def test_Object(self):
# Test conditions for valid arguments.
object_schema = SCHEMA.Object(a=SCHEMA.AnyString(),
bc=SCHEMA.Struct(
[SCHEMA.Integer(),
SCHEMA.Integer()]))
self.assertTrue(object_schema.matches({'a': 'ZYYY', 'bc': [5, 9]}))
self.assertTrue(
object_schema.matches({
'a': 'ZYYY',
'bc': [5, 9],
'xx': 5
}))
# Test conditions for invalid arguments.
self.assertFalse(object_schema.matches({'a': 'ZYYY', 'bc': [5, 9, 3]}))
self.assertFalse(object_schema.matches({'a': 'ZYYY'}))
# Test conditions for invalid arguments in a schema definition.
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.Object,
a='a')
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.Object,
a=[1])
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.Object,
a=SCHEMA.AnyString(),
b=1)
# Test condition for invalid non-dict arguments.
self.assertFalse(object_schema.matches([{'a': 'XYZ'}]))
self.assertFalse(object_schema.matches(8))
def test_Optional(self):
# Test conditions for valid arguments.
optional_schema = SCHEMA.Object(k1=SCHEMA.String('X'),
k2=SCHEMA.Optional(SCHEMA.String('Y')))
self.assertTrue(optional_schema.matches({'k1': 'X', 'k2': 'Y'}))
self.assertTrue(optional_schema.matches({'k1': 'X'}))
# Test conditions for invalid arguments.
self.assertFalse(optional_schema.matches({'k1': 'X', 'k2': 'Z'}))
# Test conditions for invalid arguments in a schema definition.
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, 1)
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, [1])
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, {'a': 1})
PEMRSA_SCHEMA = SCHEMA.AnyString()
# An ECDSA key in PEM format.
PEMECDSA_SCHEMA = SCHEMA.AnyString()
# A string representing a password.
PASSWORD_SCHEMA = SCHEMA.AnyString()
# A list of passwords.
PASSWORDS_SCHEMA = SCHEMA.ListOf(PASSWORD_SCHEMA)
# The actual values of a key, as opposed to meta data such as a key type and
# key identifier ('rsa', 233df889cb). For RSA keys, the key value is a pair of
# public and private keys in PEM Format stored as strings.
KEYVAL_SCHEMA = SCHEMA.Object(object_name='KEYVAL_SCHEMA',
public=SCHEMA.AnyString(),
private=SCHEMA.Optional(SCHEMA.AnyString()))
# Public keys CAN have a private portion (for backwards compatibility) which
# MUST be an empty string
PUBLIC_KEYVAL_SCHEMA = SCHEMA.Object(object_name='KEYVAL_SCHEMA',
public=SCHEMA.AnyString(),
private=SCHEMA.Optional(
SCHEMA.String("")))
# Supported securesystemslib key types.
KEYTYPE_SCHEMA = SCHEMA.OneOf([
SCHEMA.String('rsa'),
SCHEMA.String('ed25519'),
SCHEMA.String('ecdsa-sha2-nistp256')
])
# A datetime in 'YYYY-MM-DDTHH:MM:SSZ' ISO 8601 format. The "Z" zone designator
# for the zero UTC offset is always used (i.e., a numerical offset is not
# supported.) Example: '2015-10-21T13:20:00Z'. Note: This is a simple format
# check, and an ISO8601 string should be fully verified when it is parsed.
ISO8601_DATETIME_SCHEMA = SCHEMA.RegularExpression(
r'\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z')
# An integer representing the numbered version of a metadata file.
# Must be 1, or greater.
METADATAVERSION_SCHEMA = SCHEMA.Integer(lo=0)
# A relative file path (e.g., 'metadata/root/').
RELPATH_SCHEMA = SCHEMA.AnyString()
RELPATHS_SCHEMA = SCHEMA.ListOf(RELPATH_SCHEMA)
VERSIONINFO_SCHEMA = SCHEMA.Object(object_name='VERSIONINFO_SCHEMA',
version=METADATAVERSION_SCHEMA)
# A string representing a role's name.
ROLENAME_SCHEMA = SCHEMA.AnyString()
# A role's threshold value (i.e., the minimum number
# of signatures required to sign a metadata file).
# Must be 1 and greater.
THRESHOLD_SCHEMA = SCHEMA.Integer(lo=1)
# A hexadecimal value in '23432df87ab..' format.
HEX_SCHEMA = SCHEMA.RegularExpression(r'[a-fA-F0-9]+')
# A path hash prefix is a hexadecimal string.
PATH_HASH_PREFIX_SCHEMA = HEX_SCHEMA
SCHEME_SCHEMA = SCHEMA.AnyString()
# A relative file path (e.g., 'metadata/root/').
RELPATH_SCHEMA = SCHEMA.AnyString()
RELPATHS_SCHEMA = SCHEMA.ListOf(RELPATH_SCHEMA)
# An absolute path.
PATH_SCHEMA = SCHEMA.AnyString()
PATHS_SCHEMA = SCHEMA.ListOf(PATH_SCHEMA)
# Uniform Resource Locator identifier (e.g., 'https://www.updateframework.com/').
URL_SCHEMA = SCHEMA.AnyString()
# A dictionary holding version information.
VERSION_SCHEMA = SCHEMA.Object(object_name='VERSION_SCHEMA',
major=SCHEMA.Integer(lo=0),
minor=SCHEMA.Integer(lo=0),
fix=SCHEMA.Integer(lo=0))
# An integer representing the numbered version of a metadata file.
# Must be 1, or greater.
METADATAVERSION_SCHEMA = SCHEMA.Integer(lo=0)
# An integer representing length. Must be 0, or greater.
LENGTH_SCHEMA = SCHEMA.Integer(lo=0)
# An integer representing logger levels, such as logging.CRITICAL (=50).
# Must be between 0 and 50.
LOGLEVEL_SCHEMA = SCHEMA.Integer(lo=0, hi=50)
# A string representing a named object.
NAME_SCHEMA = SCHEMA.AnyString()
)
# Any subclass of `securesystemslib.schema.Object` stores the schemas that
# define the attributes of the object in its `_required` property, even if
# such a schema is of type `Optional`.
# TODO: Find a way that does not require to access a protected member
schema._required.append(subkey_schema_tuple) # pylint: disable=protected-access
return schema
GPG_HASH_ALGORITHM_STRING = "pgp+SHA2"
PGP_RSA_PUBKEY_METHOD_STRING = "pgp+rsa-pkcsv1.5"
PGP_DSA_PUBKEY_METHOD_STRING = "pgp+dsa-fips-180-2"
RSA_PUBKEYVAL_SCHEMA = ssl_schema.Object(
object_name = "RSA_PUBKEYVAL_SCHEMA",
e = ssl_schema.AnyString(),
n = ssl_formats.HEX_SCHEMA
)
# We have to define RSA_PUBKEY_SCHEMA in two steps, because it is
# self-referential. Here we define a shallow _RSA_PUBKEY_SCHEMA, which we use
# below to create the self-referential RSA_PUBKEY_SCHEMA.
_RSA_PUBKEY_SCHEMA = ssl_schema.Object(
object_name = "RSA_PUBKEY_SCHEMA",
type = ssl_schema.String("rsa"),
method = ssl_schema.String(PGP_RSA_PUBKEY_METHOD_STRING),
hashes = ssl_schema.ListOf(ssl_schema.String(GPG_HASH_ALGORITHM_STRING)),
keyid = ssl_formats.KEYID_SCHEMA,
keyval = ssl_schema.Object(
public = RSA_PUBKEYVAL_SCHEMA,
