mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
Latest WIP
This commit is contained in:
parent
b4626f172a
commit
b982c063db
6 changed files with 2885 additions and 34 deletions
2866
tests/repository_tool.py
Executable file
2866
tests/repository_tool.py
Executable file
File diff suppressed because it is too large
Load diff
|
|
@ -235,7 +235,7 @@ def test_write_and_write_partial(self):
|
|||
self.assertTrue(os.path.exists(compressed_filepath))
|
||||
|
||||
# Verify the 'role1.json' delegation is also written.
|
||||
role1_filepath = os.path.join(metadata_directory, 'targets', 'role1.json')
|
||||
role1_filepath = os.path.join(metadata_directory, 'role1.json')
|
||||
role1_signable = tuf.util.load_json_file(role1_filepath)
|
||||
tuf.formats.check_signable_object_format(role1_signable)
|
||||
|
||||
|
|
@ -246,26 +246,26 @@ def test_write_and_write_partial(self):
|
|||
repository.status()
|
||||
|
||||
# Verify status() does not raise 'tuf.InsufficientKeysError' if a top-level
|
||||
# role does and 'targets/role1' do not contain a threshold of keys.
|
||||
# role does and 'role1' do not contain a threshold of keys.
|
||||
root_roleinfo = tuf.roledb.get_roleinfo('root')
|
||||
old_threshold = root_roleinfo['threshold']
|
||||
root_roleinfo['threshold'] = 10
|
||||
role1_roleinfo = tuf.roledb.get_roleinfo('targets/role1')
|
||||
role1_roleinfo = tuf.roledb.get_roleinfo('role1')
|
||||
old_role1_threshold = role1_roleinfo['threshold']
|
||||
role1_roleinfo['threshold'] = 10
|
||||
tuf.roledb.update_roleinfo('root', root_roleinfo)
|
||||
tuf.roledb.update_roleinfo('targets/role1', role1_roleinfo)
|
||||
tuf.roledb.update_roleinfo('role1', role1_roleinfo)
|
||||
repository.status()
|
||||
|
||||
# Restore the original threshold values.
|
||||
root_roleinfo['threshold'] = old_threshold
|
||||
tuf.roledb.update_roleinfo('root', root_roleinfo)
|
||||
role1_roleinfo['threshold'] = old_role1_threshold
|
||||
tuf.roledb.update_roleinfo('targets/role1', role1_roleinfo)
|
||||
tuf.roledb.update_roleinfo('role1', role1_roleinfo)
|
||||
|
||||
|
||||
# Verify status() does not raise 'tuf.UnsignedMetadataError' if any of the
|
||||
# the top-level roles and 'targets/role1' are improperly signed.
|
||||
# the top-level roles and 'role1' are improperly signed.
|
||||
repository.root.unload_signing_key(root_privkey)
|
||||
repository.root.load_signing_key(targets_privkey)
|
||||
repository.targets('role1').unload_signing_key(role1_privkey)
|
||||
|
|
@ -1175,15 +1175,8 @@ def test_delegate_hashed_bins(self):
|
|||
delegated_rolenames = ['0', '1', '2', '3', '4', '5', '6', '7',
|
||||
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f']
|
||||
|
||||
# Prepend the parent's rolename.
|
||||
expected_delegated_rolenames = []
|
||||
for rolename in delegated_rolenames:
|
||||
rolename = self.targets_object.rolename + '/' + rolename
|
||||
expected_delegated_rolenames.append(rolename)
|
||||
|
||||
self.assertEqual(sorted(self.targets_object.get_delegated_rolenames()),
|
||||
sorted(expected_delegated_rolenames))
|
||||
|
||||
sorted(delegated_rolenames))
|
||||
|
||||
# Test improperly formatted arguments.
|
||||
self.assertRaises(tuf.FormatError,
|
||||
|
|
@ -1502,7 +1495,7 @@ def test_load_repository(self):
|
|||
# Verify the expected roles have been loaded. See
|
||||
# 'tuf/tests/repository_data/repository/'.
|
||||
expected_roles = \
|
||||
['root', 'targets', 'snapshot', 'timestamp', 'targets/role1']
|
||||
['root', 'targets', 'snapshot', 'timestamp', 'role1']
|
||||
for role in tuf.roledb.get_rolenames():
|
||||
self.assertTrue(role in expected_roles)
|
||||
|
||||
|
|
|
|||
|
|
@ -284,21 +284,21 @@ def test_1__load_metadata_from_file(self):
|
|||
# Get the 'role1.json' filepath. Manually load the role metadata, and
|
||||
# compare it against the loaded metadata by '_load_metadata_from_file()'.
|
||||
role1_filepath = \
|
||||
os.path.join(self.client_metadata_current, 'targets', 'role1.json')
|
||||
os.path.join(self.client_metadata_current, 'role1.json')
|
||||
role1_meta = tuf.util.load_json_file(role1_filepath)
