def _create_gpg_pubkey_with_subkey_schema(pubkey_schema):
"""Helper method to extend the passed public key schema with an optional
dictionary of sub public keys "subkeys" with the same schema."""
schema = pubkey_schema
subkey_schema_tuple = ("subkeys",
SCHEMA.Optional(
SCHEMA.DictOf(key_schema=KEYID_SCHEMA,
value_schema=pubkey_schema)))
# Any subclass of `securesystemslib.schema.Object` stores the schemas that
# define the attributes of the object in its `_required` property, even if
# such a schema is of type `Optional`.
# TODO: Find a way that does not require to access a protected member
schema._required.append(subkey_schema_tuple) # pylint: disable=protected-access
return schema
def test_Optional(self):
# Test conditions for valid arguments.
optional_schema = SCHEMA.Object(k1=SCHEMA.String('X'),
k2=SCHEMA.Optional(SCHEMA.String('Y')))
self.assertTrue(optional_schema.matches({'k1': 'X', 'k2': 'Y'}))
self.assertTrue(optional_schema.matches({'k1': 'X'}))
# Test conditions for invalid arguments.
self.assertFalse(optional_schema.matches({'k1': 'X', 'k2': 'Z'}))
# Test conditions for invalid arguments in a schema definition.
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, 1)
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, [1])
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.Optional, {'a': 1})
# An ECDSA key in PEM format.
PEMECDSA_SCHEMA = SCHEMA.AnyString()
# A string representing a password.
PASSWORD_SCHEMA = SCHEMA.AnyString()
# A list of passwords.
PASSWORDS_SCHEMA = SCHEMA.ListOf(PASSWORD_SCHEMA)
# The actual values of a key, as opposed to meta data such as a key type and
# key identifier ('rsa', 233df889cb). For RSA keys, the key value is a pair of
# public and private keys in PEM Format stored as strings.
KEYVAL_SCHEMA = SCHEMA.Object(object_name='KEYVAL_SCHEMA',
public=SCHEMA.AnyString(),
private=SCHEMA.Optional(SCHEMA.AnyString()))
# Public keys CAN have a private portion (for backwards compatibility) which
# MUST be an empty string
PUBLIC_KEYVAL_SCHEMA = SCHEMA.Object(object_name='KEYVAL_SCHEMA',
public=SCHEMA.AnyString(),
private=SCHEMA.Optional(
SCHEMA.String("")))
# Supported securesystemslib key types.
KEYTYPE_SCHEMA = SCHEMA.OneOf([
SCHEMA.String('rsa'),
SCHEMA.String('ed25519'),
SCHEMA.String('ecdsa-sha2-nistp256')
])
# A hexadecimal value in '23432df87ab..' format.
HEX_SCHEMA = SCHEMA.RegularExpression(r'[a-fA-F0-9]+')
# A path hash prefix is a hexadecimal string.
PATH_HASH_PREFIX_SCHEMA = HEX_SCHEMA
# A list of path hash prefixes.
PATH_HASH_PREFIXES_SCHEMA = SCHEMA.ListOf(PATH_HASH_PREFIX_SCHEMA)
# Role object in {'keyids': [keydids..], 'name': 'ABC', 'threshold': 1,
# 'paths':[filepaths..]} format.
# TODO: This is not a role. In further #660-related PRs, fix it, similar to
# the way I did in Uptane's TUF fork.
ROLE_SCHEMA = SCHEMA.Object(
object_name='ROLE_SCHEMA',
name=SCHEMA.Optional(ROLENAME_SCHEMA),
keyids=sslib_formats.KEYIDS_SCHEMA,
threshold=THRESHOLD_SCHEMA,
terminating=SCHEMA.Optional(sslib_formats.BOOLEAN_SCHEMA),
paths=SCHEMA.Optional(RELPATHS_SCHEMA),
path_hash_prefixes=SCHEMA.Optional(PATH_HASH_PREFIXES_SCHEMA))
# A dict of roles where the dict keys are role names and the dict values holding
# the role data/information.
ROLEDICT_SCHEMA = SCHEMA.DictOf(key_schema=ROLENAME_SCHEMA,
value_schema=ROLE_SCHEMA)
