vendor/src/github.com/endophage/gotuf/client/client.go - third_party/github.com/moby/moby - Git at Google

 package client

 import (
 	"bytes"
 	"crypto/sha256"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io"
 	"path"
 	"path/filepath"
 	"strings"

 	"github.com/Sirupsen/logrus"
 	tuf "github.com/endophage/gotuf"
 	"github.com/endophage/gotuf/data"
 	"github.com/endophage/gotuf/keys"
 	"github.com/endophage/gotuf/signed"
 	"github.com/endophage/gotuf/store"
 	"github.com/endophage/gotuf/utils"
 )

 const maxSize int64 = 5 << 20

 type Client struct {
 	local  *tuf.TufRepo
 	remote store.RemoteStore
 	keysDB *keys.KeyDB
 	cache  store.MetadataStore
 }

 func NewClient(local *tuf.TufRepo, remote store.RemoteStore, keysDB *keys.KeyDB, cache store.MetadataStore) *Client {
 	return &Client{
 		local:  local,
 		remote: remote,
 		keysDB: keysDB,
 		cache:  cache,
 	}
 }

 func (c *Client) Update() error {
 	// 1. Get timestamp
 	//   a. If timestamp error (verification, expired, etc...) download new root and return to 1.
 	// 2. Check if local snapshot is up to date
 	//   a. If out of date, get updated snapshot
 	//     i. If snapshot error, download new root and return to 1.
 	// 3. Check if root correct against snapshot
 	//   a. If incorrect, download new root and return to 1.
 	// 4. Iteratively download and search targets and delegations to find target meta
 	logrus.Debug("updating TUF client")
 	err := c.update()
 	if err != nil {
 		logrus.Debug("Error occurred. Root will be downloaded and another update attempted")
 		if err := c.downloadRoot(); err != nil {
 			logrus.Errorf("client Update (Root):", err)
 			return err
 		}
 		// If we error again, we now have the latest root and just want to fail
 		// out as there's no expectation the problem can be resolved automatically
 		logrus.Debug("retrying TUF client update")
 		return c.update()
 	}
 	return nil
 }

 func (c *Client) update() error {
 	err := c.downloadTimestamp()
 	if err != nil {
 		logrus.Errorf("Client Update (Timestamp): %s", err.Error())
 		return err
 	}
 	err = c.downloadSnapshot()
 	if err != nil {
 		logrus.Errorf("Client Update (Snapshot): %s", err.Error())
 		return err
 	}
 	err = c.checkRoot()
 	if err != nil {
 		// In this instance the root has not expired base on time, but is
 		// expired based on the snapshot dictating a new root has been produced.
 		logrus.Debug(err)
 		return tuf.ErrLocalRootExpired{}
 	}
 	// will always need top level targets at a minimum
 	err = c.downloadTargets("targets")
 	if err != nil {
 		logrus.Errorf("Client Update (Targets): %s", err.Error())
 		return err
 	}
 	return nil
 }

 // checkRoot determines if the hash, and size are still those reported
 // in the snapshot file. It will also check the expiry, however, if the
 // hash and size in snapshot are unchanged but the root file has expired,
 // there is little expectation that the situation can be remedied.
 func (c Client) checkRoot() error {
 	role := data.RoleName("root")
 	size := c.local.Snapshot.Signed.Meta[role].Length
 	hashSha256 := c.local.Snapshot.Signed.Meta[role].Hashes["sha256"]

 	raw, err := c.cache.GetMeta("root", size)
 	if err != nil {
 		return err
 	}

 	hash := sha256.Sum256(raw)
 	if !bytes.Equal(hash[:], hashSha256) {
 		return fmt.Errorf("Cached root sha256 did not match snapshot root sha256")
 	}

 	if int64(len(raw)) != size {
 		return fmt.Errorf("Cached root size did not match snapshot size")
 	}

 	root := &data.SignedRoot{}
 	err = json.Unmarshal(raw, root)
 	if err != nil {
 		return ErrCorruptedCache{file: "root.json"}
 	}

 	if signed.IsExpired(root.Signed.Expires) {
 		return tuf.ErrLocalRootExpired{}
 	}
 	return nil
 }

