
            self.assertIsInstance(metadata.signed, role)

            signer = self.signers[role.type]
            self.assertIn(signer.public_key.keyid, root.roles[role.type].keyids)

            envelope = SimpleEnvelope.from_signed(metadata.signed)
            envelope.sign(signer)
            self.assertTrue(len(envelope.signatures) == 1)

            root.verify_delegate(role.type, envelope.pae(), envelope.signatures)


# Run unit test.
if __name__ == "__main__":
    utils.configure_test_logging(sys.argv)
    unittest.main()