# A dictionary of ROLEDICT, where dictionary keys can be repository names, and
# dictionary values containing information for each role available on the
# repository (corresponding to the repository belonging to named repository in
# the dictionary key)
# A hexadecimal value in '23432df87ab..' format.
HEX_SCHEMA = SCHEMA.RegularExpression(r'[a-fA-F0-9]+')
# A path hash prefix is a hexadecimal string.
PATH_HASH_PREFIX_SCHEMA = HEX_SCHEMA
# A list of path hash prefixes.
PATH_HASH_PREFIXES_SCHEMA = SCHEMA.ListOf(PATH_HASH_PREFIX_SCHEMA)
# Role object in {'keyids': [keydids..], 'name': 'ABC', 'threshold': 1,
# 'paths':[filepaths..]} format.
# TODO: This is not a role. In further #660-related PRs, fix it, similar to
# the way I did in Uptane's TUF fork.
ROLE_SCHEMA = SCHEMA.Object(
object_name='ROLE_SCHEMA',
name=SCHEMA.Optional(ROLENAME_SCHEMA),
keyids=securesystemslib.formats.KEYIDS_SCHEMA,
threshold=THRESHOLD_SCHEMA,
terminating=SCHEMA.Optional(securesystemslib.formats.BOOLEAN_SCHEMA),
paths=SCHEMA.Optional(RELPATHS_SCHEMA),
path_hash_prefixes=SCHEMA.Optional(PATH_HASH_PREFIXES_SCHEMA))
# A dict of roles where the dict keys are role names and the dict values holding
# the role data/information.
ROLEDICT_SCHEMA = SCHEMA.DictOf(key_schema=ROLENAME_SCHEMA,
value_schema=ROLE_SCHEMA)
# A dictionary of ROLEDICT, where dictionary keys can be repository names, and
# dictionary values containing information for each role available on the
# repository (corresponding to the repository belonging to named repository in
# the dictionary key)
# An ECDSA key in PEM format.
PEMECDSA_SCHEMA = SCHEMA.AnyString()
# A string representing a password.
PASSWORD_SCHEMA = SCHEMA.AnyString()
# A list of passwords.
PASSWORDS_SCHEMA = SCHEMA.ListOf(PASSWORD_SCHEMA)
# The actual values of a key, as opposed to meta data such as a key type and
# key identifier ('rsa', 233df889cb). For RSA keys, the key value is a pair of
# public and private keys in PEM Format stored as strings.
KEYVAL_SCHEMA = SCHEMA.Object(object_name='KEYVAL_SCHEMA',
public=SCHEMA.AnyString(),
private=SCHEMA.Optional(SCHEMA.AnyString()))
# Public keys CAN have a private portion (for backwards compatibility) which
# MUST be an empty string
PUBLIC_KEYVAL_SCHEMA = SCHEMA.Object(object_name='KEYVAL_SCHEMA',
public=SCHEMA.AnyString(),
private=SCHEMA.Optional(
SCHEMA.String("")))
# Supported TUF key types.
KEYTYPE_SCHEMA = SCHEMA.OneOf([
SCHEMA.String('rsa'),
SCHEMA.String('ed25519'),
SCHEMA.String('ecdsa-sha2-nistp256'),
SCHEMA.String('spx')
])
# We have to define DSA_PUBKEY_SCHEMA in two steps, because it is
# self-referential. Here we define a shallow _DSA_PUBKEY_SCHEMA, which we use
# below to create the self-referential DSA_PUBKEY_SCHEMA.
_DSA_PUBKEY_SCHEMA = ssl_schema.Object(
object_name = "DSA_PUBKEY_SCHEMA",
type = ssl_schema.String("dsa"),
method = ssl_schema.String(PGP_DSA_PUBKEY_METHOD_STRING),
hashes = ssl_schema.ListOf(ssl_schema.String(GPG_HASH_ALGORITHM_STRING)),
keyid = ssl_formats.KEYID_SCHEMA,
keyval = ssl_schema.Object(
public = DSA_PUBKEYVAL_SCHEMA,
private = ssl_schema.String("")
)
)
DSA_PUBKEY_SCHEMA = _create_pubkey_with_subkey_schema(
_DSA_PUBKEY_SCHEMA)
PUBKEY_SCHEMA = ssl_schema.OneOf([RSA_PUBKEY_SCHEMA,
DSA_PUBKEY_SCHEMA])
SIGNATURE_SCHEMA = ssl_schema.Object(
object_name = "SIGNATURE_SCHEMA",
keyid = ssl_formats.KEYID_SCHEMA,
short_keyid = ssl_schema.Optional(ssl_formats.KEYID_SCHEMA),
other_headers = ssl_formats.HEX_SCHEMA,
signature = ssl_formats.HEX_SCHEMA
)
