def test_ListOf(self): # Test conditions for valid arguments. listof_schema = SCHEMA.ListOf(SCHEMA.RegularExpression('(?:..)*')) listof2_schema = SCHEMA.ListOf(SCHEMA.Integer(), min_count=3, max_count=10) self.assertTrue(listof_schema.matches([])) self.assertTrue( listof_schema.matches( ['Hi', 'this', 'list', 'is', 'full', 'of', 'even', 'strs'])) self.assertTrue(listof2_schema.matches([3] * 3)) self.assertTrue(listof2_schema.matches([3] * 10)) # Test conditions for invalid arguments. self.assertFalse(listof_schema.matches('hi')) self.assertFalse(listof_schema.matches({})) self.assertFalse(listof_schema.matches(['This', 'one', 'is not'])) self.assertFalse(listof2_schema.matches([3] * 2)) self.assertFalse(listof2_schema.matches(([3] * 11))) # Test conditions for invalid arguments in a schema definition. self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.ListOf, 1) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.ListOf, [1]) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.ListOf, {'a': 1})
def test_OneOf(self): # Test conditions for valid arguments. oneof_schema = SCHEMA.OneOf([ SCHEMA.ListOf(SCHEMA.Integer()), SCHEMA.String('Hello'), SCHEMA.String('bye') ]) self.assertTrue(oneof_schema.matches([])) self.assertTrue(oneof_schema.matches('bye')) self.assertTrue(oneof_schema.matches([1, 2])) # Test conditions for invalid arguments. self.assertFalse(oneof_schema.matches(3)) self.assertFalse(oneof_schema.matches(['Hi'])) # Test conditions for invalid arguments in a schema definition. self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.OneOf, 1) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.OneOf, [1]) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.OneOf, {'a': 1}) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.OneOf, [SCHEMA.AnyString(), 1])
def test_Struct(self): # Test conditions for valid arguments. struct_schema = SCHEMA.Struct([ SCHEMA.ListOf(SCHEMA.AnyString()), SCHEMA.AnyString(), SCHEMA.String('X') ]) struct2_schema = SCHEMA.Struct([SCHEMA.String('X')], allow_more=True) struct3_schema = SCHEMA.Struct( [SCHEMA.String('X'), SCHEMA.Integer()], [SCHEMA.Integer()]) self.assertTrue(struct_schema.matches([[], 'Q', 'X'])) self.assertTrue(struct2_schema.matches(['X'])) self.assertTrue(struct2_schema.matches(['X', 'Y'])) self.assertTrue(struct2_schema.matches(['X', ['Y', 'Z']])) self.assertTrue(struct3_schema.matches(['X', 3])) self.assertTrue(struct3_schema.matches(['X', 3, 9])) # Test conditions for invalid arguments. self.assertFalse(struct_schema.matches(False)) self.assertFalse(struct_schema.matches('Foo')) self.assertFalse(struct_schema.matches([[], 'Q', 'D'])) self.assertFalse(struct_schema.matches([[3], 'Q', 'X'])) self.assertFalse(struct_schema.matches([[], 'Q', 'X', 'Y'])) self.assertFalse(struct2_schema.matches([])) self.assertFalse(struct2_schema.matches([['X']])) self.assertFalse(struct3_schema.matches([])) self.assertFalse(struct3_schema.matches({})) self.assertFalse(struct3_schema.matches(['X'])) self.assertFalse(struct3_schema.matches(['X', 3, 9, 11])) self.assertFalse(struct3_schema.matches(['X', 3, 'A'])) # Test conditions for invalid arguments in a schema definition. self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Struct, 1) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Struct, [1]) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Struct, {'a': 1}) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Struct, [SCHEMA.AnyString(), 1])
import calendar import re import string import datetime import time import six import securesystemslib.schema as SCHEMA import securesystemslib.exceptions # Note that in the schema definitions below, the 'SCHEMA.Object' types allow # additional keys which are not defined. Thus, any additions to them will be # easily backwards compatible with clients that are already deployed. ANY_STRING_SCHEMA = SCHEMA.AnyString() LIST_OF_ANY_STRING_SCHEMA = SCHEMA.ListOf(ANY_STRING_SCHEMA) # A datetime in 'YYYY-MM-DDTHH:MM:SSZ' ISO 8601 format. The "Z" zone designator # for the zero UTC offset is always used (i.e., a numerical offset is not # supported.) Example: '2015-10-21T13:20:00Z'. Note: This is a simple format # check, and an ISO8601 string should be fully verified when it is parsed. ISO8601_DATETIME_SCHEMA = SCHEMA.RegularExpression( r'\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z') # A Unix/POSIX time format. An integer representing the number of seconds # since the epoch (January 1, 1970.) Metadata uses this format for the # 'expires' field. Set 'hi' to the upper timestamp limit (year 2038), the max # value of an int. UNIX_TIMESTAMP_SCHEMA = SCHEMA.Integer(lo=0, hi=2147483647) # A hexadecimal value in '23432df87ab..' format.
