rdimitrov · rdimitrov · Jul 25, 2023 · Jun 15, 2023 · Jun 15, 2023 · Jun 15, 2023
diff --git a/metadata/metadata_api_test.go b/metadata/metadata_api_test.go
diff --git a/metadata/metadata_test.go b/metadata/metadata_test.go
@@ -12,13 +12,32 @@
 package metadata
 
 import (
+	"crypto/ed25519"
+	"crypto/sha256"
 	"encoding/json"
+	"fmt"
+	"os"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
 )
 
+var testRootBytes = []byte("{\"signatures\":[{\"keyid\":\"roothash\",\"sig\":\"1307990e6ba5ca145eb35e99182a9bec46531bc54ddf656a602c780fa0240dee\"}],\"signed\":{\"_type\":\"root\",\"consistent_snapshot\":true,\"expires\":\"2030-08-15T14:30:45.0000001Z\",\"keys\":{\"roothash\":{\"keytype\":\"ed25519\",\"keyval\":{\"public\":\"pubrootval\"},\"scheme\":\"ed25519\"},\"snapshothash\":{\"keytype\":\"ed25519\",\"keyval\":{\"public\":\"pubsval\"},\"scheme\":\"ed25519\"},\"targetshash\":{\"keytype\":\"ed25519\",\"keyval\":{\"public\":\"pubtrval\"},\"scheme\":\"ed25519\"},\"timestamphash\":{\"keytype\":\"ed25519\",\"keyval\":{\"public\":\"pubtmval\"},\"scheme\":\"ed25519\"}},\"roles\":{\"root\":{\"keyids\":[\"roothash\"],\"threshold\":1},\"snapshot\":{\"keyids\":[\"snapshothash\"],\"threshold\":1},\"targets\":{\"keyids\":[\"targetshash\"],\"threshold\":1},\"timestamp\":{\"keyids\":[\"timestamphash\"],\"threshold\":1}},\"spec_version\":\"1.0.31\",\"version\":1}}")
+
+const TEST_REPOSITORY_DATA = "../testutils/repository_data/repository/metadata"
+
+var fixedExpire = time.Date(2030, 8, 15, 14, 30, 45, 100, time.UTC)
+
+func getSignatureByKeyID(signatures []Signature, keyID string) HexBytes {
+	for _, sig := range signatures {
+		if sig.KeyID == keyID {
+			return sig.Signature
+		}
+	}
+	return []byte{}
+}
+
 func TestDefaultValuesRoot(t *testing.T) {
 	// without setting expiration
 	meta := Root()
@@ -335,32 +354,29 @@ func TestIsExpiredTargets(t *testing.T) {
 }
 
 func TestUnrecognizedFieldRolesSigned(t *testing.T) {
-	// fixed expire
-	expire := time.Date(2030, 8, 15, 14, 30, 45, 100, time.UTC)
-
 	// unrecognized field to test
 	// added to the Signed portion of each role type
 	testUnrecognizedField := map[string]any{"test": "true"}
 
-	root := Root(expire)
+	root := Root(fixedExpire)
 	root.Signed.UnrecognizedFields = testUnrecognizedField
 	rootJSON, err := root.ToBytes(false)
 	assert.NoError(t, err)
 	assert.Equal(t, []byte("{\"signatures\":[],\"signed\":{\"_type\":\"root\",\"consistent_snapshot\":true,\"expires\":\"2030-08-15T14:30:45.0000001Z\",\"keys\":{},\"roles\":{\"root\":{\"keyids\":[],\"threshold\":1},\"snapshot\":{\"keyids\":[],\"threshold\":1},\"targets\":{\"keyids\":[],\"threshold\":1},\"timestamp\":{\"keyids\":[],\"threshold\":1}},\"spec_version\":\"1.0.31\",\"test\":\"true\",\"version\":1}}"), rootJSON)
 
-	targets := Targets(expire)
