diff --git a/tests/test_repository_lib.py b/tests/test_repository_lib.py index 02812ea7..a1aba53f 100755 --- a/tests/test_repository_lib.py +++ b/tests/test_repository_lib.py @@ -377,11 +377,13 @@ def test_get_metadata_fileinfo(self): with open(test_filepath, 'wt') as file_object: file_object.write('test file') - # Generate test fileinfo object. It is assumed SHA256 hashes are computed - # by get_metadata_fileinfo(). + # Generate test fileinfo object. It is assumed SHA256 and SHA512 hashes + # are computed by get_metadata_fileinfo(). file_length = os.path.getsize(test_filepath) - digest_object = tuf.hash.digest_filename(test_filepath) - file_hashes = {'sha256': digest_object.hexdigest()} + sha256_digest_object = tuf.hash.digest_filename(test_filepath) + sha512_digest_object = tuf.hash.digest_filename(test_filepath, algorithm='sha512') + file_hashes = {'sha256': sha256_digest_object.hexdigest(), + 'sha512': sha512_digest_object.hexdigest()} fileinfo = {'length': file_length, 'hashes': file_hashes} self.assertTrue(tuf.formats.FILEINFO_SCHEMA.matches(fileinfo)) @@ -653,12 +655,12 @@ def test_sign_metadata(self): root_private_keypath = os.path.join(keystore_path, 'root_key') root_private_key = \ - repo_lib.import_rsa_privatekey_from_file(root_private_keypath, 'password') + repo_lib.import_ed25519_privatekey_from_file(root_private_keypath, 'password') # Sign with a valid, but not a threshold, key. targets_private_keypath = os.path.join(keystore_path, 'targets_key') targets_private_key = \ - repo_lib.import_rsa_privatekey_from_file(targets_private_keypath, + repo_lib.import_ed25519_privatekey_from_file(targets_private_keypath, 'password') # sign_metadata() expects the private key 'root_metadata' to be in @@ -835,7 +837,7 @@ def test__remove_invalid_and_duplicate_signatures(self): 'metadata', 'root.json') root_signable = tuf.util.load_json_file(root_filepath) key_filepath = os.path.join('repository_data', 'keystore', 'root_key') - root_rsa_key = repo_lib.import_rsa_privatekey_from_file(key_filepath, + root_rsa_key = repo_lib.import_ed25519_privatekey_from_file(key_filepath, 'password') # Append the new valid, but duplicate PSS signature, and test that diff --git a/tests/test_repository_tool.py b/tests/test_repository_tool.py index 191d9154..b851ad11 100755 --- a/tests/test_repository_tool.py +++ b/tests/test_repository_tool.py @@ -152,12 +152,12 @@ def test_write_and_write_partial(self): root_pubkey = repo_tool.import_rsa_publickey_from_file(root_pubkey_path) targets_pubkey = \ - repo_tool.import_rsa_publickey_from_file(targets_pubkey_path) + repo_tool.import_ed25519_publickey_from_file(targets_pubkey_path) snapshot_pubkey = \ - repo_tool.import_rsa_publickey_from_file(snapshot_pubkey_path) + repo_tool.import_ed25519_publickey_from_file(snapshot_pubkey_path) timestamp_pubkey = \ - repo_tool.import_rsa_publickey_from_file(timestamp_pubkey_path) - role1_pubkey = repo_tool.import_rsa_publickey_from_file(role1_pubkey_path) + repo_tool.import_ed25519_publickey_from_file(timestamp_pubkey_path) + role1_pubkey = repo_tool.import_ed25519_publickey_from_file(role1_pubkey_path) # Load the private keys. root_privkey_path = os.path.join(keystore_directory, 'root_key') @@ -169,16 +169,16 @@ def test_write_and_write_partial(self): root_privkey = \ repo_tool.import_rsa_privatekey_from_file(root_privkey_path, 'password') targets_privkey = \ - repo_tool.import_rsa_privatekey_from_file(targets_privkey_path, + repo_tool.import_ed25519_privatekey_from_file(targets_privkey_path, 'password') snapshot_privkey = \ - repo_tool.import_rsa_privatekey_from_file(snapshot_privkey_path, + repo_tool.import_ed25519_privatekey_from_file(snapshot_privkey_path, 'password') timestamp_privkey = \ - repo_tool.import_rsa_privatekey_from_file(timestamp_privkey_path, + repo_tool.import_ed25519_privatekey_from_file(timestamp_privkey_path, 'password') role1_privkey = \ - repo_tool.import_rsa_privatekey_from_file(role1_privkey_path, + repo_tool.import_ed25519_privatekey_from_file(role1_privkey_path, 'password') @@ -493,8 +493,8 @@ def test_keys(self): # Test keys() getter after a verification key has been loaded. key_path = os.path.join('repository_data', - 'keystore', 'root_key.pub') - key_object = repo_tool.import_rsa_publickey_from_file(key_path) + 'keystore', 'snapshot_key.pub') + key_object = repo_tool.import_ed25519_publickey_from_file(key_path) self.metadata.add_verification_key(key_object) keyid = key_object['keyid'] @@ -541,8 +541,8 @@ def test_compressions(self): def test_add_verification_key(self): # Add verification key and verify with keys() that it was added. key_path = os.path.join('repository_data', - 'keystore', 'root_key.pub') - key_object = repo_tool.import_rsa_publickey_from_file(key_path) + 'keystore', 'snapshot_key.pub') + key_object = repo_tool.import_ed25519_publickey_from_file(key_path) self.metadata.add_verification_key(key_object) keyid = key_object['keyid'] @@ -557,8 +557,8 @@ def test_add_verification_key(self): def test_remove_verification_key(self): # Add verification key so that remove_verifiation_key() can be tested. key_path = os.path.join('repository_data', - 'keystore', 'root_key.pub') - key_object = repo_tool.import_rsa_publickey_from_file(key_path) + 'keystore', 'snapshot_key.pub') + key_object = repo_tool.import_ed25519_publickey_from_file(key_path) self.metadata.add_verification_key(key_object) keyid = key_object['keyid'] @@ -577,7 +577,7 @@ def test_remove_verification_key(self): # Test non-existent public key argument. key_path = os.path.join('repository_data', 'keystore', 'targets_key.pub') - unused_key_object = repo_tool.import_rsa_publickey_from_file(key_path) + unused_key_object = repo_tool.import_ed25519_publickey_from_file(key_path) self.assertRaises(tuf.Error, self.metadata.remove_verification_key, unused_key_object) @@ -587,8 +587,8 @@ def test_remove_verification_key(self): def test_load_signing_key(self): # Test normal case. key_path = os.path.join('repository_data', - 'keystore', 'root_key') - key_object = repo_tool.import_rsa_privatekey_from_file(key_path, 'password') + 'keystore', 'snapshot_key') + key_object = repo_tool.import_ed25519_privatekey_from_file(key_path, 'password') self.metadata.load_signing_key(key_object) keyid = key_object['keyid'] @@ -601,8 +601,8 @@ def test_load_signing_key(self): # Test non-private key. key_path = os.path.join('repository_data', - 'keystore', 'root_key.pub') - key_object = repo_tool.import_rsa_publickey_from_file(key_path) + 'keystore', 'snapshot_key.pub') + key_object = repo_tool.import_ed25519_publickey_from_file(key_path) self.assertRaises(tuf.Error, self.metadata.load_signing_key, key_object) @@ -610,8 +610,8 @@ def test_load_signing_key(self): def test_unload_signing_key(self): # Load a signing key so that unload_signing_key() can have a key to unload. key_path = os.path.join('repository_data', - 'keystore', 'root_key') - key_object = repo_tool.import_rsa_privatekey_from_file(key_path, 'password') + 'keystore', 'snapshot_key') + key_object = repo_tool.import_ed25519_privatekey_from_file(key_path, 'password') self.metadata.load_signing_key(key_object) keyid = key_object['keyid'] @@ -629,7 +629,7 @@ def test_unload_signing_key(self): # Test non-existent key argument. key_path = os.path.join('repository_data', 'keystore', 'targets_key') - unused_key_object = repo_tool.import_rsa_privatekey_from_file(key_path, + unused_key_object = repo_tool.import_ed25519_privatekey_from_file(key_path, 'password') self.assertRaises(tuf.Error, self.metadata.unload_signing_key, @@ -857,8 +857,8 @@ def test_call(self): # Perform a delegation so that a delegated role can be accessed and tested # through __call__(). Example: {targets_object}('role1'). keystore_directory = os.path.join('repository_data', 'keystore') - public_keypath = os.path.join(keystore_directory, 'root_key.pub') - public_key = repo_tool.import_rsa_publickey_from_file(public_keypath) + public_keypath = os.path.join(keystore_directory, 'snapshot_key.pub') + public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath) target1_filepath = os.path.join(self.targets_directory, 'file1.txt') # Create Targets() object to be tested. @@ -880,8 +880,8 @@ def test_get_delegated_rolenames(self): # Perform two delegations so that get_delegated_rolenames() has roles to # return. keystore_directory = os.path.join('repository_data', 'keystore') - public_keypath = os.path.join(keystore_directory, 'root_key.pub') - public_key = repo_tool.import_rsa_publickey_from_file(public_keypath) + public_keypath = os.path.join(keystore_directory, 'snapshot_key.pub') + public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath) target1_filepath = os.path.join(self.targets_directory, 'file1.txt') target2_filepath = os.path.join(self.targets_directory, 'file2.txt') @@ -921,8 +921,8 @@ def test_delegations(self): # Perform a delegation so that delegations() has a Targets() object to # return. keystore_directory = os.path.join('repository_data', 'keystore') - public_keypath = os.path.join(keystore_directory, 'root_key.pub') - public_key = repo_tool.import_rsa_publickey_from_file(public_keypath) + public_keypath = os.path.join(keystore_directory, 'snapshot_key.pub') + public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath) target1_filepath = os.path.join(self.targets_directory, 'file1.txt') # Set needed arguments by delegate(). @@ -1076,8 +1076,8 @@ def test_delegate(self): # Need at least one public key and valid target paths required by # delegate(). keystore_directory = os.path.join('repository_data', 'keystore') - public_keypath = os.path.join(keystore_directory, 