// InitTargets initializes an empty targets, and returns the new empty target
func (tr *Repo) InitTargets(role string) (*data.SignedTargets, error) {
if !data.IsDelegation(role) && role != data.CanonicalTargetsRole {
return nil, data.ErrInvalidRole{
Role: role,
Reason: fmt.Sprintf("role is not a valid targets role name: %s", role),
}
}
targets := data.NewTargets()
tr.Targets[role] = targets
return targets, nil
}
func TestChecksumMatch(t *testing.T) {
repo := tuf.NewRepo(nil, nil)
localStorage := store.NewMemoryStore(nil, nil)
remoteStorage := store.NewMemoryStore(nil, nil)
client := NewClient(repo, remoteStorage, nil, localStorage)
sampleTargets := data.NewTargets()
orig, err := json.Marshal(sampleTargets)
origSha256 := sha256.Sum256(orig)
assert.NoError(t, err)
remoteStorage.SetMeta("targets", orig)
_, _, err = client.downloadSigned("targets", int64(len(orig)), origSha256[:])
assert.NoError(t, err)
}
func TestRemoveUnusedKeys(t *testing.T) {
targets := data.NewTargets()
role, err := data.NewRole("targets/test", 1, []string{"123"}, []string{""})
require.NoError(t, err)
targets.Signed.Delegations.Keys["123"] = nil
RemoveUnusedKeys(targets)
require.Len(t, targets.Signed.Delegations.Keys, 0)
// when role is present that uses key, it shouldn't get removed
targets.Signed.Delegations.Roles = []*data.Role{role}
targets.Signed.Delegations.Keys["123"] = nil
RemoveUnusedKeys(targets)
require.Len(t, targets.Signed.Delegations.Keys, 1)
}
func TestSizeMismatchShort(t *testing.T) {
repo := tuf.NewRepo(nil)
localStorage := store.NewMemoryStore(nil)
remoteStorage := testutils.NewShortMemoryStore(nil)
client := NewClient(repo, remoteStorage, localStorage)
sampleTargets := data.NewTargets()
orig, err := json.Marshal(sampleTargets)
origSha256 := sha256.Sum256(orig)
assert.NoError(t, err)
l := int64(len(orig))
remoteStorage.SetMeta("targets", orig)
_, _, err = client.downloadSigned("targets", l, origSha256[:])
// size just limits the data received, the error is caught
// either during checksum verification or during json deserialization
assert.IsType(t, ErrChecksumMismatch{}, err)
}
func TestUnusedDelegationKeys(t *testing.T) {
targets := data.NewTargets()
role, err := data.NewRole("targets/test", 1, []string{}, []string{""})
require.NoError(t, err)
discard := UnusedDelegationKeys(*targets)
require.Len(t, discard, 0)
targets.Signed.Delegations.Roles = []*data.Role{role}
targets.Signed.Delegations.Keys["123"] = nil
discard = UnusedDelegationKeys(*targets)
require.Len(t, discard, 1)
role.KeyIDs = []string{"123"}
discard = UnusedDelegationKeys(*targets)
require.Len(t, discard, 0)
}
// UpdateDelegations updates the appropriate delegations, either adding
// a new delegation or updating an existing one. If keys are
// provided, the IDs will be added to the role (if they do not exist
// there already), and the keys will be added to the targets file.
// The "before" argument specifies another role which this new role
// will be added in front of (i.e. higher priority) in the delegation list.
// An empty before string indicates to add the role to the end of the
// delegation list.
// A new, empty, targets file will be created for the new role.
func (tr *Repo) UpdateDelegations(role *data.Role, keys []data.PublicKey, before string) error {
if !role.IsDelegation() || !role.IsValid() {
return data.ErrInvalidRole{Role: role.Name}
}
parent := filepath.Dir(role.Name)
p, ok := tr.Targets[parent]
if !ok {
return data.ErrInvalidRole{Role: role.Name}
}
for _, k := range keys {
if !utils.StrSliceContains(role.KeyIDs, k.ID()) {
role.KeyIDs = append(role.KeyIDs, k.ID())
}
p.Signed.Delegations.Keys[k.ID()] = k
tr.keysDB.AddKey(k)
}
i := -1
var r *data.Role
for i, r = range p.Signed.Delegations.Roles {
if r.Name == role.Name {
break
}
}
if i >= 0 {
p.Signed.Delegations.Roles[i] = role
} else {
p.Signed.Delegations.Roles = append(p.Signed.Delegations.Roles, role)
}
p.Dirty = true
roleTargets := data.NewTargets() // NewTargets always marked Dirty
tr.Targets[role.Name] = roleTargets
tr.keysDB.AddRole(role)
return nil
}
// InitTargets initializes an empty targets
func (tr *Repo) InitTargets() error {
targets := data.NewTargets()
tr.Targets[data.ValidRoles["targets"]] = targets
return nil
}