+	targets := Targets(fixedExpire)
 	targets.Signed.UnrecognizedFields = testUnrecognizedField
 	targetsJSON, err := targets.ToBytes(false)
 	assert.NoError(t, err)
 	assert.Equal(t, []byte("{\"signatures\":[],\"signed\":{\"_type\":\"targets\",\"expires\":\"2030-08-15T14:30:45.0000001Z\",\"spec_version\":\"1.0.31\",\"targets\":{},\"test\":\"true\",\"version\":1}}"), targetsJSON)
 
-	snapshot := Snapshot(expire)
+	snapshot := Snapshot(fixedExpire)
 	snapshot.Signed.UnrecognizedFields = testUnrecognizedField
 	snapshotJSON, err := snapshot.ToBytes(false)
 	assert.NoError(t, err)
 	assert.Equal(t, []byte("{\"signatures\":[],\"signed\":{\"_type\":\"snapshot\",\"expires\":\"2030-08-15T14:30:45.0000001Z\",\"meta\":{\"targets.json\":{\"version\":1}},\"spec_version\":\"1.0.31\",\"test\":\"true\",\"version\":1}}"), snapshotJSON)
 
-	timestamp := Timestamp(expire)
+	timestamp := Timestamp(fixedExpire)
 	timestamp.Signed.UnrecognizedFields = testUnrecognizedField
 	timestampJSON, err := timestamp.ToBytes(false)
 	assert.NoError(t, err)
@@ -381,14 +397,11 @@ func TestUnrecognizedFieldGenericMetadata(t *testing.T) {
 	assert.Equal(t, []byte("{\"signatures\":[],\"signed\":{\"_type\":\"root\",\"consistent_snapshot\":true,\"expires\":\"2030-08-15T14:30:45.0000001Z\",\"keys\":{},\"roles\":{\"root\":{\"keyids\":[],\"threshold\":1},\"snapshot\":{\"keyids\":[],\"threshold\":1},\"targets\":{\"keyids\":[],\"threshold\":1},\"timestamp\":{\"keyids\":[],\"threshold\":1}},\"spec_version\":\"1.0.31\",\"version\":1},\"test\":\"true\"}"), rootJSON)
 }
 func TestTargetFilesCustomField(t *testing.T) {
-	// fixed expire
-	expire := time.Date(2030, 8, 15, 14, 30, 45, 100, time.UTC)
-
 	// custom JSON to test
 	testCustomJSON := json.RawMessage([]byte(`{"test":true}`))
 
 	// create a targets metadata
-	targets := Targets(expire)
+	targets := Targets(fixedExpire)
 	assert.NotNil(t, targets)
 
 	// create a targetfile with the custom JSON
@@ -401,3 +414,259 @@ func TestTargetFilesCustomField(t *testing.T) {
 	assert.NoError(t, err)
 	assert.Equal(t, []byte("{\"signatures\":[],\"signed\":{\"_type\":\"targets\",\"expires\":\"2030-08-15T14:30:45.0000001Z\",\"spec_version\":\"1.0.31\",\"targets\":{\"testTarget\":{\"custom\":{\"test\":true},\"hashes\":{},\"length\":0}},\"version\":1}}"), targetsJSON)
 }
+
+func TestFromBytes(t *testing.T) {
+	root := Root(fixedExpire)
+	assert.Equal(t, fixedExpire, root.Signed.Expires)
+
+	_, err := root.FromBytes(testRootBytes)
+	assert.NoError(t, err)
+
+	assert.Equal(t, fixedExpire, root.Signed.Expires)
+	assert.Equal(t, fixedExpire, root.Signed.Expires)
+	assert.Equal(t, ROOT, root.Signed.Type)
+	assert.True(t, root.Signed.ConsistentSnapshot)
+
+	assert.Equal(t, 4, len(root.Signed.Keys))
+	assert.Contains(t, root.Signed.Roles, ROOT)
