|
| 1 | +#!/usr/bin/env python |
| 2 | + |
| 3 | +# Copyright 2021, New York University and the TUF contributors |
| 4 | +# SPDX-License-Identifier: MIT OR Apache-2.0 |
| 5 | + |
| 6 | +"""Test Updater class |
| 7 | +""" |
| 8 | + |
| 9 | +import os |
| 10 | +import time |
| 11 | +import shutil |
| 12 | +import copy |
| 13 | +import tempfile |
| 14 | +import logging |
| 15 | +import errno |
| 16 | +import sys |
| 17 | +import unittest |
| 18 | +import json |
| 19 | +import tracemalloc |
| 20 | + |
| 21 | +if sys.version_info >= (3, 3): |
| 22 | + import unittest.mock as mock |
| 23 | +else: |
| 24 | + import mock |
| 25 | + |
| 26 | +import tuf |
| 27 | +import tuf.exceptions |
| 28 | +import tuf.log |
| 29 | +import tuf.repository_tool as repo_tool |
| 30 | +import tuf.unittest_toolbox as unittest_toolbox |
| 31 | +import tuf.client_rework.updater_rework as updater |
| 32 | + |
| 33 | +from tests import utils |
| 34 | +from tuf.api import metadata |
| 35 | + |
| 36 | +import securesystemslib |
| 37 | + |
| 38 | +logger = logging.getLogger(__name__) |
| 39 | + |
| 40 | + |
| 41 | +class TestUpdater(unittest_toolbox.Modified_TestCase): |
| 42 | + |
| 43 | + @classmethod |
| 44 | + def setUpClass(cls): |
| 45 | + # Create a temporary directory to store the repository, metadata, and target |
| 46 | + # files. 'temporary_directory' must be deleted in TearDownModule() so that |
| 47 | + # temporary files are always removed, even when exceptions occur. |
| 48 | + cls.temporary_directory = tempfile.mkdtemp(dir=os.getcwd()) |
| 49 | + |
| 50 | + # Needed because in some tests simple_server.py cannot be found. |
| 51 | + # The reason is that the current working directory |
| 52 | + # has been changed when executing a subprocess. |
| 53 | + cls.SIMPLE_SERVER_PATH = os.path.join(os.getcwd(), 'simple_server.py') |
| 54 | + |
| 55 | + # Launch a SimpleHTTPServer (serves files in the current directory). |
| 56 | + # Test cases will request metadata and target files that have been |
| 57 | + # pre-generated in 'tuf/tests/repository_data', which will be served |
| 58 | + # by the SimpleHTTPServer launched here. The test cases of 'test_updater.py' |
| 59 | + # assume the pre-generated metadata files have a specific structure, such |
| 60 | + # as a delegated role 'targets/role1', three target files, five key files, |
| 61 | + # etc. |
| 62 | + cls.server_process_handler = utils.TestServerProcess(log=logger, |
| 63 | + server=cls.SIMPLE_SERVER_PATH) |
| 64 | + |
| 65 | + |
| 66 | + |
| 67 | + @classmethod |
| 68 | + def tearDownClass(cls): |
| 69 | + # Cleans the resources and flush the logged lines (if any). |
| 70 | + cls.server_process_handler.clean() |
| 71 | + |
| 72 | + # Remove the temporary repository directory, which should contain all the |
| 73 | + # metadata, targets, and key files generated for the test cases |
| 74 | + shutil.rmtree(cls.temporary_directory) |
| 75 | + |
| 76 | + |
| 77 | + |
| 78 | + def setUp(self): |
| 79 | + # We are inheriting from custom class. |
| 80 | + unittest_toolbox.Modified_TestCase.setUp(self) |
| 81 | + |
| 82 | + self.repository_name = 'test_repository1' |
| 83 | + |
| 84 | + # Copy the original repository files provided in the test folder so that |
| 85 | + # any modifications made to repository files are restricted to the copies. |
| 86 | + # The 'repository_data' directory is expected to exist in 'tuf.tests/'. |
| 87 | + original_repository_files = os.path.join(os.getcwd(), 'repository_data') |
| 88 | + temporary_repository_root = \ |
| 89 | + self.make_temp_directory(directory=self.temporary_directory) |
| 90 | + |
| 91 | + # The original repository, keystore, and client directories will be copied |
| 92 | + # for each test case. |
| 93 | + original_repository = os.path.join(original_repository_files, 'repository') |
| 94 | + original_keystore = os.path.join(original_repository_files, 'keystore') |
| 95 | + original_client = os.path.join(original_repository_files, 'client') |
| 96 | + |
| 97 | + # Save references to the often-needed client repository directories. |
| 98 | + # Test cases need these references to access metadata and target files. |
| 99 | + self.repository_directory = \ |
| 100 | + os.path.join(temporary_repository_root, 'repository') |
| 101 | + self.keystore_directory = \ |
| 102 | + os.path.join(temporary_repository_root, 'keystore') |
| 103 | + |
| 104 | + self.client_directory = os.path.join(temporary_repository_root, |
| 105 | + 'client') |
| 106 | + self.client_metadata = os.path.join(self.client_directory, |
| 107 | + self.repository_name, 'metadata') |
| 108 | + self.client_metadata_current = os.path.join(self.client_metadata, |
| 109 | + 'current') |
| 110 | + |
| 111 | + # Copy the original 'repository', 'client', and 'keystore' directories |
| 112 | + # to the temporary repository the test cases can use. |
| 113 | + shutil.copytree(original_repository, self.repository_directory) |
| 114 | + shutil.copytree(original_client, self.client_directory) |
| 115 | + shutil.copytree(original_keystore, self.keystore_directory) |
| 116 | + |
| 117 | + # 'path/to/tmp/repository' -> 'localhost:8001/tmp/repository'. |
| 118 | + repository_basepath = self.repository_directory[len(os.getcwd()):] |
| 119 | + url_prefix = 'http://' + utils.TEST_HOST_ADDRESS + ':' \ |
| 120 | + + str(self.server_process_handler.port) + repository_basepath |
| 121 | + |
| 122 | + # Setting 'tuf.settings.repository_directory' with the temporary client |
| 123 | + # directory copied from the original repository files. |
| 124 | + tuf.settings.repositories_directory = self.client_directory |
| 125 | + |
| 126 | + self.repository_mirrors = {'mirror1': {'url_prefix': url_prefix, |
| 127 | + 'metadata_path': 'metadata', |
| 128 | + 'targets_path': 'targets'}} |
| 129 | + |
| 130 | + # Creating a repository instance. The test cases will use this client |
| 131 | + # updater to refresh metadata, fetch target files, etc. |
| 132 | + self.repository_updater = updater.Updater(self.repository_name, |
| 133 | + self.repository_mirrors) |
| 134 | + |
| 135 | + # Metadata role keys are needed by the test cases to make changes to the |
| 136 | + # repository (e.g., adding a new target file to 'targets.json' and then |
| 137 | + # requesting a refresh()). |
| 138 | + self.role_keys = _load_role_keys(self.keystore_directory) |
| 139 | + |
| 140 | + |
| 141 | + |
| 142 | + def tearDown(self): |
| 143 | + # We are inheriting from custom class. |
| 144 | + unittest_toolbox.Modified_TestCase.tearDown(self) |
| 145 | + |
| 146 | + # Logs stdout and stderr from the sever subprocess. |
| 147 | + self.server_process_handler.flush_log() |
| 148 | + |
| 149 | + |
| 150 | + |
| 151 | + # UNIT TESTS. |
| 152 | + def test_refresh(self): |
| 153 | + |
| 154 | + self.repository_updater.refresh() |
| 155 | + |
| 156 | + for role in ['root', 'timestamp', 'snapshot', 'targets']: |
| 157 | + metadata_obj = metadata.Metadata.from_file(os.path.join( |
| 158 | + self.client_metadata_current, role + '.json')) |
| 159 | + |
| 160 | + metadata_obj_2 = metadata.Metadata.from_file(os.path.join( |
| 161 | + self.repository_directory, 'metadata', role + '.json')) |
| 162 | + |
| 163 | + |
| 164 | + self.assertDictEqual(metadata_obj.to_dict(), |
| 165 | + metadata_obj_2.to_dict()) |
| 166 | + |
| 167 | + # Get targetinfo for 'file1.txt' listed in targets |
| 168 | + targetinfo1 = self.repository_updater.get_one_valid_targetinfo('file1.txt') |
| 169 | + # Get targetinfo for 'file3.txt' listed in the delegated role1 |
| 170 | + targetinfo3= self.repository_updater.get_one_valid_targetinfo('file3.txt') |
| 171 | + |
| 172 | + destination_directory = self.make_temp_directory() |
| 173 | + updated_targets = self.repository_updater.updated_targets([targetinfo1, targetinfo3], |
| 174 | + destination_directory) |
| 175 | + |
| 176 | + self.assertListEqual(updated_targets, [targetinfo1, targetinfo3]) |
| 177 | + |
| 178 | + self.repository_updater.download_target(targetinfo1, destination_directory) |
| 179 | + updated_targets = self.repository_updater.updated_targets(updated_targets, |
| 180 | + destination_directory) |
| 181 | + |
| 182 | + self.assertListEqual(updated_targets, [targetinfo3]) |
| 183 | + |
| 184 | + |
| 185 | + self.repository_updater.download_target(targetinfo3, destination_directory) |
| 186 | + updated_targets = self.repository_updater.updated_targets(updated_targets, |
| 187 | + destination_directory) |
| 188 | + |
| 189 | + self.assertListEqual(updated_targets, []) |
| 190 | + |
| 191 | + |
| 192 | +def _load_role_keys(keystore_directory): |
| 193 | + |
| 194 | + # Populating 'self.role_keys' by importing the required public and private |
| 195 | + # keys of 'tuf/tests/repository_data/'. The role keys are needed when |
| 196 | + # modifying the remote repository used by the test cases in this unit test. |
| 197 | + |
| 198 | + # The pre-generated key files in 'repository_data/keystore' are all encrypted with |
| 199 | + # a 'password' passphrase. |
| 200 | + EXPECTED_KEYFILE_PASSWORD = 'password' |
| 201 | + |
| 202 | + # Store and return the cryptography keys of the top-level roles, including 1 |
| 203 | + # delegated role. |
| 204 | + role_keys = {} |
| 205 | + |
| 206 | + root_key_file = os.path.join(keystore_directory, 'root_key') |
| 207 | + targets_key_file = os.path.join(keystore_directory, 'targets_key') |
| 208 | + snapshot_key_file = os.path.join(keystore_directory, 'snapshot_key') |
| 209 | + timestamp_key_file = os.path.join(keystore_directory, 'timestamp_key') |
| 210 | + delegation_key_file = os.path.join(keystore_directory, 'delegation_key') |
| 211 | + |
| 212 | + role_keys = {'root': {}, 'targets': {}, 'snapshot': {}, 'timestamp': {}, |
| 213 | + 'role1': {}} |
| 214 | + |
| 215 | + # Import the top-level and delegated role public keys. |
| 216 | + role_keys['root']['public'] = \ |
| 217 | + repo_tool.import_rsa_publickey_from_file(root_key_file+'.pub') |
| 218 | + role_keys['targets']['public'] = \ |
| 219 | + repo_tool.import_ed25519_publickey_from_file(targets_key_file+'.pub') |
| 220 | + role_keys['snapshot']['public'] = \ |
| 221 | + repo_tool.import_ed25519_publickey_from_file(snapshot_key_file+'.pub') |
| 222 | + role_keys['timestamp']['public'] = \ |
| 223 | + repo_tool.import_ed25519_publickey_from_file(timestamp_key_file+'.pub') |
| 224 | + role_keys['role1']['public'] = \ |
| 225 | + repo_tool.import_ed25519_publickey_from_file(delegation_key_file+'.pub') |
| 226 | + |
| 227 | + # Import the private keys of the top-level and delegated roles. |
| 228 | + role_keys['root']['private'] = \ |
| 229 | + repo_tool.import_rsa_privatekey_from_file(root_key_file, |
| 230 | + EXPECTED_KEYFILE_PASSWORD) |
| 231 | + role_keys['targets']['private'] = \ |
| 232 | + repo_tool.import_ed25519_privatekey_from_file(targets_key_file, |
| 233 | + EXPECTED_KEYFILE_PASSWORD) |
| 234 | + role_keys['snapshot']['private'] = \ |
| 235 | + repo_tool.import_ed25519_privatekey_from_file(snapshot_key_file, |
| 236 | + EXPECTED_KEYFILE_PASSWORD) |
| 237 | + role_keys['timestamp']['private'] = \ |
| 238 | + repo_tool.import_ed25519_privatekey_from_file(timestamp_key_file, |
| 239 | + EXPECTED_KEYFILE_PASSWORD) |
| 240 | + role_keys['role1']['private'] = \ |
| 241 | + repo_tool.import_ed25519_privatekey_from_file(delegation_key_file, |
| 242 | + EXPECTED_KEYFILE_PASSWORD) |
| 243 | + |
| 244 | + return role_keys |
| 245 | + |
| 246 | +if __name__ == '__main__': |
| 247 | + utils.configure_test_logging(sys.argv) |
| 248 | + unittest.main() |
0 commit comments