Latest WIP

This commit is contained in:
Vladimir Diaz 2016-03-22 11:26:55 -04:00
parent b4626f172a
commit b982c063db
6 changed files with 2885 additions and 34 deletions

2866
tests/repository_tool.py Executable file

File diff suppressed because it is too large Load diff

View file

@ -235,7 +235,7 @@ def test_write_and_write_partial(self):
self.assertTrue(os.path.exists(compressed_filepath))
# Verify the 'role1.json' delegation is also written.
role1_filepath = os.path.join(metadata_directory, 'targets', 'role1.json')
role1_filepath = os.path.join(metadata_directory, 'role1.json')
role1_signable = tuf.util.load_json_file(role1_filepath)
tuf.formats.check_signable_object_format(role1_signable)
@ -246,26 +246,26 @@ def test_write_and_write_partial(self):
repository.status()
# Verify status() does not raise 'tuf.InsufficientKeysError' if a top-level
# role does and 'targets/role1' do not contain a threshold of keys.
# role does and 'role1' do not contain a threshold of keys.
root_roleinfo = tuf.roledb.get_roleinfo('root')
old_threshold = root_roleinfo['threshold']
root_roleinfo['threshold'] = 10
role1_roleinfo = tuf.roledb.get_roleinfo('targets/role1')
role1_roleinfo = tuf.roledb.get_roleinfo('role1')
old_role1_threshold = role1_roleinfo['threshold']
role1_roleinfo['threshold'] = 10
tuf.roledb.update_roleinfo('root', root_roleinfo)
tuf.roledb.update_roleinfo('targets/role1', role1_roleinfo)
tuf.roledb.update_roleinfo('role1', role1_roleinfo)
repository.status()
# Restore the original threshold values.
root_roleinfo['threshold'] = old_threshold
tuf.roledb.update_roleinfo('root', root_roleinfo)
role1_roleinfo['threshold'] = old_role1_threshold
tuf.roledb.update_roleinfo('targets/role1', role1_roleinfo)
tuf.roledb.update_roleinfo('role1', role1_roleinfo)
# Verify status() does not raise 'tuf.UnsignedMetadataError' if any of the
# the top-level roles and 'targets/role1' are improperly signed.
# the top-level roles and 'role1' are improperly signed.
repository.root.unload_signing_key(root_privkey)
repository.root.load_signing_key(targets_privkey)
repository.targets('role1').unload_signing_key(role1_privkey)
@ -1175,15 +1175,8 @@ def test_delegate_hashed_bins(self):
delegated_rolenames = ['0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f']
# Prepend the parent's rolename.
expected_delegated_rolenames = []
for rolename in delegated_rolenames:
rolename = self.targets_object.rolename + '/' + rolename
expected_delegated_rolenames.append(rolename)
self.assertEqual(sorted(self.targets_object.get_delegated_rolenames()),
sorted(expected_delegated_rolenames))
sorted(delegated_rolenames))
# Test improperly formatted arguments.
self.assertRaises(tuf.FormatError,
@ -1502,7 +1495,7 @@ def test_load_repository(self):
# Verify the expected roles have been loaded. See
# 'tuf/tests/repository_data/repository/'.
expected_roles = \
['root', 'targets', 'snapshot', 'timestamp', 'targets/role1']
['root', 'targets', 'snapshot', 'timestamp', 'role1']
for role in tuf.roledb.get_rolenames():
self.assertTrue(role in expected_roles)

View file

@ -284,21 +284,21 @@ def test_1__load_metadata_from_file(self):
# Get the 'role1.json' filepath. Manually load the role metadata, and
# compare it against the loaded metadata by '_load_metadata_from_file()'.
role1_filepath = \
os.path.join(self.client_metadata_current, 'targets', 'role1.json')
os.path.join(self.client_metadata_current, 'role1.json')
role1_meta = tuf.util.load_json_file(role1_filepath)
# Load the 'role1.json' file with _load_metadata_from_file, which should
# store the loaded metadata in the 'self.repository_updater.metadata'
# store.
self.assertEqual(len(self.repository_updater.metadata['current']), 4)
self.repository_updater._load_metadata_from_file('current', 'targets/role1')
self.repository_updater._load_metadata_from_file('current', 'role1')
# Verify that the correct number of metadata objects has been loaded
# (i.e., only the 'root.json' file should have been loaded.
self.assertEqual(len(self.repository_updater.metadata['current']), 5)
# Verify that the content of root metadata is valid.
self.assertEqual(self.repository_updater.metadata['current']['targets/role1'],
self.assertEqual(self.repository_updater.metadata['current']['role1'],
role1_meta['signed'])
# Test invalid metadata set argument (must be either
@ -420,12 +420,12 @@ def test_2__import_delegations(self):
self.assertEqual(len(tuf.keydb._keydb_dict), 5)
# Verify that roledb dictionary was added.
self.assertTrue('targets/role1' in tuf.roledb._roledb_dict)
self.assertTrue('role1' in tuf.roledb._roledb_dict)
# Verify that keydb dictionary was updated.
role1_signable = \
tuf.util.load_json_file(os.path.join(self.client_metadata_current,
'targets', 'role1.json'))
'role1.json'))
keyids = []
for signature in role1_signable['signatures']:
keyids.append(signature['keyid'])
@ -855,20 +855,20 @@ def test_5_targets_of_role(self):
# Extract the target files specified by the delegated role, 'role1.json',
# as available on the server-side version of the role.
role1_filepath = os.path.join(self.repository_directory, 'metadata',
'targets', 'role1.json')
'role1.json')
role1_signable = tuf.util.load_json_file(role1_filepath)
expected_targets = role1_signable['signed']['targets']
# Test: normal case.
targets_list = self.repository_updater.targets_of_role('targets/role1')
targets_list = self.repository_updater.targets_of_role('role1')
# Verify that the expected role files were downloaded and installed.
os.path.exists(os.path.join(self.client_metadata_current, 'targets.json'))
os.path.exists(os.path.join(self.client_metadata_current, 'targets',
'role1.json'))
'role1.json'))
self.assertTrue('targets' in self.repository_updater.metadata['current'])
self.assertTrue('targets/role1' in self.repository_updater.metadata['current'])
self.assertTrue('role1' in self.repository_updater.metadata['current'])
# Verify that list of targets was returned and that it contains valid
# target files.

View file

@ -131,14 +131,6 @@ def _generate_and_write_metadata(rolename, metadata_filename, write_partial,
_log_warning_if_expires_soon(ROOT_FILENAME, roleinfo['expires'],
ROOT_EXPIRES_WARN_SECONDS)
# Check for the Targets role, including delegated roles.
elif rolename.startswith('targets'):
metadata = generate_targets_metadata(targets_directory,
roleinfo['paths'],
roleinfo['version'],
roleinfo['expires'],
roleinfo['delegations'],
consistent_snapshot)
elif rolename == 'snapshot':
@ -177,7 +169,6 @@ def _generate_and_write_metadata(rolename, metadata_filename, write_partial,
roleinfo['expires'],
roleinfo['delegations'],
consistent_snapshot)
signable = sign_metadata(metadata, roleinfo['signing_keyids'],
metadata_filename)

View file

@ -239,7 +239,7 @@ def write(self, write_partial=False, consistent_snapshot=False,
delegated_filename = os.path.join(self._metadata_directory,
delegated_rolename + METADATA_EXTENSION)
repo_lib._generate_and_write_metadata(delegated_rolename,
delegated_filename,
write_partial,

View file

@ -744,6 +744,7 @@ def clear_roledb():
"""
_roledb_dict.clear()
_dirty_roles[:] = []