From a969db7a133ddaeaf5b0564c96e986d40421201a Mon Sep 17 00:00:00 2001
From: Ying Li <ying.li@docker.com>
Date: Thu, 21 Jan 2016 09:48:07 -0800
Subject: [PATCH] Add swizzler method to just change the checksum by adding a
 space.

Signed-off-by: Ying Li <ying.li@docker.com>
---
 tuf/testutils/swizzler.go      | 12 ++++++++++++
 tuf/testutils/swizzler_test.go | 35 ++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

diff --git a/tuf/testutils/swizzler.go b/tuf/testutils/swizzler.go
index 8807196ab8..b08db639a4 100644
--- a/tuf/testutils/swizzler.go
+++ b/tuf/testutils/swizzler.go
@@ -123,6 +123,18 @@ func (m *MetadataSwizzler) SetInvalidJSON(role string) error {
 	return m.MetadataCache.SetMeta(role, metaBytes[5:])
 }
 
+// AddExtraSpace adds an extra space to the beginning and end of the serialized
+// JSON bytes, which should not affect serialization, but will change the checksum
+// of the file.
+func (m *MetadataSwizzler) AddExtraSpace(role string) error {
+	metaBytes, err := m.MetadataCache.GetMeta(role, maxSize)
+	if err != nil {
+		return err
+	}
+	newBytes := append(append([]byte{' '}, metaBytes...), ' ')
+	return m.MetadataCache.SetMeta(role, newBytes)
+}
+
 // SetInvalidSigned corrupts the metadata into something that is valid JSON,
 // but not unmarshallable into signed JSON
 func (m *MetadataSwizzler) SetInvalidSigned(role string) error {
diff --git a/tuf/testutils/swizzler_test.go b/tuf/testutils/swizzler_test.go
index f730f29d12..d60cb06cab 100644
--- a/tuf/testutils/swizzler_test.go
+++ b/tuf/testutils/swizzler_test.go
@@ -5,6 +5,7 @@ package testutils
 
 import (
 	"bytes"
+	"crypto/sha256"
 	"encoding/json"
 	"reflect"
 	"testing"
@@ -95,6 +96,40 @@ func TestSwizzlerSetInvalidJSON(t *testing.T) {
 	}
 }
 
+// This adds a single byte of whitespace to the metadata file, so it should be parsed
+// and deserialized the same way, but checksums against snapshot/timestamp may fail
+func TestSwizzlerAddExtraSpace(t *testing.T) {
+	f, origMeta := createNewSwizzler(t)
+
+	f.AddExtraSpace(data.CanonicalTargetsRole)
+
+	snapshot := &data.SignedSnapshot{}
+	require.NoError(t, json.Unmarshal(origMeta[data.CanonicalSnapshotRole], snapshot))
+
+	for role, metaBytes := range origMeta {
+		newMeta, err := f.MetadataCache.GetMeta(role, maxSize)
+		require.NoError(t, err)
+
+		if role != data.CanonicalTargetsRole {
+			require.True(t, bytes.Equal(metaBytes, newMeta), "bytes have changed for role %s", role)
+		} else {
+			require.False(t, bytes.Equal(metaBytes, newMeta))
+			require.True(t, bytes.Equal(metaBytes, newMeta[1:len(metaBytes)+1]))
+			require.Equal(t, byte(' '), newMeta[0])
+			require.Equal(t, byte(' '), newMeta[len(newMeta)-1])
+
+			// make sure the hash is not the same as the hash in snapshot
+			newHash := sha256.Sum256(newMeta)
+			require.False(t, bytes.Equal(
+				snapshot.Signed.Meta[data.CanonicalTargetsRole].Hashes["sha256"],
+				newHash[:]))
+			require.NotEqual(t,
+				snapshot.Signed.Meta[data.CanonicalTargetsRole].Length,
+				len(newMeta))
+		}
+	}
+}
+
 // This modifies metdata so that it is unmarshallable as JSON, but cannot be
 // unmarshalled as a Signed object
 func TestSwizzlerSetInvalidSigned(t *testing.T) {