+	assert.Equal(t, 1, root.Signed.Roles[ROOT].Threshold)
+	assert.NotEmpty(t, root.Signed.Roles[ROOT].KeyIDs)
+	assert.Contains(t, root.Signed.Keys, root.Signed.Roles[ROOT].KeyIDs[0])
+	assert.Equal(t, "roothash", root.Signed.Roles[ROOT].KeyIDs[0])
+
+	assert.Contains(t, root.Signed.Roles, SNAPSHOT)
+	assert.Equal(t, 1, root.Signed.Roles[SNAPSHOT].Threshold)
+	assert.NotEmpty(t, root.Signed.Roles[SNAPSHOT].KeyIDs)
+	assert.Contains(t, root.Signed.Keys, root.Signed.Roles[SNAPSHOT].KeyIDs[0])
+	assert.Equal(t, "snapshothash", root.Signed.Roles[SNAPSHOT].KeyIDs[0])
+
+	assert.Contains(t, root.Signed.Roles, TARGETS)
+	assert.Equal(t, 1, root.Signed.Roles[TARGETS].Threshold)
+	assert.NotEmpty(t, root.Signed.Roles[TARGETS].KeyIDs)
+	assert.Contains(t, root.Signed.Keys, root.Signed.Roles[TARGETS].KeyIDs[0])
+	assert.Equal(t, "targetshash", root.Signed.Roles[TARGETS].KeyIDs[0])
+
+	assert.Contains(t, root.Signed.Roles, TIMESTAMP)
+	assert.Equal(t, 1, root.Signed.Roles[TIMESTAMP].Threshold)
+	assert.NotEmpty(t, root.Signed.Roles[TIMESTAMP].KeyIDs)
+	assert.Contains(t, root.Signed.Keys, root.Signed.Roles[TIMESTAMP].KeyIDs[0])
+	assert.Equal(t, "timestamphash", root.Signed.Roles[TIMESTAMP].KeyIDs[0])
+
+	assert.Equal(t, int64(1), root.Signed.Version)
+	assert.NotEmpty(t, root.Signatures)
+	assert.Equal(t, "roothash", root.Signatures[0].KeyID)
+	data := []byte("some data")
+	h32 := sha256.Sum256(data)
+	h := h32[:]
+	assert.Equal(t, HexBytes(h), root.Signatures[0].Signature)
+}
+
+func TestToByte(t *testing.T) {
+	rootBytesExpireStr := "2030-08-15T14:30:45.0000001Z"
+	rootBytesExpire, err := time.Parse(time.RFC3339, rootBytesExpireStr)
+	assert.NoError(t, err)
+
+	root := Root(rootBytesExpire)
+	root.Signed.Keys["roothash"] = &Key{Type: "ed25519", Value: KeyVal{PublicKey: "pubrootval"}, Scheme: "ed25519"}
+	root.Signed.Keys["snapshothash"] = &Key{Type: "ed25519", Value: KeyVal{PublicKey: "pubsval"}, Scheme: "ed25519"}
+	root.Signed.Keys["targetshash"] = &Key{Type: "ed25519", Value: KeyVal{PublicKey: "pubtrval"}, Scheme: "ed25519"}
+	root.Signed.Keys["timestamphash"] = &Key{Type: "ed25519", Value: KeyVal{PublicKey: "pubtmval"}, Scheme: "ed25519"}
+	root.Signed.Roles[ROOT] = &Role{
+		Threshold: 1,
+		KeyIDs:    []string{"roothash"},
+	}
+	root.Signed.Roles[SNAPSHOT] = &Role{
+		Threshold: 1,
+		KeyIDs:    []string{"snapshothash"},
+	}
+	root.Signed.Roles[TARGETS] = &Role{
+		Threshold: 1,
+		KeyIDs:    []string{"targetshash"},
+	}
+	root.Signed.Roles[TIMESTAMP] = &Role{
+		Threshold: 1,
+		KeyIDs:    []string{"timestamphash"},
+	}
+
+	data := []byte("some data")
+	h32 := sha256.Sum256(data)
+	h := h32[:]
+	hash := map[string]HexBytes{"ed25519": h}
+	root.Signatures = append(root.Signatures, Signature{KeyID: "roothash", Signature: hash["ed25519"]})
