Temp script to compare against old fixtures: work in progress

build-all.py

@@ -5,3 +5,16 @@
     threshold_two,
     threshold_two_attack
 )
+from unittest import mock
+
+
+@mock.patch('time.time', mock.MagicMock(return_value=1577836800))
+def build():
+    simple.build()
+    rollback.build()
+    delegated.build()
+    threshold_two.build()
+    threshold_two_attack.build()
+
+
+build()

builder.py

@@ -13,7 +13,6 @@
 
 class FixtureBuilder:
 
-    @mock.patch('time.time', mock.MagicMock(return_value=1577836800))
 
     def __init__(self, name):
         self.dir = os.path.join(os.path.dirname(__file__), 'fixtures', name)
@@ -40,6 +39,9 @@ def __init__(self, name):
         self.add_key('targets')
         self.add_key('snapshot')
         self.add_key('timestamp')
+        # @todo Do we really need to write when we add initial roles?
+        #   we are doing this now just to match the previous fixtures from php-tuf library
+        self.repository.writeall(consistent_snapshot=True)
 
         self.repository.status()
 
@@ -103,7 +105,11 @@ def invalidate(self):
 
     def add_target(self, filename, signing_role='targets'):
         """Adds an existing target file and signs it."""
-        self._role(signing_role).add_targets([filename])
+        # @todo Just effin' use add_target, or add_targets, regardless of role.
+        if signing_role is 'targets':
+            self._role(signing_role).add_targets([filename])
+        else:
+            self._role(signing_role).add_target(filename)
         self.repository.mark_dirty(['snapshot', 'targets', 'timestamp', signing_role])
 
         return self

fixtures/delegated/__init__.py

@@ -1,16 +1,18 @@
 from builder import FixtureBuilder
 
-FixtureBuilder('delegated')\
-    .create_target('testtarget.txt')\
-    .publish()\
-    .delegate('unclaimed', ['level_1_*.txt'])\
-    .create_target('level_1_target.txt', signing_role='unclaimed')\
-    .publish(with_client=True)\
-    .add_key('targets')\
-    .add_key('snapshot')\
-    .invalidate()\
-    .publish()\
-    .revoke_key('targets')\
-    .revoke_key('snapshot')\
-    .invalidate()\
-    .publish()
+
+def build():
+    FixtureBuilder('delegated')\
+        .create_target('testtarget.txt')\
+        .publish()\
+        .delegate('unclaimed', ['level_1_*.txt'])\
+        .create_target('level_1_target.txt', signing_role='unclaimed')\
+        .publish(with_client=True)\
+        .add_key('targets')\
+        .add_key('snapshot')\
+        .invalidate()\
+        .publish()\
+        .revoke_key('targets')\
+        .revoke_key('snapshot')\
+        .invalidate()\
+        .publish()

fixtures/rollback/__init__.py

@@ -7,17 +7,19 @@
 import os
 import shutil
 
-# Create a simple, valid fixture with a single target file.
-fixture = FixtureBuilder('rollback').create_target('testtarget.txt').publish()
 
-# Back up the server-side metadata.
-server_dir = os.path.join(fixture.dir, 'server')
-backup_dir = server_dir + '_backup'
-shutil.copytree(server_dir, backup_dir, dirs_exist_ok=True)
+def build():
+    # Create a simple, valid fixture with a single target file.
+    fixture = FixtureBuilder('rollback').create_target('testtarget.txt').publish()
 
-# Add a new target, updating the server-side metadata.
-fixture.create_target('testtarget2.txt').publish(with_client=True)
+    # Back up the server-side metadata.
+    server_dir = os.path.join(fixture.dir, 'server')
+    backup_dir = server_dir + '_backup'
+    shutil.copytree(server_dir, backup_dir, dirs_exist_ok=True)
 
-# Revert the server-side metadata to its previous state, simulating a rollback attack.
-shutil.rmtree(server_dir + '/')
-os.rename(backup_dir, server_dir)
+    # Add a new target, updating the server-side metadata.
+    fixture.create_target('testtarget2.txt').publish(with_client=True)
+
+    # Revert the server-side metadata to its previous state, simulating a rollback attack.
+    shutil.rmtree(server_dir + '/')
+    os.rename(backup_dir, server_dir)

fixtures/simple/__init__.py

@@ -4,4 +4,6 @@
 
 from builder import FixtureBuilder
 
-FixtureBuilder('simple').create_target('testtarget.txt').publish()
+
+def build():
+    FixtureBuilder('simple').create_target('testtarget.txt').publish(with_client=True)

fixtures/threshold_two/__init__.py

@@ -1,10 +1,10 @@
 from builder import FixtureBuilder
 
-fixture = FixtureBuilder('threshold_two')\
-    .create_target('testtarget.txt')\
-    .publish()\
-    .add_key('timestamp')
 