 // downloadRoot is responsible for downloading the root.json
 func (c *Client) downloadRoot() error {
 	role := data.RoleName("root")
 	size := maxSize
 	var expectedSha256 []byte = nil
 	if c.local.Snapshot != nil {
 		size = c.local.Snapshot.Signed.Meta[role].Length
 		expectedSha256 = c.local.Snapshot.Signed.Meta[role].Hashes["sha256"]
 	}

 	// if we're bootstrapping we may not have a cached root, an
 	// error will result in the "previous root version" being
 	// interpreted as 0.
 	var download bool
 	var err error
 	var cachedRoot []byte = nil
 	old := &data.Signed{}
 	version := 0

 	if expectedSha256 != nil {
 		// can only trust cache if we have an expected sha256 to trust
 		cachedRoot, err = c.cache.GetMeta(role, size)
 	}

 	if cachedRoot == nil || err != nil {
 		logrus.Debug("didn't find a cached root, must download")
 		download = true
 	} else {
 		hash := sha256.Sum256(cachedRoot)
 		if !bytes.Equal(hash[:], expectedSha256) {
 			logrus.Debug("cached root's hash didn't match expected, must download")
 			download = true
 		}
 		err := json.Unmarshal(cachedRoot, old)
 		if err == nil {
 			root, err := data.RootFromSigned(old)
 			if err == nil {
 				version = root.Signed.Version
 			} else {
 				logrus.Debug("couldn't parse Signed part of cached root, must download")
 				download = true
 			}
 		} else {
 			logrus.Debug("couldn't parse cached root, must download")
 			download = true
 		}
 	}
 	var s *data.Signed
 	var raw []byte
 	if download {
 		logrus.Debug("downloading new root")
 		raw, err = c.remote.GetMeta(role, size)
 		if err != nil {
 			return err
 		}
 		hash := sha256.Sum256(raw)
 		if expectedSha256 != nil && !bytes.Equal(hash[:], expectedSha256) {
 			// if we don't have an expected sha256, we're going to trust the root
 			// based purely on signature and expiry time validation
 			return fmt.Errorf("Remote root sha256 did not match snapshot root sha256: %#x vs. %#x", hash, []byte(expectedSha256))
 		}
 		s = &data.Signed{}
 		err = json.Unmarshal(raw, s)
 		if err != nil {
 			return err
 		}
 	} else {
 		logrus.Debug("using cached root")
 		s = old
 	}
 	if err := c.verifyRoot(role, s, version); err != nil {
 		return err
 	}
 	if download {
 		logrus.Debug("caching downloaded root")
 		// Now that we have accepted new root, write it to cache
 		if err = c.cache.SetMeta(role, raw); err != nil {
 			logrus.Errorf("Failed to write root to local cache: %s", err.Error())
 		}
 	}
 	return nil
 }

 func (c Client) verifyRoot(role string, s *data.Signed, minVersion int) error {
 	// this will confirm that the root has been signed by the old root role
 	// as c.keysDB contains the root keys we bootstrapped with.
 	// Still need to determine if there has been a root key update and
 	// confirm signature with new root key
 	logrus.Debug("verifying root with existing keys")
 	err := signed.Verify(s, role, minVersion, c.keysDB)
 	if err != nil {
 		logrus.Debug("root did not verify with existing keys")
 		return err
 	}

 	// This will cause keyDB to get updated, overwriting any keyIDs associated
 	// with the roles in root.json
 	logrus.Debug("updating known root roles and keys")
 	err = c.local.SetRoot(s)
 	if err != nil {
 		logrus.Error(err.Error())
 		return err
 	}
 	// verify again now that the old keys have been replaced with the new keys.
 	// TODO(endophage): be more intelligent and only re-verify if we detect
 	//                  there has been a change in root keys
 	logrus.Debug("verifying root with updated keys")
 	err = signed.Verify(s, role, minVersion, c.keysDB)
 	if err != nil {
 		logrus.Debug("root did not verify with new keys")
 		return err
 	}
 	logrus.Debug("successfully verified root")
 	return nil
 }

 // downloadTimestamp is responsible for downloading the timestamp.json
 func (c *Client) downloadTimestamp() error {
 	logrus.Debug("downloadTimestamp")
 	role := data.RoleName("timestamp")