|
||||
|
||||
# Load the 'role1.json' file with _load_metadata_from_file, which should
|
||||
# store the loaded metadata in the 'self.repository_updater.metadata'
|
||||
# store.
|
||||
self.assertEqual(len(self.repository_updater.metadata['current']), 4)
|
||||
self.repository_updater._load_metadata_from_file('current', 'targets/role1')
|
||||
self.repository_updater._load_metadata_from_file('current', 'role1')
|
||||
|
||||
# Verify that the correct number of metadata objects has been loaded
|
||||
# (i.e., only the 'root.json' file should have been loaded.
|
||||
self.assertEqual(len(self.repository_updater.metadata['current']), 5)
|
||||
|
||||
# Verify that the content of root metadata is valid.
|
||||
self.assertEqual(self.repository_updater.metadata['current']['targets/role1'],
|
||||
self.assertEqual(self.repository_updater.metadata['current']['role1'],
|
||||
role1_meta['signed'])
|
||||
|
||||
# Test invalid metadata set argument (must be either
|
||||
|
|
@ -420,12 +420,12 @@ def test_2__import_delegations(self):
|
|||
self.assertEqual(len(tuf.keydb._keydb_dict), 5)
|
||||
|
||||
# Verify that roledb dictionary was added.
|
||||
self.assertTrue('targets/role1' in tuf.roledb._roledb_dict)
|
||||
self.assertTrue('role1' in tuf.roledb._roledb_dict)
|
||||
|
||||
# Verify that keydb dictionary was updated.
|
||||
role1_signable = \
|
||||
tuf.util.load_json_file(os.path.join(self.client_metadata_current,
|
||||
'targets', 'role1.json'))
|
||||
'role1.json'))
|
||||
keyids = []
|
||||
for signature in role1_signable['signatures']:
|
||||
keyids.append(signature['keyid'])
|
||||
|
|
@ -855,20 +855,20 @@ def test_5_targets_of_role(self):
|
|||
# Extract the target files specified by the delegated role, 'role1.json',
|
||||
# as available on the server-side version of the role.
|
||||
role1_filepath = os.path.join(self.repository_directory, 'metadata',
|
||||
'targets', 'role1.json')
|
||||
'role1.json')
|
||||
role1_signable = tuf.util.load_json_file(role1_filepath)
|
||||
expected_targets = role1_signable['signed']['targets']
|
||||
|
||||
|
||||
# Test: normal case.
|
||||
targets_list = self.repository_updater.targets_of_role('targets/role1')
|
||||
targets_list = self.repository_updater.targets_of_role('role1')
|
||||
|
||||
# Verify that the expected role files were downloaded and installed.
|
||||
os.path.exists(os.path.join(self.client_metadata_current, 'targets.json'))
|
||||
os.path.exists(os.path.join(self.client_metadata_current, 'targets',
|
||||
'role1.json'))
|
||||
'role1.json'))
|
||||
self.assertTrue('targets' in self.repository_updater.metadata['current'])
|
||||
self.assertTrue('targets/role1' in self.repository_updater.metadata['current'])
|
||||
self.assertTrue('role1' in self.repository_updater.metadata['current'])
|
||||
|
||||
# Verify that list of targets was returned and that it contains valid
|
||||
# target files.
|
||||
|
|
|
|||
|
|
@ -131,14 +131,6 @@ def _generate_and_write_metadata(rolename, metadata_filename, write_partial,
|
|||
_log_warning_if_expires_soon(ROOT_FILENAME, roleinfo['expires'],
|
||||
ROOT_EXPIRES_WARN_SECONDS)
|
||||
|
||||
# Check for the Targets role, including delegated roles.
|
||||
elif rolename.startswith('targets'):
|
||||
metadata = generate_targets_metadata(targets_directory,
|
||||
roleinfo['paths'],
|
||||
roleinfo['version'],
|
||||
roleinfo['expires'],
|
||||
roleinfo['delegations'],
|
||||
consistent_snapshot)
|
||||
|
||||
|
||||
elif rolename == 'snapshot':
|
||||
|
|
@ -177,7 +169,6 @@ def _generate_and_write_metadata(rolename, metadata_filename, write_partial,
|
|||
roleinfo['expires'],
|
||||
roleinfo['delegations'],
|
||||
consistent_snapshot)
|
||||
|
||||
|
||||
signable = sign_metadata(metadata, roleinfo['signing_keyids'],
|
||||
metadata_filename)
|
||||
|
|
|
|||
|
|
@ -239,7 +239,7 @@ def write(self, write_partial=False, consistent_snapshot=False,
|
|||
|
||||
delegated_filename = os.path.join(self._metadata_directory,
|
||||
delegated_rolename + METADATA_EXTENSION)
|
||||
|
||||
|
||||
repo_lib._generate_and_write_metadata(delegated_rolename,
|
||||
delegated_filename,
|
||||
write_partial,
|
||||
|
|
|
|||
|
|
@ -744,6 +744,7 @@ def clear_roledb():
|
|||
"""
|
||||
|
||||
_roledb_dict.clear()
|
||||
_dirty_roles[:] = []
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue