def test_OneOf(self): # Test conditions for valid arguments. oneof_schema = SCHEMA.OneOf([ SCHEMA.ListOf(SCHEMA.Integer()), SCHEMA.String('Hello'), SCHEMA.String('bye') ]) self.assertTrue(oneof_schema.matches([])) self.assertTrue(oneof_schema.matches('bye')) self.assertTrue(oneof_schema.matches([1, 2])) # Test conditions for invalid arguments. self.assertFalse(oneof_schema.matches(3)) self.assertFalse(oneof_schema.matches(['Hi'])) # Test conditions for invalid arguments in a schema definition. self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.OneOf, 1) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.OneOf, [1]) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.OneOf, {'a': 1}) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.OneOf, [SCHEMA.AnyString(), 1])
def test_Optional(self): # Test conditions for valid arguments. optional_schema = SCHEMA.Object(k1=SCHEMA.String('X'), k2=SCHEMA.Optional(SCHEMA.String('Y'))) self.assertTrue(optional_schema.matches({'k1': 'X', 'k2': 'Y'})) self.assertTrue(optional_schema.matches({'k1': 'X'})) # Test conditions for invalid arguments. self.assertFalse(optional_schema.matches({'k1': 'X', 'k2': 'Z'})) # Test conditions for invalid arguments in a schema definition. self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, 1) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, [1]) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, {'a': 1})
def test_Struct(self): # Test conditions for valid arguments. struct_schema = SCHEMA.Struct([ SCHEMA.ListOf(SCHEMA.AnyString()), SCHEMA.AnyString(), SCHEMA.String('X') ]) struct2_schema = SCHEMA.Struct([SCHEMA.String('X')], allow_more=True) struct3_schema = SCHEMA.Struct( [SCHEMA.String('X'), SCHEMA.Integer()], [SCHEMA.Integer()]) self.assertTrue(struct_schema.matches([[], 'Q', 'X'])) self.assertTrue(struct2_schema.matches(['X'])) self.assertTrue(struct2_schema.matches(['X', 'Y'])) self.assertTrue(struct2_schema.matches(['X', ['Y', 'Z']])) self.assertTrue(struct3_schema.matches(['X', 3])) self.assertTrue(struct3_schema.matches(['X', 3, 9])) # Test conditions for invalid arguments. self.assertFalse(struct_schema.matches(False)) self.assertFalse(struct_schema.matches('Foo')) self.assertFalse(struct_schema.matches([[], 'Q', 'D'])) self.assertFalse(struct_schema.matches([[3], 'Q', 'X'])) self.assertFalse(struct_schema.matches([[], 'Q', 'X', 'Y'])) self.assertFalse(struct2_schema.matches([])) self.assertFalse(struct2_schema.matches([['X']])) self.assertFalse(struct3_schema.matches([])) self.assertFalse(struct3_schema.matches({})) self.assertFalse(struct3_schema.matches(['X'])) self.assertFalse(struct3_schema.matches(['X', 3, 9, 11])) self.assertFalse(struct3_schema.matches(['X', 3, 'A'])) # Test conditions for invalid arguments in a schema definition. self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Struct, 1) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Struct, [1]) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Struct, {'a': 1}) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Struct, [SCHEMA.AnyString(), 1])
def test_String(self): # Test conditions for valid arguments. string_schema = SCHEMA.String('test') self.assertTrue(string_schema.matches('test')) # Test conditions for invalid arguments. self.assertFalse(string_schema.matches(True)) self.assertFalse(string_schema.matches(['test'])) self.assertFalse(string_schema.matches(SCHEMA.Schema)) # Test conditions for invalid arguments in a schema definition. self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.String, 1) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.String, [1]) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.String, {'a': 1})
def test_AllOf(self): # Test conditions for valid arguments. allof_schema = SCHEMA.AllOf([SCHEMA.Any(), SCHEMA.AnyString(), SCHEMA.String('a')]) self.assertTrue(allof_schema.matches('a')) # Test conditions for invalid arguments. self.assertFalse(allof_schema.matches('b')) # Test conditions for invalid arguments in a schema definition. self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.AllOf, 1) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.AllOf, [1]) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.AllOf, {'a': 1}) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.AllOf, [SCHEMA.AnyString(), 1])
LOGLEVEL_SCHEMA = SCHEMA.Integer(lo=0, hi=50) # A string representing a named object. NAME_SCHEMA = SCHEMA.AnyString() NAMES_SCHEMA = SCHEMA.ListOf(NAME_SCHEMA) # A byte string representing data. DATA_SCHEMA = SCHEMA.AnyBytes() # A text string. For instance, a string entered by the user. TEXT_SCHEMA = SCHEMA.AnyString() # Supported hash algorithms. HASHALGORITHMS_SCHEMA = SCHEMA.ListOf( SCHEMA.OneOf([ SCHEMA.String('md5'), SCHEMA.String('sha1'), SCHEMA.String('sha224'), SCHEMA.String('sha256'), SCHEMA.String('sha384'), SCHEMA.String('sha512') ])) # The contents of an encrypted key. Encrypted keys are saved to files # in this format. ENCRYPTEDKEY_SCHEMA = SCHEMA.AnyString() # A value that is either True or False, on or off, etc. BOOLEAN_SCHEMA = SCHEMA.Boolean() # The minimum number of bits for an RSA key. Must be 2048 bits, or greater
from securesystemslib import schema as SCHEMA import tuf from tuf import exceptions # As per TUF spec 1.0.0 the spec version field must follow the Semantic # Versioning 2.0.0 (semver) format. The regex pattern is provided by semver. # https://semver.org/spec/v2.0.0.html#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string SEMVER_2_0_0_SCHEMA = SCHEMA.RegularExpression( r'(?P<major>0|[1-9]\d*)\.(?P<minor>0|[1-9]\d*)\.(?P<patch>0|[1-9]\d*)' r'(?:-(?P<prerelease>(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)' r'(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?' r'(?:\+(?P<buildmetadata>[0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?') SPECIFICATION_VERSION_SCHEMA = SCHEMA.OneOf([ # However, temporarily allow "1.0" for backwards-compatibility in tuf-0.12.PATCH. SCHEMA.String("1.0"), SEMVER_2_0_0_SCHEMA ]) # A datetime in 'YYYY-MM-DDTHH:MM:SSZ' ISO 8601 format. The "Z" zone designator # for the zero UTC offset is always used (i.e., a numerical offset is not # supported.) Example: '2015-10-21T13:20:00Z'. Note: This is a simple format # check, and an ISO8601 string should be fully verified when it is parsed. ISO8601_DATETIME_SCHEMA = SCHEMA.RegularExpression( r'\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z') # An integer representing the numbered version of a metadata file. # Must be 1, or greater. METADATAVERSION_SCHEMA = SCHEMA.Integer(lo=0) # A relative file path (e.g., 'metadata/root/').
# Must be between 0 and 50. LOGLEVEL_SCHEMA = SCHEMA.Integer(lo=0, hi=50) # A string representing a named object. NAME_SCHEMA = SCHEMA.AnyString() NAMES_SCHEMA = SCHEMA.ListOf(NAME_SCHEMA) # A byte string representing data. DATA_SCHEMA = SCHEMA.AnyBytes() # A text string. For instance, a string entered by the user. TEXT_SCHEMA = SCHEMA.AnyString() # Supported hash algorithms. HASHALGORITHMS_SCHEMA = SCHEMA.ListOf(SCHEMA.OneOf( [SCHEMA.String('md5'), SCHEMA.String('sha1'), SCHEMA.String('sha224'), SCHEMA.String('sha256'), SCHEMA.String('sha384'), SCHEMA.String('sha512'), SCHEMA.String('blake2s'), SCHEMA.String('blake2b'), SCHEMA.String('blake2b-256')])) # The contents of an encrypted key. Encrypted keys are saved to files # in this format. ENCRYPTEDKEY_SCHEMA = SCHEMA.AnyString() # A value that is either True or False, on or off, etc. BOOLEAN_SCHEMA = SCHEMA.Boolean() # The minimum number of bits for an RSA key. Must be 2048 bits, or greater # (recommended by TUF). Recommended RSA key sizes: # http://www.emc.com/emc-plus/rsa-labs/historical/twirl-and-rsa-key-size.htm#table1
LOGLEVEL_SCHEMA = SCHEMA.Integer(lo=0, hi=50) # A string representing a named object. NAME_SCHEMA = SCHEMA.AnyString() NAMES_SCHEMA = SCHEMA.ListOf(NAME_SCHEMA) # A byte string representing data. DATA_SCHEMA = SCHEMA.AnyBytes() # A text string. For instance, a string entered by the user. TEXT_SCHEMA = SCHEMA.AnyString() # Supported hash algorithms. HASHALGORITHMS_SCHEMA = SCHEMA.ListOf( SCHEMA.OneOf([ SCHEMA.String('md5'), SCHEMA.String('sha1'), SCHEMA.String('sha224'), SCHEMA.String('sha256'), SCHEMA.String('sha384'), SCHEMA.String('sha512') ])) # The contents of an encrypted TUF key. Encrypted TUF keys are saved to files # in this format. ENCRYPTEDKEY_SCHEMA = SCHEMA.AnyString() # A value that is either True or False, on or off, etc. BOOLEAN_SCHEMA = SCHEMA.Boolean() # A role's threshold value (i.e., the minimum number
PGP_RSA_PUBKEY_METHOD_STRING = "pgp+rsa-pkcsv1.5" PGP_DSA_PUBKEY_METHOD_STRING = "pgp+dsa-fips-180-2" RSA_PUBKEYVAL_SCHEMA = ssl_schema.Object( object_name = "RSA_PUBKEYVAL_SCHEMA", e = ssl_schema.AnyString(), n = ssl_formats.HEX_SCHEMA ) # We have to define RSA_PUBKEY_SCHEMA in two steps, because it is # self-referential. Here we define a shallow _RSA_PUBKEY_SCHEMA, which we use # below to create the self-referential RSA_PUBKEY_SCHEMA. _RSA_PUBKEY_SCHEMA = ssl_schema.Object( object_name = "RSA_PUBKEY_SCHEMA", type = ssl_schema.String("rsa"), method = ssl_schema.String(PGP_RSA_PUBKEY_METHOD_STRING), hashes = ssl_schema.ListOf(ssl_schema.String(GPG_HASH_ALGORITHM_STRING)), keyid = ssl_formats.KEYID_SCHEMA, keyval = ssl_schema.Object( public = RSA_PUBKEYVAL_SCHEMA, private = ssl_schema.String("") ) ) RSA_PUBKEY_SCHEMA = _create_pubkey_with_subkey_schema( _RSA_PUBKEY_SCHEMA) DSA_PUBKEYVAL_SCHEMA = ssl_schema.Object( object_name = "DSA_PUBKEYVAL_SCHEMA", y = ssl_formats.HEX_SCHEMA,
signatures = SCHEMA.Optional(securesystemslib.formats.SIGNATURES_SCHEMA), paths = SCHEMA.Optional(SCHEMA.OneOf([RELPATHS_SCHEMA, PATH_FILEINFO_SCHEMA])), path_hash_prefixes = SCHEMA.Optional(PATH_HASH_PREFIXES_SCHEMA), delegations = SCHEMA.Optional(DELEGATIONS_SCHEMA), partial_loaded = SCHEMA.Optional(BOOLEAN_SCHEMA)) # A signable object. Holds the signing role and its associated signatures. SIGNABLE_SCHEMA = SCHEMA.Object( object_name = 'SIGNABLE_SCHEMA', signed = SCHEMA.Any(), signatures = SCHEMA.ListOf(securesystemslib.formats.SIGNATURE_SCHEMA)) # Root role: indicates root keys and top-level roles. ROOT_SCHEMA = SCHEMA.Object( object_name = 'ROOT_SCHEMA', _type = SCHEMA.String('root'), spec_version = SPECIFICATION_VERSION_SCHEMA, version = METADATAVERSION_SCHEMA, consistent_snapshot = BOOLEAN_SCHEMA, expires = ISO8601_DATETIME_SCHEMA, keys = KEYDICT_SCHEMA, roles = ROLEDICT_SCHEMA) # Targets role: Indicates targets and delegates target paths to other roles. TARGETS_SCHEMA = SCHEMA.Object( object_name = 'TARGETS_SCHEMA', _type = SCHEMA.String('targets'), spec_version = SPECIFICATION_VERSION_SCHEMA, version = METADATAVERSION_SCHEMA, expires = ISO8601_DATETIME_SCHEMA, targets = FILEDICT_SCHEMA,