def test_OneOf(self):
# Test conditions for valid arguments.
oneof_schema = SCHEMA.OneOf([
SCHEMA.ListOf(SCHEMA.Integer()),
SCHEMA.String('Hello'),
SCHEMA.String('bye')
])
self.assertTrue(oneof_schema.matches([]))
self.assertTrue(oneof_schema.matches('bye'))
self.assertTrue(oneof_schema.matches([1, 2]))
# Test conditions for invalid arguments.
self.assertFalse(oneof_schema.matches(3))
self.assertFalse(oneof_schema.matches(['Hi']))
# Test conditions for invalid arguments in a schema definition.
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.OneOf, 1)
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.OneOf, [1])
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.OneOf, {'a': 1})
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.OneOf, [SCHEMA.AnyString(), 1])
def test_Optional(self):
# Test conditions for valid arguments.
optional_schema = SCHEMA.Object(k1=SCHEMA.String('X'),
k2=SCHEMA.Optional(SCHEMA.String('Y')))
self.assertTrue(optional_schema.matches({'k1': 'X', 'k2': 'Y'}))
self.assertTrue(optional_schema.matches({'k1': 'X'}))
# Test conditions for invalid arguments.
self.assertFalse(optional_schema.matches({'k1': 'X', 'k2': 'Z'}))
# Test conditions for invalid arguments in a schema definition.
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, 1)
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, [1])
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, {'a': 1})
def test_Struct(self):
# Test conditions for valid arguments.
struct_schema = SCHEMA.Struct([
SCHEMA.ListOf(SCHEMA.AnyString()),
SCHEMA.AnyString(),
SCHEMA.String('X')
])
struct2_schema = SCHEMA.Struct([SCHEMA.String('X')], allow_more=True)
struct3_schema = SCHEMA.Struct(
[SCHEMA.String('X'), SCHEMA.Integer()], [SCHEMA.Integer()])
self.assertTrue(struct_schema.matches([[], 'Q', 'X']))
self.assertTrue(struct2_schema.matches(['X']))
self.assertTrue(struct2_schema.matches(['X', 'Y']))
self.assertTrue(struct2_schema.matches(['X', ['Y', 'Z']]))
self.assertTrue(struct3_schema.matches(['X', 3]))
self.assertTrue(struct3_schema.matches(['X', 3, 9]))
# Test conditions for invalid arguments.
self.assertFalse(struct_schema.matches(False))
self.assertFalse(struct_schema.matches('Foo'))
self.assertFalse(struct_schema.matches([[], 'Q', 'D']))
self.assertFalse(struct_schema.matches([[3], 'Q', 'X']))
self.assertFalse(struct_schema.matches([[], 'Q', 'X', 'Y']))
self.assertFalse(struct2_schema.matches([]))
self.assertFalse(struct2_schema.matches([['X']]))
self.assertFalse(struct3_schema.matches([]))
self.assertFalse(struct3_schema.matches({}))
self.assertFalse(struct3_schema.matches(['X']))
self.assertFalse(struct3_schema.matches(['X', 3, 9, 11]))
self.assertFalse(struct3_schema.matches(['X', 3, 'A']))
# Test conditions for invalid arguments in a schema definition.
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.Struct, 1)
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.Struct, [1])
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.Struct, {'a': 1})
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.Struct, [SCHEMA.AnyString(), 1])
def test_String(self):
# Test conditions for valid arguments.
string_schema = SCHEMA.String('test')
self.assertTrue(string_schema.matches('test'))
# Test conditions for invalid arguments.
self.assertFalse(string_schema.matches(True))
self.assertFalse(string_schema.matches(['test']))
self.assertFalse(string_schema.matches(SCHEMA.Schema))
# Test conditions for invalid arguments in a schema definition.
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.String, 1)
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.String, [1])
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.String, {'a': 1})
def test_AllOf(self):
# Test conditions for valid arguments.
allof_schema = SCHEMA.AllOf([SCHEMA.Any(),
SCHEMA.AnyString(),
SCHEMA.String('a')])
self.assertTrue(allof_schema.matches('a'))
# Test conditions for invalid arguments.
self.assertFalse(allof_schema.matches('b'))
# Test conditions for invalid arguments in a schema definition.
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.AllOf, 1)
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.AllOf, [1])
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.AllOf, {'a': 1})
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.AllOf, [SCHEMA.AnyString(), 1])
LOGLEVEL_SCHEMA = SCHEMA.Integer(lo=0, hi=50)
