def _create_gpg_pubkey_with_subkey_schema(pubkey_schema): """Helper method to extend the passed public key schema with an optional dictionary of sub public keys "subkeys" with the same schema.""" schema = pubkey_schema subkey_schema_tuple = ("subkeys", SCHEMA.Optional( SCHEMA.DictOf(key_schema=KEYID_SCHEMA, value_schema=pubkey_schema))) # Any subclass of `securesystemslib.schema.Object` stores the schemas that # define the attributes of the object in its `_required` property, even if # such a schema is of type `Optional`. # TODO: Find a way that does not require to access a protected member schema._required.append(subkey_schema_tuple) # pylint: disable=protected-access return schema
def test_Optional(self): # Test conditions for valid arguments. optional_schema = SCHEMA.Object(k1=SCHEMA.String('X'), k2=SCHEMA.Optional(SCHEMA.String('Y'))) self.assertTrue(optional_schema.matches({'k1': 'X', 'k2': 'Y'})) self.assertTrue(optional_schema.matches({'k1': 'X'})) # Test conditions for invalid arguments. self.assertFalse(optional_schema.matches({'k1': 'X', 'k2': 'Z'})) # Test conditions for invalid arguments in a schema definition. self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, 1) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, [1]) self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, {'a': 1})
# An ECDSA key in PEM format. PEMECDSA_SCHEMA = SCHEMA.AnyString() # A string representing a password. PASSWORD_SCHEMA = SCHEMA.AnyString() # A list of passwords. PASSWORDS_SCHEMA = SCHEMA.ListOf(PASSWORD_SCHEMA) # The actual values of a key, as opposed to meta data such as a key type and # key identifier ('rsa', 233df889cb). For RSA keys, the key value is a pair of # public and private keys in PEM Format stored as strings. KEYVAL_SCHEMA = SCHEMA.Object(object_name='KEYVAL_SCHEMA', public=SCHEMA.AnyString(), private=SCHEMA.Optional(SCHEMA.AnyString())) # Public keys CAN have a private portion (for backwards compatibility) which # MUST be an empty string PUBLIC_KEYVAL_SCHEMA = SCHEMA.Object(object_name='KEYVAL_SCHEMA', public=SCHEMA.AnyString(), private=SCHEMA.Optional( SCHEMA.String(""))) # Supported securesystemslib key types. KEYTYPE_SCHEMA = SCHEMA.OneOf([ SCHEMA.String('rsa'), SCHEMA.String('ed25519'), SCHEMA.String('ecdsa-sha2-nistp256') ])
# A hexadecimal value in '23432df87ab..' format. HEX_SCHEMA = SCHEMA.RegularExpression(r'[a-fA-F0-9]+') # A path hash prefix is a hexadecimal string. PATH_HASH_PREFIX_SCHEMA = HEX_SCHEMA # A list of path hash prefixes. PATH_HASH_PREFIXES_SCHEMA = SCHEMA.ListOf(PATH_HASH_PREFIX_SCHEMA) # Role object in {'keyids': [keydids..], 'name': 'ABC', 'threshold': 1, # 'paths':[filepaths..]} format. # TODO: This is not a role. In further #660-related PRs, fix it, similar to # the way I did in Uptane's TUF fork. ROLE_SCHEMA = SCHEMA.Object( object_name='ROLE_SCHEMA', name=SCHEMA.Optional(ROLENAME_SCHEMA), keyids=sslib_formats.KEYIDS_SCHEMA, threshold=THRESHOLD_SCHEMA, terminating=SCHEMA.Optional(sslib_formats.BOOLEAN_SCHEMA), paths=SCHEMA.Optional(RELPATHS_SCHEMA), path_hash_prefixes=SCHEMA.Optional(PATH_HASH_PREFIXES_SCHEMA)) # A dict of roles where the dict keys are role names and the dict values holding # the role data/information. ROLEDICT_SCHEMA = SCHEMA.DictOf(key_schema=ROLENAME_SCHEMA, value_schema=ROLE_SCHEMA) # A dictionary of ROLEDICT, where dictionary keys can be repository names, and # dictionary values containing information for each role available on the # repository (corresponding to the repository belonging to named repository in # the dictionary key)
# A hexadecimal value in '23432df87ab..' format. HEX_SCHEMA = SCHEMA.RegularExpression(r'[a-fA-F0-9]+') # A path hash prefix is a hexadecimal string. PATH_HASH_PREFIX_SCHEMA = HEX_SCHEMA # A list of path hash prefixes. PATH_HASH_PREFIXES_SCHEMA = SCHEMA.ListOf(PATH_HASH_PREFIX_SCHEMA) # Role object in {'keyids': [keydids..], 'name': 'ABC', 'threshold': 1, # 'paths':[filepaths..]} format. # TODO: This is not a role. In further #660-related PRs, fix it, similar to # the way I did in Uptane's TUF fork. ROLE_SCHEMA = SCHEMA.Object( object_name='ROLE_SCHEMA', name=SCHEMA.Optional(ROLENAME_SCHEMA), keyids=securesystemslib.formats.KEYIDS_SCHEMA, threshold=THRESHOLD_SCHEMA, terminating=SCHEMA.Optional(securesystemslib.formats.BOOLEAN_SCHEMA), paths=SCHEMA.Optional(RELPATHS_SCHEMA), path_hash_prefixes=SCHEMA.Optional(PATH_HASH_PREFIXES_SCHEMA)) # A dict of roles where the dict keys are role names and the dict values holding # the role data/information. ROLEDICT_SCHEMA = SCHEMA.DictOf(key_schema=ROLENAME_SCHEMA, value_schema=ROLE_SCHEMA) # A dictionary of ROLEDICT, where dictionary keys can be repository names, and # dictionary values containing information for each role available on the # repository (corresponding to the repository belonging to named repository in # the dictionary key)
# An ECDSA key in PEM format. PEMECDSA_SCHEMA = SCHEMA.AnyString() # A string representing a password. PASSWORD_SCHEMA = SCHEMA.AnyString() # A list of passwords. PASSWORDS_SCHEMA = SCHEMA.ListOf(PASSWORD_SCHEMA) # The actual values of a key, as opposed to meta data such as a key type and # key identifier ('rsa', 233df889cb). For RSA keys, the key value is a pair of # public and private keys in PEM Format stored as strings. KEYVAL_SCHEMA = SCHEMA.Object(object_name='KEYVAL_SCHEMA', public=SCHEMA.AnyString(), private=SCHEMA.Optional(SCHEMA.AnyString())) # Public keys CAN have a private portion (for backwards compatibility) which # MUST be an empty string PUBLIC_KEYVAL_SCHEMA = SCHEMA.Object(object_name='KEYVAL_SCHEMA', public=SCHEMA.AnyString(), private=SCHEMA.Optional( SCHEMA.String(""))) # Supported TUF key types. KEYTYPE_SCHEMA = SCHEMA.OneOf([ SCHEMA.String('rsa'), SCHEMA.String('ed25519'), SCHEMA.String('ecdsa-sha2-nistp256'), SCHEMA.String('spx') ])
# We have to define DSA_PUBKEY_SCHEMA in two steps, because it is # self-referential. Here we define a shallow _DSA_PUBKEY_SCHEMA, which we use # below to create the self-referential DSA_PUBKEY_SCHEMA. _DSA_PUBKEY_SCHEMA = ssl_schema.Object( object_name = "DSA_PUBKEY_SCHEMA", type = ssl_schema.String("dsa"), method = ssl_schema.String(PGP_DSA_PUBKEY_METHOD_STRING), hashes = ssl_schema.ListOf(ssl_schema.String(GPG_HASH_ALGORITHM_STRING)), keyid = ssl_formats.KEYID_SCHEMA, keyval = ssl_schema.Object( public = DSA_PUBKEYVAL_SCHEMA, private = ssl_schema.String("") ) ) DSA_PUBKEY_SCHEMA = _create_pubkey_with_subkey_schema( _DSA_PUBKEY_SCHEMA) PUBKEY_SCHEMA = ssl_schema.OneOf([RSA_PUBKEY_SCHEMA, DSA_PUBKEY_SCHEMA]) SIGNATURE_SCHEMA = ssl_schema.Object( object_name = "SIGNATURE_SCHEMA", keyid = ssl_formats.KEYID_SCHEMA, short_keyid = ssl_schema.Optional(ssl_formats.KEYID_SCHEMA), other_headers = ssl_formats.HEX_SCHEMA, signature = ssl_formats.HEX_SCHEMA )