Add client method for initializing from root metadata (#210)

* Add client method for initializing from root metadata

This will allow users of go-tuf to initialize a client
without requiring a remote connection. This is useful
for when a root has been updated and the local root
verification keys can no longer verify the the latest
remote root, except by verifying the chain with
client.Update().

Ref #208

Signed-off-by: Hayden Blauzvern <[email protected]>

* Prefer InitLocal over Init in client and tests

Signed-off-by: Hayden Blauzvern <[email protected]>

Author: haydentherapper

client/client.go

@@ -111,6 +111,8 @@ func NewClient(local LocalStore, remote RemoteStore) *Client {
 // The latest root.json is fetched from remote storage, verified using rootKeys
 // and threshold, and then saved in local storage. It is expected that rootKeys
 // were securely distributed with the software being updated.
+//
+// Deprecated: Use c.InitLocal and c.Update to initialize a local repository.
 func (c *Client) Init(rootKeys []*data.PublicKey, threshold int) error {
 	if len(rootKeys) < threshold {
 		return ErrInsufficientKeys
@@ -147,6 +149,20 @@ func (c *Client) Init(rootKeys []*data.PublicKey, threshold int) error {
 	return c.local.SetMeta("root.json", rootJSON)
 }
 
+// InitLocal initializes a local repository from root metadata.
+//
+// The root's keys are extracted from the root and saved in local storage.
+// Root expiration is not checked.
+// It is expected that rootJSON was securely distributed with the software
+// being updated.
+func (c *Client) InitLocal(rootJSON []byte) error {
+	err := c.loadAndVerifyRootMeta(rootJSON, true /*ignoreExpiredCheck*/)
+	if err != nil {
+		return err
+	}
+	return c.local.SetMeta("root.json", rootJSON)
+}
+
 // Update downloads and verifies remote metadata and returns updated targets.
 // It always performs root update (5.2 and 5.3) section of the v1.0.19 spec.
 //
@@ -430,6 +446,12 @@ func (c *Client) loadAndVerifyLocalRootMeta(ignoreExpiredCheck bool) error {
 	if !ok {
 		return ErrNoRootKeys
 	}
+	return c.loadAndVerifyRootMeta(rootJSON, ignoreExpiredCheck)
+}
+
+// loadAndVerifyRootMeta decodes and verifies root metadata and loads the top-level keys.
+// This method first clears the DB for top-level keys and then loads the new keys.
+func (c *Client) loadAndVerifyRootMeta(rootJSON []byte, ignoreExpiredCheck bool) error {
 	// unmarshal root.json without verifying as we need the root
 	// keys first
 	s := &data.Signed{}

client/client_test.go

@@ -280,6 +280,50 @@ func (s *ClientSuite) TestInit(c *C) {
 	c.Assert(err, IsNil)
 }
 
+func (s *ClientSuite) TestInitLocalAllowsExpired(c *C) {
+	s.genKeyExpired(c, "targets")
+	c.Assert(s.repo.Snapshot(), IsNil)
+	c.Assert(s.repo.Timestamp(), IsNil)
+	c.Assert(s.repo.Commit(), IsNil)
+	s.syncRemote(c)
+	client := NewClient(MemoryLocalStore(), s.remote)
+	bytes, err := io.ReadAll(s.remote.meta["root.json"])
+	c.Assert(err, IsNil)
+	s.withMetaExpired(func() {
+		c.Assert(client.InitLocal(bytes), IsNil)
+	})
+}
+
+func (s *ClientSuite) TestInitLocal(c *C) {
+	client := NewClient(MemoryLocalStore(), s.remote)
+	bytes, err := io.ReadAll(s.remote.meta["root.json"])
+	c.Assert(err, IsNil)
+	dataSigned := &data.Signed{}
+	c.Assert(json.Unmarshal(bytes, dataSigned), IsNil)
+	root := &data.Root{}
+	c.Assert(json.Unmarshal(dataSigned.Signed, root), IsNil)
+
+	// check Update() returns ErrNoRootKeys when uninitialized
+	_, err = client.Update()
+	c.Assert(err, Equals, ErrNoRootKeys)
+
+	// check InitLocal() returns ErrInvalid when the root's signature is
+	// invalid
+	// modify root and marshal without regenerating signatures
+	root.Version = root.Version + 1
+	rootBytes, err := json.Marshal(root)
+	c.Assert(err, IsNil)
+	dataSigned.Signed = rootBytes
+	dataBytes, err := json.Marshal(dataSigned)
+	c.Assert(err, IsNil)
+	c.Assert(client.InitLocal(dataBytes), Equals, verify.ErrInvalid)
+
+	// check Update() does not return ErrNoRootKeys after initialization
+	c.Assert(client.InitLocal(bytes), IsNil)
+	_, err = client.Update()
+	c.Assert(err, IsNil)
+}
+
 func (s *ClientSuite) TestFirstUpdate(c *C) {
 	files, err := s.newClient(c).Update()
 	c.Assert(err, IsNil)

client/delegations_test.go

@@ -268,19 +268,7 @@ func initTestDelegationClient(t *testing.T, dirPrefix string) (*Client, func() e
 	c := NewClient(MemoryLocalStore(), remote)
 	rawFile, err := ioutil.ReadFile(initialStateDir + "/" + "root.json")
 	assert.Nil(t, err)
-	s := &data.Signed{}
-	root := &data.Root{}
-	assert.Nil(t, json.Unmarshal(rawFile, s))
-	assert.Nil(t, json.Unmarshal(s.Signed, root))
-	var keys []*data.PublicKey
-	for _, sig := range s.Signatures {
-		k, ok := root.Keys[sig.KeyID]
-		if ok {
-			keys = append(keys, k)
-		}
-	}
-
-	assert.Nil(t, c.Init(keys, 1))
+	assert.Nil(t, c.InitLocal(rawFile))
 	files, err := ioutil.ReadDir(initialStateDir)
 	assert.Nil(t, err)
 

client/interop_test.go

@@ -2,16 +2,15 @@ package client
 
 import (
 	"bytes"
-	"encoding/json"
 	"fmt"
+	"io"
 	"io/ioutil"
 	"net"
 	"net/http"
 	"os"
 	"path/filepath"
 	"strconv"
 
