From 85771dc7e3b5465c1071b514b5208b60a512f548 Mon Sep 17 00:00:00 2001
From: vladdd <vladimir.v.diaz@gmail.com>
Date: Thu, 5 Sep 2013 11:50:15 -0400
Subject: [PATCH] Continue updating unit tests affected by PyCrypto changes

---
 tuf/repo/keystore.py          |  2 +-
 tuf/repo/signercli.py         |  6 +++---
 tuf/tests/repository_setup.py | 12 ++++++------
 tuf/tests/test_signercli.py   |  2 +-
 tuf/tests/unittest_toolbox.py | 21 +++++++++++++++------
 5 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/tuf/repo/keystore.py b/tuf/repo/keystore.py
index 479bf8c2..68019de8 100755
--- a/tuf/repo/keystore.py
+++ b/tuf/repo/keystore.py
@@ -165,7 +165,7 @@ def add_rsakey(rsakey_dict, password, keyid=None):
   # The _derived_keys dictionary does not store the user's password.  A key
   # derivation function is applied to 'password' prior to storing it in
   # _derived_keys.
-  salt, derived_key= _generate_derived_key(password)
+  salt, derived_key = _generate_derived_key(password)
   _derived_keys[keyid] = {'salt': salt, 'derived_key': derived_key}
   _keystore[keyid] = rsakey_dict
 
diff --git a/tuf/repo/signercli.py b/tuf/repo/signercli.py
index a8d9c825..48182e33 100755
--- a/tuf/repo/signercli.py
+++ b/tuf/repo/signercli.py
@@ -316,12 +316,12 @@ def _get_all_config_keyids(config_filepath, keystore_directory):
           loaded_keyids[key].append(keyid)
           break
         if keyid not in loaded_keyids[key]:
-          raise tuf.Error('Could not load a required top-level role key')
+          raise tuf.Error('Could not load a required top-level role key.')
 
   # Ensure we loaded keys for the required top-level roles.
   for key in ['root', 'targets', 'release', 'timestamp']:
     if key not in loaded_keyids:
-      message = 'The configuration file did not contain the required roles'
+      message = 'The configuration file did not contain the required roles.'
       raise tuf.Error(message)
 
   return loaded_keyids
@@ -366,7 +366,7 @@ def _get_role_config_keyids(config_filepath, keystore_directory, role):
       # Ensure we loaded all the keyids.
       for keyid in value['keyids']:
         if keyid not in role_keyids:
-          raise tuf.Error('Could not load a required role key')
+          raise tuf.Error('Could not load a required role key.')
   if not role_keyids:
     raise tuf.Error('Could not load the required keys for '+role)
 
diff --git a/tuf/tests/repository_setup.py b/tuf/tests/repository_setup.py
index 50a8a4e1..066ca61e 100755
--- a/tuf/tests/repository_setup.py
+++ b/tuf/tests/repository_setup.py
@@ -56,14 +56,14 @@ def _create_keystore(keystore_directory):
   """
   
   _rsa_keystore = unittest_toolbox.Modified_TestCase.rsa_keystore
-  _rsa_passwords = unittest_toolbox.Modified_TestCase.rsa_passwords
-  if not _rsa_keystore or not _rsa_passwords:
+  _rsa_derived_keys = unittest_toolbox.Modified_TestCase.rsa_derived_keys
+  if not _rsa_keystore or not _rsa_derived_keys:
     msg = 'Populate \'rsa_keystore\' and \'rsa_passwords\''+\
           ' before invoking this method.'
     sys.exit(msg)
 
   keystore._keystore = _rsa_keystore
-  keystore._key_passwords = _rsa_passwords
+  keystore._derived_keys = _rsa_derived_keys
   keystore.save_keystore_to_keyfiles(keystore_directory)
 
 
@@ -195,7 +195,7 @@ def _mock_get_keyids(junk):
   #  Clear kestore's dictionaries, by detaching them from unittest_toolbox's
   #  dictionaries.
   keystore._keystore = {}
-  keystore._key_passwords = {}
+  keystore._derived_keys = {}
 
