add test cases for (1) when there is no local root, (2) there is a local root but no other top-level metadata

Author: hosseinsia

client/client_test.go

@@ -386,11 +386,13 @@ func newClientWithMeta(baseDir string, relPath string, serverAddr string) (*Clie
 	}
 	c := NewClient(MemoryLocalStore(), remote)
 	for _, m := range []string{"root.json", "snapshot.json", "timestamp.json", "targets.json"} {
-		metadataJSON, err := ioutil.ReadFile(initialStateDir + "/" + m)
-		if err != nil {
-			return nil, err
+		if _, err := os.Stat(initialStateDir + "/" + m); err == nil {
+			metadataJSON, err := ioutil.ReadFile(initialStateDir + "/" + m)
+			if err != nil {
+				return nil, err
+			}
+			c.local.SetMeta(m, metadataJSON)
 		}
-		c.local.SetMeta(m, metadataJSON)
 	}
 	return c, nil
 }
@@ -411,6 +413,8 @@ func (s *ClientSuite) TestUpdateRoots(c *C) {
 	}{
 		// Succeeds when there is no root update.
 		{"testdata/Published1Time", nil, map[string]int{"root": 1, "timestamp": 1, "snapshot": 1, "targets": 1}},
+		// Succeeds when client only has root.json
+		{"testdata/Published1Time_client_root_only", nil, map[string]int{"root": 1, "timestamp": 1, "snapshot": 1, "targets": 1}},
 		// Succeeds updating root from version 1 to version 2.
 		{"testdata/Published2Times_keyrotated", nil, map[string]int{"root": 2, "timestamp": 1, "snapshot": 1, "targets": 1}},
 		// Succeeds updating root from version 1 to version 2 when the client's initial root version is expired.
@@ -429,6 +433,8 @@ func (s *ClientSuite) TestUpdateRoots(c *C) {
 		{"testdata/Published1Time_backwardRootVersion", verify.ErrWrongVersion(verify.ErrWrongVersion{Given: 1, Expected: 2}), map[string]int{}},
 		// Fails updating root to 2.root.json when the value of the version field inside it is 3 (rollforward attack prevention).
 		{"testdata/Published3Times_keyrotated_forwardRootVersion", verify.ErrWrongVersion(verify.ErrWrongVersion{Given: 3, Expected: 2}), map[string]int{}},
+		// Fails updating when there is no local trusted root.
+		{"testdata/Published1Time_client_no_root", errors.New("tuf: no root keys found in local meta store"), map[string]int{}},
 
 		// snapshot role key rotation increase the snapshot and timestamp.
 		{"testdata/Published2Times_snapshot_keyrotated", nil, map[string]int{"root": 2, "timestamp": 2, "snapshot": 2, "targets": 1}},

client/testdata/Published1Time_client_no_root/client/metadata/current/1.snapshot.json

@@ -0,0 +1,19 @@
+{
+ "signatures": [
+  {
+   "keyid": "77dfdca206c0fe1b8e55d67d21dd0e195a0998a9d2b56c6d3ee8f68d04c21e93",
+   "sig": "60a5724ac31af58ece866b723ab121a168b9e93f0033a98dd8449e6550f4d897db0329cdb135fd3a016c8c375e4177c16f1f4d3ada550eb6d06a52b5c84fbb07"
+  }
+ ],
+ "signed": {
+  "_type": "snapshot",
+  "expires": "2031-09-14T02:30:57Z",
+  "meta": {
+   "targets.json": {
+    "version": 1
+   }
+  },
+  "spec_version": "1.0.0",
+  "version": 1
+ }
+}

client/testdata/Published1Time_client_no_root/client/metadata/current/1.targets.json

@@ -0,0 +1,19 @@
+{
+ "signatures": [
+  {
+   "keyid": "e4dae3872d28d29f7624a702bfd25f68453544d597229ee9e0a8569d1f940cf4",
+   "sig": "ecb8da4380f992d0d80cbcb78c31c91baf171dad346725fcbf6b1487f52653fc9a2f1ab46a28d32a733a48badbbd316814dcda52cc49cf3bf6fb415403ce7a0a"
+  }
+ ],
+ "signed": {
+  "_type": "targets",
+  "delegations": {
+   "keys": {},
+   "roles": []
+  },
+  "expires": "2031-09-14T02:30:57Z",
+  "spec_version": "1.0.0",
+  "targets": {},
+  "version": 1
+ }
+}

client/testdata/Published1Time_client_no_root/client/metadata/current/1.timestamp.json