]) # A datetime in 'YYYY-MM-DDTHH:MM:SSZ' ISO 8601 format. The "Z" zone designator # for the zero UTC offset is always used (i.e., a numerical offset is not # supported.) Example: '2015-10-21T13:20:00Z'. Note: This is a simple format # check, and an ISO8601 string should be fully verified when it is parsed. ISO8601_DATETIME_SCHEMA = SCHEMA.RegularExpression( r'\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z') # An integer representing the numbered version of a metadata file. # Must be 1, or greater. METADATAVERSION_SCHEMA = SCHEMA.Integer(lo=0) # A relative file path (e.g., 'metadata/root/'). RELPATH_SCHEMA = SCHEMA.AnyString() RELPATHS_SCHEMA = SCHEMA.ListOf(RELPATH_SCHEMA) VERSIONINFO_SCHEMA = SCHEMA.Object(object_name='VERSIONINFO_SCHEMA', version=METADATAVERSION_SCHEMA) # A string representing a role's name. ROLENAME_SCHEMA = SCHEMA.AnyString() # A role's threshold value (i.e., the minimum number # of signatures required to sign a metadata file). # Must be 1 and greater. THRESHOLD_SCHEMA = SCHEMA.Integer(lo=1) # A hexadecimal value in '23432df87ab..' format. HEX_SCHEMA = SCHEMA.RegularExpression(r'[a-fA-F0-9]+')
`check_match` raises a securesystemslib.exceptions.FormatError and `matches` returns False if the verified object does not match the schema (True otherwise). """ import in_toto.gpg.formats as gpg_formats import securesystemslib.schema as ssl_schema import securesystemslib.formats as ssl_formats # Note: Verification keys can have private portions but in case of GPG we # only have a PUBKEY_SCHEMA (because we never export private gpg keys from # the gpg keyring) ANY_VERIFICATION_KEY_SCHEMA = ssl_schema.OneOf( [ssl_formats.ANYKEY_SCHEMA, gpg_formats.PUBKEY_SCHEMA]) ANY_VERIFICATION_KEY_DICT_SCHEMA = ssl_schema.DictOf( key_schema=ssl_formats.KEYID_SCHEMA, value_schema=ANY_VERIFICATION_KEY_SCHEMA) ANY_PUBKEY_SCHEMA = ssl_schema.OneOf( [ssl_formats.PUBLIC_KEY_SCHEMA, gpg_formats.PUBKEY_SCHEMA]) ANY_PUBKEY_DICT_SCHEMA = ssl_schema.DictOf(key_schema=ssl_formats.KEYID_SCHEMA, value_schema=ANY_PUBKEY_SCHEMA) ANY_SIGNATURE_SCHEMA = ssl_schema.OneOf( [ssl_formats.SIGNATURE_SCHEMA, gpg_formats.SIGNATURE_SCHEMA]) ANY_STRING_SCHEMA = ssl_schema.AnyString() LIST_OF_ANY_STRING_SCHEMA = ssl_schema.ListOf(ANY_STRING_SCHEMA)
import binascii import calendar import re import datetime import time import six import securesystemslib.schema as SCHEMA import securesystemslib.exceptions # Note that in the schema definitions below, the 'SCHEMA.Object' types allow # additional keys which are not defined. Thus, any additions to them will be # easily backwards compatible with clients that are already deployed. ANY_STRING_SCHEMA = SCHEMA.AnyString() LIST_OF_ANY_STRING_SCHEMA = SCHEMA.ListOf(ANY_STRING_SCHEMA) # A datetime in 'YYYY-MM-DDTHH:MM:SSZ' ISO 