Verify validation is performed from local metadata

ivanayov · ivanayov · commit 7b15487e6f02 · 2021-12-13T17:11:56.000+02:00
This change verifies that when local metadata has expired, it is
still used to verify new metadata that's pulled from remote

Signed-off-by: Ivana Atanasova &lt;iyovcheva@vmware.com&gt;
diff --git a/tests/test_updater_top_level_update.py b/tests/test_updater_top_level_update.py
@@ -11,6 +11,7 @@
 import unittest
 from datetime import datetime, timedelta
 from typing import Iterable, Optional
+from unittest import mock
 
 from tests import utils
 from tests.repository_simulator import RepositorySimulator
@@ -288,6 +289,46 @@ def test_new_timestamp_unsigned(self) -> None:
 
         self._assert_files_exist([Root.type])
 
+    def test_expired_timestamp_version_rollback(self) -> None:
+        self._run_refresh()
+
+        mock_time = mock.Mock()
+        mock_time.return_value = (
+            int(self.sim.timestamp.expires.strftime("%Y%m%d%H%M%S")) + 1
+        )
+        with mock.patch("time.time", mock_time):
+            # Check for a rollback attack
+            self.sim.timestamp.version = 2
+            self._run_refresh()
+
+            self.sim.timestamp.version = 1
+            with self.assertRaises(ReplayedMetadataError):
+                self._run_refresh()
+
+            self._assert_version_equals(Timestamp.type, 2)
+
+    def test_expired_timestamp_snapshot_rollback(self) -> None:
+        self._run_refresh()
+
+        mock_time = mock.Mock()
+        mock_time.return_value = (
+            int(self.sim.timestamp.expires.strftime("%Y%m%d%H%M%S")) + 1
+        )
+        with mock.patch("time.time", mock_time):
+            # Check for a rollback attack.
+            self.sim.snapshot.version = 2
+            self.sim.update_timestamp()  # timestamp v2
+            self._run_refresh()
+
+            # Snapshot meta version is smaller than previous
+            self.sim.timestamp.snapshot_meta.version = 1
+            self.sim.timestamp.version += 1  # timestamp v3
+
+            with self.assertRaises(ReplayedMetadataError):
+                self._run_refresh()
+
+            self._assert_version_equals(Timestamp.type, 2)
+
     def test_new_timestamp_version_rollback(self) -> None:
         # Check for a rollback attack
         self.sim.timestamp.version = 2
diff --git a/tests/test_updater_with_simulator.py b/tests/test_updater_with_simulator.py
@@ -13,7 +13,7 @@
 import unittest
 from datetime import datetime, timedelta
 from typing import Optional, Tuple
-from unittest.mock import MagicMock, call, patch
+from unittest.mock import MagicMock, Mock, patch
 
 from tests import utils
 from tests.repository_simulator import RepositorySimulator
@@ -257,74 +257,31 @@ def test_not_loading_targets_twice(self, wrapped_open: MagicMock) -> None:
         updater.get_targetinfo("somepath")
         wrapped_open.assert_not_called()
 
-    @patch.object(builtins, "open", wraps=builtins.open)
-    def test_expired_metadata(self, wrapped_open: MagicMock) -> None:
-        # Test that expired timestamp/snapshot can be used to verify the next
-        # version of timestamp/snapshot respectively.
-        # If there is an expired local targets it won't be verified and the
-        # updater will try to fetch and verify the next version without using
-        # any information from the old expired targets file.
+    def test_expired_metadata(self) -> None:
+        # Test that expired local timestamp/snapshot can be used for updating
+        # from remote
 
         # Make a successful update of valid metadata which stores it in cache
         self._run_refresh()
 
-        past_datetime = datetime.utcnow().replace(microsecond=0) - timedelta(
-            days=5
-        )
-
-        # Store the future_datetime for future reference
-        future_datetime = self.sim.timestamp.expires
-
-        # Make version 1 stored metadata in the simulator expired.
-        past_datetime = datetime.utcnow().replace(microsecond=0) - timedelta(
-            weeks=52
-        )
-        self.sim.timestamp.expires = past_datetime
-        self.sim.snapshot.expires = past_datetime
-        self.sim.targets.expires = past_datetime
-
-        # Serializer is used to serialize JSON in a human readable format.
-        seriazer = JSONSerializer()
-
-        # Replace current version 1 roles with expired ones.
-        for role in ["timestamp", "snapshot"]:
-            md = Metadata.from_bytes(self.sim.fetch_metadata(role))
-            md.to_file(f"{self.metadata_dir}/{role}.json", seriazer)
-
-        # Make version 2 of the roles valid by using a future expiry date
-        self.sim.timestamp.expires = future_datetime
-        self.sim.snapshot.expires = future_datetime
-        self.sim.targets.expires = future_datetime
-
-        self.sim.targets.version += 1
-        self.sim.update_snapshot()
-
-        # Clean up calls to open during refresh()
-        wrapped_open.reset_mock()
-
-        # Create a new updater and perform a second update while
-        # the metadata is already stored in cache (metadata dir)
-        self._run_refresh()
-
-        # Test that an expired timestamp/snapshot when loaded from cache is not
-        # stored as final but is used to verify the new timestamp
-        wrapped_open.assert_has_calls(
-            [
-                call(os.path.join(self.metadata_dir, "root.json"), "rb"),
-                call(os.path.join(self.metadata_dir, "timestamp.json"), "rb"),
-                call(os.path.join(self.metadata_dir, "snapshot.json"), "rb"),
-                call(os.path.join(self.metadata_dir, "targets.json"), "rb"),
-            ]
+        # Simulate expired local metadata by mocking system time one second ahead
+        mock_time = Mock()
+        mock_time.return_value = (
+            int(self.sim.timestamp.expires.strftime("%Y%m%d%H%M%S")) + 1
         )
+        with patch("time.time", mock_time):
+            self.sim.targets.version += 1
+            self.sim.update_snapshot()
+            # Create a new updater and perform a second update while
+            # the metadata is already stored in cache (metadata dir)
+            self._run_refresh()
 
-        # Assert that the final version of timestamp/snapshot is version 2 with
-        # a future expiry date.
+        # Assert that the final version of timestamp/snapshot is version 2
+        # which means a successful refresh is performed
+        # with expired local metadata
         for role in ["timestamp", "snapshot", "targets"]:
             md = Metadata.from_file(f"{self.metadata_dir}/{role}.json")
             self.assertEqual(md.signed.version, 2)
-            self.assertEqual(md.signed.expires, future_datetime)
-
-        wrapped_open.reset_mock()
 
 
 if __name__ == "__main__":