+	rootBytes, err := root.ToBytes(false)
+	assert.NoError(t, err)
+	assert.Equal(t, string(testRootBytes), string(rootBytes))
+}
+
+func TestFromFile(t *testing.T) {
+	root := Root(fixedExpire)
+	_, err := root.FromFile(fmt.Sprintf("%s/1.root.json", TEST_REPOSITORY_DATA))
+	assert.NoError(t, err)
+
+	assert.Equal(t, fixedExpire, root.Signed.Expires)
+	assert.Equal(t, fixedExpire, root.Signed.Expires)
+	assert.Equal(t, ROOT, root.Signed.Type)
+	assert.True(t, root.Signed.ConsistentSnapshot)
+	assert.Equal(t, 4, len(root.Signed.Keys))
+
+	assert.Contains(t, root.Signed.Roles, ROOT)
+	assert.Equal(t, 1, root.Signed.Roles[ROOT].Threshold)
+	assert.NotEmpty(t, root.Signed.Roles[ROOT].KeyIDs)
+	assert.Contains(t, root.Signed.Keys, root.Signed.Roles[ROOT].KeyIDs[0])
+	assert.Equal(t, "d5fa855fce82db75ec64283e828cc90517df5edf5cdc57e7958a890d6556f5b7", root.Signed.Roles[ROOT].KeyIDs[0])
+
+	assert.Contains(t, root.Signed.Roles, SNAPSHOT)
+	assert.Equal(t, 1, root.Signed.Roles[SNAPSHOT].Threshold)
+	assert.NotEmpty(t, root.Signed.Roles[SNAPSHOT].KeyIDs)
+	assert.Contains(t, root.Signed.Keys, root.Signed.Roles[SNAPSHOT].KeyIDs[0])
+	assert.Equal(t, "700464ea12f4cb5f06a7512c75b73c0b6eeb2cd42854b085eed5b3c993607cba", root.Signed.Roles[SNAPSHOT].KeyIDs[0])
+
+	assert.Contains(t, root.Signed.Roles, TARGETS)
+	assert.Equal(t, 1, root.Signed.Roles[TARGETS].Threshold)
+	assert.NotEmpty(t, root.Signed.Roles[TARGETS].KeyIDs)
+	assert.Contains(t, root.Signed.Keys, root.Signed.Roles[TARGETS].KeyIDs[0])
+	assert.Equal(t, "409fb816e403e0c00646665eac21cb8adfab8e318272ca7589b2d1fc0bccb255", root.Signed.Roles[TARGETS].KeyIDs[0])
+
+	assert.Contains(t, root.Signed.Roles, TIMESTAMP)
+	assert.Equal(t, 1, root.Signed.Roles[TIMESTAMP].Threshold)
+	assert.NotEmpty(t, root.Signed.Roles[TIMESTAMP].KeyIDs)
+	assert.Contains(t, root.Signed.Keys, root.Signed.Roles[TIMESTAMP].KeyIDs[0])
+	assert.Equal(t, "0a5842e65e9c8c428354f40708435de6793ac379a275effe40d6358be2de835c", root.Signed.Roles[TIMESTAMP].KeyIDs[0])
+
+	assert.Equal(t, SPECIFICATION_VERSION, root.Signed.SpecVersion)
+	assert.Contains(t, root.Signed.UnrecognizedFields, "test")
+	assert.Equal(t, "true", root.Signed.UnrecognizedFields["test"])
+
+	assert.Equal(t, int64(1), root.Signed.Version)
+	assert.NotEmpty(t, root.Signatures)
+	assert.Equal(t, "d5fa855fce82db75ec64283e828cc90517df5edf5cdc57e7958a890d6556f5b7", root.Signatures[0].KeyID)
+
+}
+
+func TestToFile(t *testing.T) {
+	tmp := os.TempDir()
+	tmpDir, err := os.MkdirTemp(tmp, "0750")
+	assert.NoError(t, err)
+
+	fileName := fmt.Sprintf("%s/1.root.json", tmpDir)
+	assert.NoFileExists(t, fileName)
+	root, err := Root().FromBytes(testRootBytes)
+	assert.NoError(t, err)
+
+	err = root.ToFile(fileName, false)
+	assert.NoError(t, err)
+
+	assert.FileExists(t, fileName)
