|
| 1 | +"""Script for generating new metadata files.""" |
| 2 | + |
| 3 | +# Copyright New York University and the TUF contributors |
| 4 | +# SPDX-License-Identifier: MIT OR Apache-2.0 |
| 5 | + |
| 6 | +import os |
| 7 | +import sys |
| 8 | +from datetime import datetime |
| 9 | +from typing import Dict, List, Optional |
| 10 | + |
| 11 | +from securesystemslib.signer import SSlibSigner |
| 12 | + |
| 13 | +from tests import utils |
| 14 | +from tuf.api.metadata import ( |
| 15 | + SPECIFICATION_VERSION, |
| 16 | + TOP_LEVEL_ROLE_NAMES, |
| 17 | + Key, |
| 18 | + Metadata, |
| 19 | + MetaFile, |
| 20 | + Role, |
| 21 | + Root, |
| 22 | + Snapshot, |
| 23 | + Targets, |
| 24 | + Timestamp, |
| 25 | +) |
| 26 | +from tuf.api.serialization.json import JSONSerializer |
| 27 | + |
| 28 | +# Hardcode keys and expiry time to achieve reproducibility. |
| 29 | +public_values: List[str] = [ |
| 30 | + "b11d2ff132c033a657318c74c39526476c56de7556c776f11070842dbc4ac14c", |
| 31 | + "250f9ae3d1d3d5c419a73cfb4a470c01de1d5d3d61a3825416b5f5d6b88f4a30", |
| 32 | + "82380623abb9666d4bf274b1a02577469445a972e5650d270101faa5107b19c8", |
| 33 | + "0e6738fc1ac6fb4de680b4be99ecbcd99b030f3963f291277eef67bb9bd123e9", |
| 34 | +] |
| 35 | +private_values: List[str] = [ |
| 36 | + "510e5e04d7a364af850533856eacdf65d30cc0f8803ecd5fdc0acc56ca2aa91c", |
| 37 | + "e6645b00312c8a257782e3e61e85bafda4317ad072c52251ef933d480c387abd", |
| 38 | + "cd13dd2180334b24c19b32aaf27f7e375a614d7ba0777220d5c2290bb2f9b868", |
| 39 | + "7e2e751145d1b22f6e40d4ba2aa47158207acfd3c003f1cbd5a08141dfc22a15", |
| 40 | +] |
| 41 | +keyids: List[str] = [ |
| 42 | + "5822582e7072996c1eef1cec24b61115d364987faa486659fe3d3dce8dae2aba", |
| 43 | + "09d440e3725cec247dcb8703b646a87dd2a4d75343e8095c036c32795eefe3b9", |
| 44 | + "3458204ed467519c19a5316eb278b5608472a1bbf15850ebfb462d5315e4f86d", |
| 45 | + "2be5c21e3614f9f178fb49c4a34d0c18ffac30abd14ced917c60a52c8d8094b7", |
| 46 | +] |
| 47 | + |
| 48 | +keys: Dict[str, Key] = {} |
| 49 | +for index in range(4): |
| 50 | + keys[f"ed25519_{index}"] = Key.from_securesystemslib_key( |
| 51 | + { |
| 52 | + "keytype": "ed25519", |
| 53 | + "scheme": "ed25519", |
| 54 | + "keyid": keyids[index], |
| 55 | + "keyval": { |
| 56 | + "public": public_values[index], |
| 57 | + "private": private_values[index], |
| 58 | + }, |
| 59 | + } |
| 60 | + ) |
| 61 | + |
| 62 | +expires_str = "2050-01-01T00:00:00Z" |
| 63 | +EXPIRY = datetime.strptime(expires_str, "%Y-%m-%dT%H:%M:%SZ") |
| 64 | +SPEC_VERSION = ".".join(SPECIFICATION_VERSION) |
| 65 | +OUT_DIR = "generated_data/ed25519_metadata" |
| 66 | +if not os.path.exists(OUT_DIR): |
| 67 | + os.mkdir(OUT_DIR) |
| 68 | + |
| 69 | +SERIALIZER = JSONSerializer() |
| 70 | +ROLES = {role_name: Role([], 1) for role_name in TOP_LEVEL_ROLE_NAMES} |
| 71 | + |
| 72 | + |