# A string representing a named object.
NAME_SCHEMA = SCHEMA.AnyString()
NAMES_SCHEMA = SCHEMA.ListOf(NAME_SCHEMA)
# A byte string representing data.
DATA_SCHEMA = SCHEMA.AnyBytes()
# A text string. For instance, a string entered by the user.
TEXT_SCHEMA = SCHEMA.AnyString()
# Supported hash algorithms.
HASHALGORITHMS_SCHEMA = SCHEMA.ListOf(
SCHEMA.OneOf([
SCHEMA.String('md5'),
SCHEMA.String('sha1'),
SCHEMA.String('sha224'),
SCHEMA.String('sha256'),
SCHEMA.String('sha384'),
SCHEMA.String('sha512')
]))
# The contents of an encrypted key. Encrypted keys are saved to files
# in this format.
ENCRYPTEDKEY_SCHEMA = SCHEMA.AnyString()
# A value that is either True or False, on or off, etc.
BOOLEAN_SCHEMA = SCHEMA.Boolean()
# The minimum number of bits for an RSA key. Must be 2048 bits, or greater
from securesystemslib import schema as SCHEMA
import tuf
from tuf import exceptions
# As per TUF spec 1.0.0 the spec version field must follow the Semantic
# Versioning 2.0.0 (semver) format. The regex pattern is provided by semver.
# https://semver.org/spec/v2.0.0.html#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string
SEMVER_2_0_0_SCHEMA = SCHEMA.RegularExpression(
r'(?P<major>0|[1-9]\d*)\.(?P<minor>0|[1-9]\d*)\.(?P<patch>0|[1-9]\d*)'
r'(?:-(?P<prerelease>(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)'
r'(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?'
r'(?:\+(?P<buildmetadata>[0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?')
SPECIFICATION_VERSION_SCHEMA = SCHEMA.OneOf([
# However, temporarily allow "1.0" for backwards-compatibility in tuf-0.12.PATCH.
SCHEMA.String("1.0"),
SEMVER_2_0_0_SCHEMA
])
# A datetime in 'YYYY-MM-DDTHH:MM:SSZ' ISO 8601 format. The "Z" zone designator
# for the zero UTC offset is always used (i.e., a numerical offset is not
# supported.) Example: '2015-10-21T13:20:00Z'. Note: This is a simple format
# check, and an ISO8601 string should be fully verified when it is parsed.
ISO8601_DATETIME_SCHEMA = SCHEMA.RegularExpression(
r'\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z')
# An integer representing the numbered version of a metadata file.
# Must be 1, or greater.
METADATAVERSION_SCHEMA = SCHEMA.Integer(lo=0)
# A relative file path (e.g., 'metadata/root/').
# Must be between 0 and 50.
LOGLEVEL_SCHEMA = SCHEMA.Integer(lo=0, hi=50)
# A string representing a named object.
NAME_SCHEMA = SCHEMA.AnyString()
NAMES_SCHEMA = SCHEMA.ListOf(NAME_SCHEMA)
# A byte string representing data.
DATA_SCHEMA = SCHEMA.AnyBytes()
# A text string. For instance, a string entered by the user.
TEXT_SCHEMA = SCHEMA.AnyString()
# Supported hash algorithms.
HASHALGORITHMS_SCHEMA = SCHEMA.ListOf(SCHEMA.OneOf(
[SCHEMA.String('md5'), SCHEMA.String('sha1'),
SCHEMA.String('sha224'), SCHEMA.String('sha256'),
SCHEMA.String('sha384'), SCHEMA.String('sha512'),
SCHEMA.String('blake2s'), SCHEMA.String('blake2b'),
SCHEMA.String('blake2b-256')]))
# The contents of an encrypted key. Encrypted keys are saved to files
# in this format.
ENCRYPTEDKEY_SCHEMA = SCHEMA.AnyString()
# A value that is either True or False, on or off, etc.
BOOLEAN_SCHEMA = SCHEMA.Boolean()
# The minimum number of bits for an RSA key. Must be 2048 bits, or greater
# (recommended by TUF). Recommended RSA key sizes:
# http://www.emc.com/emc-plus/rsa-labs/historical/twirl-and-rsa-key-size.htm#table1
LOGLEVEL_SCHEMA = SCHEMA.Integer(lo=0, hi=50)