-fixture._role('timestamp').threshold = 2
-fixture.repository.mark_dirty(['timestamp'])
-fixture.publish(with_client=True)
+def build():
+    fixture = FixtureBuilder('threshold_two')\
+        .add_key('timestamp')
+
+    fixture._role('timestamp').threshold = 2
+    fixture.repository.mark_dirty(['timestamp'])
+    fixture.publish(with_client=True)

fixtures/threshold_two_attack/__init__.py

@@ -1,20 +1,20 @@
 from builder import FixtureBuilder
 
-fixture = FixtureBuilder('threshold_two_attack')\
-    .create_target('testtarget.txt')\
-    .publish()\
-    .add_key('timestamp')
 
-fixture._role('timestamp').threshold = 2
-fixture.repository.mark_dirty(['timestamp'])
-fixture.publish(with_client=True)
+def build():
+    fixture = FixtureBuilder('threshold_two_attack')\
+        .add_key('timestamp')
 
-fixture.repository.mark_dirty(['timestamp'])
-fixture.publish(with_client=True)
-fixture.repository.mark_dirty(['timestamp'])
-fixture.publish()
+    fixture._role('timestamp').threshold = 2
+    fixture.repository.mark_dirty(['timestamp'])
+    fixture.publish(with_client=True)
 
-data = fixture.read('timestamp.json')
-signature = data['signatures'][0]
-data['signatures'] = [signature, signature]
-fixture.write('timestamp.json', data)
+    fixture.repository.mark_dirty(['timestamp'])
+    fixture.publish(with_client=True)
+    fixture.repository.mark_dirty(['timestamp'])
+    fixture.publish()
+
+    data = fixture.read('timestamp.json')
+    signature = data['signatures'][0].copy()
+    data['signatures'] = [signature, signature]
+    fixture.write('timestamp.json', data)

old-fixture-match.py

@@ -0,0 +1,38 @@
+# this is just temp script to test matching old fixtures
+# 'old_fixtures' is just temp
+import filecmp
+
+fixtures = [
+    #['TUFTestFixtureSimple', 'simple'], # Matching?
+    #['TUFTestFixtureThresholdTwo', 'threshold_two']
+    # ['TUFTestFixtureAttackRollback', 'rollback']
+   # ['TUFTestFixtureThresholdTwoAttack', 'threshold_two_attack'],
+    ['TUFTestFixtureDelegated', 'delegated']
+]
+
+class bcolors:
+    HEADER = '\033[95m'
+    OKBLUE = '\033[94m'
+    OKCYAN = '\033[96m'
+    OKGREEN = '\033[92m'
+    WARNING = '\033[93m'
+    FAIL = '\033[91m'
+    ENDC = '\033[0m'
+    BOLD = '\033[1m'
+    UNDERLINE = '\033[4m'
+
+for fixture in fixtures:
+    old_name = fixture[0]
+    new_name = fixture[1]
+    print(f"{bcolors.HEADER}********* Compare {old_name} to {new_name} **********{bcolors.ENDC}")
+    old_dir = "old_fixtures/" + old_name
+    new_dir = "fixtures/" + new_name
+    old_client = old_dir + "/tufclient/tufrepo"
+    new_client = new_dir + "/client"
+    # print("old_client=" + old_client)
+    result = filecmp.dircmp(old_client, new_client)
+    result.report_full_closure()
+    old_server = old_dir + "/tufrepo"
+    new_server = new_dir + "/server"
+    result = filecmp.dircmp(old_server, new_server)
+    result.report_full_closure()

old_fixtures/TUFTestFixtureAttackRollback/tufclient/tufrepo/metadata/current/1.root.json