| 73 | +def verify_generation(md: Metadata, path: str) -> None: |
| 74 | + """Verify that newly generated file equals the locally stored one. |
| 75 | +
|
| 76 | + Args: |
| 77 | + md: Newly generated metadata object. |
| 78 | + path: Path to the locally stored metadata file. |
| 79 | + """ |
| 80 | + with open(path, "rb") as f: |
| 81 | + static_md_bytes = f.read() |
| 82 | + md_bytes = md.to_bytes(SERIALIZER) |
| 83 | + if static_md_bytes != md_bytes: |
| 84 | + raise ValueError( |
| 85 | + f"Generated data != local data at {path}. Generate a new " |
| 86 | + + "metadata with 'python generated_data/generate_md.py'" |
| 87 | + ) |
| 88 | + |
| 89 | + |
| 90 | +def generate_all_files( |
| 91 | + dump: Optional[bool] = False, verify: Optional[bool] = False |
| 92 | +) -> None: |
| 93 | + """Generate a new repository and optionally verify it. |
| 94 | +
|
| 95 | + Args: |
| 96 | + dump: Wheter to dump the newly generated files. |
| 97 | + verify: Whether to verify the newly generated files with the |
| 98 | + local staored. |
| 99 | + """ |
| 100 | + root = Root(1, SPEC_VERSION, EXPIRY, {}, ROLES, True) |
| 101 | + root.add_key("root", keys["ed25519_0"]) |
| 102 | + root.add_key("timestamp", keys["ed25519_1"]) |
| 103 | + root.add_key("snapshot", keys["ed25519_2"]) |
| 104 | + root.add_key("targets", keys["ed25519_3"]) |
| 105 | + |
| 106 | + md_root: Metadata[Root] = Metadata(root, {}) |
| 107 | + |
| 108 | + timestamp = Timestamp(1, SPEC_VERSION, EXPIRY, MetaFile(1)) |
| 109 | + md_timestamp: Metadata[Timestamp] = Metadata(timestamp, {}) |
| 110 | + |
| 111 | + meta: Dict[str, MetaFile] = {"targets.json": MetaFile(1)} |
| 112 | + snapshot = Snapshot(1, SPEC_VERSION, EXPIRY, meta) |
| 113 | + md_snapshot: Metadata[Snapshot] = Metadata(snapshot, {}) |
| 114 | + |
| 115 | + targets = Targets(1, SPEC_VERSION, EXPIRY, {}) |
| 116 | + md_targets: Metadata[Targets] = Metadata(targets, {}) |
| 117 | + |
| 118 | + for i, md in enumerate([md_root, md_timestamp, md_snapshot, md_targets]): |
| 119 | + assert isinstance(md, Metadata) |
| 120 | + signer = SSlibSigner( |
| 121 | + { |
| 122 | + "keytype": "ed25519", |
| 123 | + "scheme": "ed25519", |
| 124 | + "keyid": keyids[i], |
| 125 | + "keyval": { |
| 126 | + "public": public_values[i], |
| 127 | + "private": private_values[i], |
| 128 | + }, |
| 129 | + } |
| 130 | + ) |
| 131 | + md.sign(signer) |
| 132 | + path = os.path.join(OUT_DIR, f"{md.signed.type}_with_ed25519.json") |
| 133 | + if verify: |
| 134 | + verify_generation(md, path) |
| 135 | + |
| 136 | + if dump: |
| 137 | + md.to_file(path, SERIALIZER) |
| 138 | + |
| 139 | + |
| 140 | +if __name__ == "__main__": |
| 141 | + utils.configure_test_logging(sys.argv) |
| 142 | + # To generate a new set of metadata files this script is supposed to be run |
| 143 | + # from the "tests" folder. |
| 144 | + generate_all_files(dump=True) |
0 commit comments