Skip to content

Commit f2a2cec

Browse files
MVrachevMVrachev
committed
TrustedMetadataSet testing: start using setUp
This way we remove the repetitive code of creating a new TrustedMetadataSet instance for each test function. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
1 parent 6c75f42 commit f2a2cec

File tree

1 file changed

+93
-101
lines changed

1 file changed

+93
-101
lines changed

tests/test_trusted_metadata_set.py

Lines changed: 93 additions & 101 deletions
Original file line numberDiff line numberDiff line change
@@ -41,63 +41,61 @@ def setUpClass(cls):
4141
password="password"
4242
)
4343

44-
def test_update(self):
45-
trusted_set = TrustedMetadataSet(self.metadata["root"])
46-
trusted_set.root_update_finished()
44+
def setUp(self) -> None:
45+
self.trusted_set = TrustedMetadataSet(self.metadata["root"])
4746

48-
trusted_set.update_timestamp(self.metadata["timestamp"])
49-
trusted_set.update_snapshot(self.metadata["snapshot"])
50-
trusted_set.update_targets(self.metadata["targets"])
51-
trusted_set.update_delegated_targets(
47+
def test_update(self):
48+
self.trusted_set.root_update_finished()
49+
self.trusted_set.update_timestamp(self.metadata["timestamp"])
50+
self.trusted_set.update_snapshot(self.metadata["snapshot"])
51+
self.trusted_set.update_targets(self.metadata["targets"])
52+
self.trusted_set.update_delegated_targets(
5253
self.metadata["role1"], "role1", "targets"
5354
)
54-
trusted_set.update_delegated_targets(
55+
self.trusted_set.update_delegated_targets(
5556
self.metadata["role2"], "role2", "role1"
5657
)
57-
5858
# the 4 top level metadata objects + 2 additional delegated targets
59-
self.assertTrue(len(trusted_set), 6)
59+
self.assertTrue(len(self.trusted_set), 6)
6060

6161
def test_out_of_order_ops(self):
62-
trusted_set = TrustedMetadataSet(self.metadata["root"])
63-
6462
# Update timestamp before root is finished
6563
with self.assertRaises(RuntimeError):
66-
trusted_set.update_timestamp(self.metadata["timestamp"])
64+
self.trusted_set.update_timestamp(self.metadata["timestamp"])
6765

68-
trusted_set.root_update_finished()
66+
self.trusted_set.root_update_finished()
6967
with self.assertRaises(RuntimeError):
70-
trusted_set.root_update_finished()
68+
self.trusted_set.root_update_finished()
7169

7270
# Update snapshot before timestamp
7371
with self.assertRaises(RuntimeError):
74-
trusted_set.update_snapshot(self.metadata["snapshot"])
72+
self.trusted_set.update_snapshot(self.metadata["snapshot"])
7573

76-
trusted_set.update_timestamp(self.metadata["timestamp"])
74+
self.trusted_set.update_timestamp(self.metadata["timestamp"])
7775

7876
# Update targets before snapshot
7977
with self.assertRaises(RuntimeError):
80-
trusted_set.update_targets(self.metadata["targets"])
78+
self.trusted_set.update_targets(self.metadata["targets"])
8179

82-
trusted_set.update_snapshot(self.metadata["snapshot"])
80+
self.trusted_set.update_snapshot(self.metadata["snapshot"])
8381

8482
# update timestamp after snapshot
8583
with self.assertRaises(RuntimeError):
86-
trusted_set.update_timestamp(self.metadata["timestamp"])
84+
self.trusted_set.update_timestamp(self.metadata["timestamp"])
8785

8886
# Update delegated targets before targets
8987
with self.assertRaises(RuntimeError):
90-
trusted_set.update_delegated_targets(
88+
self.trusted_set.update_delegated_targets(
9189
self.metadata["role1"], "role1", "targets"
9290
)
9391

94-
trusted_set.update_targets(self.metadata["targets"])
95-
trusted_set.update_delegated_targets(
92+
self.trusted_set.update_targets(self.metadata["targets"])
93+
self.trusted_set.update_delegated_targets(
9694
self.metadata["role1"], "role1", "targets"
9795
)
9896

99-
trusted_set.update_targets(self.metadata["targets"])
100-
trusted_set.update_delegated_targets(
97+
self.trusted_set.update_targets(self.metadata["targets"])
98+
self.trusted_set.update_delegated_targets(
10199
self.metadata["role1"], "role1", "targets"
102100
)
103101

@@ -111,13 +109,12 @@ def test_update_with_invalid_json(self):
111109
with self.assertRaises(exceptions.RepositoryError):
112110
TrustedMetadataSet(json.dumps(root.to_dict()).encode())
113111

114-
trusted_set = TrustedMetadataSet(self.metadata["root"])
115-
trusted_set.root_update_finished()
112+
self.trusted_set.root_update_finished()
116113

117114
top_level_md = [
118-
(self.metadata["timestamp"], trusted_set.update_timestamp),
119-
(self.metadata["snapshot"], trusted_set.update_snapshot),
120-
(self.metadata["targets"], trusted_set.update_targets),
115+
(self.metadata["timestamp"], self.trusted_set.update_timestamp),
116+
(self.metadata["snapshot"], self.trusted_set.update_snapshot),
117+
(self.metadata["targets"], self.trusted_set.update_targets),
121118
]
122119
for metadata, update_func in top_level_md:
123120
# metadata is not json
@@ -148,7 +145,6 @@ def test_verify_with_threshold(self):
148145
verify_with_threshold(targets, "foo", delegated_role)
149146

150147
def test_invalid_update_root(self):
151-
trusted_set = TrustedMetadataSet(self.metadata["root"])
152148
# new_root data with invalid snapshot type
153149
invalid_type_data = json.loads(self.metadata["root"])
154150
invalid_type_data["signed"]["_type"] = "snapshot"
@@ -157,7 +153,7 @@ def test_invalid_update_root(self):
157153
# RepositoryError is thrown during new_root deserialization.
158154
# It's not thrown when checking new_root.signed.type != "root"
159155
with self.assertRaises(exceptions.RepositoryError):
160-
trusted_set.update_root(invalid_type_data)
156+
self.trusted_set.update_root(invalid_type_data)
161157

162158
# new_root data with threshold which cannot be verified.
163159
modified_threshold_data = copy.deepcopy(
@@ -166,26 +162,26 @@ def test_invalid_update_root(self):
166162
modified_threshold_data["signed"]["roles"]["root"]["threshold"] = 2
167163
modified_threshold_data = json.dumps(modified_threshold_data).encode()
168164
with self.assertRaises(exceptions.UnsignedMetadataError):
169-
trusted_set.update_root(modified_threshold_data)
165+
self.trusted_set.update_root(modified_threshold_data)
170166

171167
# new_root.signed.version has the same version as old root
172168
with self.assertRaises(exceptions.ReplayedMetadataError):
173-
trusted_set.update_root(self.metadata["root"])
169+
self.trusted_set.update_root(self.metadata["root"])
174170

175171
# if _root_update_finished, then fail when calling update_root
176-
trusted_set.root_update_finished()
172+
self.trusted_set.root_update_finished()
177173
with self.assertRaises(RuntimeError):
178-
trusted_set.update_root(self.metadata["root"])
174+
self.trusted_set.update_root(self.metadata["root"])
175+
self.trusted_set._root_update_finished = False
179176

180177
def test_root_update_finished_expired(self):
181-
trusted_set = TrustedMetadataSet(self.metadata["root"])
182178
# call root_update_finished when trusted root has expired
183179
expired_datetime = datetime.strptime(
184180
"1970-01-01T00:00:00Z", "%Y-%m-%dT%H:%M:%SZ"
185181
)
186-
trusted_set.root.signed.expires = expired_datetime
182+
self.trusted_set.root.signed.expires = expired_datetime
187183
with self.assertRaises(exceptions.ExpiredMetadataError):
188-
trusted_set.root_update_finished()
184+
self.trusted_set.root_update_finished()
189185

190186
def _sign_modified_obj(
191187
self,
@@ -198,20 +194,19 @@ def _sign_modified_obj(
198194
return signature.to_dict()
199195

200196
def test_update_timestamp(self):
201-
trusted_set = TrustedMetadataSet(self.metadata["root"])
202-
trusted_set.root_update_finished()
203-
trusted_set.update_timestamp(self.metadata["timestamp"])
197+
self.trusted_set.root_update_finished()
198+
self.trusted_set.update_timestamp(self.metadata["timestamp"])
204199
# new_timestamp.version < trusted_timestamp.version
205-
trusted_set.timestamp.signed.version = 2
200+
self.trusted_set.timestamp.signed.version = 2
206201
with self.assertRaises(exceptions.ReplayedMetadataError):
207-
trusted_set.update_timestamp(self.metadata["timestamp"])
208-
trusted_set.timestamp.signed.version = 1
202+
self.trusted_set.update_timestamp(self.metadata["timestamp"])
203+
self.trusted_set.timestamp.signed.version = 1
209204

