def get_role_paths(rolename, repository_name='default'):
"""
<Purpose>
Return the paths of the role associated with 'rolename'.
<Arguments>
rolename:
An object representing the role's name, conformant to 'ROLENAME_SCHEMA'
(e.g., 'root', 'snapshot', 'timestamp').
repository_name:
The name of the repository to get the role paths. If not supplied, the
'default' repository is searched.
<Exceptions>
tuf.FormatError, if the arguments do not have the correct object format.
tuf.UnknownRoleError, if 'rolename' cannot be found in the role database.
tuf.InvalidNameError, if 'rolename' is incorrectly formatted, or
'repository_name' does not exist in the role database.
<Side Effects>
None.
<Returns>
A list of paths.
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[get_role_paths(rolename, repository_name)]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(str('%s %s %s %s %s' % (I_TO_PRINT, 'Getting role paths for rolename:', rolename, 'repository_name:', repository_name)))
#TODO: Until here
# Raise 'tuf.FormatError' if 'repository_name' is improperly formatted.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
# Raises tuf.FormatError, tuf.UnknownRoleError, or tuf.InvalidNameError.
_check_rolename(rolename, repository_name)
global _roledb_dict
global _dirty_roles
if repository_name not in _roledb_dict or repository_name not in _dirty_roles:
raise tuf.InvalidNameError('Repository name does not' ' exist: ' +
repository_name)
roleinfo = _roledb_dict[repository_name][rolename]
#TODO: Print to be deleted
print(str('%s %s ' % (I_TO_PRINT, 'Returning roleinfo[\'paths\']')))
#TODO: Until here
# Paths won't exist for non-target roles.
try:
return roleinfo['paths']
except KeyError:
return dict()
def create_keydb(repository_name):
"""
<Purpose>
Create a key database for a non-default repository named 'repository_name'.
<Arguments>
repository_name:
The name of the repository. An empty key database is created, and keys
may be added to via add_key(keyid, repository_name).
<Exceptions>
tuf.FormatError, if 'repository_name' is improperly formatted.
tuf.InvalidNameError, if 'repository_name' already exists.
<Side Effects>
None.
<Returns>
None.
"""
# Is 'repository_name' properly formatted? Raise 'tuf.FormatError' if not.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
if repository_name in _keydb_dict:
raise tuf.InvalidNameError('Repository name already exists:'
' ' + repr(repository_name))
_keydb_dict[repository_name] = {}
def get_rolenames(repository_name='default'):
"""
<Purpose>
Return a list of the rolenames found in the role database.
<Arguments>
repository_name:
The name of the repository to get the rolenames. If not supplied, the
'default' repository is searched.
<Exceptions>
tuf.FormatError, if 'repository_name' is improperly formatted.
tuf.InvalidNameError, if 'repository_name' does not exist in the role
database.
<Side Effects>
None.
<Returns>
A list of rolenames.
"""
# Does 'repository_name' have the correct format? Raise 'tuf.FormatError'
# if it is improperly formatted.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
global _roledb_dict
global _dirty_roles
if repository_name not in _roledb_dict or repository_name not in _dirty_roles:
raise tuf.InvalidNameError('Repository name does not'
' exist: ' + repository_name)
return list(_roledb_dict[repository_name].keys())
def _check_rolename(rolename, repository_name='default'):
"""
Raise tuf.FormatError if 'rolename' does not match
'tuf.formats.ROLENAME_SCHEMA', tuf.UnknownRoleError if 'rolename' is not
found in the role database, or tuf.InvalidNameError if 'repository_name'
does not exist in the role database.
"""
# Does 'rolename' have the correct object format?
# This check will ensure 'rolename' has the appropriate number of objects
# and object types, and that all dict keys are properly named.
tuf.formats.ROLENAME_SCHEMA.check_match(rolename)
# Does 'repository_name' have the correct format?
tuf.formats.NAME_SCHEMA.check_match(repository_name)
# Raises tuf.InvalidNameError.
_validate_rolename(rolename)
global _roledb_dict
global _dirty_roles
if repository_name not in _roledb_dict or repository_name not in _dirty_roles:
raise tuf.InvalidNameError('Repository name does not'
' exist: ' + repository_name)
if rolename not in _roledb_dict[repository_name]:
raise tuf.UnknownRoleError('Role name does not exist: ' + rolename)
def remove_keydb(repository_name):
"""
<Purpose>
Remove a key database for a non-default repository named 'repository_name'.
The 'default' repository cannot be removed.
<Arguments>
repository_name:
The name of the repository to remove. The 'default' repository should
not be removed, so 'repository_name' cannot be 'default'.
<Exceptions>
tuf.FormatError, if 'repository_name' is improperly formatted.
tuf.InvalidNameError, if 'repository_name' is 'default'.
<Side Effects>
None.
<Returns>
None.
"""
# Is 'repository_name' properly formatted? Raise 'tuf.FormatError' if not.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
if repository_name not in _keydb_dict:
logger.warn('Repository name does not exist: ' + repr(repository_name))
return
if repository_name == 'default':
raise tuf.InvalidNameError('Cannot remove the default repository:'
' ' + repr(repository_name))
del _keydb_dict[repository_name]
def remove_key(keyid, repository_name='default'):
"""
<Purpose>
Remove the key belonging to 'keyid'.
<Arguments>
keyid:
An object conformant to 'tuf.formats.KEYID_SCHEMA'. It is used as an
identifier for keys.
repository_name:
The name of the repository to remove the key. If not supplied, the key
is removed from the 'default' repository.
<Exceptions>
tuf.FormatError, if the arguments do not have the correct format.
tuf.UnknownKeyError, if 'keyid' is not found in key database.
tuf.InvalidNameError, if 'repository_name' does not exist in the key
database.
<Side Effects>
The key, identified by 'keyid', is deleted from the key database.
<Returns>
None.
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[remove_key(keyid, repository_name)]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(
str('%s %s %s %s %s' % (I_TO_PRINT, 'Removing key from keyDB: ', keyid,
'repository_name:', repository_name)))
#TODO: Until here
# Does 'keyid' have the correct format?
# This check will ensure 'keyid' has the appropriate number of objects
# and object types, and that all dict keys are properly named.
# Raise 'tuf.FormatError' is the match fails.
tuf.formats.KEYID_SCHEMA.check_match(keyid)
# Does 'repository_name' have the correct format?
tuf.formats.NAME_SCHEMA.check_match(repository_name)
if repository_name not in _keydb_dict:
raise tuf.InvalidNameError('Repository name does not exist:'
' ' + repr(repository_name))
# Remove the key belonging to 'keyid' if found in the key database.
if keyid in _keydb_dict[repository_name]:
del _keydb_dict[repository_name][keyid]
else:
raise tuf.UnknownKeyError('Key: ' + keyid)
#TODO: Print to be deleted
print(str('%s %s ' % (I_TO_PRINT, 'Returning ...')))
def _validate_rolename(rolename):
"""
Raise tuf.InvalidNameError if 'rolename' is not formatted correctly.
It is assumed 'rolename' has been checked against 'ROLENAME_SCHEMA'
prior to calling this function.
"""
if rolename == '':
raise tuf.InvalidNameError('Rolename must *not* be an empty string.')
if rolename != rolename.strip():
raise tuf.InvalidNameError('Invalid rolename. Cannot start or end'
' with whitespace: ' + rolename)
if rolename.startswith('/') or rolename.endswith('/'):
raise tuf.InvalidNameError('Invalid rolename. Cannot start or end with a'
' "/": ' + rolename)
def get_delegated_rolenames(rolename, repository_name='default'):
"""
<Purpose>
Return the delegations of a role. If 'rolename' is 'tuf' and the role
database contains ['django', 'requests', 'cryptography'], in 'tuf's
delegations field, return ['django', 'requests', 'cryptography'].
<Arguments>
rolename:
An object representing the role's name, conformant to 'ROLENAME_SCHEMA'
(e.g., 'root', 'snapshot', 'timestamp').
repository_name:
The name of the repository to get the delegated rolenames. If not
supplied, the 'default' repository is searched.
<Exceptions>
tuf.FormatError, if the arguments do not have the correct object format.
tuf.UnknownRoleError, if 'rolename' cannot be found in the role database.
tuf.InvalidNameError, if 'rolename' is incorrectly formatted, or
'repository_name' does not exist in the role database.
<Side Effects>
None.
<Returns>
A list of rolenames. Note that the rolenames are *NOT* sorted by order of
delegation.
"""
# Does 'repository_name' have the correct format? Raise 'tuf.FormatError' if
# it does not.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
# Raises tuf.FormatError, tuf.UnknownRoleError, or tuf.InvalidNameError.
_check_rolename(rolename, repository_name)
global _roledb_dict
global _dirty_roles
if repository_name not in _roledb_dict or repository_name not in _dirty_roles:
raise tuf.InvalidNameError('Repository name does not'
' exist: ' + repository_name)
# get_roleinfo() raises a 'tuf.InvalidNameError' if 'repository_name' does
# not exist in the role database.
roleinfo = get_roleinfo(rolename, repository_name)
delegated_roles = []
for delegated_role in roleinfo['delegations']['roles']:
delegated_roles.append(delegated_role['name'])
return delegated_roles
def clear_keydb(repository_name='default', clear_all=False):
"""
<Purpose>
Clear the keydb key database.
<Arguments>
repository_name:
The name of the repository to clear the key database. If not supplied,
the key database is cleared for the 'default' repository.
clear_all:
Boolean indicating whether to clear the entire keydb.
<Exceptions>
tuf.FormatError, if 'repository_name' is improperly formatted.
tuf.InvalidNameError, if 'repository_name' does not exist in the key
database.
<Side Effects>
The keydb key database is reset.
<Returns>
None.
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[clear_keydb(repository_name, clear_all)]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(
str('%s %s %s' % (I_TO_PRINT, 'Clearing keyDB for repository_name:',
repository_name, 'clear_all:', clear_all)))
#TODO: Until here
# Do the arguments have the correct format? Raise 'tuf.FormatError' if
# 'repository_name' is improperly formatted.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
tuf.formats.BOOLEAN_SCHEMA.check_match(clear_all)
global _keydb_dict
if clear_all:
_keydb_dict = {}
_keydb_dict['default'] = {}
if repository_name not in _keydb_dict:
raise tuf.InvalidNameError('Repository name does not exist:'
' ' + repr(repository_name))
_keydb_dict[repository_name] = {}
#TODO: Print to be deleted
print(str('%s %s ' % (I_TO_PRINT, 'Returning ...')))
def clear_roledb(repository_name='default', clear_all=False):
"""
<Purpose>
Reset the roledb database.
<Arguments>
repository_name:
The name of the repository to clear. If not supplied, the 'default'
repository is cleared.
clear_all:
Boolean indicating whether to clear the entire roledb.
<Exceptions>
tuf.FormatError, if 'repository_name' does not have the correct format.
tuf.InvalidNameError, if 'repository_name' does not exist in the role
database.
<Side Effects>
None.
<Returns>
None.
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[clear_roledb(repository_name, clear_all)]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(str('%s %s %s %s %s' % (I_TO_PRINT, 'Clearing roledb for repository_name:', repository_name, 'clear_all', clear_all)))
#TODO: Until here
# Do the arguments have the correct format? If not, raise 'tuf.FormatError'
tuf.formats.NAME_SCHEMA.check_match(repository_name)
tuf.formats.BOOLEAN_SCHEMA.check_match(clear_all)
global _roledb_dict
global _dirty_roles
if repository_name not in _roledb_dict or repository_name not in _dirty_roles:
raise tuf.InvalidNameError('Repository name does not'
' exist: ' + repository_name)
if clear_all:
_roledb_dict = {}
_roledb_dict['default'] = {}
return
_roledb_dict[repository_name] = {}
_dirty_roles[repository_name] = set()
#TODO: Print to be deleted
print(str('%s %s ' % (I_TO_PRINT, 'Returning ...')))
def get_key(keyid, repository_name='default'):
"""
<Purpose>
Return the key belonging to 'keyid'.
<Arguments>
keyid:
An object conformant to 'tuf.formats.KEYID_SCHEMA'. It is used as an
identifier for keys.
repository_name:
The name of the repository to get the key. If not supplied, the key is
retrieved from the 'default' repository.
<Exceptions>
tuf.FormatError, if the arguments do not have the correct format.
tuf.UnknownKeyError, if 'keyid' is not found in the keydb database.
tuf.InvalidNameError, if 'repository_name' does not exist in the key
database.
<Side Effects>
None.
<Returns>
The key matching 'keyid'. In the case of RSA keys, a dictionary conformant
to 'tuf.formats.RSAKEY_SCHEMA' is returned.
"""
# Does 'keyid' have the correct format?
# This check will ensure 'keyid' has the appropriate number of objects
# and object types, and that all dict keys are properly named.
# Raise 'tuf.FormatError' is the match fails.
tuf.formats.KEYID_SCHEMA.check_match(keyid)
# Does 'repository_name' have the correct format?
tuf.formats.NAME_SCHEMA.check_match(repository_name)
if repository_name not in _keydb_dict:
raise tuf.InvalidNameError('Repository name does not exist:'
' ' + repr(repository_name))
# Return the key belonging to 'keyid', if found in the key database.
try:
return copy.deepcopy(_keydb_dict[repository_name][keyid])
except KeyError:
raise tuf.UnknownKeyError('Key: ' + keyid)
def remove_roledb(repository_name):
"""
<Purspose>
Remove the roledb belonging to 'repository_name'.
<Arguments>
repository_name:
The name of the repository to remove. 'repository_name' cannot be
'default' because the default repository is expected to always exist.
<Exceptions>
tuf.FormatError, if 'repository_name' is improperly formatted.
tuf.InvalidNameError, if 'repository_name' is the 'default' repository
name. The 'default' repository name should always exist.
<Side Effects>
None.
<Returns>
None.
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[remove_roledb(repository_name)]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'removing roledb from repository_name:', repository_name)))
#TODO: Until here
# Is 'repository_name' properly formatted? If not, raise 'tuf.FormatError'.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
global _roledb_dict
global _dirty_roles
if repository_name not in _roledb_dict or repository_name not in _dirty_roles:
logger.warn('Repository name does not exist:'
' ' + repr(repository_name))
return
if repository_name == 'default':
raise tuf.InvalidNameError('Cannot remove the default repository:'
' ' + repr(repository_name))
del _roledb_dict[repository_name]
del _dirty_roles[repository_name]
#TODO: Print to be deleted
print(str('%s %s ' % (I_TO_PRINT, 'Returning ...')))
def remove_keydb(repository_name):
"""
<Purpose>
Remove a key database for a non-default repository named 'repository_name'.
The 'default' repository cannot be removed.
<Arguments>
repository_name:
The name of the repository to remove. The 'default' repository should
not be removed, so 'repository_name' cannot be 'default'.
<Exceptions>
tuf.FormatError, if 'repository_name' is improperly formatted.
tuf.InvalidNameError, if 'repository_name' is 'default'.
<Side Effects>
None.
<Returns>
None.
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[remove_keydb(repository_name)]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(
str('%s %s %s' % (I_TO_PRINT, 'Removing keyDB for repository_name:',
repository_name)))
#TODO: Until here
# Is 'repository_name' properly formatted? Raise 'tuf.FormatError' if not.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
if repository_name not in _keydb_dict:
logger.warn('Repository name does not exist: ' + repr(repository_name))
return
if repository_name == 'default':
raise tuf.InvalidNameError('Cannot remove the default repository:'
' ' + repr(repository_name))
del _keydb_dict[repository_name]
#TODO: Print to be deleted
print(str('%s %s ' % (I_TO_PRINT, 'Returning ...')))
def get_rolenames(repository_name='default'):
"""
<Purpose>
Return a list of the rolenames found in the role database.
<Arguments>
repository_name:
The name of the repository to get the rolenames. If not supplied, the
'default' repository is searched.
<Exceptions>
tuf.FormatError, if 'repository_name' is improperly formatted.
tuf.InvalidNameError, if 'repository_name' does not exist in the role
database.
<Side Effects>
None.
<Returns>
A list of rolenames.
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[get_rolenames(repository_name)]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'Getting rolenames for repository_name:', repository_name)))
#TODO: Until here
# Does 'repository_name' have the correct format? Raise 'tuf.FormatError'
# if it is improperly formatted.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
global _roledb_dict
global _dirty_roles
if repository_name not in _roledb_dict or repository_name not in _dirty_roles:
raise tuf.InvalidNameError('Repository name does not' ' exist: ' +
repository_name)
#TODO: Print to be deleted
print(str('%s %s ' % (I_TO_PRINT, 'Returning list of _roledb_dict().keys()')))
#TODO: Until here
return list(_roledb_dict[repository_name].keys())
def get_dirty_roles(repository_name='default'):
"""
<Purpose>
A function that returns a list of the roles that have been modified. Tools
that write metadata to disk can use the list returned to determine which
roles should be written.
<Arguments>
repository_name:
The name of the repository to get the dirty roles. If not supplied, the
'default' repository is searched.
<Exceptions>
tuf.FormatError, if 'repository_name' is improperly formatted.
tuf.InvalidNameError, if 'repository_name' does not exist in the role
database.
<Side Effects>
None.
<Returns>
A list of the roles that have been modified.
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[get_dirty_roles(repository_name)]: ' + uptane.ENDCOLORS
# Does 'repository_name' have the correct format? Raise 'tuf.FormatError'
# if not.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
global _roledb_dict
global _dirty_roles
if repository_name not in _roledb_dict or repository_name not in _dirty_roles:
raise tuf.InvalidNameError('Repository name does not' ' exist: ' +
repository_name)
#TODO: Print to be deleted
print(str('%s %s ' % (I_TO_PRINT, 'Returning list of _dirty_roles()')))
#TODO: Until here
return list(_dirty_roles[repository_name])
def create_roledb(repository_name):
"""
<Purspose>
Create a roledb for the repository named 'repository_name'. This function
is intended for creation of a non-default roledb.
<Arguments>
repository_name:
The name of the repository to create. An empty roledb is created, and
roles may be added via add_role(rolename, roleinfo, repository_name) or
create_roledb_from_root_metadata(root_metadata, repository_name).
<Exceptions>
tuf.FormatError, if 'repository_name' is improperly formatted.
tuf.InvalidNameError, if 'repository_name' already exists in the roledb.
<Side Effects>
None.
<Returns>
None.
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[create_roledb(repository_name)]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'Creating new roleDB for repository: ', repository_name)))
#TODO: Until here
# Is 'repository_name' properly formatted? If not, raise 'tuf.FormatError'.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
global _roledb_dict
global _dirty_roles
if repository_name in _roledb_dict or repository_name in _dirty_roles:
raise tuf.InvalidNameError('Repository name already exists:'
' ' + repr(repository_name))
_roledb_dict[repository_name] = {}
_dirty_roles[repository_name] = set()
#TODO: Print to be deleted
print(str('%s %s ' % (I_TO_PRINT, 'Returning ...')))
def clear_roledb(repository_name='default', clear_all=False):
"""
<Purpose>
Reset the roledb database.
<Arguments>
repository_name:
The name of the repository to clear. If not supplied, the 'default'
repository is cleared.
clear_all:
Boolean indicating whether to clear the entire roledb.
<Exceptions>
tuf.FormatError, if 'repository_name' does not have the correct format.
tuf.InvalidNameError, if 'repository_name' does not exist in the role
database.
<Side Effects>
None.
<Returns>
None.
"""
# Do the arguments have the correct format? If not, raise 'tuf.FormatError'
tuf.formats.NAME_SCHEMA.check_match(repository_name)
tuf.formats.BOOLEAN_SCHEMA.check_match(clear_all)
global _roledb_dict
global _dirty_roles
if repository_name not in _roledb_dict or repository_name not in _dirty_roles:
raise tuf.InvalidNameError('Repository name does not'
' exist: ' + repository_name)
if clear_all:
_roledb_dict = {}
_roledb_dict['default'] = {}
return
_roledb_dict[repository_name] = {}
_dirty_roles[repository_name] = set()
def clear_keydb(repository_name='default', clear_all=False):
"""
<Purpose>
Clear the keydb key database.
<Arguments>
repository_name:
The name of the repository to clear the key database. If not supplied,
the key database is cleared for the 'default' repository.
clear_all:
Boolean indicating whether to clear the entire keydb.
<Exceptions>
tuf.FormatError, if 'repository_name' is improperly formatted.
tuf.InvalidNameError, if 'repository_name' does not exist in the key
database.
<Side Effects>
The keydb key database is reset.
<Returns>
None.
"""
# Do the arguments have the correct format? Raise 'tuf.FormatError' if
# 'repository_name' is improperly formatted.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
tuf.formats.BOOLEAN_SCHEMA.check_match(clear_all)
global _keydb_dict
if clear_all:
_keydb_dict = {}
_keydb_dict['default'] = {}
if repository_name not in _keydb_dict:
raise tuf.InvalidNameError('Repository name does not exist:'
' ' + repr(repository_name))
_keydb_dict[repository_name] = {}
def create_keydb(repository_name):
"""
<Purpose>
Create a key database for a non-default repository named 'repository_name'.
<Arguments>
repository_name:
The name of the repository. An empty key database is created, and keys
may be added to via add_key(keyid, repository_name).
<Exceptions>
tuf.FormatError, if 'repository_name' is improperly formatted.
tuf.InvalidNameError, if 'repository_name' already exists.
<Side Effects>
None.
<Returns>
None.
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[create_keydb(repository_name)]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(
str('%s %s %s' % (I_TO_PRINT, 'Create new keyDB for repository_name:',
repository_name)))
#TODO: Until here
# Is 'repository_name' properly formatted? Raise 'tuf.FormatError' if not.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
if repository_name in _keydb_dict:
raise tuf.InvalidNameError('Repository name already exists:'
' ' + repr(repository_name))
_keydb_dict[repository_name] = {}
#TODO: Print to be deleted
print(str('%s %s ' % (I_TO_PRINT, 'Returning ...')))
def remove_roledb(repository_name):
"""
<Purspose>
Remove the roledb belonging to 'repository_name'.
<Arguments>
repository_name:
The name of the repository to remove. 'repository_name' cannot be
'default' because the default repository is expected to always exist.
<Exceptions>
tuf.FormatError, if 'repository_name' is improperly formatted.
tuf.InvalidNameError, if 'repository_name' is the 'default' repository
name. The 'default' repository name should always exist.
<Side Effects>
None.
<Returns>
None.
"""
# Is 'repository_name' properly formatted? If not, raise 'tuf.FormatError'.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
global _roledb_dict
global _dirty_roles
if repository_name not in _roledb_dict or repository_name not in _dirty_roles:
logger.warn('Repository name does not exist:'
' ' + repr(repository_name))
return
if repository_name == 'default':
raise tuf.InvalidNameError('Cannot remove the default repository:'
' ' + repr(repository_name))
del _roledb_dict[repository_name]
del _dirty_roles[repository_name]
def create_roledb(repository_name):
"""
<Purspose>
Create a roledb for the repository named 'repository_name'. This function
is intended for creation of a non-default roledb.
<Arguments>
repository_name:
The name of the repository to create. An empty roledb is created, and
roles may be added via add_role(rolename, roleinfo, repository_name) or
create_roledb_from_root_metadata(root_metadata, repository_name).
<Exceptions>
tuf.FormatError, if 'repository_name' is improperly formatted.
tuf.InvalidNameError, if 'repository_name' already exists in the roledb.
<Side Effects>
None.
<Returns>
None.
"""
# Is 'repository_name' properly formatted? If not, raise 'tuf.FormatError'.
tuf.formats.NAME_SCHEMA.check_match(repository_name)
global _roledb_dict
global _dirty_roles
if repository_name in _roledb_dict or repository_name in _dirty_roles:
raise tuf.InvalidNameError('Repository name already exists:'
' ' + repr(repository_name))
_roledb_dict[repository_name] = {}
_dirty_roles[repository_name] = set()
def update_roleinfo(rolename, roleinfo, mark_role_as_dirty=True, repository_name='default'):
"""
<Purpose>
Modify 'rolename's _roledb_dict entry to include the new 'roleinfo'.
'rolename' is also added to the _dirty_roles set. Roles added to
'_dirty_roles' are marked as modified and can be used by the repository
tools to determine which roles need to be written to disk.
<Arguments>
rolename:
An object representing the role's name, conformant to 'ROLENAME_SCHEMA'
(e.g., 'root', 'snapshot', 'timestamp').
roleinfo:
An object representing the role associated with 'rolename', conformant to
ROLEDB_SCHEMA. 'roleinfo' has the form:
{'name': 'role_name',
'keyids': ['34345df32093bd12...'],
'threshold': 1,
'paths': ['path/to/target1', 'path/to/target2', ...],
'path_hash_prefixes': ['a324fcd...', ...]}
The 'name', 'paths', and 'path_hash_prefixes' dict keys are optional.
The 'target' role has an additional 'paths' key. Its value is a list of
strings representing the path of the target file(s).
mark_role_as_dirty:
A boolean indicating whether the updated 'roleinfo' for 'rolename' should
be marked as dirty. The caller might not want to mark 'rolename' as
dirty if it is loading metadata from disk and only wants to populate
roledb.py. Likewise, add_role() would support a similar boolean to allow
the repository tools to successfully load roles via load_repository()
without needing to mark these roles as dirty (default behavior).
repository_name:
The name of the repository to update the roleinfo of 'rolename'. If not
supplied, the 'default' repository is searched.
<Exceptions>
tuf.FormatError, if 'rolename' or 'roleinfo' does not have the correct
object format.
tuf.UnknownRoleError, if 'rolename' cannot be found in the role database.
tuf.InvalidNameError, if 'rolename' is improperly formatted, or
'repository_name' does not exist in the role database.
<Side Effects>
The role database is modified.
<Returns>
None.
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[update_roleinfo(rolename, roleinfo, mark_role_as_dirty, repository_name)]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(str('%s %s %s %s %s %s %s %s %s' % (I_TO_PRINT, 'Updating info for Role: ', rolename, 'With roleinfo:', roleinfo, 'Mark role as dirty:', mark_role_as_dirty, 'repository name:', repository_name)))
#TODO: Until here
# Does the arguments have the correct object format?
# This check will ensure arguments have the appropriate number of objects
# and object types, and that all dict keys are properly named.
tuf.formats.ROLENAME_SCHEMA.check_match(rolename)
tuf.formats.BOOLEAN_SCHEMA.check_match(mark_role_as_dirty)
tuf.formats.NAME_SCHEMA.check_match(repository_name)
# Does 'roleinfo' have the correct object format?
tuf.formats.ROLEDB_SCHEMA.check_match(roleinfo)
# Raises tuf.InvalidNameError.
_validate_rolename(rolename)
global _roledb_dict
global _dirty_roles
if repository_name not in _roledb_dict or repository_name not in _dirty_roles:
raise tuf.InvalidNameError('Repository name does not' ' exist: ' +
repository_name)
if rolename not in _roledb_dict[repository_name]:
raise tuf.UnknownRoleError('Role does not exist: ' + rolename)
# Update the global _roledb_dict and _dirty_roles structures so that
# the latest 'roleinfo' is available to other modules, and the repository
# tools know which roles should be saved to disk.
_roledb_dict[repository_name][rolename] = copy.deepcopy(roleinfo)
if mark_role_as_dirty:
_dirty_roles[repository_name].add(rolename)
#TODO: Print to be deleted
print(str('%s %s ' % (I_TO_PRINT, 'Returning ...')))
def add_role(rolename, roleinfo, repository_name='default'):
"""
<Purpose>
Add to the role database the 'roleinfo' associated with 'rolename'.
<Arguments>
rolename:
An object representing the role's name, conformant to 'ROLENAME_SCHEMA'
(e.g., 'root', 'snapshot', 'timestamp').
roleinfo:
An object representing the role associated with 'rolename', conformant to
ROLEDB_SCHEMA. 'roleinfo' has the form:
{'keyids': ['34345df32093bd12...'],
'threshold': 1,
'signatures': ['ab23dfc32']
'paths': ['path/to/target1', 'path/to/target2', ...],
'path_hash_prefixes': ['a324fcd...', ...],
'delegations': {'keys': }
The 'paths', 'path_hash_prefixes', and 'delegations' dict keys are
optional.
The 'target' role has an additional 'paths' key. Its value is a list of
strings representing the path of the target file(s).
repository_name:
The name of the repository to store 'rolename'. If not supplied,
'rolename' is added to the 'default' repository.
<Exceptions>
tuf.FormatError, if 'rolename' or 'roleinfo' does not have the correct
object format.
tuf.RoleAlreadyExistsError, if 'rolename' has already been added.
tuf.InvalidNameError, if 'rolename' is improperly formatted, or
'repository_name' does not exist.
<Side Effects>
The role database is modified.
<Returns>
None.