 	// We may not have a cached timestamp if this is the first time
 	// we're interacting with the repo. This will result in the
 	// version being 0
 	var download bool
 	old := &data.Signed{}
 	version := 0
 	cachedTS, err := c.cache.GetMeta(role, maxSize)
 	if err == nil {
 		err := json.Unmarshal(cachedTS, old)
 		if err == nil {
 			ts, err := data.TimestampFromSigned(old)
 			if err == nil {
 				version = ts.Signed.Version
 			}
 		} else {
 			old = nil
 		}
 	}
 	// unlike root, targets and snapshot, always try and download timestamps
 	// from remote, only using the cache one if we couldn't reach remote.
 	logrus.Debug("Downloading timestamp")
 	raw, err := c.remote.GetMeta(role, maxSize)
 	var s *data.Signed
 	if err != nil || len(raw) == 0 {
 		if err, ok := err.(store.ErrMetaNotFound); ok {
 			return err
 		}
 		if old == nil {
 			if err == nil {
 				// couldn't retrieve data from server and don't have valid
 				// data in cache.
 				return store.ErrMetaNotFound{}
 			}
 			return err
 		}
 		s = old
 	} else {
 		download = true
 		s = &data.Signed{}
 		err = json.Unmarshal(raw, s)
 		if err != nil {
 			return err
 		}
 	}
 	err = signed.Verify(s, role, version, c.keysDB)
 	if err != nil {
 		return err
 	}
 	logrus.Debug("successfully verified timestamp")
 	if download {
 		c.cache.SetMeta(role, raw)
 	}
 	c.local.SetTimestamp(s)
 	return nil
 }

 // downloadSnapshot is responsible for downloading the snapshot.json
 func (c *Client) downloadSnapshot() error {
 	logrus.Debug("downloadSnapshot")
 	role := data.RoleName("snapshot")
 	size := c.local.Timestamp.Signed.Meta[role].Length
 	expectedSha256, ok := c.local.Timestamp.Signed.Meta[role].Hashes["sha256"]
 	if !ok {
 		return fmt.Errorf("Sha256 is currently the only hash supported by this client. No Sha256 found for snapshot")
 	}

 	var download bool
 	old := &data.Signed{}
 	version := 0
 	raw, err := c.cache.GetMeta(role, size)
 	if raw == nil || err != nil {
 		logrus.Debug("no snapshot in cache, must download")
 		download = true
 	} else {
 		// file may have been tampered with on disk. Always check the hash!
 		genHash := sha256.Sum256(raw)
 		if !bytes.Equal(genHash[:], expectedSha256) {
 			logrus.Debug("hash of snapshot in cache did not match expected hash, must download")
 			download = true
 		}
 		err := json.Unmarshal(raw, old)
 		if err == nil {
 			snap, err := data.TimestampFromSigned(old)
 			if err == nil {
 				version = snap.Signed.Version
 			} else {
 				logrus.Debug("Could not parse Signed part of snapshot, must download")
 				download = true
 			}
 		} else {
 			logrus.Debug("Could not parse snapshot, must download")
 			download = true
 		}
 	}
 	var s *data.Signed
 	if download {
 		logrus.Debug("downloading new snapshot")
 		raw, err = c.remote.GetMeta(role, size)
 		if err != nil {
 			return err
 		}
 		genHash := sha256.Sum256(raw)
 		if !bytes.Equal(genHash[:], expectedSha256) {
 			return fmt.Errorf("Retrieved snapshot did not verify against hash in timestamp.")
 		}
 		s = &data.Signed{}
 		err = json.Unmarshal(raw, s)
 		if err != nil {
 			return err
 		}
 	} else {
 		logrus.Debug("using cached snapshot")
 		s = old
 	}

 	err = signed.Verify(s, role, version, c.keysDB)
 	if err != nil {
 		return err
 	}
 	logrus.Debug("successfully verified snapshot")
 	c.local.SetSnapshot(s)
 	if download {
 		err = c.cache.SetMeta(role, raw)
 		if err != nil {
 			logrus.Errorf("Failed to write snapshot to local cache: %s", err.Error())
 		}
 	}
 	return nil
 }

