From 6797db9d25870ea38e3513546be1fbd20aa72b2b Mon Sep 17 00:00:00 2001 From: Vladimir Diaz Date: Wed, 17 Aug 2016 09:55:25 -0400 Subject: [PATCH] Finish coverage for sign_metadata() and generate_targets_metadata() --- tests/test_repository_lib.py | 31 +++++++++++++++++++------------ tuf/formats.py | 3 ++- tuf/repository_lib.py | 26 +++++++++----------------- 3 files changed, 30 insertions(+), 30 deletions(-) diff --git a/tests/test_repository_lib.py b/tests/test_repository_lib.py index 1d3da244..36d357f8 100755 --- a/tests/test_repository_lib.py +++ b/tests/test_repository_lib.py @@ -519,6 +519,12 @@ def test_generate_targets_metadata(self): self.assertTrue(len(list_targets_directory) + 1, len(new_list_targets_directory)) + # Verify that an exception is not raised if the target files already exist. + repo_lib.generate_targets_metadata(targets_directory, target_files, + version, expiration_date, delegations, + write_consistent_targets=True) + + # Verify that 'targets_metadata' contains a 'custom' entry (optional) # for 'file.txt'. self.assertTrue('custom' in targets_metadata['targets']['file.txt']) @@ -658,20 +664,22 @@ def test_sign_metadata(self): 'keystore') root_filename = os.path.join(metadata_path, 'root.json') root_metadata = tuf.util.load_json_file(root_filename)['signed'] + targets_filename = os.path.join(metadata_path, 'targets.json') + targets_metadata = tuf.util.load_json_file(targets_filename)['signed'] tuf.keydb.create_keydb_from_root_metadata(root_metadata) tuf.roledb.create_roledb_from_root_metadata(root_metadata) root_keyids = tuf.roledb.get_role_keyids('root') + targets_keyids = tuf.roledb.get_role_keyids('targets') root_private_keypath = os.path.join(keystore_path, 'root_key') root_private_key = \ repo_lib.import_rsa_privatekey_from_file(root_private_keypath, 'password') # Sign with a valid, but not a threshold, key. - targets_private_keypath = os.path.join(keystore_path, 'targets_key') - targets_private_key = \ - repo_lib.import_ed25519_privatekey_from_file(targets_private_keypath, - 'password') + targets_public_keypath = os.path.join(keystore_path, 'targets_key.pub') + targets_public_key = \ + repo_lib.import_ed25519_publickey_from_file(targets_public_keypath) # sign_metadata() expects the private key 'root_metadata' to be in # 'tuf.keydb'. Remove any public keys that may be loaded before @@ -679,19 +687,18 @@ def test_sign_metadata(self): # raised. tuf.keydb.remove_key(root_private_key['keyid']) tuf.keydb.add_key(root_private_key) - tuf.keydb.remove_key(targets_private_key['keyid']) - tuf.keydb.add_key(targets_private_key) + tuf.keydb.remove_key(targets_public_key['keyid']) + tuf.keydb.add_key(targets_public_key) - root_keyids.extend(tuf.roledb.get_role_keyids('targets')) - - # Add the snapshot's public key (to test whether non-root keys are - # ignored by sign_metadata()). Also add an invalid keyid to 'root_keyids', - # which sign_metadata() is expected to ignore. - root_keyids.extend(tuf.roledb.get_role_keyids('snapshot')) + # Verify that a valid root signable is generated. root_signable = repo_lib.sign_metadata(root_metadata, root_keyids, root_filename) self.assertTrue(tuf.formats.SIGNABLE_SCHEMA.matches(root_signable)) + # Test for an unset private key (in this case, target's). + repo_lib.sign_metadata(targets_metadata, targets_keyids, + targets_filename) + # Add an invalid keytype to one of the root keys. root_keyid = root_keyids[0] tuf.keydb._keydb_dict['default'][root_keyid]['keytype'] = 'bad_keytype' diff --git a/tuf/formats.py b/tuf/formats.py index 0a5b785f..b81a909d 100755 --- a/tuf/formats.py +++ b/tuf/formats.py @@ -986,7 +986,8 @@ def make_signable(object): """ if not isinstance(object, dict) or 'signed' not in object: - return { 'signed' : object, 'signatures' : [] } + return {'signed': object, 'signatures': []} + else: return object diff --git a/tuf/repository_lib.py b/tuf/repository_lib.py index bddfcc31..9249b3a8 100755 --- a/tuf/repository_lib.py +++ b/tuf/repository_lib.py @@ -1553,9 +1553,9 @@ def generate_targets_metadata(targets_directory, target_files, version, # Ensure all target files listed in 'target_files' exist. If just one of # these files does not exist, raise an exception. if not os.path.exists(target_path): - message = repr(target_path) + ' cannot be read. Unable to generate ' +\ - 'targets metadata.' - raise tuf.Error(message) + raise tuf.Error(repr(target_path) + ' cannot be read.' + ' Unable to generate targets metadata.') + # Add 'custom' if it has been provided. Custom data about the target is # optional and will only be included in metadata (i.e., a 'custom' field in @@ -1577,7 +1577,10 @@ def generate_targets_metadata(targets_directory, target_files, version, if not os.path.exists(digest_target): logger.warning('Hard linking target file to ' + repr(digest_target)) os.link(target_path, digest_target) - + + else: + logger.debug(repr(digest_target) + ' already exists.') + # Generate the targets metadata object. targets_metadata = tuf.formats.TargetsFile.make_metadata(version, expiration_date, @@ -1811,23 +1814,12 @@ def sign_metadata(metadata_object, keyids, filename): # keyid of 'keyids'. signable = tuf.formats.make_signable(metadata_object) - # Sign the metadata with each keyid in 'keyids'. + # Sign the metadata with each keyid in 'keyids'. 'signable' should have + # zero signatures (metadata_object contained none). for keyid in keyids: # Load the signing key. key = tuf.keydb.get_key(keyid) - # TODO logger.info('Signing ' + repr(filename) + ' with ' + key['keyid']) - - # Create a new signature list. If 'keyid' is encountered, do not add it - # to the new list. - signatures = [] - for signature in signable['signatures']: - if not keyid == signature['keyid']: - signatures.append(signature) - - else: - continue - signable['signatures'] = signatures # Generate the signature using the appropriate signing method. if key['keytype'] in SUPPORTED_KEY_TYPES: