Skip to content

Add optional feature to verify the chain of trust from bootstrap trusted root metadata to trusted root metadata #1214

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 4 commits into from
Closed

Add optional feature to verify the chain of trust from bootstrap trusted root metadata to trusted root metadata #1214

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
15677d2
Refactor _get_metadata_file() from updater.py
MVrachev Nov 10, 2020
99f6c9c
Tests for new validation functions in updater.py
MVrachev Nov 10, 2020
7393e04
Add a chain of root trust
MVrachev Nov 17, 2020
e21a885
Add tests for the "chain of root trust" feature
MVrachev Nov 17, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
87 changes: 87 additions & 0 deletions tests/repository_data/repository/metadata/root_sequence/1.root.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
{
"signatures": [
{
"keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb",
"sig": "a337d6375fedd2eabfcd6c2ef6c8a9c3bb85dc5a857715f6a6bd41123e7670c4972d8548bcd7248154f3d864bf25f1823af59d74c459f41ea09a02db057ca1245612ebbdb97e782c501dc3e094f7fa8aa1402b03c6ed0635f565e2a26f9f543a89237e15a2faf0c267e2b34c3c38f2a43a28ddcdaf8308a12ead8c6dc47d1b762de313e9ddda8cc5bc25aea1b69d0e5b9199ca02f5dda48c3bff615fd12a7136d00634b9abc6e75c3256106c4d6f12e6c43f6195071355b2857bbe377ce028619b58837696b805040ce144b393d50a472531f430fadfb68d3081b6a8b5e49337e328c9a0a3f11e80b0bc8eb2dc6e78d1451dd857e6e6e6363c3fd14c590aa95e083c9bfc77724d78af86eb7a7ef635eeddaa353030c79f66b3ba9ea11fab456cfe896a826fdfb50a43cd444f762821aada9bcd7b022c0ee85b8768f960343d5a1d3d76374cc0ac9e12a500de0bf5d48569e5398cadadadab045931c398e3bcb6cec88af2437ba91959f956079cbed159fed3938016e6c3b5e446131f81cc5981"
}
],
"signed": {
"_type": "root",
"consistent_snapshot": false,
"expires": "2030-01-01T00:00:00Z",
"keys": {
"4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "rsa",
"keyval": {
"public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0GjPoVrjS9eCqzoQ8VRe\nPkC0cI6ktiEgqPfHESFzyxyjC490Cuy19nuxPcJuZfN64MC48oOkR+W2mq4pM51i\nxmdG5xjvNOBRkJ5wUCc8fDCltMUTBlqt9y5eLsf/4/EoBU+zC4SW1iPU++mCsity\nfQQ7U6LOn3EYCyrkH51hZ/dvKC4o9TPYMVxNecJ3CL1q02Q145JlyjBTuM3Xdqsa\nndTHoXSRPmmzgB/1dL/c4QjMnCowrKW06mFLq9RAYGIaJWfM/0CbrOJpVDkATmEc\nMdpGJYDfW/sRQvRdlHNPo24ZW7vkQUCqdRxvnTWkK5U81y7RtjLt1yskbWXBIbOV\nz94GXsgyzANyCT9qRjHXDDz2mkLq+9I2iKtEqaEePcWRu3H6RLahpM/TxFzw684Y\nR47weXdDecPNxWyiWiyMGStRFP4Cg9trcwAGnEm1w8R2ggmWphznCd5dXGhPNjfA\na82yNFY8ubnOUVJOf0nXGg3Edw9iY3xyjJb2+nrsk5f3AgMBAAE=\n-----END PUBLIC KEY-----"
},
"scheme": "rsassa-pss-sha256"
},
"59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "ed25519",
"keyval": {
"public": "edcd0a32a07dce33f7c7873aaffbff36d20ea30787574ead335eefd337e4dacd"
},
"scheme": "ed25519"
},
"65171251a9aff5a8b3143a813481cb07f6e0de4eb197c767837fe4491b739093": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "ed25519",
"keyval": {
"public": "89f28bd4ede5ec3786ab923fd154f39588d20881903e69c7b08fb504c6750815"
},
"scheme": "ed25519"
},
"8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "ed25519",
"keyval": {
"public": "82ccf6ac47298ff43bfa0cd639868894e305a99c723ff0515ae2e9856eb5bbf4"
},
"scheme": "ed25519"
}
},
"roles": {
"root": {
"keyids": [
"4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb"
],
"threshold": 1
},
"snapshot": {
"keyids": [
"59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d"
],
"threshold": 1
},
"targets": {
"keyids": [
"65171251a9aff5a8b3143a813481cb07f6e0de4eb197c767837fe4491b739093"
],
"threshold": 1
},
"timestamp": {
"keyids": [
"8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758"
],
"threshold": 1
}
},
"spec_version": "1.0.0",
"version": 1
}
}
87 changes: 87 additions & 0 deletions tests/repository_data/repository/metadata/root_sequence/2.root.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
{
"signatures": [
{
"keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb",
"sig": "932485fe7318ab48317dde790ef6cb22cce3e44525b1e8e06a5f8e2c61ec2517ae745993df97c2dfe0024a61bb762e0f5405b2125f49005ea17596706957bf504582f3abf5187662c27fb475aaedcfa84eea31709ec325e17023a66bd6cc5ec32b5f669d677516804dbbf9f8599f166f2699af8f2b6ba1f21bf3ddbbfefa5e16266c5b6ef9d4d72926d5a7cf35b8da1fba4bc057df32127d7058254f6c45f5ca2fb6486c1737d0bc9d698e8f00edb9ed5b2abcc091c9909f61cedc69dca4df4a3ba6e2b8958725eac519c486dfe1dde4928d47cf826ee0065a2169ad4d511b11c6c454b73165e6f1ad904f445a6e9c3e502a0d785b34c4ad52a99733a81ab80664618cd500ee87832e5185b2f08c278603a5d56114cfdc9a6e171df73b8f074745d97851ee0a55be11265b9480aa830583ca3cfed70bf6371976fbc48d77bcef40f2a6aacdc3c4b9fabace5835a85904e921eb1a5cae4f2409e3b15f693497cbd1a82c6cd3fc6d22c159e3af0e742d4da417dd54347ec189eede78e08664beb1"
}
],
"signed": {
"_type": "root",
"consistent_snapshot": false,
"expires": "2030-01-01T00:00:00Z",
"keys": {
"4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "rsa",
"keyval": {
"public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0GjPoVrjS9eCqzoQ8VRe\nPkC0cI6ktiEgqPfHESFzyxyjC490Cuy19nuxPcJuZfN64MC48oOkR+W2mq4pM51i\nxmdG5xjvNOBRkJ5wUCc8fDCltMUTBlqt9y5eLsf/4/EoBU+zC4SW1iPU++mCsity\nfQQ7U6LOn3EYCyrkH51hZ/dvKC4o9TPYMVxNecJ3CL1q02Q145JlyjBTuM3Xdqsa\nndTHoXSRPmmzgB/1dL/c4QjMnCowrKW06mFLq9RAYGIaJWfM/0CbrOJpVDkATmEc\nMdpGJYDfW/sRQvRdlHNPo24ZW7vkQUCqdRxvnTWkK5U81y7RtjLt1yskbWXBIbOV\nz94GXsgyzANyCT9qRjHXDDz2mkLq+9I2iKtEqaEePcWRu3H6RLahpM/TxFzw684Y\nR47weXdDecPNxWyiWiyMGStRFP4Cg9trcwAGnEm1w8R2ggmWphznCd5dXGhPNjfA\na82yNFY8ubnOUVJOf0nXGg3Edw9iY3xyjJb2+nrsk5f3AgMBAAE=\n-----END PUBLIC KEY-----"
},
"scheme": "rsassa-pss-sha256"
},
"59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "ed25519",
"keyval": {
"public": "edcd0a32a07dce33f7c7873aaffbff36d20ea30787574ead335eefd337e4dacd"
},
"scheme": "ed25519"
},
"65171251a9aff5a8b3143a813481cb07f6e0de4eb197c767837fe4491b739093": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "ed25519",
"keyval": {
"public": "89f28bd4ede5ec3786ab923fd154f39588d20881903e69c7b08fb504c6750815"
},
"scheme": "ed25519"
},
"8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "ed25519",
"keyval": {
"public": "82ccf6ac47298ff43bfa0cd639868894e305a99c723ff0515ae2e9856eb5bbf4"
},
"scheme": "ed25519"
}
},
"roles": {
"root": {
"keyids": [
"4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb"
],
"threshold": 1
},
"snapshot": {
"keyids": [
"59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d"
],
"threshold": 1
},
"targets": {
"keyids": [
"65171251a9aff5a8b3143a813481cb07f6e0de4eb197c767837fe4491b739093"
],
"threshold": 1
},
"timestamp": {
"keyids": [
"8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758"
],
"threshold": 1
}
},
"spec_version": "1.0.0",
"version": 2
}
}
87 changes: 87 additions & 0 deletions tests/repository_data/repository/metadata/root_sequence/3.root.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
{
"signatures": [
{
"keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb",
"sig": "bc0c34f49f4c6fa7a0c5f5760ef55b1b16c768701189d3376843657f339c39bb587d2d48d6a1d6c973dfcaf4a53e2fad6fc0a74147527662856aac738c2c2ecbe8794d0ed175bea94546c563957274e07a07fc5c11e0b193a711dd6ee9f7f288aca720194137b99acf145a2e5ab4daf8fb0e575098c09614a9a4ea500c20f31ab062e4c622578d82a4f874dbb9ca8a39314a575883adbd6a8cf548754fc720b3353d835af525c887335480edf84b6c9210438f97140432dfe099a9a6b5ab4e134c13979f74b9c38899aa5e9624b040a3a96a1298b2ef8c75996e7ce5ffefb9396bd8be90deb4ad0508af8806212b8316161c44d6f117b98506d73116399a278075b3271e106ba7854dc5ef759f3b7823e3b015f72a65cbab22ec818cf7f784cbaffdbeecc6c0e1e6f5c5b8dd60fb10e2760208ba6786ddb685b26fa505ab5ce58df00cfb4aa5db9e96cd964c80ebc59c3be9f6cc0e24a79288918ff1c4527db724c35170df416d385008ac67b452bda49b04530a5aebbcecd8a7e0f550f2d436"
}
],
"signed": {
"_type": "root",
"consistent_snapshot": false,
"expires": "2030-01-01T00:00:00Z",
"keys": {
"4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "rsa",
"keyval": {
"public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0GjPoVrjS9eCqzoQ8VRe\nPkC0cI6ktiEgqPfHESFzyxyjC490Cuy19nuxPcJuZfN64MC48oOkR+W2mq4pM51i\nxmdG5xjvNOBRkJ5wUCc8fDCltMUTBlqt9y5eLsf/4/EoBU+zC4SW1iPU++mCsity\nfQQ7U6LOn3EYCyrkH51hZ/dvKC4o9TPYMVxNecJ3CL1q02Q145JlyjBTuM3Xdqsa\nndTHoXSRPmmzgB/1dL/c4QjMnCowrKW06mFLq9RAYGIaJWfM/0CbrOJpVDkATmEc\nMdpGJYDfW/sRQvRdlHNPo24ZW7vkQUCqdRxvnTWkK5U81y7RtjLt1yskbWXBIbOV\nz94GXsgyzANyCT9qRjHXDDz2mkLq+9I2iKtEqaEePcWRu3H6RLahpM/TxFzw684Y\nR47weXdDecPNxWyiWiyMGStRFP4Cg9trcwAGnEm1w8R2ggmWphznCd5dXGhPNjfA\na82yNFY8ubnOUVJOf0nXGg3Edw9iY3xyjJb2+nrsk5f3AgMBAAE=\n-----END PUBLIC KEY-----"
},
"scheme": "rsassa-pss-sha256"
},
"59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "ed25519",
"keyval": {
"public": "edcd0a32a07dce33f7c7873aaffbff36d20ea30787574ead335eefd337e4dacd"
},
"scheme": "ed25519"
},
"65171251a9aff5a8b3143a813481cb07f6e0de4eb197c767837fe4491b739093": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "ed25519",
"keyval": {
"public": "89f28bd4ede5ec3786ab923fd154f39588d20881903e69c7b08fb504c6750815"
},
"scheme": "ed25519"
},
"8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "ed25519",
"keyval": {
"public": "82ccf6ac47298ff43bfa0cd639868894e305a99c723ff0515ae2e9856eb5bbf4"
},
"scheme": "ed25519"
}
},
"roles": {
"root": {
"keyids": [
"4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb"
],
"threshold": 1
},
"snapshot": {
"keyids": [
"59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d"
],
"threshold": 1
},
"targets": {
"keyids": [
"65171251a9aff5a8b3143a813481cb07f6e0de4eb197c767837fe4491b739093"
],
"threshold": 1
},
"timestamp": {
"keyids": [
"8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758"
],
"threshold": 1
}
},
"spec_version": "1.0.0",
"version": 3
}
}
87 changes: 87 additions & 0 deletions tests/repository_data/repository/metadata/root_sequence/4.root.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
{
"signatures": [
{
"keyid": "4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb",
"sig": "3e7d8139549f3ceb25d9eebc870df1eaf47114b098aa1f3e916a9a173278e2ba5e400e228fc6aedb6f346cbdb29ce4246869bc146863bb223d95a3fcc4fe6793ef851ee8d50458b286c1b1b95868e08cd6f5be4b588b6fc45ffc22971326ff47b7a7d32ad42f19ed31e127e3c6f1f477acc29711f68ba774c05aeb436539148e3d5a022234f21d397dccccc336edda1cf36c40101e17509fd655f83a704b0afbf851c56db717965148943684894d0908faf427e800c8e88b0dc7eaa956cd0ca4bd047d4b6e09edc66fd090f520bd56abd14ffc6e0a101d0febb8ce84a9d621bb84a816b2a0f9b0544ba9bdd91e96f314397966624dfe2e2dbb26ff3693c782ea5b81df7868a81db12cf0e968e61096fc1e66ad4b0a9552ce2e16d837da7f69d488bee291520c135d9d22eb3d4b0936a9a7fd2f87dce632b8368a2fdf79308c01085ac97abe7dc57b5d65d05529fb780d9cf3784583acc6aa72b3fa308dff9da1314747cd09be78f43014c8fd2efbd0916daa81f012224c4b80e6adfcea1cf9ef"
}
],
"signed": {
"_type": "root",
"consistent_snapshot": false,
"expires": "2030-01-01T00:00:00Z",
"keys": {
"4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "rsa",
"keyval": {
"public": "-----BEGIN PUBLIC KEY-----\nMIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA0GjPoVrjS9eCqzoQ8VRe\nPkC0cI6ktiEgqPfHESFzyxyjC490Cuy19nuxPcJuZfN64MC48oOkR+W2mq4pM51i\nxmdG5xjvNOBRkJ5wUCc8fDCltMUTBlqt9y5eLsf/4/EoBU+zC4SW1iPU++mCsity\nfQQ7U6LOn3EYCyrkH51hZ/dvKC4o9TPYMVxNecJ3CL1q02Q145JlyjBTuM3Xdqsa\nndTHoXSRPmmzgB/1dL/c4QjMnCowrKW06mFLq9RAYGIaJWfM/0CbrOJpVDkATmEc\nMdpGJYDfW/sRQvRdlHNPo24ZW7vkQUCqdRxvnTWkK5U81y7RtjLt1yskbWXBIbOV\nz94GXsgyzANyCT9qRjHXDDz2mkLq+9I2iKtEqaEePcWRu3H6RLahpM/TxFzw684Y\nR47weXdDecPNxWyiWiyMGStRFP4Cg9trcwAGnEm1w8R2ggmWphznCd5dXGhPNjfA\na82yNFY8ubnOUVJOf0nXGg3Edw9iY3xyjJb2+nrsk5f3AgMBAAE=\n-----END PUBLIC KEY-----"
},
"scheme": "rsassa-pss-sha256"
},
"59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "ed25519",
"keyval": {
"public": "edcd0a32a07dce33f7c7873aaffbff36d20ea30787574ead335eefd337e4dacd"
},
"scheme": "ed25519"
},
"65171251a9aff5a8b3143a813481cb07f6e0de4eb197c767837fe4491b739093": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "ed25519",
"keyval": {
"public": "89f28bd4ede5ec3786ab923fd154f39588d20881903e69c7b08fb504c6750815"
},
"scheme": "ed25519"
},
"8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758": {
"keyid_hash_algorithms": [
"sha256",
"sha512"
],
"keytype": "ed25519",
"keyval": {
"public": "82ccf6ac47298ff43bfa0cd639868894e305a99c723ff0515ae2e9856eb5bbf4"
},
"scheme": "ed25519"
}
},
"roles": {
"root": {
"keyids": [
"4e777de0d275f9d28588dd9a1606cc748e548f9e22b6795b7cb3f63f98035fcb"
],
"threshold": 1
},
"snapshot": {
"keyids": [
"59a4df8af818e9ed7abe0764c0b47b4240952aa0d179b5b78346c470ac30278d"
],
"threshold": 1
},
"targets": {
"keyids": [
"65171251a9aff5a8b3143a813481cb07f6e0de4eb197c767837fe4491b739093"
],
"threshold": 1
},
"timestamp": {
"keyids": [
"8a1c4a3ac2d515dec982ba9910c5fd79b91ae57f625b9cff25d06bf0a61c1758"
],
"threshold": 1
}
},
"spec_version": "1.0.0",
"version": 4
}
}
Loading