Update tests following the change to Ed25519 keys

This commit is contained in:
Vladimir Diaz 2016-06-17 09:57:54 -04:00
parent 8e0e5a19e8
commit b777188a54
3 changed files with 49 additions and 50 deletions

View file

@ -377,11 +377,13 @@ def test_get_metadata_fileinfo(self):
with open(test_filepath, 'wt') as file_object:
file_object.write('test file')
# Generate test fileinfo object. It is assumed SHA256 hashes are computed
# by get_metadata_fileinfo().
# Generate test fileinfo object. It is assumed SHA256 and SHA512 hashes
# are computed by get_metadata_fileinfo().
file_length = os.path.getsize(test_filepath)
digest_object = tuf.hash.digest_filename(test_filepath)
file_hashes = {'sha256': digest_object.hexdigest()}
sha256_digest_object = tuf.hash.digest_filename(test_filepath)
sha512_digest_object = tuf.hash.digest_filename(test_filepath, algorithm='sha512')
file_hashes = {'sha256': sha256_digest_object.hexdigest(),
'sha512': sha512_digest_object.hexdigest()}
fileinfo = {'length': file_length, 'hashes': file_hashes}
self.assertTrue(tuf.formats.FILEINFO_SCHEMA.matches(fileinfo))
@ -653,12 +655,12 @@ def test_sign_metadata(self):
root_private_keypath = os.path.join(keystore_path, 'root_key')
root_private_key = \
repo_lib.import_rsa_privatekey_from_file(root_private_keypath, 'password')
repo_lib.import_ed25519_privatekey_from_file(root_private_keypath, 'password')
# Sign with a valid, but not a threshold, key.
targets_private_keypath = os.path.join(keystore_path, 'targets_key')
targets_private_key = \
repo_lib.import_rsa_privatekey_from_file(targets_private_keypath,
repo_lib.import_ed25519_privatekey_from_file(targets_private_keypath,
'password')
# sign_metadata() expects the private key 'root_metadata' to be in
@ -835,7 +837,7 @@ def test__remove_invalid_and_duplicate_signatures(self):
'metadata', 'root.json')
root_signable = tuf.util.load_json_file(root_filepath)
key_filepath = os.path.join('repository_data', 'keystore', 'root_key')
root_rsa_key = repo_lib.import_rsa_privatekey_from_file(key_filepath,
root_rsa_key = repo_lib.import_ed25519_privatekey_from_file(key_filepath,
'password')
# Append the new valid, but duplicate PSS signature, and test that

