Python ImageConfig.get_digest_canonical Exemples

Langage de programmation: Python

Espace de nommage/Pack: docker_sign_verify

Class/Type: ImageConfig

Méthode/Fonction: get_digest_canonical

Exemples au hotexamples.com: 4

Python ImageConfig.get_digest_canonical - 4 exemples trouvés. Ce sont les exemples réels les mieux notés de docker_sign_verify.ImageConfig.get_digest_canonical extraits de projets open source. Vous pouvez noter les exemples pour nous aider à en améliorer la qualité.

Méthodes fréquemment utilisées

Afficher Cacher

get_signature_list(10)

sign(9)

get_bytes(7)

get_config(7)

ImageConfig(5)

get_config_digest_canonical(5)

get_digest_canonical(4)

get_config_digest(2)

set_signature_list(2)

unsign(2)

verify_signatures(2)

get_bytes_canonical(1)

clone(1)

get_config_canonical(1)

_get_labels(1)

get_digest(1)

get_image_layers(1)

get_signature_data(1)

clear_signature_list(1)

_normalize(1)

Méthodes fréquemment utilisées

get_signature_list (10)

sign (9)

get_bytes (7)

get_config (7)

ImageConfig (5)

get_config_digest_canonical (5)

get_digest_canonical (4)

get_config_digest (2)

set_signature_list (2)

unsign (2)

Méthodes fréquemment utilisées

verify_signatures (2)

get_bytes_canonical (1)

clone (1)

get_config_canonical (1)

_get_labels (1)

get_digest (1)

get_image_layers (1)

get_signature_data (1)

clear_signature_list (1)

_normalize (1)

Exemple #1

0

Afficher le fichier

Fichier : test_imageconfig.py Projet : ChinnoDog/docker-sign-verify

def test_get_digest_canonical( image_config: ImageConfig, image_config_signed: ImageConfig, config_digest_canonical: str, config_digest_signed_canonical: str, ): """Test canonical digest calculation for signed and unsigned configurations.""" assert image_config.get_digest_canonical() == config_digest_canonical assert image_config_signed.get_digest_canonical() == config_digest_signed_canonical

Exemple #2

0

Afficher le fichier

Fichier : test_imageconfig.py Projet : ChinnoDog/docker-sign-verify

async def test_minimal(): """Test minimal image configuration (for non-conformant labels)k.""" # Note: At a minimum, [Cc]onfig key must exist with non-null value image_config = ImageConfig(b'{"Config":{}}') config_digest_canonical = image_config.get_digest_canonical() signer = FakeSigner() assert await image_config.sign(signer) == signer.signature_value # A signature should always be able to be added ... assert b"BEGIN FAKE SIGNATURE" in image_config.get_bytes() signatures = image_config.get_signature_list() assert len(signatures) == 1 assert signatures[0]["digest"] == config_digest_canonical assert signatures[0]["signature"] == signer.signature_value

Exemple #3

0

Afficher le fichier

async def test_minimal(gnupg_keypair: GnuPGKeypair): """Test minimal image configuration (for non-conformant labels)k.""" signer = GPGSigner( keyid=gnupg_keypair.keyid, passphrase=gnupg_keypair.passphrase, homedir=gnupg_keypair.gnupg_home, ) # Note: At a minimum, [Cc]onfig key must exist with non-null value image_config = ImageConfig(b'{"Config":{}}') config_digest_canonical = image_config.get_digest_canonical() signature = await image_config.sign(signer) assert "PGP SIGNATURE" in signature # A signature should always be able to be added ... assert b"BEGIN PGP SIGNATURE" in image_config.get_bytes() signatures = image_config.get_signature_list() assert len(signatures) == 1 assert signatures[0].digest == config_digest_canonical assert signatures[0].signature == signature

Exemple #4

0

Afficher le fichier

Fichier : test_imageconfig.py Projet : ChinnoDog/docker-sign-verify

async def test_sign_endorse_recursive(image_config: ImageConfig): """Test interlaced signatures and endorsements.""" # Stack representation of a binary tree stack = [{"name": "?-Unsigned", "image_config": deepcopy(image_config)}] LOGGER.debug("Unsigned Canonical Digest: %s", image_config.get_digest_canonical()) async def append_new_image_config( *, config: ImageConfig, signature_type: SignatureTypes = SignatureTypes.SIGN, iteration, ): action = f"X{signature_type.name}" signer = FakeSigner(f"[{iteration}-{action: <8}: {{0}}]") await config.sign(signer, signature_type) stack.append({"name": f"{iteration}-{action}", "image_config": config}) iterations = 6 # Breadth first traversal ... for i in range(iterations): LOGGER.debug("Iteration %d", i) for _ in range(len(stack)): frame = stack[0] LOGGER.debug(" Checking %s", frame["name"]) # Validate the signature / endorsement permutations of the first entry on the stack ... signatures = frame["image_config"].get_signature_list() flat_list = "".join([signature["signature"] for signature in signatures]) if f"X{SignatureTypes.RESIGN.name}" in flat_list: # Too lazy to calculate how many signatures were removed ... assert len(signatures) <= i else: assert len(signatures) == i for sig, signature in enumerate(signatures): LOGGER.debug(" %s", signature["signature"]) if f"X{SignatureTypes.ENDORSE.name}" in signature["signature"]: # Endorsement digests should include all entities of a lower order. temp = deepcopy(frame["image_config"]) temp.set_signature_list(temp.get_signature_list()[:sig]) assert signature["digest"] == temp.get_digest_canonical() assert temp.get_digest_canonical() in signature["signature"] else: # Signature digests should be independent of the number of signatures. # Re-signed images should always contain 1 signature. assert signature["digest"] == image_config.get_digest_canonical() assert image_config.get_digest_canonical() in signature["signature"] # Unshift the first image configuration, append three more image configurations on to the stack: ... # ... one signed ... await append_new_image_config( config=deepcopy(frame["image_config"]), iteration=i ) # ... one endorsed ... await append_new_image_config( config=deepcopy(frame["image_config"]), signature_type=SignatureTypes.ENDORSE, iteration=i, ) # ... one resigned ... await append_new_image_config( config=stack.pop(0).get("image_config"), signature_type=SignatureTypes.RESIGN, iteration=i, )