210205
# new_timestamp.snapshot.version < trusted_timestamp.snapshot.version
211-
trusted_set.timestamp.signed.meta["snapshot.json"].version = 2
206+
self.trusted_set.timestamp.signed.meta["snapshot.json"].version = 2
212207
with self.assertRaises(exceptions.ReplayedMetadataError):
213-
trusted_set.update_timestamp(self.metadata["timestamp"])
214-
trusted_set.timestamp.signed.meta["snapshot.json"].version = 1
208+
self.trusted_set.update_timestamp(self.metadata["timestamp"])
209+
self.trusted_set.timestamp.signed.meta["snapshot.json"].version = 1
215210

216211
# new_timestamp has expired
217212
timestamp = Metadata.from_bytes(self.metadata["timestamp"])
@@ -221,7 +216,7 @@ def test_update_timestamp(self):
221216
self._sign_modified_obj("timestamp", timestamp)
222217
new_timestamp_byte_data = json.dumps(timestamp.to_dict()).encode()
223218
with self.assertRaises(exceptions.ExpiredMetadataError):
224-
trusted_set.update_timestamp(new_timestamp_byte_data)
219+
self.trusted_set.update_timestamp(new_timestamp_byte_data)
225220

226221
def _calculate_modified_hashes(
227222
self, true_hashes,
@@ -237,86 +232,84 @@ def _calculate_modified_hashes(
237232
return modified_hashes
238233

239234
def test_update_snapshot(self):
240-
trusted_set = TrustedMetadataSet(self.metadata["root"])
241-
trusted_set.root_update_finished()
242-
trusted_set.update_timestamp(self.metadata["timestamp"])
235+
self.trusted_set.root_update_finished()
236+
self.trusted_set.update_timestamp(self.metadata["timestamp"])
243237
# new_snapshot data with invalid targets type
244238
invalid_type_data = json.loads(self.metadata["snapshot"])
245239
invalid_type_data["signed"]["_type"] = "targets"
246240
invalid_type_data["signed"]["targets"] = {}
247241
invalid_type_data = json.dumps(invalid_type_data).encode()
248-
timestamp_meta = trusted_set.timestamp.signed.meta["snapshot.json"]
242+
timestamp_meta = self.trusted_set.timestamp.signed.meta["snapshot.json"]
249243
true_hashes = timestamp_meta.hashes or {}
250244
modified_hashes = self._calculate_modified_hashes(
251245
true_hashes, invalid_type_data
252246
)
253-
trusted_set.timestamp.signed.meta["snapshot.json"].hashes = modified_hashes
247+
self.trusted_set.timestamp.signed.meta["snapshot.json"].hashes = modified_hashes
254248

255249
with self.assertRaises(exceptions.RepositoryError):
256-
trusted_set.update_snapshot(invalid_type_data)
257-
trusted_set.timestamp.signed.meta["snapshot.json"].hashes = true_hashes
250+
self.trusted_set.update_snapshot(invalid_type_data)
251+
self.trusted_set.timestamp.signed.meta["snapshot.json"].hashes = true_hashes
258252
# cannot update snapshot after targets update completes or targets != None
259253
targets_obj = Metadata.from_bytes(self.metadata["targets"])
260-
trusted_set._trusted_set["targets"] = targets_obj
254+
self.trusted_set._trusted_set["targets"] = targets_obj
261255
with self.assertRaises(RuntimeError):
262-
trusted_set.update_snapshot(self.metadata["snapshot"])
263-
del trusted_set._trusted_set["targets"]
256+
self.trusted_set.update_snapshot(self.metadata["snapshot"])
257+
del self.trusted_set._trusted_set["targets"]
264258

265259
# Deserialization error - failed to decode the new_snapshot JSON.
266-
timestamp_meta = trusted_set.timestamp.signed.meta["snapshot.json"]
260+
timestamp_meta = self.trusted_set.timestamp.signed.meta["snapshot.json"]
267261
true_hashes = timestamp_meta.hashes or {}
268262

269263
modified_hashes = self._calculate_modified_hashes(
270264
true_hashes, b'{""sig": }'
271265
)
272-
trusted_set.timestamp.signed.meta["snapshot.json"].hashes = modified_hashes
266+
self.trusted_set.timestamp.signed.meta["snapshot.json"].hashes = modified_hashes
273267
with self.assertRaises(exceptions.RepositoryError):
274-
trusted_set.update_snapshot(b'{""sig": }')
275-
trusted_set.timestamp.signed.meta["snapshot.json"].hashes = true_hashes
268+
self.trusted_set.update_snapshot(b'{""sig": }')
269+
self.trusted_set.timestamp.signed.meta["snapshot.json"].hashes = true_hashes
276270

