add test for expired root

Signed-off-by: Adam Korczynski <[email protected]>
AdamKorcz · Jul 24, 2024 · 90b5ac1 · 90b5ac1
1 parent d5c1fb5
commit 90b5ac1
Showing 1 changed file with 30 additions and 0 deletions.
diff --git a/tuf_conformance/test_expiration.py b/tuf_conformance/test_expiration.py
@@ -11,6 +11,36 @@
     Timestamp, Snapshot, Root, Targets, Metadata,
     DelegatedRole
 )
+from tuf_conformance.metadata import RootTest, MetadataTest
+
+def test_root_expired(client: ClientRunner,
+                      server: SimulatorServer) -> None:
+    # Check for a freeze attack
+    name = "test_root_expired"
+
+    # initialize a simulator with repository content we need
+    repo = RepositorySimulator()
+    server.repos[name] = repo
+    init_data = server.get_client_init_data(name)
+    assert client.init_client(init_data) == 0
+    client.refresh(init_data)
+
+    repo.bump_root_by_one() # v2
+    client.refresh(init_data)
+
+    root = repo.load_metadata(Root.type)
+    root.signed.expires = utils.get_date_n_days_in_past(1)
+    repo.save_metadata(Root.type, root)
+    repo.bump_root_by_one() # v3
+    repo.bump_version_by_one(Timestamp.type) # v2
+
+    client.refresh(init_data)
+
+    # Clients should check for a freeze attack after persisting (5.3.10),
+    # so root should update, but no other MD should update 
+    assert client._version(Root.type) == 3
+    assert client._version(Timestamp.type) == 1
+    assert client._version(Snapshot.type) == 1
 
 
 def test_new_snapshot_expired(client: ClientRunner,