go-tuf delegation test script

main.go

package main

import (
	"os"
	"os/exec"
	"path"

	"github.com/theupdateframework/go-tuf"
	"github.com/theupdateframework/go-tuf/data"
	"github.com/theupdateframework/go-tuf/pkg/keys"
)

func main() {
	dir, err := os.MkdirTemp("", "")
	if err != nil {
		panic(err)
	}

	cmd := exec.Command("open", dir)
	err = cmd.Run()
	if err != nil {
		panic(err)
	}

	store := tuf.FileSystemStore(dir, nil)
	r, err := tuf.NewRepoIndent(store, "", "  ")
	if err != nil {
		panic(err)
	}

	err = r.Init(true)
	if err != nil {
		panic(err)
	}

	roles := []string{
		"root", "snapshot", "timestamp", "targets",
	}
	for _, role := range roles {
		_, err = r.GenKey(role)
		if err != nil {
			panic(err)
		}
	}

	binsKey, err := keys.GenerateEd25519Key()
	if err != nil {
		panic(err)
	}
	err = store.SaveSigner("bins", binsKey)
	if err != nil {
		panic(err)
	}

	leafKey, err := keys.GenerateEd25519Key()
	if err != nil {
		panic(err)
	}
	err = store.SaveSigner("leaf", leafKey)
	if err != nil {
		panic(err)
	}

	err = r.AddTargets(nil, nil)
	if err != nil {
		panic(err)
	}

	testKey, err := keys.GenerateEd25519Key()
	if err != nil {
		panic(err)
	}
	err = store.SaveSigner("test", testKey)
	if err != nil {
		panic(err)
	}

	err = r.AddTargetsDelegation("targets", data.DelegatedRole{
		Name:      "test",
		KeyIDs:    testKey.PublicData().IDs(),
		Paths:     []string{"testing/*.txt"},
		Threshold: 1,
	}, []*data.PublicKey{
		testKey.PublicData(),
	})
	if err != nil {
		panic(err)
	}

	store = tuf.FileSystemStore(dir, nil)
	r, err = tuf.NewRepoIndent(store, "", "  ")
	if err != nil {
		panic(err)
	}

	stagedTargets := path.Join(dir, "staged/targets")

	// Currently this fails with "no delegated target for path A.txt" since there
	// is no explicit delegation for A.txt, but I think it should work -- the
	// top-level targets should sign A.txt.
	// aPath := "A.txt"
	// err = os.WriteFile(path.Join(stagedTargets, aPath), []byte("hello world - A"), 0755)
	// if err != nil {
	// 	panic(err)
	// }

	// err = r.AddTarget(aPath, nil)
	// if err != nil {
	// 	panic(err)
	// }

	err = os.MkdirAll(path.Join(stagedTargets, "testing"), 0755)
	if err != nil {
		panic(err)
	}

	bPath := "testing/B.txt"
	err = os.WriteFile(path.Join(stagedTargets, bPath), []byte("hello world - B"), 0755)
	if err != nil {
		panic(err)
	}

	err = r.AddTarget(bPath, nil)
	if err != nil {
		panic(err)
	}

	err = r.Snapshot()
	if err != nil {
		panic(err)
	}

	err = r.Timestamp()
	if err != nil {
		panic(err)
	}

	err = r.Commit()
	if err != nil {
		panic(err)
	}

	err = r.AddTargetsDelegation("targets", data.DelegatedRole{
		Name:      "bins",
		KeyIDs:    binsKey.PublicData().IDs(),
		Paths:     []string{"*.txt"},
		Threshold: 1,
	}, []*data.PublicKey{
		binsKey.PublicData(),
	})
	if err != nil {
		panic(err)
	}

	err = r.AddTargetsDelegationsForPathHashBins("bins", "bins_", 3, []*data.PublicKey{leafKey.PublicData()}, 1)
	if err != nil {
		panic(err)
	}

	cPath := "C.txt"
	err = os.WriteFile(path.Join(stagedTargets, cPath), []byte("hello world - C"), 0755)
	if err != nil {
		panic(err)
	}

	err = r.AddTarget(cPath, nil)
	if err != nil {
		panic(err)
	}

	err = r.Snapshot()
	if err != nil {
		panic(err)
	}

	err = r.Timestamp()
	if err != nil {
		panic(err)
	}

	err = r.Commit()
	if err != nil {
		panic(err)
	}
}