@@ -191,15 +191,17 @@ def test_without_tuf(self):
191
191
192
192
# Test 2 Begin:
193
193
#
194
- # 'timestamp.json' specifies the latest version of the repository files.
195
- # A client should only accept the same version of this file up to a certain
196
- # point, or else it cannot detect that new files are available for download.
197
- # Modify the repository's timestamp.json' so that it expires soon, copy it
198
- # over the to client, and attempt to re-fetch the same expired version.
194
+ # 'timestamp.json' specifies the latest version of the repository files. A
195
+ # client should only accept the same version of this file up to a certain
196
+ # point, or else it cannot detect that new files are available for
197
+ # download. Modify the repository's timestamp.json' so that it expires
198
+ # soon, copy it over to the client, and attempt to re-fetch the same
199
+ # expired version.
199
200
#
200
201
# A non-TUF client (without a way to detect when metadata has expired) is
201
202
# expected to download the same version, and thus the same outdated files.
202
- # Verify that the same file size and hash of 'timestamp.json' is downloaded.
203
+ # Verify that the downloaded 'timestamp.json' contains the same file size
204
+ # and hash as the one available locally.
203
205
204
206
timestamp_path = os .path .join (self .repository_directory , 'metadata' ,
205
207
'timestamp.json' )
@@ -285,17 +287,18 @@ def test_with_tuf(self):
285
287
repository .snapshot .load_signing_key (snapshot_private )
286
288
287
289
# Expire snapshot in 8s. This should be far enough into the future that we
288
- # haven't reached it before the first refresh validates timestamp expiry. We
289
- # want a successful refresh before expiry, then a second refresh after
290
+ # haven't reached it before the first refresh validates timestamp expiry.
291
+ # We want a successful refresh before expiry, then a second refresh after
290
292
# expiry (which we then expect to raise an exception due to expired
291
293
# metadata).
292
294
expiry_time = time .time () + 8
293
295
datetime_object = tuf .formats .unix_timestamp_to_datetime (int (expiry_time ))
294
296
295
297
repository .snapshot .expiration = datetime_object
296
298
297
- # Now write to the repository
299
+ # Now write to the repository.
298
300
repository .write ()
301
+
299
302
# And move the staged metadata to the "live" metadata.
300
303
shutil .rmtree (os .path .join (self .repository_directory , 'metadata' ))
301
304
shutil .copytree (os .path .join (self .repository_directory , 'metadata.staged' ),
@@ -304,27 +307,28 @@ def test_with_tuf(self):
304
307
# Refresh metadata on the client. For this refresh, all data is not expired.
305
308
logger .info ('Test: Refreshing #1 - Initial metadata refresh occurring.' )
306
309
self .repository_updater .refresh ()
307
- logger .info (" Test: Refreshed #1 - Initial metadata refresh completed "
308
- " successfully. Now sleeping until snapshot metadata expires." )
310
+ logger .info (' Test: Refreshed #1 - Initial metadata refresh completed '
311
+ ' successfully. Now sleeping until snapshot metadata expires.' )
309
312
310
313
# Sleep until expiry_time ('repository.snapshot.expiration')
311
- time .sleep ( max (0 , expiry_time - time .time ()) )
314
+ time .sleep (max (0 , expiry_time - time .time ()))
312
315
313
- logger .info (" Test: Refreshing #2 - Now trying to refresh again after local "
314
- " snapshot expiry." )
316
+ logger .info (' Test: Refreshing #2 - Now trying to refresh again after local'
317
+ ' snapshot expiry.' )
315
318
try :
316
319
self .repository_updater .refresh () # We expect this to fail!
317
320
318
- except tuf .ExpiredMetadataError as e :
319
- logger .info ("Test: Refresh #2 - failed as expected. Expired local "
320
- "snapshot case generated a tuf.ExpiredMetadataError exception"
321
- " as expected. Test pass." )
321
+ except tuf .ExpiredMetadataError :
322
+ logger .info ('Test: Refresh #2 - failed as expected. Expired local'
323
+ ' snapshot case generated a tuf.ExpiredMetadataError'
324
+ ' exception as expected. Test pass.' )
325
+
322
326
# I think that I only expect tuf.ExpiredMetadata error here. A
323
327
# NoWorkingMirrorError indicates something else in this case - unavailable
324
328
# repo, for example.
325
329
else :
326
- self .fail (" TUF failed to detect expired stale snapshot metadata. Freeze "
327
- " attack successful." )
330
+ self .fail (' TUF failed to detect expired stale snapshot metadata. Freeze'
331
+ ' attack successful.' )
328
332
329
333
330
334
@@ -334,13 +338,14 @@ def test_with_tuf(self):
334
338
# 'timestamp.json' specifies the latest version of the repository files.
335
339
# A client should only accept the same version of this file up to a certain
336
340
# point, or else it cannot detect that new files are available for download.
337
- # Modify the repository's timestamp.json' so that it is about to expire,
341
+ # Modify the repository's ' timestamp.json' so that it is about to expire,
338
342
# copy it over the to client, wait a moment until it expires, and attempt to
339
343
# re-fetch the same expired version.
340
344
341
- # The same scenario as in test_without_tuf() is followed here, except with a
342
- # TUF client. The TUF client performs a refresh of top-level metadata, which
343
- # includes 'timestamp.json'.
345
+ # The same scenario as in test_without_tuf() is followed here, except with
346
+ # a TUF client. The TUF client performs a refresh of top-level metadata,
347
+ # which includes 'timestamp.json', and should detect a freeze attack if
348
+ # the repository serves an outdated 'timestamp.json'.
344
349
345
350
# Modify the timestamp file on the remote repository. 'timestamp.json'
346
351
# must be properly updated and signed with 'repository_tool.py', otherwise
@@ -368,11 +373,11 @@ def test_with_tuf(self):
368
373
shutil .copytree (os .path .join (self .repository_directory , 'metadata.staged' ),
369
374
os .path .join (self .repository_directory , 'metadata' ))
370
375
371
- # Wait just long enough for the timestamp metadata (which is now both on the
372
- # repository and on the client) to expire.
373
- time .sleep ( max (0 , expiry_time - time .time ()) )
376
+ # Wait just long enough for the timestamp metadata (which is now both on
377
+ # the repository and on the client) to expire.
378
+ time .sleep (max (0 , expiry_time - time .time ()))
374
379
375
- # Try to refresh metadata on the client. Since we're already past
380
+ # Try to refresh top-level metadata on the client. Since we're already past
376
381
# 'repository.timestamp.expiration', the TUF client is expected to detect
377
382
# that timestamp metadata is outdated and refuse to continue the update
378
383
# process.
@@ -389,8 +394,8 @@ def test_with_tuf(self):
389
394
self .assertTrue (isinstance (mirror_error , tuf .ExpiredMetadataError ))
390
395
391
396
else :
392
- self .fail (" TUF failed to detect expired stale timestamp metadata. Freeze "
393
- " attack successful." )
397
+ self .fail (' TUF failed to detect expired, stale timestamp metadata.'
398
+ ' Freeze attack successful.' )
394
399
395
400
396
401
if __name__ == '__main__' :
0 commit comments