Merge pull request theupdateframework#1553 from jku/metadata-missing-…

…tests tests: Add some missing coverage
rdimitrov · Sep 2, 2021 · e6b41d5 · e6b41d5
2 parents 8400460 + 017425e
commit e6b41d5
Showing 1 changed file with 33 additions and 7 deletions.
diff --git a/tests/test_api.py b/tests/test_api.py
@@ -431,16 +431,14 @@ def test_key_class(self):
  self.assertFalse('private' in key.keyval.keys())
 
 
- def test_metadata_root(self):
+ def test_root_add_key_and_remove_key(self):
  root_path = os.path.join(
  self.repo_dir, 'metadata', 'root.json')
  root = Metadata[Root].from_file(root_path)
 
- # Add a second key to root role
+ # Create a new key
  root_key2 = import_ed25519_publickey_from_file(
  os.path.join(self.keystore_dir, 'root_key2.pub'))
-
-
  keyid = root_key2['keyid']
  key_metadata = Key(keyid, root_key2['keytype'], root_key2['scheme'],
  root_key2['keyval'])
@@ -465,11 +463,17 @@ def test_metadata_root(self):
  root.signed.add_key('root', key_metadata)
  self.assertEqual(pre_add_keyid, root.signed.roles['root'].keyids)
 
- # Remove the key
- root.signed.remove_key('root', keyid)
+ # Add the same key to targets role as well
+ root.signed.add_key('targets', key_metadata)
 
- # Assert that root does not contain the new key anymore
+ # Remove the key from root role (targets role still uses it)
+ root.signed.remove_key('root', keyid)
  self.assertNotIn(keyid, root.signed.roles['root'].keyids)
+ self.assertIn(keyid, root.signed.keys)
+
+ # Remove the key from targets as well
+ root.signed.remove_key('targets', keyid)
+ self.assertNotIn(keyid, root.signed.roles['targets'].keyids)
  self.assertNotIn(keyid, root.signed.keys)
 
  with self.assertRaises(KeyError):
@@ -619,6 +623,28 @@ def test_length_and_hash_validation(self):
  self.assertRaises(exceptions.LengthOrHashMismatchError,
  file1_targetfile.verify_length_and_hashes, file1)
 
+ def test_is_delegated_role(self):
+ # test path matches
+ # see more extensive tests in test_is_target_in_pathpattern()
+ for paths in [
+ ["a/path"],
+ ["otherpath", "a/path"],
+ ["*/?ath"],
+ ]:
+ role = DelegatedRole("", [], 1, False, paths, None)
+ self.assertFalse(role.is_delegated_path("a/non-matching path"))
+ self.assertTrue(role.is_delegated_path("a/path"))
+
+ # test path hash prefix matches: sha256 sum of "a/path" is 927b0ecf9...
+ for hash_prefixes in [
+ ["927b0ecf9"],
+ ["other prefix", "927b0ecf9"],
+ ["927b0"],
+ ["92"],
+ ]:
+ role = DelegatedRole("", [], 1, False, None, hash_prefixes)
+ self.assertFalse(role.is_delegated_path("a/non-matching path"))
+ self.assertTrue(role.is_delegated_path("a/path"))
 
 # Run unit test.
 if __name__ == '__main__':