Skip to content

Commit

Permalink
tests: Remove two unclear tests
Browse files Browse the repository at this point in the history 
It's not clear what the correct behaviour is in these tests:
See issue theupdateframework#65

Signed-off-by: Jussi Kukkonen <[email protected]>
  • Loading branch information
@jku
jku committed Jul 15, 2024
1 parent 8fd648a commit dfef50f
Showing 1 changed file with 0 additions and 200 deletions.
200 changes: 0 additions & 200 deletions tuf_conformance/test_keys.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,206 +95,6 @@ def test_root_has_keys_but_not_snapshot(client: ClientRunner,
assert client._version_equals(Snapshot.type, 3)
assert len(json.loads(repo.md_snapshot_json)["signatures"]) == 3

# prefixed with "T" to not run in CI.
def Ttest_wrong_keytype_and_scheme(client: ClientRunner,
server: SimulatorServer) -> None:
"""Does the following:
1. Create 5 valid keys
2. Verify that the client can update
3. Change the scheme of one key
4. Verify that the client cannot update
5. Change the keytype of one key to match the wrong scheme
6. Verify that the client cannot update
7. Lower the threshold so the root metadata has enough
valid keys.
8. Verify that the client can update
This tests a case where root version N is invalid but
root version N+1 is valid. We expect that the client
should update to root version N+1, but some clients
may fail because of root version N"""

name = "test_wrong_keytype_and_scheme"

# initialize a simulator with repository content we need
repo = RepositorySimulator()
server.repos[name] = repo
init_data = server.get_client_init_data(name)
assert client.init_client(init_data) == 0
client.refresh(init_data)
# Sanity checks
assert client._files_exist([Root.type,
Timestamp.type,
Snapshot.type,
Targets.type])
assert client._version_equals(Snapshot.type, 1)
assert len(json.loads(repo.md_snapshot_json)["signatures"]) == 0

initial_setup_for_key_threshold_edge_cases(client, repo, init_data)

# Increase the threshold
new_root = repo.load_metadata(Root.type)
new_root.signed.roles[Snapshot.type].threshold = 5
repo.save_metadata(Root.type, new_root)
repo.bump_root_by_one() # v5

repo.add_key_to_role(Snapshot.type)
repo.update_timestamp()
repo.update_snapshot()
repo.bump_root_by_one() # v6

# Sanity check that we have 5 keys. They are all
# valid at this point
assert len(json.loads(repo.md_root_json)["signed"]
["roles"]
[Snapshot.type]
["keyids"]) == 5

# Updating should succeed because there are now
# 5 valid keys
assert client.refresh(init_data) == 0
assert client._version_equals(Root.type, 6)
assert client._version_equals(Snapshot.type, 4)

# Copy the correct keytype/scheme, so we can restore later
valid_key = json.loads(repo.md_root_json)["signed"]["roles"][Snapshot.type]["keyids"][0]
copy_root_md = json.loads(repo.md_root_json)
correct_scheme = copy.deepcopy(copy_root_md["signed"]
["keys"]
[valid_key]
["scheme"])
correct_keytype = copy.deepcopy(copy_root_md["signed"]
["keys"]
[valid_key]
["keytype"])

# Change scheme to a valid but wrong one
# Sanity check that the current scheme is not "rsa"
assert correct_scheme != "rsa"
new_root_md = json.loads(repo.md_root_json)
new_root_md["signed"]["keys"][valid_key]["scheme"] = "rsa"
repo.save_metadata_bytes(Root.type, meta_dict_to_bytes(new_root_md))
assert (json.loads(repo.md_root_json)["signed"]
["keys"]
[valid_key]
["scheme"]) == "rsa"

# Update and fail
assert client.refresh(init_data) == 1
assert client._version_equals(Root.type, 6) # TODO verify: Should root update here?
assert client._version_equals(Snapshot.type, 4)

# Set the threshold so low that we have enough valid keys
# At this point the repo root MD has 5 keys of which 1 is
# invalid.
new_root_md = json.loads(repo.md_root_json)
new_root_md["signed"]["roles"][Snapshot.type]["threshold"] = 1
repo.md_root_json = meta_dict_to_bytes(new_root_md)
repo.update_timestamp()
repo.update_snapshot()
repo.bump_root_by_one()

# We should fail because the scheme is wrong
assert client.refresh(init_data) == 1
assert client._version_equals(Root.type, 6)
assert client._version_equals(Snapshot.type, 4)

# Also change the keytype to rsa
# Sanity check that the current keytype is not "rsa"
assert correct_keytype != "rsa"
new_root_md = json.loads(repo.md_root_json)
new_root_md["signed"]["keys"][valid_key]["keytype"] = "rsa"
repo.save_metadata_bytes(Root.type, meta_dict_to_bytes(new_root_md))
assert (json.loads(repo.md_root_json)["signed"]
["keys"]
[valid_key]
["keytype"]) == "rsa"
repo.bump_root_by_one()

# We should fail because the scheme and keytype are wrong
assert client.refresh(init_data) == 1
assert client._version_equals(Root.type, 6) # TODO verify: Should root update here?
assert client._version_equals(Snapshot.type, 4)

# Set the keytype and scheme back to the correct format. The root MD
# is now identical to the last root MD that the client updated
new_root_md = json.loads(repo.md_root_json)
new_root_md["signed"]["keys"][valid_key]["keytype"] = correct_keytype
new_root_md["signed"]["keys"][valid_key]["scheme"] = correct_scheme
repo.save_metadata_bytes(Root.type, meta_dict_to_bytes(new_root_md))
assert (json.loads(repo.md_root_json)["signed"]
["keys"]
[valid_key]
["keytype"]) == correct_keytype
assert (json.loads(repo.md_root_json)["signed"]
["keys"]
[valid_key]
["scheme"]) == correct_scheme
repo.bump_root_by_one()

# Here we expect that the client updates because the repo
# has a valid version of the root MD that the client has
# not downloaded. A reason a client might fail here is
# because the repo has an invalid root MD version
# before the valid one. The tricky part here is that
# there are enough valid keys but a single invalid that
# will fail key validation.
assert client.refresh(init_data) == 0
assert client._version_equals(Root.type, 9)
assert client._version_equals(Snapshot.type, 4)

# prefixed with "T" to not run in CI.
def Ttest_key_with_invalid_scheme(client: ClientRunner,
server: SimulatorServer) -> None:
"""Sets the scheme for a key for snapshot MD in root
to an invalid one and expects the client to update
root but not snapshot"""
name = "test_key_with_invalid_scheme"

# initialize a simulator with repository content we need
repo = RepositorySimulator()
server.repos[name] = repo
init_data = server.get_client_init_data(name)
assert client.init_client(init_data) == 0
client.refresh(init_data)
# Sanity checks
assert client._files_exist([Root.type,
Timestamp.type,
Snapshot.type,
Targets.type])
assert client._version_equals(Snapshot.type, 1)
assert len(json.loads(repo.md_snapshot_json)["signatures"]) == 0

initial_setup_for_key_threshold_edge_cases(client, repo, init_data)

# Increase the threshold
new_root = repo.load_metadata(Root.type)
new_root.signed.roles[Snapshot.type].threshold = 5
repo.save_metadata(Root.type, new_root)
repo.bump_root_by_one()

# Updating should fail. Root should bump, but not snapshot
assert client.refresh(init_data) == 1
assert client._version_equals(Root.type, 5)
assert client._version_equals(Snapshot.type, 3)
# Change scheme
valid_key = json.loads(repo.md_root_json)["signed"]["roles"][Snapshot.type]["keyids"][0]
new_root_md = json.loads(repo.md_root_json)
new_root_md["signed"]["keys"][valid_key]["scheme"] = "invalidScheme"
repo.save_metadata_bytes(Root.type, meta_dict_to_bytes(new_root_md))
assert json.loads(repo.md_root_json)["signed"]["keys"][valid_key]["scheme"] == "invalidScheme"

# Root should bump, but not snapshot
assert client.refresh(init_data) == 1
assert client._version_equals(Root.type, 5) # TODO: DOUBLE CHECK
assert client._version_equals(Snapshot.type, 3)

repo.bump_root_by_one()

# Updating should fail.
assert client.refresh(init_data) == 1
assert client._version_equals(Root.type, 6) # TODO: Double check this
assert client._version_equals(Snapshot.type, 3)

def test_wrong_hashing_algorithm(client: ClientRunner,
server: SimulatorServer) -> None:
Expand Down

0 comments on commit dfef50f

Please sign in to comment.