+	data, err := os.ReadFile(fileName)
+	assert.NoError(t, err)
+	assert.Equal(t, string(testRootBytes), string(data))
+
+	err = os.RemoveAll(tmpDir)
+	assert.NoError(t, err)
+	assert.NoFileExists(t, fileName)
+
+}
+
+func TestVerifyDelegate(t *testing.T) {
+	root := Root(fixedExpire)
+	err := root.VerifyDelegate("test", root)
+	assert.EqualError(t, err, "value error: no delegation found for test")
+
+	targets := Targets(fixedExpire)
+	err = targets.VerifyDelegate("test", targets)
+	assert.EqualError(t, err, "value error: no delegations found")
+
+	key, _, err := ed25519.GenerateKey(nil)
+	assert.NoError(t, err)
+
+	delegateeKey, _ := KeyFromPublicKey(key)
+	delegations := &Delegations{
+		Keys: map[string]*Key{
+			delegateeKey.ID(): delegateeKey,
+		},
+		Roles: []DelegatedRole{
+			{
+				Name:   "test",
+				KeyIDs: []string{delegateeKey.ID()},
+			},
+		},
+	}
+	targets.Signed.Delegations = delegations
+	err = targets.VerifyDelegate("test", root)
+	assert.NoError(t, err)
+	err = targets.VerifyDelegate("test", targets)
+	assert.NoError(t, err)
+
+	err = targets.VerifyDelegate("non-existing", root)
+	assert.EqualError(t, err, "value error: no delegation found for non-existing")
+	err = targets.VerifyDelegate("non-existing", targets)
+	assert.EqualError(t, err, "value error: no delegation found for non-existing")
+
+	targets.Signed.Delegations.Roles[0].Threshold = 1
+	err = targets.VerifyDelegate("test", targets)
+	assert.Errorf(t, err, "Verifying test failed, not enough signatures, got %d, want %d", 0, 1)
+
+	delegations.Keys["incorrectkey"] = delegations.Keys[delegateeKey.ID()]
+	delete(delegations.Keys, delegateeKey.ID())
+	err = targets.VerifyDelegate("test", root)
+	assert.Errorf(t, err, "key with ID %s not found in test keyids", delegateeKey.ID())
+
+	timestamp := Timestamp(fixedExpire)
+	err = timestamp.VerifyDelegate("test", timestamp)
+	assert.EqualError(t, err, "type error: call is valid only on delegator metadata (should be either root or targets)")
+
+	snapshot := Snapshot(fixedExpire)
+	err = snapshot.VerifyDelegate("test", snapshot)
+	assert.EqualError(t, err, "type error: call is valid only on delegator metadata (should be either root or targets)")
+}
+
+func TestVerifyLengthHashesTargetFiles(t *testing.T) {
+	targetFiles := TargetFile()
+	targetFiles.Hashes = map[string]HexBytes{}
+
+	data := []byte{}
+	err := targetFiles.VerifyLengthHashes(data)
+	assert.NoError(t, err)
+
+	data = []byte("some data")
+	err = targetFiles.VerifyLengthHashes(data)
+	assert.Error(t, err, "length/hash verification error: length verification failed - expected 0, got 9")
+
+	h32 := sha256.Sum256(data)
+	h := h32[:]
+	targetFiles.Hashes["sha256"] = h
+	targetFiles.Length = int64(len(data))
+	err = targetFiles.VerifyLengthHashes(data)