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[add_role(rolename, roleinfo, repository_name)]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(str('%s %s %s %s %s %s %s' % (I_TO_PRINT, 'Adding role:', rolename, 'with roleinfo:', roleinfo, 'with repository_name', repository_name)))
#TODO: Until here
# Does 'rolename' have the correct object format?
# This check will ensure 'rolename' has the appropriate number of objects
# and object types, and that all dict keys are properly named.
tuf.formats.ROLENAME_SCHEMA.check_match(rolename)
# Does 'roleinfo' have the correct object format?
tuf.formats.ROLEDB_SCHEMA.check_match(roleinfo)
# Is 'repository_name' correctly formatted?
tuf.formats.NAME_SCHEMA.check_match(repository_name)
global _roledb_dict
# Raises tuf.InvalidNameError.
_validate_rolename(rolename)
if repository_name not in _roledb_dict:
raise tuf.InvalidNameError('Repository name does not exist: ' + repository_name)
if rolename in _roledb_dict[repository_name]:
raise tuf.RoleAlreadyExistsError('Role already exists: ' + rolename)
_roledb_dict[repository_name][rolename] = copy.deepcopy(roleinfo)
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'Value for rolename: ', rolename)))
#TODO: Until here
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'Value for roleinfo: ', roleinfo)))
#TODO: Until here
#TODO: Print to be deleted
print(str('%s %s %s' % (I_TO_PRINT, 'Value for repository_name: ', repository_name)))
#TODO: Until here
#TODO: Print to be deleted
print(str('%s %s ' % (I_TO_PRINT, 'Returning ...')))
def add_key(key_dict, keyid=None, repository_name='default'):
"""
<Purpose>
Add 'rsakey_dict' to the key database while avoiding duplicates.
If keyid is provided, verify it is the correct keyid for 'rsakey_dict'
and raise an exception if it is not.
<Arguments>
key_dict:
A dictionary conformant to 'tuf.formats.ANYKEY_SCHEMA'.
It has the form:
{'keytype': 'rsa',
'keyid': keyid,
'keyval': {'public': '-----BEGIN RSA PUBLIC KEY----- ...',
'private': '-----BEGIN RSA PRIVATE KEY----- ...'}}
keyid:
An object conformant to 'KEYID_SCHEMA'. It is used as an identifier
for RSA keys.
repository_name:
The name of the repository to add the key. If not supplied, the key is
added to the 'default' repository.
<Exceptions>
tuf.FormatError, if the arguments do not have the correct format.
tuf.Error, if 'keyid' does not match the keyid for 'rsakey_dict'.
tuf.KeyAlreadyExistsError, if 'rsakey_dict' is found in the key database.
tuf.InvalidNameError, if 'repository_name' does not exist in the key
database.
<Side Effects>
The keydb key database is modified.
<Returns>
None.
"""
I_TO_PRINT = TO_PRINT + uptane.YELLOW + '[add_key(key_dict, keyid, repository_name)]: ' + uptane.ENDCOLORS
#TODO: Print to be deleted
print(
str('%s %s %s %s %s %s %s' %
(I_TO_PRINT, 'Adding key to keyDB for repository_name:',
repository_name, 'key_dict:', key_dict, 'keyid:', keyid)))
#TODO: Until here
# Does 'key_dict' have the correct format?
# This check will ensure 'key_dict' has the appropriate number of objects
# and object types, and that all dict keys are properly named.
# Raise 'tuf.FormatError if the check fails.
tuf.formats.ANYKEY_SCHEMA.check_match(key_dict)
# Does 'repository_name' have the correct format?
tuf.formats.NAME_SCHEMA.check_match(repository_name)
# Does 'keyid' have the correct format?
if keyid is not None:
# Raise 'tuf.FormatError' if the check fails.
tuf.formats.KEYID_SCHEMA.check_match(keyid)
# Check if each keyid found in 'key_dict' matches 'keyid'.
if keyid != key_dict['keyid']:
raise tuf.Error('Incorrect keyid. Got ' + key_dict['keyid'] +
' but expected ' + keyid)
# Ensure 'repository_name' is actually set in the key database.
if repository_name not in _keydb_dict:
raise tuf.InvalidNameError('Repository name does not exist:'
' ' + repr(repository_name))
# Check if the keyid belonging to 'key_dict' is not already
# available in the key database before returning.
keyid = key_dict['keyid']
if keyid in _keydb_dict[repository_name]:
raise tuf.KeyAlreadyExistsError('Key: ' + keyid)
_keydb_dict[repository_name][keyid] = copy.deepcopy(key_dict)
#TODO: Print to be deleted
print(str('%s %s ' % (I_TO_PRINT, 'Returning ...')))