 // downloadTargets is responsible for downloading any targets file
 // including delegates roles. It will download the whole tree of
 // delegated roles below the given one
 func (c *Client) downloadTargets(role string) error {
 	role = data.RoleName(role) // this will really only do something for base targets role
 	snap := c.local.Snapshot.Signed
 	root := c.local.Root.Signed
 	r := c.keysDB.GetRole(role)
 	if r == nil {
 		return fmt.Errorf("Invalid role: %s", role)
 	}
 	keyIDs := r.KeyIDs
 	s, err := c.GetTargetsFile(role, keyIDs, snap.Meta, root.ConsistentSnapshot, r.Threshold)
 	if err != nil {
 		logrus.Error("Error getting targets file:", err)
 		return err
 	}
 	err = c.local.SetTargets(role, s)
 	if err != nil {
 		return err
 	}

 	return nil
 }

 func (c Client) GetTargetsFile(role string, keyIDs []string, snapshotMeta data.Files, consistent bool, threshold int) (*data.Signed, error) {
 	// require role exists in snapshots
 	roleMeta, ok := snapshotMeta[role]
 	if !ok {
 		return nil, fmt.Errorf("Snapshot does not contain target role")
 	}
 	expectedSha256, ok := snapshotMeta[role].Hashes["sha256"]
 	if !ok {
 		return nil, fmt.Errorf("Sha256 is currently the only hash supported by this client. No Sha256 found for targets role %s", role)
 	}

 	// try to get meta file from content addressed cache
 	var download bool
 	old := &data.Signed{}
 	version := 0
 	raw, err := c.cache.GetMeta(role, roleMeta.Length)
 	if err != nil || raw == nil {
 		logrus.Debugf("Couldn't not find cached %s, must download", role)
 		download = true
 	} else {
 		// file may have been tampered with on disk. Always check the hash!
 		genHash := sha256.Sum256(raw)
 		if !bytes.Equal(genHash[:], expectedSha256) {
 			download = true
 		}
 		err := json.Unmarshal(raw, old)
 		if err == nil {
 			targ, err := data.TargetsFromSigned(old)
 			if err == nil {
 				version = targ.Signed.Version
 			} else {
 				download = true
 			}
 		} else {
 			download = true
 		}

 	}

 	var s *data.Signed
 	if download {
 		rolePath, err := c.RoleTargetsPath(role, hex.EncodeToString(expectedSha256), consistent)
 		if err != nil {
 			return nil, err
 		}
 		raw, err = c.remote.GetMeta(rolePath, snapshotMeta[role].Length)
 		if err != nil {
 			return nil, err
 		}
 		s = &data.Signed{}
 		err = json.Unmarshal(raw, s)
 		if err != nil {
 			logrus.Error("Error unmarshalling targets file:", err)
 			return nil, err
 		}
 	} else {
 		logrus.Debug("using cached ", role)
 		s = old
 	}

 	err = signed.Verify(s, role, version, c.keysDB)
 	if err != nil {
 		return nil, err
 	}
 	logrus.Debugf("successfully verified %s", role)
 	if download {
 		// if we error when setting meta, we should continue.
 		err = c.cache.SetMeta(role, raw)
 		if err != nil {
 			logrus.Errorf("Failed to write snapshot to local cache: %s", err.Error())
 		}
 	}
 	return s, nil
 }

 // RoleTargetsPath generates the appropriate filename for the targets file,
 // based on whether the repo is marked as consistent.
 func (c Client) RoleTargetsPath(role string, hashSha256 string, consistent bool) (string, error) {
 	if consistent {
 		dir := filepath.Dir(role)
 		if strings.Contains(role, "/") {
 			lastSlashIdx := strings.LastIndex(role, "/")
 			role = role[lastSlashIdx+1:]
 		}
 		role = path.Join(
 			dir,
 			fmt.Sprintf("%s.%s.json", hashSha256, role),
 		)
 	}
 	return role, nil
 }

 // TargetMeta ensures the repo is up to date, downloading the minimum
 // necessary metadata files
 func (c Client) TargetMeta(path string) (*data.FileMeta, error) {
 	c.Update()
 	var meta *data.FileMeta

 	pathDigest := sha256.Sum256([]byte(path))
 	pathHex := hex.EncodeToString(pathDigest[:])

 	// FIFO list of targets delegations to inspect for target
 	roles := []string{data.ValidRoles["targets"]}
 	var role string
 	for len(roles) > 0 {
 		// have to do these lines here because of order of execution in for statement
 		role = roles[0]
 		roles = roles[1:]

