Skip to content

Commit 755f3d6

Browse files
MVrachevMVrachev
committed
Address Jussi's comments 2
Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
1 parent 8e04c96 commit 755f3d6

File tree

1 file changed

+19
-30
lines changed

1 file changed

+19
-30
lines changed

tests/test_trusted_metadata_set.py

Lines changed: 19 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,6 @@
1212
from tuf.ngclient._internal.trusted_metadata_set import(
1313
TrustedMetadataSet
1414
)
15-
from securesystemslib import hash as sslib_hash
1615
from securesystemslib.signer import SSlibSigner
1716
from securesystemslib.interface import(
1817
import_ed25519_privatekey_from_file,
@@ -52,15 +51,11 @@ def setUpClass(cls):
5251
def setUp(self) -> None:
5352
self.trusted_set = TrustedMetadataSet(self.metadata["root"])
5453

55-
def _setup_update_snapshot_or_timestamp_test(self):
54+
def _root_update_finished_and_update_timestamp(self):
5655
self.trusted_set.root_update_finished()
5756
self.trusted_set.update_timestamp(self.metadata["timestamp"])
5857

59-
def _setup_update_snapshot_after_successful_update_test(self):
60-
self._setup_update_snapshot_or_timestamp_test()
61-
self.trusted_set.update_snapshot(self.metadata["snapshot"])
62-
63-
def _setup_update_targets_test(self):
58+
def _update_all_besides_targets(self):
6459
self.trusted_set.root_update_finished()
6560
self.trusted_set.update_timestamp(self.metadata["timestamp"])
6661
self.trusted_set.update_snapshot(self.metadata["snapshot"])
@@ -124,10 +119,6 @@ def test_out_of_order_ops(self):
124119
self.metadata["role1"], "role1", "targets"
125120
)
126121

127-
self.trusted_set.update_targets(self.metadata["targets"])
128-
self.trusted_set.update_delegated_targets(
129-
self.metadata["role1"], "role1", "targets"
130-
)
131122

132123
def test_update_with_invalid_json(self):
133124
# root.json not a json file at all
@@ -176,7 +167,8 @@ def test_update_root_new_root_cannot_be_verified_with_threshold(self):
176167
modified_threshold_data = copy.deepcopy(
177168
json.loads(self.metadata["root"])
178169
)
179-
modified_threshold_data["signed"]["roles"]["root"]["threshold"] = 2
170+
# change something in root so signature doesn't match the content.
171+
modified_threshold_data["signed"]["roles"]["root"]["version"] = 2
180172
modified_threshold_data = json.dumps(modified_threshold_data).encode()
181173
with self.assertRaises(exceptions.UnsignedMetadataError):
182174
self.trusted_set.update_root(modified_threshold_data)
@@ -206,21 +198,21 @@ def test_root_update_finished_expired(self):
206198

207199

208200
def test_update_timestamp_new_timestamp_ver_below_trusted_ver(self):
209-
self._setup_update_snapshot_or_timestamp_test()
201+
self._root_update_finished_and_update_timestamp()
210202
# new_timestamp.version < trusted_timestamp.version
211203
self.trusted_set.timestamp.signed.version = 2
212204
with self.assertRaises(exceptions.ReplayedMetadataError):
213205
self.trusted_set.update_timestamp(self.metadata["timestamp"])
214206

215207
def test_update_timestamp_snapshot_ver_below_trusted_snapshot_ver(self):
216-
self._setup_update_snapshot_or_timestamp_test()
208+
self._root_update_finished_and_update_timestamp()
217209
# new_timestamp.snapshot.version < trusted_timestamp.snapshot.version
218210
self.trusted_set.timestamp.signed.meta["snapshot.json"].version = 2
219211
with self.assertRaises(exceptions.ReplayedMetadataError):
220212
self.trusted_set.update_timestamp(self.metadata["timestamp"])
221213

222214
def test_update_timestamp_snapshot_ver_below_trusted_snapshot_ver(self):
223-
self._setup_update_snapshot_or_timestamp_test()
215+
self._root_update_finished_and_update_timestamp()
224216
# new_timestamp has expired
225217
timestamp = Metadata.from_bytes(self.metadata["timestamp"])
226218
timestamp.signed.expires = datetime(1970, 1, 1)
@@ -231,33 +223,32 @@ def test_update_timestamp_snapshot_ver_below_trusted_snapshot_ver(self):
231223

232224

233225
def test_update_snapshot_after_targets_updated(self):
234-
self._setup_update_snapshot_or_timestamp_test()
226+
self._root_update_finished_and_update_timestamp()
235227
# cannot update snapshot after targets update completes or targets != None
236228
targets_obj = Metadata.from_bytes(self.metadata["targets"])
237229
self.trusted_set._trusted_set["targets"] = targets_obj
238230
with self.assertRaises(RuntimeError):
239231
self.trusted_set.update_snapshot(self.metadata["snapshot"])
240232