+	assert.NoError(t, err)
+
+	targetFiles.Hashes = map[string]HexBytes{"unknownAlg": data}
+	err = targetFiles.VerifyLengthHashes(data)
+	assert.Error(t, err, "length/hash verification error: hash verification failed - unknown hashing algorithm - unknownArg")
+
+	targetFiles.Hashes = map[string]HexBytes{"sha256": data}
+	err = targetFiles.VerifyLengthHashes(data)
+	assert.Error(t, err, "length/hash verification error: hash verification failed - mismatch for algorithm sha256")
+}
+
+func TestVerifyLengthHashesMetaFiles(t *testing.T) {
+	version := int64(0)
+	metaFile := MetaFile(version)
+	data := []byte("some data")
+	metaFile.Hashes = map[string]HexBytes{"unknownAlg": data}
+	err := metaFile.VerifyLengthHashes(data)
+	assert.Error(t, err, "length/hash verification error: hash verification failed - unknown hashing algorithm - unknownArg")
+
+	metaFile.Hashes = map[string]HexBytes{"sha256": data}
+	err = metaFile.VerifyLengthHashes(data)
+	assert.Error(t, err, "length/hash verification error: hash verification failed - mismatch for algorithm sha256")
+
+	h32 := sha256.Sum256(data)
+	h := h32[:]
+	metaFile.Hashes = map[string]HexBytes{"sha256": h}
+	err = metaFile.VerifyLengthHashes(data)
+	assert.NoError(t, err)
+
+	incorrectData := []byte("another data")
+	err = metaFile.VerifyLengthHashes(incorrectData)
+	assert.Error(t, err, "length/hash verification error: length verification failed - expected 0, got 9")
+}
diff --git a/testutils/repository_data/keystore/delegation_key b/testutils/repository_data/keystore/delegation_key
@@ -0,0 +1 @@
+68593a508472ad3007915379e6b1f3c0@@@@100000@@@@615986af4d1ba89aeadc2f489f89b0e8d46da133a6f75c7b162b8f99f63f86ed@@@@8319255f9856c4f40f9d71bc10e79e5d@@@@1dc7b20f1c668a1f544dc39c7a9fcb3c4a4dd34d1cc8c9d8f779bab026cf0b8e0f46e53bc5ed20bf0e5048b94a5d2ea176e79c12bcc7daa65cd55bf810deebeec5bc903ce9e5316d7dbba88f1a2b51d3f9bc782f8fa9b21dff91609ad0260e21a2039223f816d0fe97ace2e204d0025d327b38d27aa6cd87e85aa8883bfcb6d12f93155d72ffd3c7717a0570cf9811eb6d6a340baa0f27433315d83322c685fec02053ff8c173c4ebf91a258e83402f39546821e3352baa7b246e33b2a573a8ff7b289682407abbcb9184249d4304db68d3bf8e124e94377fd62dde5c4f3b7617d483776345154d047d139b1e559351577da315f54e16153c510159e1908231574bcf49c4f96cafe6530e86a09e9eee47bcff78f2fed2984754c895733938999ff085f9e3532d7174fd76dc09921506dd2137e16ec4926998f5d9df8a8ffb3e6649c71bc32571b2e24357739fa1a56be
diff --git a/testutils/repository_data/keystore/delegation_key.pub b/testutils/repository_data/keystore/delegation_key.pub
@@ -0,0 +1 @@
+{"keyval": {"public": "fcf224e55fa226056adf113ef1eb3d55e308b75b321c8c8316999d8c4fd9e0d9"}, "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": ["sha256", "sha512"]}
