From 8c6e1575195bd7cbd11b179f942f6cdd0c2c7c84 Mon Sep 17 00:00:00 2001 From: Martin Vrachev Date: Wed, 10 Nov 2021 15:51:16 +0200 Subject: [PATCH] Tests: test_api split test_sign_verify() test_sign_verify() is testing too many cases and after the recent pylint warning about the usage of too many local variables it became clear it's time to split this test function. I decided to split it logically as half of the function was about failures connected with verify. Signed-off-by: Martin Vrachev --- tests/test_api.py | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/tests/test_api.py b/tests/test_api.py index 654b4b69b3..f309635376 100755 --- a/tests/test_api.py +++ b/tests/test_api.py @@ -203,21 +203,36 @@ def test_sign_verify(self): with self.assertRaises(exceptions.UnsignedMetadataError): targets_key.verify_signature(md_obj) - # Test failure on unknown scheme (securesystemslib UnsupportedAlgorithmError) + def test_verify_failures(self): + root_path = os.path.join(self.repo_dir, "metadata", "root.json") + root = Metadata[Root].from_file(root_path).signed + + # Locate the timestamp public key we need from root + timestamp_keyid = next(iter(root.roles["timestamp"].keyids)) + timestamp_key = root.keys[timestamp_keyid] + + # Load sample metadata (timestamp) + path = os.path.join(self.repo_dir, "metadata", "timestamp.json") + md_obj = Metadata.from_file(path) + + # Test failure on unknown scheme (securesystemslib + # UnsupportedAlgorithmError) scheme = timestamp_key.scheme timestamp_key.scheme = "foo" with self.assertRaises(exceptions.UnsignedMetadataError): timestamp_key.verify_signature(md_obj) timestamp_key.scheme = scheme - # Test failure on broken public key data (securesystemslib CryptoError) + # Test failure on broken public key data (securesystemslib + # CryptoError) public = timestamp_key.keyval["public"] timestamp_key.keyval["public"] = "ffff" with self.assertRaises(exceptions.UnsignedMetadataError): timestamp_key.verify_signature(md_obj) timestamp_key.keyval["public"] = public - # Test failure with invalid signature (securesystemslib FormatError) + # Test failure with invalid signature (securesystemslib + # FormatError) sig = md_obj.signatures[timestamp_keyid] correct_sig = sig.signature sig.signature = "foo"