Update test_repository_lib and test_formats

Modify test cases which use unsigned metadata.
Update test_sign_metadata to check for empty key list.

Signed-off-by: Teodora Sechkova <[email protected]>

Author: sechkova

tests/test_formats.py

@@ -31,13 +31,15 @@
 import unittest
 import datetime
 import sys
+import os
 
 import tuf
 import tuf.formats
 
 import utils
 
 import securesystemslib
+import securesystemslib.util
 import six
 
 
@@ -778,20 +780,10 @@ def test_parse_base64(self):
 
   def test_make_signable(self):
     # Test conditions for expected make_signable() behavior.
-    root = {'_type': 'root',
-            'spec_version': '1.0.0',
-            'version': 8,
-            'consistent_snapshot': False,
-            'expires': '1985-10-21T13:20:00Z',
-            'keys': {'123abc': {'keytype': 'rsa',
-                                'scheme': 'rsassa-pss-sha256',
-                                'keyval': {'public': 'pubkey',
-                                           'private': 'privkey'}}},
-            'roles': {'root': {'keyids': ['123abc'],
-                               'threshold': 1,
-                               'paths': ['path1/', 'path2']}}}
-
     SIGNABLE_SCHEMA = tuf.formats.SIGNABLE_SCHEMA
+    root_file = os.path.join('repository_data', 'repository', 'metadata',
+        'root.json')
+    root = securesystemslib.util.load_json_file(root_file)
     self.assertTrue(SIGNABLE_SCHEMA.matches(tuf.formats.make_signable(root)))
     signable = tuf.formats.make_signable(root)
     self.assertEqual('root', tuf.formats.check_signable_object_format(signable))
@@ -902,19 +894,9 @@ def test_expected_meta_rolename(self):
 
   def test_check_signable_object_format(self):
     # Test condition for a valid argument.
-    root = {'_type': 'root',
-            'spec_version': '1.0.0',
-            'version': 8,
-            'consistent_snapshot': False,
-            'expires': '1985-10-21T13:20:00Z',
-            'keys': {'123abc': {'keytype': 'rsa',
-                                'scheme': 'rsassa-pss-sha256',
-                                'keyval': {'public': 'pubkey',
-                                           'private': 'privkey'}}},
-            'roles': {'root': {'keyids': ['123abc'],
-                               'threshold': 1,
-                               'paths': ['path1/', 'path2']}}}
-
+    root_file = os.path.join('repository_data', 'repository', 'metadata',
+        'root.json')
+    root = securesystemslib.util.load_json_file(root_file)
     root = tuf.formats.make_signable(root)
     self.assertEqual('root', tuf.formats.check_signable_object_format(root))
 

tests/test_repository_lib.py

@@ -885,6 +885,8 @@ def test__generate_and_write_metadata(self):
     # (specifically 'snapshot') and keys to be available in 'tuf.roledb'.
     tuf.roledb.create_roledb_from_root_metadata(root_signable['signed'],
         repository_name)
+    tuf.keydb.create_keydb_from_root_metadata(root_signable['signed'],
+        repository_name)
     temporary_directory = tempfile.mkdtemp(dir=self.temporary_directory)
     targets_directory = os.path.join(temporary_directory, 'targets')
     os.mkdir(targets_directory)
@@ -897,6 +899,14 @@ def test__generate_and_write_metadata(self):
     securesystemslib.util.ensure_parent_dir(obsolete_metadata)
     shutil.copyfile(targets_metadata, obsolete_metadata)
 
+    keystore_path = os.path.join('repository_data', 'keystore')
+    targets_private_keypath = os.path.join(keystore_path, 'targets_key')
+    targets_private_key = repo_lib.import_ed25519_privatekey_from_file(targets_private_keypath,
+        'password')
+    tuf.keydb.remove_key(targets_private_key['keyid'],
+        repository_name=repository_name)
+    tuf.keydb.add_key(targets_private_key, repository_name=repository_name)
+
     # Verify that obsolete metadata (a metadata file exists on disk, but the
     # role is unavailable in 'tuf.roledb').  First add the obsolete
     # role to 'tuf.roledb' so that its metadata file can be written to disk.
@@ -906,6 +916,7 @@ def test__generate_and_write_metadata(self):
       tuf.formats.unix_timestamp_to_datetime(int(time.time() + 86400))
     expiration = expiration.isoformat() + 'Z'
     targets_roleinfo['expires'] = expiration
+    targets_roleinfo['signing_keyids'] = targets_roleinfo['keyids']
     tuf.roledb.add_role('obsolete_role', targets_roleinfo,
         repository_name=repository_name)
 
@@ -1004,14 +1015,24 @@ def test__load_top_level_metadata(self):
     roleinfo['version'] = 1
     tuf.roledb.add_role('role1', roleinfo, repository_name)
 
+    keystore_path = os.path.join('repository_data', 'keystore')
+    root_privkey_path = os.path.join(keystore_path, 'root_key')
+    targets_privkey_path = os.path.join(keystore_path, 'targets_key')
+    snapshot_privkey_path = os.path.join(keystore_path, 'snapshot_key')
+    timestamp_privkey_path = os.path.join(keystore_path, 'timestamp_key')
+
+    repository.root.load_signing_key(repo_lib.import_rsa_privatekey_from_file(root_privkey_path, 'password'))
+    repository.targets.load_signing_key(repo_lib.import_ed25519_privatekey_from_file(targets_privkey_path, 'password'))
+    repository.snapshot.load_signing_key(repo_lib.import_ed25519_privatekey_from_file(snapshot_privkey_path, 'password'))
+    repository.timestamp.load_signing_key(repo_lib.import_ed25519_privatekey_from_file(timestamp_privkey_path, 'password'))
 
     # Partially write all top-level roles (we increase the threshold of each
     # top-level role so that they are flagged as partially written.
     repository.root.threshold = repository.root.threshold + 1
     repository.snapshot.threshold = repository.snapshot.threshold + 1
     repository.targets.threshold = repository.targets.threshold + 1
     repository.timestamp.threshold = repository.timestamp.threshold + 1
-    repository.write('root', )
+    repository.write('root')
     repository.write('snapshot')
     repository.write('targets')
     repository.write('timestamp')