241233
def test_update_snapshot_cannot_verify_snapshot_with_threshold(self):
242-
self._setup_update_snapshot_or_timestamp_test()
234+
self._root_update_finished_and_update_timestamp()
243235
# remove signature for snapshot from root data
244236
self.trusted_set.root.signed.roles["snapshot"].keyids = []
245-
# self.trusted_set.snapshot.signatures = {}
246237
with self.assertRaises(exceptions.UnsignedMetadataError):
247238
self.trusted_set.update_snapshot(self.metadata["snapshot"])
248239
self.trusted_set.root.signed.roles["snapshot"].threshold = 1
249240

250241
def test_update_snapshot_version_different_timestamp_snapshot_version(self):
251-
self._setup_update_snapshot_or_timestamp_test()
242+
self._root_update_finished_and_update_timestamp()
252243
# new_snapshot.version != trusted timestamp.meta["snapshot"].version
253244
self.trusted_set.timestamp.signed.meta["snapshot.json"].version = 2
254245
with self.assertRaises(exceptions.BadVersionNumberError):
255246
self.trusted_set.update_snapshot(self.metadata["snapshot"])
256-
self.trusted_set.timestamp.signed.meta["snapshot.json"].version = 1
247+
257248

258249

259250
def test_update_snapshot_after_successful_update_new_snapshot_no_meta(self):
260-
self._setup_update_snapshot_after_successful_update_test()
251+
self._update_all_besides_targets()
261252
# Test removing a meta_file in new_snapshot compared to the old snapshot
262253
snapshot_obj = Metadata.from_bytes(self.metadata["snapshot"])
263254
snapshot_obj.signed.meta = {}
@@ -269,15 +260,15 @@ def test_update_snapshot_after_successful_update_new_snapshot_no_meta(self):
269260
self.trusted_set.update_snapshot(modified_snapshot_data)
270261

271262
def test_update_snapshot_after_succesfull_update_new_snapshot_meta_version_different(self):
272-
self._setup_update_snapshot_after_successful_update_test()
263+
self._update_all_besides_targets()
273264
# snapshot.meta["project1"].version != new_snapshot.meta["project1"].version
274265
for metafile in self.trusted_set.snapshot.signed.meta.values():
275266
metafile.version += 1
276267
with self.assertRaises(exceptions.BadVersionNumberError):
277268
self.trusted_set.update_snapshot(self.metadata["snapshot"])
278269

279270
def test_update_snapshot_after_succesfull_expired_new_snapshot(self):
280-
self._setup_update_snapshot_after_successful_update_test()
271+
self._update_all_besides_targets()
281272
# new_snapshot has expired
282273
snapshot_obj = Metadata.from_bytes(self.metadata["snapshot"])
283274
snapshot_obj.signed.expires = datetime(1970, 1, 1)
@@ -290,32 +281,30 @@ def test_update_snapshot_after_succesfull_expired_new_snapshot(self):
290281

291282

292283
def test_update_targets_no_meta_in_snapshot(self):
293-
self._setup_update_targets_test()
284+
self._update_all_besides_targets()
294285
# remove meta information with information about targets from snapshot
295286
self.trusted_set.snapshot.signed.meta = {}
296287
with self.assertRaises(exceptions.RepositoryError):
297288
self.trusted_set.update_targets(self.metadata["targets"])
298289

299290
def test_update_targets_hash_different_than_snapshot_meta_hash(self):
300-
self._setup_update_targets_test()
291+
self._update_all_besides_targets()
301292
# observed_hash != stored hash in snapshot meta for targets
302-
true_hashes = {}
303-
for target_path, meta_file in self.trusted_set.snapshot.signed.meta.items():
304-
true_hashes[target_path] = meta_file.hashes
293+
for target_path in self.trusted_set.snapshot.signed.meta.keys():
305294
self.trusted_set.snapshot.signed.meta[target_path].hashes = {"sha256": "b"}
306295
with self.assertRaises(exceptions.RepositoryError):
307296
self.trusted_set.update_targets(self.metadata["targets"])
308297

309298
def test_update_targets_version_different_snapshot_meta_version(self):
310-
self._setup_update_targets_test()
299+
self._update_all_besides_targets()
311300
# new_delegate.signed.version != meta.version stored in snapshot
312301
for target_path in self.trusted_set.snapshot.signed.meta.keys():
313302
self.trusted_set.snapshot.signed.meta[target_path].version = 2
314303
with self.assertRaises(exceptions.BadVersionNumberError):
315304
self.trusted_set.update_targets(self.metadata["targets"])
316305

317306
def test_update_targets_expired_new_target(self):
318-
self._setup_update_targets_test()
307+
self._update_all_besides_targets()
319308
# new_delegated_target has expired
320309
targets_obj = Metadata.from_bytes(self.metadata["targets"])
321310
targets_obj.signed.expires = datetime(1970, 1, 1)

0 commit comments

Comments
 (0)