Skip to content

Commit

Permalink
Merge pull request theupdateframework#1553 from jku/metadata-missing-…
Browse files Browse the repository at this point in the history
…tests

tests: Add some missing coverage
  • Loading branch information
sechkova authored Sep 2, 2021
2 parents 8400460 + 017425e commit e6b41d5
Showing 1 changed file with 33 additions and 7 deletions.
40 changes: 33 additions & 7 deletions tests/test_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -431,16 +431,14 @@ def test_key_class(self):
self.assertFalse('private' in key.keyval.keys())


def test_metadata_root(self):
def test_root_add_key_and_remove_key(self):
root_path = os.path.join(
self.repo_dir, 'metadata', 'root.json')
root = Metadata[Root].from_file(root_path)

# Add a second key to root role
# Create a new key
root_key2 = import_ed25519_publickey_from_file(
os.path.join(self.keystore_dir, 'root_key2.pub'))


keyid = root_key2['keyid']
key_metadata = Key(keyid, root_key2['keytype'], root_key2['scheme'],
root_key2['keyval'])
Expand All @@ -465,11 +463,17 @@ def test_metadata_root(self):
root.signed.add_key('root', key_metadata)
self.assertEqual(pre_add_keyid, root.signed.roles['root'].keyids)

# Remove the key
root.signed.remove_key('root', keyid)
# Add the same key to targets role as well
root.signed.add_key('targets', key_metadata)

# Assert that root does not contain the new key anymore
# Remove the key from root role (targets role still uses it)
root.signed.remove_key('root', keyid)
self.assertNotIn(keyid, root.signed.roles['root'].keyids)
self.assertIn(keyid, root.signed.keys)

# Remove the key from targets as well
root.signed.remove_key('targets', keyid)
self.assertNotIn(keyid, root.signed.roles['targets'].keyids)
self.assertNotIn(keyid, root.signed.keys)

with self.assertRaises(KeyError):
Expand Down Expand Up @@ -619,6 +623,28 @@ def test_length_and_hash_validation(self):
self.assertRaises(exceptions.LengthOrHashMismatchError,
file1_targetfile.verify_length_and_hashes, file1)

def test_is_delegated_role(self):
# test path matches
# see more extensive tests in test_is_target_in_pathpattern()
for paths in [
["a/path"],
["otherpath", "a/path"],
["*/?ath"],
]:
role = DelegatedRole("", [], 1, False, paths, None)
self.assertFalse(role.is_delegated_path("a/non-matching path"))
self.assertTrue(role.is_delegated_path("a/path"))

# test path hash prefix matches: sha256 sum of "a/path" is 927b0ecf9...
for hash_prefixes in [
["927b0ecf9"],
["other prefix", "927b0ecf9"],
["927b0"],
["92"],
]:
role = DelegatedRole("", [], 1, False, None, hash_prefixes)
self.assertFalse(role.is_delegated_path("a/non-matching path"))
self.assertTrue(role.is_delegated_path("a/path"))

# Run unit test.
if __name__ == '__main__':
Expand Down

0 comments on commit e6b41d5

Please sign in to comment.