View file

@ -152,12 +152,12 @@ def test_write_and_write_partial(self):
root_pubkey = repo_tool.import_rsa_publickey_from_file(root_pubkey_path)
targets_pubkey = \
repo_tool.import_rsa_publickey_from_file(targets_pubkey_path)
repo_tool.import_ed25519_publickey_from_file(targets_pubkey_path)
snapshot_pubkey = \
repo_tool.import_rsa_publickey_from_file(snapshot_pubkey_path)
repo_tool.import_ed25519_publickey_from_file(snapshot_pubkey_path)
timestamp_pubkey = \
repo_tool.import_rsa_publickey_from_file(timestamp_pubkey_path)
role1_pubkey = repo_tool.import_rsa_publickey_from_file(role1_pubkey_path)
repo_tool.import_ed25519_publickey_from_file(timestamp_pubkey_path)
role1_pubkey = repo_tool.import_ed25519_publickey_from_file(role1_pubkey_path)
# Load the private keys.
root_privkey_path = os.path.join(keystore_directory, 'root_key')
@ -169,16 +169,16 @@ def test_write_and_write_partial(self):
root_privkey = \
repo_tool.import_rsa_privatekey_from_file(root_privkey_path, 'password')
targets_privkey = \
repo_tool.import_rsa_privatekey_from_file(targets_privkey_path,
repo_tool.import_ed25519_privatekey_from_file(targets_privkey_path,
'password')
snapshot_privkey = \
repo_tool.import_rsa_privatekey_from_file(snapshot_privkey_path,
repo_tool.import_ed25519_privatekey_from_file(snapshot_privkey_path,
'password')
timestamp_privkey = \
repo_tool.import_rsa_privatekey_from_file(timestamp_privkey_path,
repo_tool.import_ed25519_privatekey_from_file(timestamp_privkey_path,
'password')
role1_privkey = \
repo_tool.import_rsa_privatekey_from_file(role1_privkey_path,
repo_tool.import_ed25519_privatekey_from_file(role1_privkey_path,
'password')
@ -493,8 +493,8 @@ def test_keys(self):
# Test keys() getter after a verification key has been loaded.
key_path = os.path.join('repository_data',
'keystore', 'root_key.pub')
key_object = repo_tool.import_rsa_publickey_from_file(key_path)
'keystore', 'snapshot_key.pub')
key_object = repo_tool.import_ed25519_publickey_from_file(key_path)
self.metadata.add_verification_key(key_object)
keyid = key_object['keyid']
@ -541,8 +541,8 @@ def test_compressions(self):
def test_add_verification_key(self):
# Add verification key and verify with keys() that it was added.
key_path = os.path.join('repository_data',
'keystore', 'root_key.pub')
key_object = repo_tool.import_rsa_publickey_from_file(key_path)
'keystore', 'snapshot_key.pub')
key_object = repo_tool.import_ed25519_publickey_from_file(key_path)
self.metadata.add_verification_key(key_object)
keyid = key_object['keyid']
@ -557,8 +557,8 @@ def test_add_verification_key(self):
def test_remove_verification_key(self):
# Add verification key so that remove_verifiation_key() can be tested.
key_path = os.path.join('repository_data',
'keystore', 'root_key.pub')
key_object = repo_tool.import_rsa_publickey_from_file(key_path)
'keystore', 'snapshot_key.pub')
key_object = repo_tool.import_ed25519_publickey_from_file(key_path)
self.metadata.add_verification_key(key_object)
keyid = key_object['keyid']
@ -577,7 +577,7 @@ def test_remove_verification_key(self):
# Test non-existent public key argument.
key_path = os.path.join('repository_data',
'keystore', 'targets_key.pub')
unused_key_object = repo_tool.import_rsa_publickey_from_file(key_path)
unused_key_object = repo_tool.import_ed25519_publickey_from_file(key_path)
self.assertRaises(tuf.Error, self.metadata.remove_verification_key,
unused_key_object)
@ -587,8 +587,8 @@ def test_remove_verification_key(self):
def test_load_signing_key(self):
# Test normal case.
key_path = os.path.join('repository_data',
'keystore', 'root_key')
key_object = repo_tool.import_rsa_privatekey_from_file(key_path, 'password')
'keystore', 'snapshot_key')
key_object = repo_tool.import_ed25519_privatekey_from_file(key_path, 'password')
self.metadata.load_signing_key(key_object)
keyid = key_object['keyid']
@ -601,8 +601,8 @@ def test_load_signing_key(self):
# Test non-private key.
key_path = os.path.join('repository_data',
'keystore', 'root_key.pub')
key_object = repo_tool.import_rsa_publickey_from_file(key_path)
'keystore', 'snapshot_key.pub')
key_object = repo_tool.import_ed25519_publickey_from_file(key_path)
self.assertRaises(tuf.Error, self.metadata.load_signing_key, key_object)
@ -610,8 +610,8 @@ def test_load_signing_key(self):
def test_unload_signing_key(self):
# Load a signing key so that unload_signing_key() can have a key to unload.
key_path = os.path.join('repository_data',
'keystore', 'root_key')
key_object = repo_tool.import_rsa_privatekey_from_file(key_path, 'password')
'keystore', 'snapshot_key')
key_object = repo_tool.import_ed25519_privatekey_from_file(key_path, 'password')
self.metadata.load_signing_key(key_object)
keyid = key_object['keyid']
@ -629,7 +629,7 @@ def test_unload_signing_key(self):
# Test non-existent key argument.
key_path = os.path.join('repository_data',
'keystore', 'targets_key')
unused_key_object = repo_tool.import_rsa_privatekey_from_file(key_path,
unused_key_object = repo_tool.import_ed25519_privatekey_from_file(key_path,
'password')
self.assertRaises(tuf.Error, self.metadata.unload_signing_key,
@ -857,8 +857,8 @@ def test_call(self):
# Perform a delegation so that a delegated role can be accessed and tested
# through __call__(). Example: {targets_object}('role1').
keystore_directory = os.path.join('repository_data', 'keystore')
public_keypath = os.path.join(keystore_directory, 'root_key.pub')
public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
public_keypath = os.path.join(keystore_directory, 'snapshot_key.pub')
public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath)
target1_filepath = os.path.join(self.targets_directory, 'file1.txt')
# Create Targets() object to be tested.
@ -880,8 +880,8 @@ def test_get_delegated_rolenames(self):
# Perform two delegations so that get_delegated_rolenames() has roles to
# return.
keystore_directory = os.path.join('repository_data', 'keystore')
public_keypath = os.path.join(keystore_directory, 'root_key.pub')
public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
public_keypath = os.path.join(keystore_directory, 'snapshot_key.pub')
public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath)
target1_filepath = os.path.join(self.targets_directory, 'file1.txt')
target2_filepath = os.path.join(self.targets_directory, 'file2.txt')
@ -921,8 +921,8 @@ def test_delegations(self):
# Perform a delegation so that delegations() has a Targets() object to
# return.
keystore_directory = os.path.join('repository_data', 'keystore')
public_keypath = os.path.join(keystore_directory, 'root_key.pub')
public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
public_keypath = os.path.join(keystore_directory, 'snapshot_key.pub')
public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath)
target1_filepath = os.path.join(self.targets_directory, 'file1.txt')
# Set needed arguments by delegate().
@ -1076,8 +1076,8 @@ def test_delegate(self):
# Need at least one public key and valid target paths required by
# delegate().
keystore_directory = os.path.join('repository_data', 'keystore')
public_keypath = os.path.join(keystore_directory, 'root_key.pub')
public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
public_keypath = os.path.join(keystore_directory, 'snapshot_key.pub')
public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath)
target1_filepath = os.path.join(self.targets_directory, 'file1.txt')
target2_filepath = os.path.join(self.targets_directory, 'file2.txt')
@ -1157,8 +1157,8 @@ def test_delegate(self):
def test_delegate_hashed_bins(self):
# Test normal case.
keystore_directory = os.path.join('repository_data', 'keystore')
public_keypath = os.path.join(keystore_directory, 'root_key.pub')
public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
public_keypath = os.path.join(keystore_directory, 'snapshot_key.pub')
public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath)
target1_filepath = os.path.join(self.targets_directory, 'file1.txt')
# Set needed arguments by delegate_hashed_bins().
@ -1207,7 +1207,7 @@ def test_add_target_to_bin(self):
# Delegate the hashed bins so that add_target_to_bin() can be tested.
keystore_directory = os.path.join('repository_data', 'keystore')
public_keypath = os.path.join(keystore_directory, 'targets_key.pub')
public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath)
target1_filepath = os.path.join(self.targets_directory, 'file1.txt')
# Set needed arguments by delegate_hashed_bins().
@ -1261,7 +1261,7 @@ def test_remove_target_from_bin(self):
# Delegate the hashed bins so that add_target_to_bin() can be tested.
keystore_directory = os.path.join('repository_data', 'keystore')
public_keypath = os.path.join(keystore_directory, 'targets_key.pub')
public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath)
target1_filepath = os.path.join(self.targets_directory, 'file1.txt')
# Set needed arguments by delegate_hashed_bins().
@ -1316,8 +1316,8 @@ def test_add_restricted_paths(self):
# Perform a delegation so that add_restricted_paths() has a child role
# to restrict.
keystore_directory = os.path.join('repository_data', 'keystore')
public_keypath = os.path.join(keystore_directory, 'root_key.pub')
public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
public_keypath = os.path.join(keystore_directory, 'snapshot_key.pub')
public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath)
# Set needed arguments by delegate().
public_keys = [public_key]
@ -1374,8 +1374,8 @@ def test_revoke(self):
# Test normal case.
# Perform a delegation so that revoke() has a delegation to revoke.
keystore_directory = os.path.join('repository_data', 'keystore')
public_keypath = os.path.join(keystore_directory, 'root_key.pub')
public_key = repo_tool.import_rsa_publickey_from_file(public_keypath)
public_keypath = os.path.join(keystore_directory, 'snapshot_key.pub')
public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath)
target1_filepath = os.path.join(self.targets_directory, 'file1.txt')
# Set needed arguments by delegate().