@@ -0,0 +1,24 @@
+{
+ "signatures": [
+  {
+   "keyid": "3a05831328273e4b821c3bbe1fed0c5332749d8e071675879af26a401a5c85ae",
+   "sig": "4e4f72264b522cf8e2867fcaf1a6b1463d43bdf58027fb5770b6d611ae68a9f36b93ce5a50f874744ef1d7b72a11ad685f24081511c306fd7118dc60c90bdf08"
+  }
+ ],
+ "signed": {
+  "_type": "timestamp",
+  "expires": "2031-09-14T02:30:57Z",
+  "meta": {
+   "snapshot.json": {
+    "hashes": {
+     "sha256": "195c327842ae9601900016a50d0536a05136bfbf55ddb70657427ae12ed52181",
+     "sha512": "8deed35dcd9d634fcce94c42049829078c15a57d35ee83b15c201b6a0c80111fefba49cca522dedb1d79bc000393bf6c45b72d485f9d027f7c5a3f8922734a5c"
+    },
+    "length": 431,
+    "version": 1
+   }
+  },
+  "spec_version": "1.0.0",
+  "version": 1
+ }
+}

client/testdata/Published1Time_client_no_root/client/metadata/current/snapshot.json

@@ -0,0 +1,19 @@
+{
+ "signatures": [
+  {
+   "keyid": "77dfdca206c0fe1b8e55d67d21dd0e195a0998a9d2b56c6d3ee8f68d04c21e93",
+   "sig": "60a5724ac31af58ece866b723ab121a168b9e93f0033a98dd8449e6550f4d897db0329cdb135fd3a016c8c375e4177c16f1f4d3ada550eb6d06a52b5c84fbb07"
+  }
+ ],
+ "signed": {
+  "_type": "snapshot",
+  "expires": "2031-09-14T02:30:57Z",
+  "meta": {
+   "targets.json": {
+    "version": 1
+   }
+  },
+  "spec_version": "1.0.0",
+  "version": 1
+ }
+}

client/testdata/Published1Time_client_no_root/client/metadata/current/targets.json

@@ -0,0 +1,19 @@
+{
+ "signatures": [
+  {
+   "keyid": "e4dae3872d28d29f7624a702bfd25f68453544d597229ee9e0a8569d1f940cf4",
+   "sig": "ecb8da4380f992d0d80cbcb78c31c91baf171dad346725fcbf6b1487f52653fc9a2f1ab46a28d32a733a48badbbd316814dcda52cc49cf3bf6fb415403ce7a0a"
+  }
+ ],
+ "signed": {
+  "_type": "targets",
+  "delegations": {
+   "keys": {},
+   "roles": []
+  },
+  "expires": "2031-09-14T02:30:57Z",
+  "spec_version": "1.0.0",
+  "targets": {},
+  "version": 1
+ }
+}

client/testdata/Published1Time_client_no_root/client/metadata/current/timestamp.json

@@ -0,0 +1,24 @@
+{
+ "signatures": [
+  {
+   "keyid": "3a05831328273e4b821c3bbe1fed0c5332749d8e071675879af26a401a5c85ae",
+   "sig": "4e4f72264b522cf8e2867fcaf1a6b1463d43bdf58027fb5770b6d611ae68a9f36b93ce5a50f874744ef1d7b72a11ad685f24081511c306fd7118dc60c90bdf08"
+  }
+ ],
+ "signed": {
+  "_type": "timestamp",
+  "expires": "2031-09-14T02:30:57Z",
+  "meta": {
+   "snapshot.json": {
+    "hashes": {
+     "sha256": "195c327842ae9601900016a50d0536a05136bfbf55ddb70657427ae12ed52181",
+     "sha512": "8deed35dcd9d634fcce94c42049829078c15a57d35ee83b15c201b6a0c80111fefba49cca522dedb1d79bc000393bf6c45b72d485f9d027f7c5a3f8922734a5c"
+    },
+    "length": 431,
+    "version": 1
+   }
+  },
+  "spec_version": "1.0.0",
+  "version": 1
+ }
+}

client/testdata/Published1Time_client_no_root/client/metadata/previous/1.root.json

