Feature: Commands to generate signed root metadata.

Test results for features/commands/add_verification_key.pem-encoded.feature

Running behat features/commands/add_verification_key.pem-encoded.feature results in:

@rugged @commands-local @add-verification-key @gitlab-160
Feature: Commands to generate signed root metadata.
  In order to host TUF metadata using an HSM-based root key
  As an administrator
  I need to add verification keys to partial root metadata.

  Background:
    Given I reset Rugged
    And local Rugged directories exist
    And I run the Rugged command "rugged initialize-partial-root-metadata"
    And I generate a complete set of Rugged keys

  Scenario: Add PEM key to root metadata.
    Given I record a reference hash of "/var/rugged/tuf_repo/partial/1.root.json"
    And I record a reference hash of "/var/rugged/tuf_repo/partial/signable-1.root.json"
    When I run the Rugged command "rugged --debug add-verification-key root /var/rugged/tuf_repo/tmp/root_public.pem --key-type=pem"
    Then I should get:
      """
      debug: Adding 'pem' key for 'root' role from: /var/rugged/tuf_repo/tmp/root_public.pem
      debug: Loading PEM-encoded public key from: /var/rugged/tuf_repo/tmp/root_public.pem
      debug: Loaded PEM-encoded public key from: /var/rugged/tuf_repo/tmp/root_public.pem
      """
    And file "/var/rugged/tuf_repo/partial/1.root.json" has changed
    And file "/var/rugged/tuf_repo/partial/signable-1.root.json" has changed
    When I run the Rugged command "rugged show-partial-root-metadata"
    Then I should get:
      """
      Retrieved partial Root metadata for version 1 (1.root.json).
      === METADATA ===
      Expires in 364 days, 23 hours
      === SIGNATURES ===
      Signatures from new keys: 0/1 (Does not satisfy threshold)
      === KEYS ===
      root 1/1:
        type: ed25519
        keyid: 
      === ROLES ===
      root:
        Keys required (to meet signature threshold): 1
        Keys provided: 1
        keyids: 
      snapshot:
        Keys required (to meet signature threshold): 1
        Keys provided: 0
        keyids: No keyids found
      targets:
        Keys required (to meet signature threshold): 1
        Keys provided: 0
        keyids: No keyids found
      timestamp:
        Keys required (to meet signature threshold): 1
        Keys provided: 0
        keyids: No keyids found
      """
    And I should not get:
      """
      signed by:
      root 1/2
      root 2/2
      snapshot 1/1
      targets 1/1
      timestamp 1/1
      """

  Scenario: Add both PEM and TUF keys to root metadata.
    Given I run the Rugged command "rugged add-verification-key root /var/rugged/tuf_repo/tmp/root_public.pem --key-type=pem"
    And I run the Rugged command "rugged add-verification-key root /var/rugged/tuf_repo/tmp/root1_public.pem --key-type=pem"
    And I run the Rugged command "rugged add-verification-key snapshot /var/rugged/verification_keys/snapshot/snapshot.pub"
    And I run the Rugged command "rugged add-verification-key targets /var/rugged/verification_keys/targets/targets.pub"
    And I run the Rugged command "rugged add-verification-key timestamp /var/rugged/verification_keys/timestamp/timestamp.pub"
    When I run the Rugged command "rugged show-partial-root-metadata"
    Then I should get:
      """
      Retrieved partial Root metadata for version 1 (1.root.json).
      === METADATA ===
      Expires in 364 days, 23 hours
      === SIGNATURES ===
      Signatures from new keys: 0/1 (Does not satisfy threshold)
      === KEYS ===
      root 1/2:
        type: ed25519
        keyid: 
      root 2/2:
        type: ed25519
        keyid: 
      snapshot 1/1:
        type: ed25519
        keyid: 
      targets 1/1:
        type: ed25519
        keyid: 
      timestamp 1/1:
        type: ed25519
        keyid: 
      === ROLES ===
      root:
        Keys required (to meet signature threshold): 1
        Keys provided: 2
        keyids: 
      snapshot:
        Keys required (to meet signature threshold): 1
        Keys provided: 1
        keyids: 
      targets:
        Keys required (to meet signature threshold): 1
        Keys provided: 1
        keyids: 
      timestamp:
        Keys required (to meet signature threshold): 1
        Keys provided: 1
        keyids: 
      """
    And I should not get:
      """
      signed by:
      """

2 scenarios (2 passed)
25 steps (25 passed)
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Rugged TUF Server is a trademark of Consensus Enterprises.