277271
# root data with threshold which cannot be verified for new_snapshot
278-
trusted_set.root.signed.roles["snapshot"].threshold = 2
272+
self.trusted_set.root.signed.roles["snapshot"].threshold = 2
279273
with self.assertRaises(exceptions.UnsignedMetadataError):
280-
trusted_set.update_snapshot(self.metadata["snapshot"])
281-
trusted_set.root.signed.roles["snapshot"].threshold = 1
274+
self.trusted_set.update_snapshot(self.metadata["snapshot"])
275+
self.trusted_set.root.signed.roles["snapshot"].threshold = 1
282276

283277
# new_snapshot.version != trusted timestamp.meta["snapshot"].version
284-
trusted_set.timestamp.signed.meta["snapshot.json"].version = 2
278+
self.trusted_set.timestamp.signed.meta["snapshot.json"].version = 2
285279
with self.assertRaises(exceptions.BadVersionNumberError):
286-
trusted_set.update_snapshot(self.metadata["snapshot"])
287-
trusted_set.timestamp.signed.meta["snapshot.json"].version = 1
280+
self.trusted_set.update_snapshot(self.metadata["snapshot"])
281+
self.trusted_set.timestamp.signed.meta["snapshot.json"].version = 1
288282

289283

290284
def test_update_snapshot_after_succesfull_update(self):
291-
trusted_set = TrustedMetadataSet(self.metadata["root"])
292-
trusted_set.root_update_finished()
293-
trusted_set.update_timestamp(self.metadata["timestamp"])
294-
trusted_set.update_snapshot(self.metadata["snapshot"])
285+
self.trusted_set.root_update_finished()
286+
self.trusted_set.update_timestamp(self.metadata["timestamp"])
287+
self.trusted_set.update_snapshot(self.metadata["snapshot"])
295288

296289
# Test removing a meta_file in new_snapshot compared to the old snapshot
297290
snapshot_obj = Metadata.from_bytes(self.metadata["snapshot"])
298291
snapshot_obj.signed.meta = {}
299292
# prepare timestamp.meta["snapshot"].hashes
300293
self._sign_modified_obj("snapshot", snapshot_obj)
301-
timestamp_meta = trusted_set.timestamp.signed.meta["snapshot.json"]
294+
timestamp_meta = self.trusted_set.timestamp.signed.meta["snapshot.json"]
302295
true_hashes = timestamp_meta.hashes or {}
303296
modified_snapshot_data = json.dumps(snapshot_obj.to_dict()).encode()
304297
modified_hashes = self._calculate_modified_hashes(
305298
true_hashes, modified_snapshot_data
306299
)
307-
trusted_set.timestamp.signed.meta["snapshot.json"].hashes = modified_hashes
300+
self.trusted_set.timestamp.signed.meta["snapshot.json"].hashes = modified_hashes
308301

309302
with self.assertRaises(exceptions.RepositoryError):
310-
trusted_set.update_snapshot(modified_snapshot_data)
311-
trusted_set.timestamp.signed.meta["snapshot.json"].hashes = true_hashes
303+
self.trusted_set.update_snapshot(modified_snapshot_data)
304+
self.trusted_set.timestamp.signed.meta["snapshot.json"].hashes = true_hashes
312305

313306
# snapshot.meta["project1"].version != new_snapshot.meta["project1"].version
314-
for meta_file_path in trusted_set.snapshot.signed.meta.keys():
315-
trusted_set.snapshot.signed.meta[meta_file_path].version = 2
307+
for meta_file_path in self.trusted_set.snapshot.signed.meta.keys():
308+
self.trusted_set.snapshot.signed.meta[meta_file_path].version = 2
316309
with self.assertRaises(exceptions.BadVersionNumberError):
317-
trusted_set.update_snapshot(self.metadata["snapshot"])
318-
for meta_file_path in trusted_set.snapshot.signed.meta.keys():
319-
trusted_set.snapshot.signed.meta[meta_file_path].version = 1
310+
self.trusted_set.update_snapshot(self.metadata["snapshot"])
311+
for meta_file_path in self.trusted_set.snapshot.signed.meta.keys():
312+
self.trusted_set.snapshot.signed.meta[meta_file_path].version = 1
320313