# A string representing a named object.
NAME_SCHEMA = SCHEMA.AnyString()
NAMES_SCHEMA = SCHEMA.ListOf(NAME_SCHEMA)
# A byte string representing data.
DATA_SCHEMA = SCHEMA.AnyBytes()
# A text string. For instance, a string entered by the user.
TEXT_SCHEMA = SCHEMA.AnyString()
# Supported hash algorithms.
HASHALGORITHMS_SCHEMA = SCHEMA.ListOf(
SCHEMA.OneOf([
SCHEMA.String('md5'),
SCHEMA.String('sha1'),
SCHEMA.String('sha224'),
SCHEMA.String('sha256'),
SCHEMA.String('sha384'),
SCHEMA.String('sha512')
]))
# The contents of an encrypted TUF key. Encrypted TUF keys are saved to files
# in this format.
ENCRYPTEDKEY_SCHEMA = SCHEMA.AnyString()
# A value that is either True or False, on or off, etc.
BOOLEAN_SCHEMA = SCHEMA.Boolean()
# A role's threshold value (i.e., the minimum number
PGP_RSA_PUBKEY_METHOD_STRING = "pgp+rsa-pkcsv1.5"
PGP_DSA_PUBKEY_METHOD_STRING = "pgp+dsa-fips-180-2"
RSA_PUBKEYVAL_SCHEMA = ssl_schema.Object(
object_name = "RSA_PUBKEYVAL_SCHEMA",
e = ssl_schema.AnyString(),
n = ssl_formats.HEX_SCHEMA
)
# We have to define RSA_PUBKEY_SCHEMA in two steps, because it is
# self-referential. Here we define a shallow _RSA_PUBKEY_SCHEMA, which we use
# below to create the self-referential RSA_PUBKEY_SCHEMA.
_RSA_PUBKEY_SCHEMA = ssl_schema.Object(
object_name = "RSA_PUBKEY_SCHEMA",
type = ssl_schema.String("rsa"),
method = ssl_schema.String(PGP_RSA_PUBKEY_METHOD_STRING),
hashes = ssl_schema.ListOf(ssl_schema.String(GPG_HASH_ALGORITHM_STRING)),
keyid = ssl_formats.KEYID_SCHEMA,
keyval = ssl_schema.Object(
public = RSA_PUBKEYVAL_SCHEMA,
private = ssl_schema.String("")
)
)
RSA_PUBKEY_SCHEMA = _create_pubkey_with_subkey_schema(
_RSA_PUBKEY_SCHEMA)
DSA_PUBKEYVAL_SCHEMA = ssl_schema.Object(
object_name = "DSA_PUBKEYVAL_SCHEMA",
y = ssl_formats.HEX_SCHEMA,
signatures = SCHEMA.Optional(securesystemslib.formats.SIGNATURES_SCHEMA),
paths = SCHEMA.Optional(SCHEMA.OneOf([RELPATHS_SCHEMA, PATH_FILEINFO_SCHEMA])),
path_hash_prefixes = SCHEMA.Optional(PATH_HASH_PREFIXES_SCHEMA),
delegations = SCHEMA.Optional(DELEGATIONS_SCHEMA),
partial_loaded = SCHEMA.Optional(BOOLEAN_SCHEMA))
# A signable object. Holds the signing role and its associated signatures.
SIGNABLE_SCHEMA = SCHEMA.Object(
object_name = 'SIGNABLE_SCHEMA',
signed = SCHEMA.Any(),
signatures = SCHEMA.ListOf(securesystemslib.formats.SIGNATURE_SCHEMA))
# Root role: indicates root keys and top-level roles.
ROOT_SCHEMA = SCHEMA.Object(
object_name = 'ROOT_SCHEMA',
_type = SCHEMA.String('root'),
spec_version = SPECIFICATION_VERSION_SCHEMA,
version = METADATAVERSION_SCHEMA,
consistent_snapshot = BOOLEAN_SCHEMA,
expires = ISO8601_DATETIME_SCHEMA,
keys = KEYDICT_SCHEMA,
roles = ROLEDICT_SCHEMA)
# Targets role: Indicates targets and delegates target paths to other roles.
TARGETS_SCHEMA = SCHEMA.Object(
object_name = 'TARGETS_SCHEMA',
_type = SCHEMA.String('targets'),
spec_version = SPECIFICATION_VERSION_SCHEMA,
version = METADATAVERSION_SCHEMA,
expires = ISO8601_DATETIME_SCHEMA,
targets = FILEDICT_SCHEMA,