 		// Download the target role file if necessary
 		err := c.downloadTargets(role)
 		if err != nil {
 			// as long as we find a valid target somewhere we're happy.
 			// continue and search other delegated roles if any
 			continue
 		}

 		meta = c.local.TargetMeta(role, path)
 		if meta != nil {
 			// we found the target!
 			return meta, nil
 		}
 		delegations := c.local.TargetDelegations(role, path, pathHex)
 		for _, d := range delegations {
 			roles = append(roles, d.Name)
 		}
 	}
 	return meta, nil
 }

 func (c Client) DownloadTarget(dst io.Writer, path string, meta *data.FileMeta) error {
 	reader, err := c.remote.GetTarget(path)
 	if err != nil {
 		return err
 	}
 	defer reader.Close()
 	r := io.TeeReader(
 		io.LimitReader(reader, meta.Length),
 		dst,
 	)
 	err = utils.ValidateTarget(r, meta)
 	return err
 }
	package client

	import (
	"bytes"
	"crypto/sha256"
	"encoding/hex"
	"encoding/json"
	"fmt"
	"io"
	"path"
	"path/filepath"
	"strings"

	"github.com/Sirupsen/logrus"
	tuf "github.com/endophage/gotuf"
	"github.com/endophage/gotuf/data"
	"github.com/endophage/gotuf/keys"
	"github.com/endophage/gotuf/signed"
	"github.com/endophage/gotuf/store"
	"github.com/endophage/gotuf/utils"
	)

	const maxSize int64 = 5 << 20

	type Client struct {
	local *tuf.TufRepo
	remote store.RemoteStore
	keysDB *keys.KeyDB
	cache store.MetadataStore
	}

	func NewClient(local tuf.TufRepo, remote store.RemoteStore, keysDB keys.KeyDB, cache store.MetadataStore) *Client {
	return &Client{
	local: local,
	remote: remote,
	keysDB: keysDB,
	cache: cache,
	}
	}

	func (c *Client) Update() error {
	// 1. Get timestamp
	// a. If timestamp error (verification, expired, etc...) download new root and return to 1.
	// 2. Check if local snapshot is up to date
	// a. If out of date, get updated snapshot
	// i. If snapshot error, download new root and return to 1.
	// 3. Check if root correct against snapshot
	// a. If incorrect, download new root and return to 1.
	// 4. Iteratively download and search targets and delegations to find target meta
	logrus.Debug("updating TUF client")
	err := c.update()
	if err != nil {
	logrus.Debug("Error occurred. Root will be downloaded and another update attempted")
	if err := c.downloadRoot(); err != nil {
	logrus.Errorf("client Update (Root):", err)
	return err
	}
	// If we error again, we now have the latest root and just want to fail
	// out as there's no expectation the problem can be resolved automatically
	logrus.Debug("retrying TUF client update")
	return c.update()
	}
	return nil
	}

	func (c *Client) update() error {
	err := c.downloadTimestamp()
	if err != nil {
	logrus.Errorf("Client Update (Timestamp): %s", err.Error())
	return err
	}
	err = c.downloadSnapshot()
	if err != nil {
	logrus.Errorf("Client Update (Snapshot): %s", err.Error())
	return err
	}
	err = c.checkRoot()
	if err != nil {
	// In this instance the root has not expired base on time, but is
	// expired based on the snapshot dictating a new root has been produced.
	logrus.Debug(err)
	return tuf.ErrLocalRootExpired{}
	}
	// will always need top level targets at a minimum
	err = c.downloadTargets("targets")
	if err != nil {
	logrus.Errorf("Client Update (Targets): %s", err.Error())
	return err
	}
	return nil
	}

	// checkRoot determines if the hash, and size are still those reported
	// in the snapshot file. It will also check the expiry, however, if the
	// hash and size in snapshot are unchanged but the root file has expired,
	// there is little expectation that the situation can be remedied.
	func (c Client) checkRoot() error {
	role := data.RoleName("root")
	size := c.local.Snapshot.Signed.Meta[role].Length
	hashSha256 := c.local.Snapshot.Signed.Meta[role].Hashes["sha256"]

	raw, err := c.cache.GetMeta("root", size)
	if err != nil {
	return err
	}

	hash := sha256.Sum256(raw)
	if !bytes.Equal(hash[:], hashSha256) {
	return fmt.Errorf("Cached root sha256 did not match snapshot root sha256")
	}

	if int64(len(raw)) != size {
	return fmt.Errorf("Cached root size did not match snapshot size")
	}

	root := &data.SignedRoot{}
	err = json.Unmarshal(raw, root)
	if err != nil {
	return ErrCorruptedCache{file: "root.json"}
	}

	if signed.IsExpired(root.Signed.Expires) {
	return tuf.ErrLocalRootExpired{}
	}
	return nil
	}