   #  Make first level delegation.
   signercli.make_delegation(keystore_dir)
@@ -215,7 +215,7 @@ def _mock_get_keyids(junk):
 
 
   keystore._keystore = unittest_toolbox.Modified_TestCase.rsa_keystore
-  keystore._key_passwords = unittest_toolbox.Modified_TestCase.rsa_passwords
+  keystore._derived_keys = unittest_toolbox.Modified_TestCase.rsa_passwords
 
   #  Build release file.
   signerlib.build_release_file(role_keyids['release'], server_metadata_dir,
@@ -226,7 +226,7 @@ def _mock_get_keyids(junk):
                                  version, expiration_date+' UTC')
 
   keystore._keystore = {}
-  keystore._key_passwords = {}
+  keystore._derived_keys = {}
 
   # RESTORE
   signercli._get_metadata_directory = original_get_metadata
diff --git a/tuf/tests/test_signercli.py b/tuf/tests/test_signercli.py
index bb4b33ee..765035e0 100755
--- a/tuf/tests/test_signercli.py
+++ b/tuf/tests/test_signercli.py
@@ -479,7 +479,7 @@ def test_2__get_role_config_keyids(self):
     # TESTS
     for role in self.role_list:
       #  Test: normal cases.
-      keystore.clear_keystore()
+      #keystore.clear_keystore()
       signercli._get_role_config_keyids(config_filepath, keystore_dir, role)
       
       #  Test: incorrect passwords.
diff --git a/tuf/tests/unittest_toolbox.py b/tuf/tests/unittest_toolbox.py
index 673c8ceb..e7ca2894 100755
--- a/tuf/tests/unittest_toolbox.py
+++ b/tuf/tests/unittest_toolbox.py
@@ -114,9 +114,13 @@ def setUp():
   # {keyid : {-- rsa key --}, ...}
   rsa_keystore = {}
 
-  # 'rsa_passwords' stores passwords for all created rsa keys.
+  # 'rsa_passwords' stores the passwords for all created rsa keys.
   rsa_passwords = {}
 
+  # 'derived_keys' stores the salt and derived keys (e.g., PBKDF2) for the
+  # RSA keys. 
+  rsa_derived_keys = {}
+
   # 'semi_roledict' because it lacks an item that a fully pledged
   # ROLEDICT_SCHEMA dictionary would have i.e. 'path' key is absent.
   semi_roledict = {}
@@ -380,8 +384,13 @@ def generate_rsakey():
     rsakey = rsa_key.generate()
     keyid = rsakey['keyid']
     Modified_TestCase.rsa_keyids.append(keyid)
-    Modified_TestCase.rsa_passwords[keyid] = Modified_TestCase.random_string()
+    password = Modified_TestCase.random_string()
+    Modified_TestCase.rsa_passwords[keyid] = password
+    salt, derived_key = keystore._generate_derived_key(password)
+    Modified_TestCase.rsa_derived_keys[keyid] = {'salt': salt,
+                                                 'derived_key': derived_key}
     Modified_TestCase.rsa_keystore[keyid] = rsakey
+    
     return keyid
 
 
@@ -390,19 +399,18 @@ def generate_rsakey():
 
   def create_temp_keystore_directory(self, keystore_dicts=False):
 
-    if not self.rsa_keystore or not self.rsa_passwords:
+    if not self.rsa_keystore or not self.rsa_derived_keys:
       msg = 'Populate \'rsa_keystore\' and \'rsa_passwords\''+\
           ' before invoking this method.'
       sys.exit(msg)
 
     temp_keystore_directory = self.make_temp_directory()
     keystore._keystore = self.rsa_keystore
-    keystore._key_passwords = self.rsa_passwords
+    keystore._derived_keys = self.rsa_derived_keys
     keystore.save_keystore_to_keyfiles(temp_keystore_directory)
     if not keystore_dicts:
       keystore._keystore={}
-      keystore._key_passwords={}
-      #keystore.clear_keystore()
+      keystore._derived_keys={}
 
     return temp_keystore_directory
 
@@ -487,5 +495,6 @@ def clear_toolbox():
     Modified_TestCase.rsa_keyids = []
     Modified_TestCase.rsa_keystore.clear()
     Modified_TestCase.rsa_passwords.clear()
+    Modified_TestCase.rsa_derived_keys.clear()
     Modified_TestCase.semi_roledict.clear()
     Modified_TestCase.top_level_role_info.clear()