Various cleanups in RepositorySimulator

* Remove unused methods * Make add_key() support delegating roles other than root * Rename add_target -> add_artifact (to make it clear this is artifacts and not targets the role Also remove unused simple_server.py Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
theupdateframework · Aug 13, 2024 · 36197bf · 36197bf
1 parent d616e0a
commit 36197bf
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 63 deletions.
diff --git a/tuf_conformance/repository_simulator.py b/tuf_conformance/repository_simulator.py
@@ -170,9 +170,6 @@ def _initialize(self) -> None:
 
         self.publish_root()
 
-    def set_root_consistent_snapshot(self, b: bool) -> None:
-        self.root.consistent_snapshot = b
-
     def bump_root_by_one(self) -> None:
         self.root.version += 1
         self.publish_root()
@@ -297,19 +294,6 @@ def update_timestamp(self) -> None:
 
         self.timestamp.version += 1
 
-    def downgrade_timestamp(self) -> None:
-        """Update timestamp and assign snapshot version to snapshot_meta
-        version.
-        """
-
-        hashes = None
-        length = None
-        if self.compute_metafile_hashes_length:
-            hashes, length = self._compute_hashes_and_length(Snapshot.type)
-
-        self.timestamp.snapshot_meta = MetaFile(self.snapshot.version, length, hashes)
-        self.timestamp.version -= 1
-
     def update_snapshot(self) -> None:
         """Update snapshot, assign targets versions and update timestamp."""
         for role, delegate in self.all_targets():
@@ -325,24 +309,8 @@ def update_snapshot(self) -> None:
         self.snapshot.version += 1
         self.update_timestamp()
 
-    def downgrade_snapshot(self) -> None:
-        """Update snapshot, assign targets versions and update timestamp.
-        This is malicious behavior"""
-        for role, delegate in self.all_targets():
-            hashes = None
-            length = None
-            if self.compute_metafile_hashes_length:
-                hashes, length = self._compute_hashes_and_length(role)
-
-            self.snapshot.meta[f"{role}.json"] = MetaFile(
-                delegate.version, length, hashes
-            )
-
-        self.snapshot.version -= 1
-        self.update_timestamp()
-
-    def add_target(self, role: str, data: bytes, path: str) -> None:
-        """Create a target from data and add it to the target_files."""
+    def add_artifact(self, role: str, data: bytes, path: str) -> None:
+        """Add `data` to artifact store and insert its hashes into metadata."""
         targets = self.any_targets(role)
 
         target = TargetFile.from_data(path, data, ["sha256"])
@@ -352,7 +320,7 @@ def add_target(self, role: str, data: bytes, path: str) -> None:
     def add_delegation(
         self, delegator_name: str, role: DelegatedRole, targets: Targets
     ) -> None:
-        """Add delegated target role to the repository."""
+        """Add delegated targets role to the repository."""
         delegator = self.any_targets(delegator_name)
 
         if (
@@ -434,8 +402,14 @@ def debug_dump(self) -> None:
             with open(os.path.join(dest_dir, f"{quoted_role}.json"), "wb") as f:
                 f.write(self.fetch_metadata(role))
 
-    def add_key(self, role: str) -> None:
-        """add new key"""
+    def add_key(self, role: str, delegator_name: str = Root.type) -> None:
+        """add new public key to delegating metadata and store the signer for role"""
         signer = CryptoSigner.generate_ecdsa()
-        self.root.add_key(signer.public_key, role)
+
+        # Add key to delegating metadata
+        delegator = self.mds[delegator_name].signed
+        assert isinstance(delegator, Root | Targets)
+        delegator.add_key(signer.public_key, role)
+
+        # Add signer to signers
         self.add_signer(role, signer)
diff --git a/tuf_conformance/simple_server.py b/tuf_conformance/simple_server.py
diff --git a/tuf_conformance/test_file_download.py b/tuf_conformance/test_file_download.py
@@ -18,7 +18,7 @@ def test_client_downloads_expected_file(
     # Create a test artifact, add it to the repository
     target_path = "target_file.txt"
     target_content = b"target file contents"
-    repo.add_target(Targets.type, target_content, target_path)
+    repo.add_artifact(Targets.type, target_content, target_path)
 
     # Client updates, sanity check that nothing was downloaded
     assert client.refresh(init_data) == 0
@@ -44,7 +44,7 @@ def test_client_downloads_expected_file_in_sub_dir(
     # Create a test artifact, add it to the repository
     target_path = "path/to/a/target_file.txt"
     target_content = b"target file contents"
-    repo.add_target(Targets.type, target_content, target_path)
+    repo.add_artifact(Targets.type, target_content, target_path)
 
     # Client updates, sanity check that nothing was downloaded
     assert client.refresh(init_data) == 0
@@ -71,8 +71,8 @@ def test_repository_substitutes_target_file(
     target_content_1 = b"target file contents"
     target_path_2 = "another_target_file.txt"
     target_content_2 = b"content"
-    repo.add_target(Targets.type, target_content_1, target_path_1)
-    repo.add_target(Targets.type, target_content_2, target_path_2)
+    repo.add_artifact(Targets.type, target_content_1, target_path_1)
+    repo.add_artifact(Targets.type, target_content_2, target_path_2)
 
     # Client updates
     assert client.refresh(init_data) == 0
@@ -123,7 +123,7 @@ def test_multiple_changes_to_target(
     # Create a legitimate test artifacts
     target_path = "target_file.txt"
     target_content = b"target file contents"
-    repo.add_target(Targets.type, target_content, target_path)
+    repo.add_artifact(Targets.type, target_content, target_path)
 
     # Client updates
     assert client.refresh(init_data) == 0
@@ -142,11 +142,11 @@ def test_multiple_changes_to_target(
     for i in range(10):
         # Modify the existing artifact legitimately:
         modified_contents = f"modified file contents {i}".encode()
-        repo.add_target(Targets.type, modified_contents, target_path)
+        repo.add_artifact(Targets.type, modified_contents, target_path)
         # Add a completely new artifact
         new_file_contents = f"new file contents {i}".encode()
         new_target_path = f"new-target-{i}"
-        repo.add_target(Targets.type, new_file_contents, new_target_path)
+        repo.add_artifact(Targets.type, new_file_contents, new_target_path)
         repo.targets.version += 1
 
         # Bump repo snapshot

diff --git a/tuf_conformance/test_rollback.py b/tuf_conformance/test_rollback.py
@@ -91,6 +91,7 @@ def test_new_timestamp_snapshot_rollback(
     assert client.version(Snapshot.type) == 2
     assert repo.metadata_statistics[-1] == (Timestamp.type, None)
 
+
 def test_new_targets_fast_forward_recovery(
     client: ClientRunner, server: SimulatorServer
 ) -> None: