Add tests to make sure the top level targets 'delegation' edge has as…

…sociated keys. Make NewDelegationsIterator return an error if the passed DB is missing the top level targets role
theupdateframework · Mar 7, 2022 · fcba89a · fcba89a
1 parent 0db8ee7
commit fcba89a
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 18 deletions.
diff --git a/client/delegations.go b/client/delegations.go
@@ -20,7 +20,11 @@ func (c *Client) getTargetFileMeta(target string) (data.TargetFileMeta, error) {
 	// - filter delegations with paths or path_hash_prefixes matching searched target
 	// - 5.6.7.1 cycles protection
 	// - 5.6.7.2 terminations
-	delegations := targets.NewDelegationsIterator(target, c.db)
+	delegations, err := targets.NewDelegationsIterator(target, c.db)
+	if err != nil {
+		return data.TargetFileMeta{}, err
+	}
+
 	for i := 0; i < c.MaxDelegations; i++ {
 		d, ok := delegations.Next()
 		if !ok {

diff --git a/pkg/targets/delegation.go b/pkg/targets/delegation.go
@@ -4,6 +4,7 @@ import (
 	"errors"
 
 	"github.com/theupdateframework/go-tuf/data"
+	"github.com/theupdateframework/go-tuf/internal/sets"
 	"github.com/theupdateframework/go-tuf/verify"
 )
 
@@ -23,21 +24,20 @@ var ErrTopLevelTargetsRoleMissing = errors.New("tuf: top level targets role miss
 
 // NewDelegationsIterator initialises an iterator with a first step
 // on top level targets.
-func NewDelegationsIterator(target string, topLevelKeysDB *verify.DB) *delegationsIterator {
-	// role := topLevelKeysDB.GetRole("targets")
-	keyIDs := []string{}
-
-	// if role != nil {
-	// 	keyIDs = sets.StringSetToSlice(role.KeyIDs)
-	// }
+func NewDelegationsIterator(target string, topLevelKeysDB *verify.DB) (*delegationsIterator, error) {
+	targetsRole := topLevelKeysDB.GetRole("targets")
+	if targetsRole == nil {
+		return nil, ErrTopLevelTargetsRoleMissing
+	}
 
 	i := &delegationsIterator{
 		target: target,
 		stack: []Delegation{
 			{
 				Delegatee: data.DelegatedRole{
-					Name:   "targets",
-					KeyIDs: keyIDs,
+					Name:      "targets",
+					KeyIDs:    sets.StringSetToSlice(targetsRole.KeyIDs),
+					Threshold: targetsRole.Threshold,
 				},
 				DB: topLevelKeysDB,
 			},

diff --git a/pkg/targets/delegation_test.go b/pkg/targets/delegation_test.go
@@ -14,7 +14,20 @@ var (
 )
 
 func TestDelegationsIterator(t *testing.T) {
-	defaultKeyIDs := []string{"26b878ad73362774b8b69dd4fdeb2cc6a2688e4133ed5ace9e18a06e9d998a6d"}
+	topTargetsPubKey := &data.PublicKey{
+		Type:       data.KeyTypeEd25519,
+		Scheme:     data.KeySchemeEd25519,
+		Algorithms: data.HashAlgorithms,
+		Value:      []byte(`{"public":"aaaaec567e5901ba3976c34f7cd5169704292439bf71e6aa19c64b96706f95ef"}`),
+	}
+	delTargetsPubKey := &data.PublicKey{
+		Type:       data.KeyTypeEd25519,
+		Scheme:     data.KeySchemeEd25519,
+		Algorithms: data.HashAlgorithms,
+		Value:      []byte(`{"public":"bbbbec567e5901ba3976c34f7cd5169704292439bf71e6aa19c64b96706f95ef"}`),
+	}
+
+	defaultKeyIDs := delTargetsPubKey.IDs()
 	var iteratorTests = []struct {
 		testName    string
 		roles       map[string][]data.DelegatedRole
@@ -188,16 +201,15 @@ func TestDelegationsIterator(t *testing.T) {
 
 	for _, tt := range iteratorTests {
 		t.Run(tt.testName, func(t *testing.T) {
-			flattened := []data.DelegatedRole{}
-			for _, roles := range tt.roles {
-				flattened = append(flattened, roles...)
-			}
-			db, err := verify.NewDBFromDelegations(&data.Delegations{
-				Roles: flattened,
+			topLevelDB := verify.NewDB()
+			topLevelDB.AddKey(topTargetsPubKey.IDs()[0], topTargetsPubKey)
+			topLevelDB.AddRole("targets", &data.Role{
+				KeyIDs:    topTargetsPubKey.IDs(),
+				Threshold: 1,
 			})
 
+			d, err := NewDelegationsIterator(tt.file, topLevelDB)
 			assert.NoError(t, err)
-			d := NewDelegationsIterator(tt.file, db)
 
 			var iterationOrder []string
 			for {