8601 format. The "Z" zone designator # for the zero UTC offset is always used (i.e., a numerical offset is not # supported.) Example: '2015-10-21T13:20:00Z'. Note: This is a simple format # check, and an ISO8601 string should be fully verified when it is parsed. ISO8601_DATETIME_SCHEMA = SCHEMA.RegularExpression(r'\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z') # A Unix/POSIX time format. An integer representing the number of seconds # since the epoch (January 1, 1970.) Metadata uses this format for the # 'expires' field. Set 'hi' to the upper timestamp limit (year 2038), the max # value of an int. UNIX_TIMESTAMP_SCHEMA = SCHEMA.Integer(lo=0, hi=2147483647) # A hexadecimal value in '23432df87ab..' format. HEX_SCHEMA = SCHEMA.RegularExpression(r'[a-fA-F0-9]+')
# A hexadecimal value in '23432df87ab..' format. HASH_SCHEMA = SCHEMA.RegularExpression(r'[a-fA-F0-9]+') # A dict in {'sha256': '23432df87ab..', 'sha512': '34324abc34df..', ...} format. HASHDICT_SCHEMA = SCHEMA.DictOf(key_schema=SCHEMA.AnyString(), value_schema=HASH_SCHEMA) # A hexadecimal value in '23432df87ab..' format. HEX_SCHEMA = SCHEMA.RegularExpression(r'[a-fA-F0-9]+') # A key identifier (e.g., a hexadecimal value identifying an RSA key). KEYID_SCHEMA = HASH_SCHEMA # A list of KEYID_SCHEMA. KEYIDS_SCHEMA = SCHEMA.ListOf(KEYID_SCHEMA) # The signing scheme used by a key to generate a signature (e.g., # 'rsassa-pss-sha256' is one of the signing schemes for key type 'rsa'). SCHEME_SCHEMA = SCHEMA.AnyString() # A relative file path (e.g., 'metadata/root/'). RELPATH_SCHEMA = SCHEMA.AnyString() RELPATHS_SCHEMA = SCHEMA.ListOf(RELPATH_SCHEMA) # An absolute path. PATH_SCHEMA = SCHEMA.AnyString() PATHS_SCHEMA = SCHEMA.ListOf(PATH_SCHEMA) # Uniform Resource Locator identifier (e.g., 'https://www.updateframework.com/'). URL_SCHEMA = SCHEMA.AnyString()
RSA_PUBKEYVAL_SCHEMA = ssl_schema.Object( object_name = "RSA_PUBKEYVAL_SCHEMA", e = ssl_schema.AnyString(), n = ssl_formats.HEX_SCHEMA ) # We have to define RSA_PUBKEY_SCHEMA in two steps, because it is # self-referential. Here we define a shallow _RSA_PUBKEY_SCHEMA, which we use # below to create the self-referential RSA_PUBKEY_SCHEMA. _RSA_PUBKEY_SCHEMA = ssl_schema.Object( object_name = "RSA_PUBKEY_SCHEMA", type = ssl_schema.String("rsa"), method = ssl_schema.String(PGP_RSA_PUBKEY_METHOD_STRING), hashes = ssl_schema.ListOf(ssl_schema.String(GPG_HASH_ALGORITHM_STRING)), keyid = ssl_formats.KEYID_SCHEMA, keyval = ssl_schema.Object( public = RSA_PUBKEYVAL_SCHEMA, private = ssl_schema.String("") ) ) RSA_PUBKEY_SCHEMA = _create_pubkey_with_subkey_schema( _RSA_PUBKEY_SCHEMA) DSA_PUBKEYVAL_SCHEMA = ssl_schema.Object( object_name = "DSA_PUBKEYVAL_SCHEMA", y = ssl_formats.HEX_SCHEMA, p = ssl_formats.HEX_SCHEMA, q = ssl_formats.HEX_SCHEMA,