View file

@ -220,8 +220,6 @@ def _generate_and_write_metadata(rolename, metadata_filename, write_partial,
# 'signable' contains an invalid threshold of signatures.
else:
message = 'Not enough signatures for ' + repr(metadata_filename)
print('role keyids:\n' + repr(tuf.roledb.get_role_keyids(rolename)))
#if rolename == 'role1': print('signable:\n' + repr(signable))
raise tuf.UnsignedMetadataError(message, signable)
return signable, filename
@ -935,7 +933,7 @@ def import_rsa_publickey_from_file(filepath):
rsakey_dict = tuf.keys.format_rsakey_from_pem(rsa_pubkey_pem)
except tuf.FormatError as e:
raise tuf.Error('Cannot import improperly formatted PEM file.')
raise tuf.Error('Cannot import improperly formatted PEM file.' + repr(str(e)))
return rsakey_dict
@ -1008,7 +1006,6 @@ def generate_and_write_ed25519_keypair(filepath, password=None):
keyval = ed25519_key['keyval']
ed25519key_metadata_format = \
tuf.keys.format_keyval_to_metadata(keytype, keyval, private=False)
print('ed25519key_metadata_format: ' + repr(ed25519key_metadata_format))
# Write the public key, conformant to 'tuf.formats.KEY_SCHEMA', to
# '<filepath>.pub'.
@ -1067,7 +1064,7 @@ def import_ed25519_publickey_from_file(filepath):
# includes the keyid.
ed25519_key_metadata = tuf.util.load_json_file(filepath)
ed25519_key, junk = tuf.keys.format_metadata_to_key(ed25519_key_metadata)
# Raise an exception if an unexpected key type is imported.
# Redundant validation of 'keytype'. 'tuf.keys.format_metadata_to_key()'
# should have fully validated 'ed25519_key_metadata'.