	// downloadRoot is responsible for downloading the root.json
	func (c *Client) downloadRoot() error {
	role := data.RoleName("root")
	size := maxSize
	var expectedSha256 []byte = nil
	if c.local.Snapshot != nil {
	size = c.local.Snapshot.Signed.Meta[role].Length
	expectedSha256 = c.local.Snapshot.Signed.Meta[role].Hashes["sha256"]
	}

	// if we're bootstrapping we may not have a cached root, an
	// error will result in the "previous root version" being
	// interpreted as 0.
	var download bool
	var err error
	var cachedRoot []byte = nil
	old := &data.Signed{}
	version := 0

	if expectedSha256 != nil {
	// can only trust cache if we have an expected sha256 to trust
	cachedRoot, err = c.cache.GetMeta(role, size)
	}

	if cachedRoot == nil \|\| err != nil {
	logrus.Debug("didn't find a cached root, must download")
	download = true
	} else {
	hash := sha256.Sum256(cachedRoot)
	if !bytes.Equal(hash[:], expectedSha256) {
	logrus.Debug("cached root's hash didn't match expected, must download")
	download = true
	}
	err := json.Unmarshal(cachedRoot, old)
	if err == nil {
	root, err := data.RootFromSigned(old)
	if err == nil {
	version = root.Signed.Version
	} else {
	logrus.Debug("couldn't parse Signed part of cached root, must download")
	download = true
	}
	} else {
	logrus.Debug("couldn't parse cached root, must download")
	download = true
	}
	}
	var s *data.Signed
	var raw []byte
	if download {
	logrus.Debug("downloading new root")
	raw, err = c.remote.GetMeta(role, size)
	if err != nil {
	return err
	}
	hash := sha256.Sum256(raw)
	if expectedSha256 != nil && !bytes.Equal(hash[:], expectedSha256) {
	// if we don't have an expected sha256, we're going to trust the root
	// based purely on signature and expiry time validation
	return fmt.Errorf("Remote root sha256 did not match snapshot root sha256: %#x vs. %#x", hash, []byte(expectedSha256))
	}
	s = &data.Signed{}
	err = json.Unmarshal(raw, s)
	if err != nil {
	return err
	}
	} else {
	logrus.Debug("using cached root")
	s = old
	}
	if err := c.verifyRoot(role, s, version); err != nil {
	return err
	}
	if download {
	logrus.Debug("caching downloaded root")
	// Now that we have accepted new root, write it to cache
	if err = c.cache.SetMeta(role, raw); err != nil {
	logrus.Errorf("Failed to write root to local cache: %s", err.Error())
	}
	}
	return nil
	}

	func (c Client) verifyRoot(role string, s *data.Signed, minVersion int) error {
	// this will confirm that the root has been signed by the old root role
	// as c.keysDB contains the root keys we bootstrapped with.
	// Still need to determine if there has been a root key update and
	// confirm signature with new root key
	logrus.Debug("verifying root with existing keys")
	err := signed.Verify(s, role, minVersion, c.keysDB)
	if err != nil {
	logrus.Debug("root did not verify with existing keys")
	return err
	}

	// This will cause keyDB to get updated, overwriting any keyIDs associated
	// with the roles in root.json
	logrus.Debug("updating known root roles and keys")
	err = c.local.SetRoot(s)
	if err != nil {
	logrus.Error(err.Error())
	return err
	}
	// verify again now that the old keys have been replaced with the new keys.
	// TODO(endophage): be more intelligent and only re-verify if we detect
	// there has been a change in root keys
	logrus.Debug("verifying root with updated keys")
	err = signed.Verify(s, role, minVersion, c.keysDB)
	if err != nil {
	logrus.Debug("root did not verify with new keys")
	return err
	}
	logrus.Debug("successfully verified root")
	return nil
	}

	// downloadTimestamp is responsible for downloading the timestamp.json
	func (c *Client) downloadTimestamp() error {
	logrus.Debug("downloadTimestamp")
	role := data.RoleName("timestamp")