321314
# new_snapshot has expired
322315
snapshot_obj = Metadata.from_bytes(self.metadata["snapshot"])
@@ -328,42 +321,41 @@ def test_update_snapshot_after_succesfull_update(self):
328321
modified_hashes = self._calculate_modified_hashes(
329322
true_hashes, modified_snapshot_data
330323
)
331-
trusted_set.timestamp.signed.meta["snapshot.json"].hashes = modified_hashes
324+
self.trusted_set.timestamp.signed.meta["snapshot.json"].hashes = modified_hashes
332325
with self.assertRaises(exceptions.ExpiredMetadataError):
333-
trusted_set.update_snapshot(modified_snapshot_data)
334-
trusted_set.timestamp.signed.meta["snapshot.json"].hashes = true_hashes
326+
self.trusted_set.update_snapshot(modified_snapshot_data)
327+
self.trusted_set.timestamp.signed.meta["snapshot.json"].hashes = true_hashes
335328

336329
def test_update_targets(self):
337-
trusted_set = TrustedMetadataSet(self.metadata["root"])
338-
trusted_set.root_update_finished()
339-
trusted_set.update_timestamp(self.metadata["timestamp"])
340-
trusted_set.update_snapshot(self.metadata["snapshot"])
330+
self.trusted_set.root_update_finished()
331+
self.trusted_set.update_timestamp(self.metadata["timestamp"])
332+
self.trusted_set.update_snapshot(self.metadata["snapshot"])
341333

342334
# remove meta information with information about targets from snapshot
343-
trusted_set.snapshot.signed.meta = {}
335+
self.trusted_set.snapshot.signed.meta = {}
344336
with self.assertRaises(exceptions.RepositoryError):
345-
trusted_set.update_targets(self.metadata["targets"])
337+
self.trusted_set.update_targets(self.metadata["targets"])
346338
snapshot = Metadata.from_bytes(self.metadata["snapshot"])
347-
trusted_set.snapshot.signed.meta = snapshot.signed.meta
339+
self.trusted_set.snapshot.signed.meta = snapshot.signed.meta
348340

349341
# observed_hash != stored hash in snapshot meta for targets
350342
true_hashes = {}
351-
for target_path, meta_file in trusted_set.snapshot.signed.meta.items():
343+
for target_path, meta_file in self.trusted_set.snapshot.signed.meta.items():
352344
true_hashes[target_path] = meta_file.hashes
353-
trusted_set.snapshot.signed.meta[target_path].hashes = {"sha256": "b"}
345+
self.trusted_set.snapshot.signed.meta[target_path].hashes = {"sha256": "b"}
354346
with self.assertRaises(exceptions.BadHashError):
355-
trusted_set.update_targets(self.metadata["targets"])
347+
self.trusted_set.update_targets(self.metadata["targets"])
356348
# Return to the original hash values
357349
for target_path in true_hashes.keys():
358-
trusted_set.snapshot.signed.meta[target_path].hashes = \
350+
self.trusted_set.snapshot.signed.meta[target_path].hashes = \
359351
true_hashes[target_path]
360352

361353
# new_delegate.signed.version != meta.version stored in snapshot
362-
for target_path in trusted_set.snapshot.signed.meta.keys():
363-
trusted_set.snapshot.signed.meta[target_path].version = 2
354+
for target_path in self.trusted_set.snapshot.signed.meta.keys():
355+
self.trusted_set.snapshot.signed.meta[target_path].version = 2
364356
with self.assertRaises(exceptions.BadVersionNumberError):
365-
trusted_set.update_targets(self.metadata["targets"])
366-
trusted_set.snapshot.signed.meta[target_path].version = 1
357+
self.trusted_set.update_targets(self.metadata["targets"])
358+
self.trusted_set.snapshot.signed.meta[target_path].version = 1
367359

368360
# new_delegate has expired
369361
targets_obj = Metadata.from_bytes(self.metadata["targets"])
@@ -373,7 +365,7 @@ def test_update_targets(self):
373365
self._sign_modified_obj("targets", targets_obj)
374366
modified_targets_data = json.dumps(targets_obj.to_dict()).encode()
375367
with self.assertRaises(exceptions.ExpiredMetadataError):
376-
trusted_set.update_targets(modified_targets_data)
368+
self.trusted_set.update_targets(modified_targets_data)
377369

378370
# TODO test updating over initial metadata (new keys, newer timestamp, etc)
379371

0 commit comments

Comments
 (0)