def test_Object(self): # Test conditions for valid arguments. object_schema = SCHEMA.Object(a=SCHEMA.AnyString(), bc=SCHEMA.Struct( [SCHEMA.Integer(), SCHEMA.Integer()])) self.assertTrue(object_schema.matches({'a': 'ZYYY', 'bc': [5, 9]})) self.assertTrue( object_schema.matches({ 'a': 'ZYYY', 'bc': [5, 9], 'xx': 5 })) # Test conditions for invalid arguments. self.assertFalse(object_schema.matches({'a': 'ZYYY', 'bc': [5, 9, 3]})) self.assertFalse(object_schema.matches({'a': 'ZYYY'})) # Test conditions for invalid arguments in a schema definition. self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Object, a='a') self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Object, a=[1]) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Object, a=SCHEMA.AnyString(), b=1) # Test condition for invalid non-dict arguments. self.assertFalse(object_schema.matches([{'a': 'XYZ'}])) self.assertFalse(object_schema.matches(8))
def test_Optional(self): # Test conditions for valid arguments. optional_schema = SCHEMA.Object(k1=SCHEMA.String('X'), k2=SCHEMA.Optional(SCHEMA.String('Y'))) self.assertTrue(optional_schema.matches({'k1': 'X', 'k2': 'Y'})) self.assertTrue(optional_schema.matches({'k1': 'X'})) # Test conditions for invalid arguments. self.assertFalse(optional_schema.matches({'k1': 'X', 'k2': 'Z'})) # Test conditions for invalid arguments in a schema definition. self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, 1) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, [1]) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, {'a': 1})
PEMRSA_SCHEMA = SCHEMA.AnyString() # An ECDSA key in PEM format. PEMECDSA_SCHEMA = SCHEMA.AnyString() # A string representing a password. PASSWORD_SCHEMA = SCHEMA.AnyString() # A list of passwords. PASSWORDS_SCHEMA = SCHEMA.ListOf(PASSWORD_SCHEMA) # The actual values of a key, as opposed to meta data such as a key type and # key identifier ('rsa', 233df889cb). For RSA keys, the key value is a pair of # public and private keys in PEM Format stored as strings. KEYVAL_SCHEMA = SCHEMA.Object(object_name='KEYVAL_SCHEMA', public=SCHEMA.AnyString(), private=SCHEMA.Optional(SCHEMA.AnyString())) # Public keys CAN have a private portion (for backwards compatibility) which # MUST be an empty string PUBLIC_KEYVAL_SCHEMA = SCHEMA.Object(object_name='KEYVAL_SCHEMA', public=SCHEMA.AnyString(), private=SCHEMA.Optional( SCHEMA.String(""))) # Supported securesystemslib key types. KEYTYPE_SCHEMA = SCHEMA.OneOf([ SCHEMA.String('rsa'), SCHEMA.String('ed25519'), SCHEMA.String('ecdsa-sha2-nistp256') ])
# A datetime in 'YYYY-MM-DDTHH:MM:SSZ' ISO 8601 format. The "Z" zone designator # for the zero UTC offset is always used (i.e., a numerical offset is not # supported.) Example: '2015-10-21T13:20:00Z'. Note: This is a simple format # check, and an ISO8601 string should be fully verified when it is parsed. ISO8601_DATETIME_SCHEMA = SCHEMA.RegularExpression( r'\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z') # An integer representing the numbered version of a metadata file. # Must be 1, or greater. METADATAVERSION_SCHEMA = SCHEMA.Integer(lo=0) # A relative file path (e.g., 'metadata/root/'). RELPATH_SCHEMA = SCHEMA.AnyString() RELPATHS_SCHEMA = SCHEMA.ListOf(RELPATH_SCHEMA) VERSIONINFO_SCHEMA = SCHEMA.Object(object_name='VERSIONINFO_SCHEMA', version=METADATAVERSION_SCHEMA) # A string representing a role's name. ROLENAME_SCHEMA = SCHEMA.AnyString() # A role's threshold value (i.e., the minimum number # of signatures required to sign a metadata file). # Must be 1 and greater. THRESHOLD_SCHEMA = SCHEMA.Integer(lo=1) # A hexadecimal value in '23432df87ab..' format. HEX_SCHEMA = SCHEMA.RegularExpression(r'[a-fA-F0-9]+') # A path hash prefix is a hexadecimal string. PATH_HASH_PREFIX_SCHEMA = HEX_SCHEMA
SCHEME_SCHEMA = SCHEMA.AnyString() # A relative file path (e.g., 'metadata/root/'). RELPATH_SCHEMA = SCHEMA.AnyString() RELPATHS_SCHEMA = SCHEMA.ListOf(RELPATH_SCHEMA) # An absolute path. PATH_SCHEMA = SCHEMA.AnyString() PATHS_SCHEMA = SCHEMA.ListOf(PATH_SCHEMA) # Uniform Resource Locator identifier (e.g., 'https://www.updateframework.com/'). URL_SCHEMA = SCHEMA.AnyString() # A dictionary holding version information. VERSION_SCHEMA = SCHEMA.Object(object_name='VERSION_SCHEMA', major=SCHEMA.Integer(lo=0), minor=SCHEMA.Integer(lo=0), fix=SCHEMA.Integer(lo=0)) # An integer representing the numbered version of a metadata file. # Must be 1, or greater. METADATAVERSION_SCHEMA = SCHEMA.Integer(lo=0) # An integer representing length. Must be 0, or greater. LENGTH_SCHEMA = SCHEMA.Integer(lo=0) # An integer representing logger levels, such as logging.CRITICAL (=50). # Must be between 0 and 50. LOGLEVEL_SCHEMA = SCHEMA.Integer(lo=0, hi=50) # A string representing a named object. NAME_SCHEMA = SCHEMA.AnyString()
) # Any subclass of `securesystemslib.schema.Object` stores the schemas that # define the attributes of the object in its `_required` property, even if # such a schema is of type `Optional`. # TODO: Find a way that does not require to access a protected member schema._required.append(subkey_schema_tuple) # pylint: disable=protected-access return schema GPG_HASH_ALGORITHM_STRING = "pgp+SHA2" PGP_RSA_PUBKEY_METHOD_STRING = "pgp+rsa-pkcsv1.5" PGP_DSA_PUBKEY_METHOD_STRING = "pgp+dsa-fips-180-2" RSA_PUBKEYVAL_SCHEMA = ssl_schema.Object( object_name = "RSA_PUBKEYVAL_SCHEMA", e = ssl_schema.AnyString(), n = ssl_formats.HEX_SCHEMA ) # We have to define RSA_PUBKEY_SCHEMA in two steps, because it is # self-referential. Here we define a shallow _RSA_PUBKEY_SCHEMA, which we use # below to create the self-referential RSA_PUBKEY_SCHEMA. _RSA_PUBKEY_SCHEMA = ssl_schema.Object( object_name = "RSA_PUBKEY_SCHEMA", type = ssl_schema.String("rsa"), method = ssl_schema.String(PGP_RSA_PUBKEY_METHOD_STRING), hashes = ssl_schema.ListOf(ssl_schema.String(GPG_HASH_ALGORITHM_STRING)), keyid = ssl_formats.KEYID_SCHEMA, keyval = ssl_schema.Object( public = RSA_PUBKEYVAL_SCHEMA,