	// We may not have a cached timestamp if this is the first time
	// we're interacting with the repo. This will result in the
	// version being 0
	var download bool
	old := &data.Signed{}
	version := 0
	cachedTS, err := c.cache.GetMeta(role, maxSize)
	if err == nil {
	err := json.Unmarshal(cachedTS, old)
	if err == nil {
	ts, err := data.TimestampFromSigned(old)
	if err == nil {
	version = ts.Signed.Version
	}
	} else {
	old = nil
	}
	}
	// unlike root, targets and snapshot, always try and download timestamps
	// from remote, only using the cache one if we couldn't reach remote.
	logrus.Debug("Downloading timestamp")
	raw, err := c.remote.GetMeta(role, maxSize)
	var s *data.Signed
	if err != nil \|\| len(raw) == 0 {
	if err, ok := err.(store.ErrMetaNotFound); ok {
	return err
	}
	if old == nil {
	if err == nil {
	// couldn't retrieve data from server and don't have valid
	// data in cache.
	return store.ErrMetaNotFound{}
	}
	return err
	}
	s = old
	} else {
	download = true
	s = &data.Signed{}
	err = json.Unmarshal(raw, s)
	if err != nil {
	return err
	}
	}
	err = signed.Verify(s, role, version, c.keysDB)
	if err != nil {
	return err
	}
	logrus.Debug("successfully verified timestamp")
	if download {
	c.cache.SetMeta(role, raw)
	}
	c.local.SetTimestamp(s)
	return nil
	}

	// downloadSnapshot is responsible for downloading the snapshot.json
	func (c *Client) downloadSnapshot() error {
	logrus.Debug("downloadSnapshot")
	role := data.RoleName("snapshot")
	size := c.local.Timestamp.Signed.Meta[role].Length
	expectedSha256, ok := c.local.Timestamp.Signed.Meta[role].Hashes["sha256"]
	if !ok {
	return fmt.Errorf("Sha256 is currently the only hash supported by this client. No Sha256 found for snapshot")
	}

	var download bool
	old := &data.Signed{}
	version := 0
	raw, err := c.cache.GetMeta(role, size)
	if raw == nil \|\| err != nil {
	logrus.Debug("no snapshot in cache, must download")
	download = true
	} else {
	// file may have been tampered with on disk. Always check the hash!
	genHash := sha256.Sum256(raw)
	if !bytes.Equal(genHash[:], expectedSha256) {
	logrus.Debug("hash of snapshot in cache did not match expected hash, must download")
	download = true
	}
	err := json.Unmarshal(raw, old)
	if err == nil {
	snap, err := data.TimestampFromSigned(old)
	if err == nil {
	version = snap.Signed.Version
	} else {
	logrus.Debug("Could not parse Signed part of snapshot, must download")
	download = true
	}
	} else {
	logrus.Debug("Could not parse snapshot, must download")
	download = true
	}
	}
	var s *data.Signed
	if download {
	logrus.Debug("downloading new snapshot")
	raw, err = c.remote.GetMeta(role, size)
	if err != nil {
	return err
	}
	genHash := sha256.Sum256(raw)
	if !bytes.Equal(genHash[:], expectedSha256) {
	return fmt.Errorf("Retrieved snapshot did not verify against hash in timestamp.")
	}
	s = &data.Signed{}
	err = json.Unmarshal(raw, s)
	if err != nil {
	return err
	}
	} else {
	logrus.Debug("using cached snapshot")
	s = old
	}

	err = signed.Verify(s, role, version, c.keysDB)
	if err != nil {
	return err
	}
	logrus.Debug("successfully verified snapshot")
	c.local.SetSnapshot(s)
	if download {
	err = c.cache.SetMeta(role, raw)
	if err != nil {
	logrus.Errorf("Failed to write snapshot to local cache: %s", err.Error())
	}
	}
	return nil
	}

	// downloadTargets is responsible for downloading any targets file
	// including delegates roles. It will download the whole tree of
	// delegated roles below the given one
	func (c *Client) downloadTargets(role string) error {
	role = data.RoleName(role) // this will really only do something for base targets role
	snap := c.local.Snapshot.Signed
	root := c.local.Root.Signed
	r := c.keysDB.GetRole(role)
	if r == nil {
	return fmt.Errorf("Invalid role: %s", role)
	}
	keyIDs := r.KeyIDs
	s, err := c.GetTargetsFile(role, keyIDs, snap.Meta, root.ConsistentSnapshot, r.Threshold)
	if err != nil {
	logrus.Error("Error getting targets file:", err)
	return err
	}
	err = c.local.SetTargets(role, s)
	if err != nil {
	return err
	}

	return nil
	}

	func (c Client) GetTargetsFile(role string, keyIDs []string, snapshotMeta data.Files, consistent bool, threshold int) (*data.Signed, error) {
	// require role exists in snapshots
	roleMeta, ok := snapshotMeta[role]
	if !ok {
	return nil, fmt.Errorf("Snapshot does not contain target role")
	}
	expectedSha256, ok := snapshotMeta[role].Hashes["sha256"]
	if !ok {
	return nil, fmt.Errorf("Sha256 is currently the only hash supported by this client. No Sha256 found for targets role %s", role)
	}