diff --git a/testutils/repository_data/keystore/root_key b/testutils/repository_data/keystore/root_key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDydf/VEpxBOCDoxpM6IVhq9i67P9BiVv2zwZSUO/M0RTToAvFv
+NgDKXwtnp8LyjVk++wMA1aceMa+pS7vYrKvPIJa7WIT+mwy86/fIdnllJDMw5tmL
+r2mE3oBMxOhpEiD2tO+liGacklFNk6nHHorX9S91iqpdRVa3zJw5ALvLdwIDAQAB
+AoGBAJlhwoUVb9nmWxNGw86LV7bapDd6qCX96CL2PDsGLdWMTmrTqc5zuE5NkBZz
+z2THvISWIJE/l6gHQJv1uBDbMxfquhK40k+GfE/fApVODN8KeBLLRUzYyHNz7KwW
+aNF3jY8AbO4HzWpdaFYce5r+YqlWZoaVPR9i6LCW3sZXALyRAkEA/lSVaT0azp55
+2GI4Gn+EQQFqFJWEbNwJ8i3FZ4aG+/gnw2WmxJr+2nQcUlLb2cpQCCcMyWxvCfLK
++DapvvgZXwJBAPQNd+liOrKKd1gPR3S6y+D4h1ewj8ii1MHzRtAsCKCRG/e+v+hC
+xp77Rc/qtZXKvVTGrccnKqCVAvG7F15rzOkCQQDCswgKn6+0+5c1ssNWbcZWaXnH
+NktBdxXaI3Ya8d7GaEwwhtIrcqilnfvMfgg2a23nP9XHIU7EI+2EJXy/aHkrAkBH
+wH30u9COFW+pEDTt+M1gQzFncp2TW2w56ZB0O739lywl1osNejRzIWURD+x7MbQg
+bJlC6Bz8QVMwRtVECWWhAkAflD6eIJeceDhVHClHB/QwmF8mwR1o63RN7ZFlgel1
+kwMt6bPZZ1cyrRoj6Cdi4pyqBssDBuQmbBLWyYuijIwz
+-----END RSA PRIVATE KEY-----
diff --git a/testutils/repository_data/keystore/root_key.pub b/testutils/repository_data/keystore/root_key.pub
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDydf/VEpxBOCDoxpM6IVhq9i67
+P9BiVv2zwZSUO/M0RTToAvFvNgDKXwtnp8LyjVk++wMA1aceMa+pS7vYrKvPIJa7
+WIT+mwy86/fIdnllJDMw5tmLr2mE3oBMxOhpEiD2tO+liGacklFNk6nHHorX9S91
+iqpdRVa3zJw5ALvLdwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/testutils/repository_data/keystore/snapshot_key b/testutils/repository_data/keystore/snapshot_key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQCPQoHresXRRRGoinN3bNn+BI23KolXdXLGqYkTvr9AjemUQJxb
+qmvZXHboQMAYw8OuBrRNt5Fz20wjsrJwOBEU5U3nHSJI4zYPGckYci0/0Eo2Kjws
+5BmIj38qgIfhsH4zyZ4FZZ+GLRn+W3i3wl6SfRMC/HCg0DDwi75faC0vGQIDAQAB
+AoGAbPFYt2hf8qqhqRfQgysmA4QW+QnB895+8BCRC5DtA/xnerQ/s33AEkW8rxY+
+fxawQjEbAFbup7pHBoaoJ6qbYbKDBSGgZFSEbh40nriX1V0oYb9E+BCAFHE+42Rj
+WYYNxXRp7LGoUQqisTsfoR1bvmrLC+9I/tDArHuMudm1slkCQQDOVn9AKTcaBGuQ
+Y+JQqoRmi9eMN6XztKIAKQ+P/57BofwlKJDFnwttsvMxRud6rvN1FCnCDM638HNb
+I0JDY0JXAkEAsb10uNV+SaWsHJOxfHzwK+uZJV1SkYzpBMizUREHuIyKT4MfpYNw
+kn00KpyCvhIp6buwNyYo76TssejYN86UDwJAGi3ZSU+xYQisiQ5TOX7Y+5XEjFLH
+KGuDnleXVOLOxqyBrElATQKH1aw9tMPVPLiTxQgA4FD1rVrBmA+aKaifUwJALBp8
+yhh/u7qWWIj1c5R07BEL8U+U23UBpSRACo+VQN/uuggpZCKXXmIe/avUbWGIcO0X
+rreTVNOxv/utGzvxVQJBAL7Kpqt9d50SL1ndLr2EdqGw8ZB/B2dKMlZf7AWwbk0k
+HHdvWfSDYhtvGo3ilLibHLesE/Tq1fm/2aEOds95/Eo=
+-----END RSA PRIVATE KEY-----
diff --git a/testutils/repository_data/keystore/snapshot_key.pub b/testutils/repository_data/keystore/snapshot_key.pub
@@ -0,0 +1,2 @@
+{"keyval": {"public": "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCG5DWxCcw4FW2G21RwTmuR7gdkv+ZrjZVOx0KsvJc/51QBxo/Y9xPVeoFF7YrhE8EV6A6b0qsLufIo1E63sQ6kjLOPfIMjag6dYPlmEyGcbxNDokv2elxZk7jS98iBQLxEmJLicrdERmxC2t2OOEQ6ELi5dt+C13QvNJFg4+OaTwIDAQAB"}, "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": ["sha256", "sha512"]}
+