Merge pull request #1102 from MVrachev/1080

joshuagl · web-flow · commit c4617ff55fd3 · 2020-09-02T16:28:31.000+01:00
Add a way to disable hash prefix when using consistent_snapshot
diff --git a/tests/test_updater.py b/tests/test_updater.py
@@ -1291,6 +1291,39 @@ def test_6_download_target(self):
     self.repository_updater.download_target(targetinfo2,
                                             destination_directory)
 
+    # Checks if the file has been successfully downloaded
+    download_filepath = os.path.join(destination_directory, target_filepath2)
+    self.assertTrue(os.path.exists(download_filepath))
+
+    # Removes the file so that it can be downloaded again in the next test
+    os.remove(download_filepath)
+
+    # Test downloading with consistent snapshot enabled, but without adding
+    # the hash of the file as a prefix to its name.
+
+    file1_path = targetinfo2['filepath']
+    file1_hashes = securesystemslib.util.get_file_hashes(
+        os.path.join(self.repository_directory, 'targets', file1_path),
+        hash_algorithms=['sha256', 'sha512'])
+
+    # Currently in the repository directory, those three files exists:
+    # "file1.txt", "<sha256_hash>.file1.txt" and "<sha512_hash>.file1.txt"
+    # where both sha256 and sha512 hashes are for file file1.txt.
+    # Remove the files with the hash digest prefix to ensure that
+    # the served target file is not prefixed.
+    os.remove(os.path.join(self.repository_directory, 'targets',
+        file1_hashes['sha256'] + '.' + file1_path))
+    os.remove(os.path.join(self.repository_directory, 'targets',
+        file1_hashes['sha512'] + '.' + file1_path))
+
+
+    self.repository_updater.download_target(targetinfo2,
+                                            destination_directory,
+                                            prefix_filename_with_hash=False)
+
+    # Checks if the file has been successfully downloaded
+    self.assertTrue(os.path.exists(download_filepath))
+
     # Test for a destination that cannot be written to (apart from a target
     # file that already exists at the destination) and which raises an
     # exception.
diff --git a/tuf/client/updater.py b/tuf/client/updater.py
@@ -1315,7 +1315,8 @@ def _soft_check_file_length(self, file_object, trusted_file_length):
 
 
 
-  def _get_target_file(self, target_filepath, file_length, file_hashes):
+  def _get_target_file(self, target_filepath, file_length, file_hashes,
+      prefix_filename_with_hash):
     """
     <Purpose>
       Non-public method that safely (i.e., the file length and hash are
@@ -1334,6 +1335,13 @@ def _get_target_file(self, target_filepath, file_length, file_hashes):
       file_hashes:
         The expected hashes of the target file.
 
+      prefix_filename_with_hash:
+        Whether to prefix the targets file names with their hash when using
+        consistent snapshot.
+        This should be set to False when the served target filenames are not
+        prefixed with hashes (in this case the server uses other means
+        to ensure snapshot consistency).
+
     <Exceptions>
       tuf.exceptions.NoWorkingMirrorError:
         The target could not be fetched. This is raised only when all known
@@ -1357,7 +1365,7 @@ def verify_target_file(target_file_object):
       self._hard_check_file_length(target_file_object, file_length)
       self._check_hashes(target_file_object, file_hashes)
 
-    if self.consistent_snapshot:
+    if self.consistent_snapshot and prefix_filename_with_hash:
       # Note: values() does not return a list in Python 3.  Use list()
       # on values() for Python 2+3 compatibility.
       target_digest = list(file_hashes.values()).pop()
@@ -3217,7 +3225,8 @@ def updated_targets(self, targets, destination_directory):
 
 
 
-  def download_target(self, target, destination_directory):
+  def download_target(self, target, destination_directory,
+      prefix_filename_with_hash=True):
     """
     <Purpose>
       Download 'target' and verify it is trusted.
@@ -3234,6 +3243,14 @@ def download_target(self, target, destination_directory):
       destination_directory:
         The directory to save the downloaded target file.
 
+      prefix_filename_with_hash:
+        Whether to prefix the targets file names with their hash when using
+        consistent snapshot.
+        This should be set to False when the served target filenames are not
+        prefixed with hashes (in this case the server uses other means
+        to ensure snapshot consistency).
+        Default is True.
+
     <Exceptions>
       securesystemslib.exceptions.FormatError:
         If 'target' is not properly formatted.
@@ -3268,7 +3285,7 @@ def download_target(self, target, destination_directory):
     # '_get_target_file()' checks every mirror and returns the first target
     # that passes verification.
     target_file_object = self._get_target_file(target_filepath, trusted_length,
-        trusted_hashes)
+        trusted_hashes, prefix_filename_with_hash)
 
     # We acquired a target file object from a mirror.  Move the file into place
     # (i.e., locally to 'destination_directory').  Note: join() discards