	// try to get meta file from content addressed cache
	var download bool
	old := &data.Signed{}
	version := 0
	raw, err := c.cache.GetMeta(role, roleMeta.Length)
	if err != nil \|\| raw == nil {
	logrus.Debugf("Couldn't not find cached %s, must download", role)
	download = true
	} else {
	// file may have been tampered with on disk. Always check the hash!
	genHash := sha256.Sum256(raw)
	if !bytes.Equal(genHash[:], expectedSha256) {
	download = true
	}
	err := json.Unmarshal(raw, old)
	if err == nil {
	targ, err := data.TargetsFromSigned(old)
	if err == nil {
	version = targ.Signed.Version
	} else {
	download = true
	}
	} else {
	download = true
	}

	}

	var s *data.Signed
	if download {
	rolePath, err := c.RoleTargetsPath(role, hex.EncodeToString(expectedSha256), consistent)
	if err != nil {
	return nil, err
	}
	raw, err = c.remote.GetMeta(rolePath, snapshotMeta[role].Length)
	if err != nil {
	return nil, err
	}
	s = &data.Signed{}
	err = json.Unmarshal(raw, s)
	if err != nil {
	logrus.Error("Error unmarshalling targets file:", err)
	return nil, err
	}
	} else {
	logrus.Debug("using cached ", role)
	s = old
	}

	err = signed.Verify(s, role, version, c.keysDB)
	if err != nil {
	return nil, err
	}
	logrus.Debugf("successfully verified %s", role)
	if download {
	// if we error when setting meta, we should continue.
	err = c.cache.SetMeta(role, raw)
	if err != nil {
	logrus.Errorf("Failed to write snapshot to local cache: %s", err.Error())
	}
	}
	return s, nil
	}

	// RoleTargetsPath generates the appropriate filename for the targets file,
	// based on whether the repo is marked as consistent.
	func (c Client) RoleTargetsPath(role string, hashSha256 string, consistent bool) (string, error) {
	if consistent {
	dir := filepath.Dir(role)
	if strings.Contains(role, "/") {
	lastSlashIdx := strings.LastIndex(role, "/")
	role = role[lastSlashIdx+1:]
	}
	role = path.Join(
	dir,
	fmt.Sprintf("%s.%s.json", hashSha256, role),
	)
	}
	return role, nil
	}

	// TargetMeta ensures the repo is up to date, downloading the minimum
	// necessary metadata files
	func (c Client) TargetMeta(path string) (*data.FileMeta, error) {
	c.Update()
	var meta *data.FileMeta

	pathDigest := sha256.Sum256([]byte(path))
	pathHex := hex.EncodeToString(pathDigest[:])

	// FIFO list of targets delegations to inspect for target
	roles := []string{data.ValidRoles["targets"]}
	var role string
	for len(roles) > 0 {
	// have to do these lines here because of order of execution in for statement
	role = roles[0]
	roles = roles[1:]

	// Download the target role file if necessary
	err := c.downloadTargets(role)
	if err != nil {
	// as long as we find a valid target somewhere we're happy.
	// continue and search other delegated roles if any
	continue
	}

	meta = c.local.TargetMeta(role, path)
	if meta != nil {
	// we found the target!
	return meta, nil
	}
	delegations := c.local.TargetDelegations(role, path, pathHex)
	for _, d := range delegations {
	roles = append(roles, d.Name)
	}
	}
	return meta, nil
	}

	func (c Client) DownloadTarget(dst io.Writer, path string, meta *data.FileMeta) error {
	reader, err := c.remote.GetTarget(path)
	if err != nil {
	return err
	}
	defer reader.Close()
	r := io.TeeReader(
	io.LimitReader(reader, meta.Length),
	dst,
	)
	err = utils.ValidateTarget(r, meta)
	return err
	}