@@ -0,0 +1,87 @@
+{
+ "signatures": [
+  {
+   "keyid": "d4dab4b4d68b91665a6d0dac5b4e64677aa6d853fc787669168b4b4ba9822129",
+   "sig": "257396e371baf489e38653fef8cf0c98d1915a1f61f5bfbb0e3a03bad7c863795b738cdddc6b6899354447cfed0de0f79f8eaeec7acd509322009ee90c49b20d"
+  }
+ ],
+ "signed": {
+  "_type": "root",
+  "consistent_snapshot": true,
+  "expires": "2031-09-14T02:30:57Z",
+  "keys": {
+   "3a05831328273e4b821c3bbe1fed0c5332749d8e071675879af26a401a5c85ae": {
+    "keyid_hash_algorithms": [
+     "sha256",
+     "sha512"
+    ],
+    "keytype": "ed25519",
+    "keyval": {
+     "public": "6bac59b8d9e1aae02fae6fba6e7fe3fc9fe5b4a9fe98c3fca255d8c8ec3e5b35"
+    },
+    "scheme": "ed25519"
+   },
+   "77dfdca206c0fe1b8e55d67d21dd0e195a0998a9d2b56c6d3ee8f68d04c21e93": {
+    "keyid_hash_algorithms": [
+     "sha256",
+     "sha512"
+    ],
+    "keytype": "ed25519",
+    "keyval": {
+     "public": "6400d770c7c1bce4b3d59ce0079ed686e843b6500bbea77d869a1ae7df4565a1"
+    },
+    "scheme": "ed25519"
+   },
+   "d4dab4b4d68b91665a6d0dac5b4e64677aa6d853fc787669168b4b4ba9822129": {
+    "keyid_hash_algorithms": [
+     "sha256",
+     "sha512"
+    ],
+    "keytype": "ed25519",
+    "keyval": {
+     "public": "28bf74baa87ed923f8fa27e3292684f8ec4730ce0bdc65150ed58199206ce089"
+    },
+    "scheme": "ed25519"
+   },
+   "e4dae3872d28d29f7624a702bfd25f68453544d597229ee9e0a8569d1f940cf4": {
+    "keyid_hash_algorithms": [
+     "sha256",
+     "sha512"
+    ],
+    "keytype": "ed25519",
+    "keyval": {
+     "public": "e6ae9d3b67d7b3ce274130291dd90287f32b8fd72bfb4ac5430859ebd1c28a46"
+    },
+    "scheme": "ed25519"
+   }
+  },
+  "roles": {
+   "root": {
+    "keyids": [
+     "d4dab4b4d68b91665a6d0dac5b4e64677aa6d853fc787669168b4b4ba9822129"
+    ],
+    "threshold": 1
+   },
+   "snapshot": {
+    "keyids": [
+     "77dfdca206c0fe1b8e55d67d21dd0e195a0998a9d2b56c6d3ee8f68d04c21e93"
+    ],
+    "threshold": 1
+   },
+   "targets": {
+    "keyids": [
+     "e4dae3872d28d29f7624a702bfd25f68453544d597229ee9e0a8569d1f940cf4"
+    ],
+    "threshold": 1
+   },
+   "timestamp": {
+    "keyids": [
+     "3a05831328273e4b821c3bbe1fed0c5332749d8e071675879af26a401a5c85ae"
+    ],
+    "threshold": 1
+   }
+  },
+  "spec_version": "1.0.0",
+  "version": 1
+ }
+}

client/testdata/Published1Time_client_no_root/client/metadata/previous/1.snapshot.json

@@ -0,0 +1,19 @@
+{
+ "signatures": [
+  {
+   "keyid": "77dfdca206c0fe1b8e55d67d21dd0e195a0998a9d2b56c6d3ee8f68d04c21e93",
+   "sig": "60a5724ac31af58ece866b723ab121a168b9e93f0033a98dd8449e6550f4d897db0329cdb135fd3a016c8c375e4177c16f1f4d3ada550eb6d06a52b5c84fbb07"
+  }
+ ],
+ "signed": {
+  "_type": "snapshot",
+  "expires": "2031-09-14T02:30:57Z",
+  "meta": {
+   "targets.json": {
+    "version": 1
+   }
+  },
+  "spec_version": "1.0.0",
+  "version": 1
+ }
+}

client/testdata/Published1Time_client_no_root/client/metadata/previous/1.targets.json

@@ -0,0 +1,19 @@
+{
+ "signatures": [
+  {
+   "keyid": "e4dae3872d28d29f7624a702bfd25f68453544d597229ee9e0a8569d1f940cf4",
+   "sig": "ecb8da4380f992d0d80cbcb78c31c91baf171dad346725fcbf6b1487f52653fc9a2f1ab46a28d32a733a48badbbd316814dcda52cc49cf3bf6fb415403ce7a0a"
+  }
+ ],
+ "signed": {
+  "_type": "targets",
+  "delegations": {
+   "keys": {},
+   "roles": []
+  },
+  "expires": "2031-09-14T02:30:57Z",
+  "spec_version": "1.0.0",
+  "targets": {},
+  "version": 1
+ }
+}