@@ -0,0 +1,87 @@
+{
+ "signatures": [
+  {
+   "keyid": "d4dab4b4d68b91665a6d0dac5b4e64677aa6d853fc787669168b4b4ba9822129",
+   "sig": "d0bf76a5cfc0aee1b8a1b1bf0ed8ca646a1a6d5f205945c515e8546bfd3c1e6b5e07cc0b93836bd030dd05ba68f177aecb05f6bf90c6702fd178e53310022506"
+  }
+ ],
+ "signed": {
+  "_type": "root",
+  "consistent_snapshot": true,
+  "expires": "2020-12-31T05:48:20Z",
+  "keys": {
+   "3a05831328273e4b821c3bbe1fed0c5332749d8e071675879af26a401a5c85ae": {
+    "keyid_hash_algorithms": [
+     "sha256",
+     "sha512"
+    ],
+    "keytype": "ed25519",
+    "keyval": {
+     "public": "6bac59b8d9e1aae02fae6fba6e7fe3fc9fe5b4a9fe98c3fca255d8c8ec3e5b35"
+    },
+    "scheme": "ed25519"
+   },
+   "77dfdca206c0fe1b8e55d67d21dd0e195a0998a9d2b56c6d3ee8f68d04c21e93": {
+    "keyid_hash_algorithms": [
+     "sha256",
+     "sha512"
+    ],
+    "keytype": "ed25519",
+    "keyval": {
+     "public": "6400d770c7c1bce4b3d59ce0079ed686e843b6500bbea77d869a1ae7df4565a1"
+    },
+    "scheme": "ed25519"
+   },
+   "d4dab4b4d68b91665a6d0dac5b4e64677aa6d853fc787669168b4b4ba9822129": {
+    "keyid_hash_algorithms": [
+     "sha256",
+     "sha512"
+    ],
+    "keytype": "ed25519",
+    "keyval": {
+     "public": "28bf74baa87ed923f8fa27e3292684f8ec4730ce0bdc65150ed58199206ce089"
+    },
+    "scheme": "ed25519"
+   },
+   "e4dae3872d28d29f7624a702bfd25f68453544d597229ee9e0a8569d1f940cf4": {
+    "keyid_hash_algorithms": [
+     "sha256",
+     "sha512"
+    ],
+    "keytype": "ed25519",
+    "keyval": {
+     "public": "e6ae9d3b67d7b3ce274130291dd90287f32b8fd72bfb4ac5430859ebd1c28a46"
+    },
+    "scheme": "ed25519"
+   }
+  },
+  "roles": {
+   "root": {
+    "keyids": [
+     "d4dab4b4d68b91665a6d0dac5b4e64677aa6d853fc787669168b4b4ba9822129"
+    ],
+    "threshold": 1
+   },
+   "snapshot": {
+    "keyids": [
+     "77dfdca206c0fe1b8e55d67d21dd0e195a0998a9d2b56c6d3ee8f68d04c21e93"
+    ],
+    "threshold": 1
+   },
+   "targets": {
+    "keyids": [
+     "e4dae3872d28d29f7624a702bfd25f68453544d597229ee9e0a8569d1f940cf4"
+    ],
+    "threshold": 1
+   },
+   "timestamp": {
+    "keyids": [
+     "3a05831328273e4b821c3bbe1fed0c5332749d8e071675879af26a401a5c85ae"
+    ],
+    "threshold": 1
+   }
+  },
+  "spec_version": "1.0.0",
+  "version": 1
+ }
+}

old_fixtures/TUFTestFixtureAttackRollback/tufclient/tufrepo/metadata/current/1.snapshot.json

@@ -0,0 +1,19 @@
+{
+ "signatures": [
+  {
+   "keyid": "77dfdca206c0fe1b8e55d67d21dd0e195a0998a9d2b56c6d3ee8f68d04c21e93",
+   "sig": "61db8765350398f7f750853337d9a55c5d6e790812d29146b5b45d5fd43d2a42c474a7a9fab263c3a50a28114a82f79dbf24ff1f99ae737a8d06f332f9f7d103"
+  }
+ ],
+ "signed": {
+  "_type": "snapshot",
+  "expires": "2020-01-08T00:00:00Z",
+  "meta": {
+   "targets.json": {
+    "version": 1
+   }
+  },
+  "spec_version": "1.0.0",
+  "version": 1
+ }
+}

old_fixtures/TUFTestFixtureAttackRollback/tufclient/tufrepo/metadata/current/1.targets.json

@@ -0,0 +1,19 @@
+{
+ "signatures": [
+  {
+   "keyid": "e4dae3872d28d29f7624a702bfd25f68453544d597229ee9e0a8569d1f940cf4",
+   "sig": "c150e8ed5d352f366a979f4c4b9d556350c414c2da7ef1279045aaed3438c60872142d0dfe5ddbb627fec2d8fb7c5d8e692e04a87230b78d74714c5db035620a"
+  }
+ ],
+ "signed": {
+  "_type": "targets",
+  "delegations": {
+   "keys": {},
+   "roles": []
+  },
+  "expires": "2020-04-01T07:27:10Z",
+  "spec_version": "1.0.0",
+  "targets": {},
+  "version": 1
+ }
+}

old_fixtures/TUFTestFixtureAttackRollback/tufclient/tufrepo/metadata/current/1.timestamp.json

@@ -0,0 +1,24 @@
+{
+ "signatures": [
+  {
+   "keyid": "3a05831328273e4b821c3bbe1fed0c5332749d8e071675879af26a401a5c85ae",
+   "sig": "1d668531c7a0960cf90825faa684106a8aef0799c1b47e72301bac45d87f2dd42c14f1a3ac7db862323ca5177dd4fd686573ea92aea99638f17414dde561c00b"
+  }
+ ],
+ "signed": {
+  "_type": "timestamp",
+  "expires": "2020-01-02T00:00:00Z",
+  "meta": {
+   "snapshot.json": {
+    "hashes": {
+     "sha256": "f4ca389c2c9fbc592d91d4e693c31113b8803a11bcb5ecd973581fa0e3d34ce0",
+     "sha512": "92a0989e44c0e9f16d3e56268a3b8dd4e4416ee2ac91a4c871a405f1e426062651ec4effa0078fc4409c8b0422ccad9b1aa197db58f178406f398562b2e98195"
+    },
+    "length": 431,
+    "version": 1
+   }
+  },
+  "spec_version": "1.0.0",
+  "version": 1
+ }
+}