-	"github.com/theupdateframework/go-tuf/data"
 	"github.com/theupdateframework/go-tuf/util"
 	. "gopkg.in/check.v1"
 
@@ -150,9 +149,12 @@ func (t *testCase) runStep(c *C, stepName string) {
 	c.Assert(err, IsNil)
 
 	client := NewClient(t.local, remote)
-	// initiate a client with the root keys
-	keys := getKeys(c, remote)
-	c.Assert(client.Init(keys, 1), IsNil)
+	// initiate a client with the root metadata
+	ioReader, _, err := remote.GetMeta("root.json")
+	c.Assert(err, IsNil)
+	rootJsonBytes, err := io.ReadAll(ioReader)
+	c.Assert(err, IsNil)
+	c.Assert(client.InitLocal(rootJsonBytes), IsNil)
 
 	// check update returns the correct updated targets
 	files, err := client.Update()
@@ -191,31 +193,3 @@ func startFileServer(c *C, dir string) (string, func() error) {
 	go http.Serve(l, http.FileServer(http.Dir(dir)))
 	return addr, l.Close
 }
-
-func getKeys(c *C, remote RemoteStore) []*data.PublicKey {
-	r, _, err := remote.GetMeta("root.json")
-	c.Assert(err, IsNil)
-
-	type SignedRoot struct {
-		Signed data.Root
-	}
-	root := &SignedRoot{}
-	err = json.NewDecoder(r).Decode(&root)
-	c.Assert(err, IsNil)
-
-	rootRole, exists := root.Signed.Roles["root"]
-	c.Assert(exists, Equals, true)
-
-	rootKeys := []*data.PublicKey{}
-
-	for _, keyID := range rootRole.KeyIDs {
-		key, exists := root.Signed.Keys[keyID]
-		c.Assert(exists, Equals, true)
-
-		rootKeys = append(rootKeys, key)
-	}
-
-	c.Assert(rootKeys, Not(HasLen), 0)
-
-	return rootKeys
-}

client/python_interop/python_interop_test.go

@@ -2,7 +2,6 @@ package client
 
 import (
 	"bytes"
-	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net"
@@ -14,10 +13,7 @@ import (
 
 	tuf "github.com/theupdateframework/go-tuf"
 	client "github.com/theupdateframework/go-tuf/client"
-	"github.com/theupdateframework/go-tuf/data"
-	"github.com/theupdateframework/go-tuf/pkg/keys"
 	"github.com/theupdateframework/go-tuf/util"
-	"golang.org/x/crypto/ed25519"
 	. "gopkg.in/check.v1"
 )
 
@@ -59,17 +55,11 @@ func (InteropSuite) TestGoClientPythonGenerated(c *C) {
 		)
 		c.Assert(err, IsNil)
 
-		// initiate a client with the root keys
-		f, err := os.Open(filepath.Join(testDataDir, dir, "keystore", "root_key.pub"))
-		c.Assert(err, IsNil)
-		key := &data.PublicKey{}
-		c.Assert(json.NewDecoder(f).Decode(key), IsNil)
-		c.Assert(key.Type, Equals, "ed25519")
-		pk, err := keys.GetVerifier(key)
-		c.Assert(err, IsNil)
-		c.Assert(pk.Public(), HasLen, ed25519.PublicKeySize)
+		// initiate a client with the root metadata
 		client := client.NewClient(client.MemoryLocalStore(), remote)
-		c.Assert(client.Init([]*data.PublicKey{key}, 1), IsNil)
+		rootJSON, err := ioutil.ReadFile(filepath.Join(testDataDir, dir, "repository", "metadata", "root.json"))
+		c.Assert(err, IsNil)
+		c.Assert(client.InitLocal(rootJSON), IsNil)
 
 		// check update returns the correct updated targets
 		files, err := client.Update()

cmd/tuf-client/init.go

@@ -1,28 +1,26 @@
 package main
 
 import (
-	"encoding/json"
 	"io"
 	"os"
 
 	"github.com/flynn/go-docopt"
 	tuf "github.com/theupdateframework/go-tuf/client"
-	"github.com/theupdateframework/go-tuf/data"
 )
 
 func init() {
 	register("init", cmdInit, `
-usage: tuf-client init [-s|--store=<path>] <url> [<root-keys-file>]
+usage: tuf-client init [-s|--store=<path>] <url> [<root-metadata-file>]
 
 Options:
   -s <path>    The path to the local file store [default: tuf.db]
 
-Initialize the local file store with root keys.
+Initialize the local file store with root metadata.
   `)
 }
 
 func cmdInit(args *docopt.Args, client *tuf.Client) error {
-	file := args.String["<root-keys-file>"]
+	file := args.String["<root-metadata-file>"]
 	var in io.Reader
 	if file == "" || file == "-" {
 		in = os.Stdin
@@ -33,9 +31,9 @@ func cmdInit(args *docopt.Args, client *tuf.Client) error {
 			return err
 		}
 	}
-	var rootKeys []*data.PublicKey
-	if err := json.NewDecoder(in).Decode(&rootKeys); err != nil {
+	bytes, err := io.ReadAll(in)
+	if err != nil {
 		return err
 	}
-	return client.Init(rootKeys, len(rootKeys))
+	return client.InitLocal(bytes)
 }