'root_key.pub') - public_key = repo_tool.import_rsa_publickey_from_file(public_keypath) + public_keypath = os.path.join(keystore_directory, 'snapshot_key.pub') + public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath) target1_filepath = os.path.join(self.targets_directory, 'file1.txt') target2_filepath = os.path.join(self.targets_directory, 'file2.txt') @@ -1157,8 +1157,8 @@ def test_delegate(self): def test_delegate_hashed_bins(self): # Test normal case. keystore_directory = os.path.join('repository_data', 'keystore') - public_keypath = os.path.join(keystore_directory, 'root_key.pub') - public_key = repo_tool.import_rsa_publickey_from_file(public_keypath) + public_keypath = os.path.join(keystore_directory, 'snapshot_key.pub') + public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath) target1_filepath = os.path.join(self.targets_directory, 'file1.txt') # Set needed arguments by delegate_hashed_bins(). @@ -1207,7 +1207,7 @@ def test_add_target_to_bin(self): # Delegate the hashed bins so that add_target_to_bin() can be tested. keystore_directory = os.path.join('repository_data', 'keystore') public_keypath = os.path.join(keystore_directory, 'targets_key.pub') - public_key = repo_tool.import_rsa_publickey_from_file(public_keypath) + public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath) target1_filepath = os.path.join(self.targets_directory, 'file1.txt') # Set needed arguments by delegate_hashed_bins(). @@ -1261,7 +1261,7 @@ def test_remove_target_from_bin(self): # Delegate the hashed bins so that add_target_to_bin() can be tested. keystore_directory = os.path.join('repository_data', 'keystore') public_keypath = os.path.join(keystore_directory, 'targets_key.pub') - public_key = repo_tool.import_rsa_publickey_from_file(public_keypath) + public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath) target1_filepath = os.path.join(self.targets_directory, 'file1.txt') # Set needed arguments by delegate_hashed_bins(). @@ -1316,8 +1316,8 @@ def test_add_restricted_paths(self): # Perform a delegation so that add_restricted_paths() has a child role # to restrict. keystore_directory = os.path.join('repository_data', 'keystore') - public_keypath = os.path.join(keystore_directory, 'root_key.pub') - public_key = repo_tool.import_rsa_publickey_from_file(public_keypath) + public_keypath = os.path.join(keystore_directory, 'snapshot_key.pub') + public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath) # Set needed arguments by delegate(). public_keys = [public_key] @@ -1374,8 +1374,8 @@ def test_revoke(self): # Test normal case. # Perform a delegation so that revoke() has a delegation to revoke. keystore_directory = os.path.join('repository_data', 'keystore') - public_keypath = os.path.join(keystore_directory, 'root_key.pub') - public_key = repo_tool.import_rsa_publickey_from_file(public_keypath) + public_keypath = os.path.join(keystore_directory, 'snapshot_key.pub') + public_key = repo_tool.import_ed25519_publickey_from_file(public_keypath) target1_filepath = os.path.join(self.targets_directory, 'file1.txt') # Set needed arguments by delegate(). diff --git a/tuf/repository_lib.py b/tuf/repository_lib.py index 5eda8b11..3fe5f0fb 100755 --- a/tuf/repository_lib.py +++ b/tuf/repository_lib.py @@ -220,8 +220,6 @@ def _generate_and_write_metadata(rolename, metadata_filename, write_partial, # 'signable' contains an invalid threshold of signatures. else: message = 'Not enough signatures for ' + repr(metadata_filename) - print('role keyids:\n' + repr(tuf.roledb.get_role_keyids(rolename))) - #if rolename == 'role1': print('signable:\n' + repr(signable)) raise tuf.UnsignedMetadataError(message, signable) return signable, filename @@ -935,7 +933,7 @@ def import_rsa_publickey_from_file(filepath): rsakey_dict = tuf.keys.format_rsakey_from_pem(rsa_pubkey_pem) except tuf.FormatError as e: - raise tuf.Error('Cannot import improperly formatted PEM file.') + raise tuf.Error('Cannot import improperly formatted PEM file.' + repr(str(e))) return rsakey_dict @@ -1008,7 +1006,6 @@ def generate_and_write_ed25519_keypair(filepath, password=None): keyval = ed25519_key['keyval'] ed25519key_metadata_format = \ tuf.keys.format_keyval_to_metadata(keytype, keyval, private=False) - print('ed25519key_metadata_format: ' + repr(ed25519key_metadata_format)) # Write the public key, conformant to 'tuf.formats.KEY_SCHEMA', to # '.pub'. @@ -1067,7 +1064,7 @@ def import_ed25519_publickey_from_file(filepath): # includes the keyid. ed25519_key_metadata = tuf.util.load_json_file(filepath) ed25519_key, junk = tuf.keys.format_metadata_to_key(ed25519_key_metadata) - + # Raise an exception if an unexpected key type is imported. # Redundant validation of 'keytype'. 'tuf.keys.format_metadata_to_key()' # should have fully validated 'ed25519_key_metadata'.