def test_Object(self):
# Test conditions for valid arguments.
object_schema = SCHEMA.Object(a=SCHEMA.AnyString(),
bc=SCHEMA.Struct(
[SCHEMA.Integer(),
SCHEMA.Integer()]))
self.assertTrue(object_schema.matches({'a': 'ZYYY', 'bc': [5, 9]}))
self.assertTrue(
object_schema.matches({
'a': 'ZYYY',
'bc': [5, 9],
'xx': 5
}))
# Test conditions for invalid arguments.
self.assertFalse(object_schema.matches({'a': 'ZYYY', 'bc': [5, 9, 3]}))
self.assertFalse(object_schema.matches({'a': 'ZYYY'}))
# Test conditions for invalid arguments in a schema definition.
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.Object,
a='a')
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.Object,
a=[1])
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.Object,
a=SCHEMA.AnyString(),
b=1)
# Test condition for invalid non-dict arguments.
self.assertFalse(object_schema.matches([{'a': 'XYZ'}]))
self.assertFalse(object_schema.matches(8))
def test_DictOf(self):
# Test conditions for valid arguments.
dictof_schema = SCHEMA.DictOf(
SCHEMA.RegularExpression(r'[aeiou]+'),
SCHEMA.Struct([SCHEMA.AnyString(),
SCHEMA.AnyString()]))
self.assertTrue(dictof_schema.matches({}))
self.assertTrue(dictof_schema.matches({
'a': ['x', 'y'],
'e': ['', '']
}))
# Test conditions for invalid arguments.
self.assertFalse(dictof_schema.matches(''))
self.assertFalse(dictof_schema.matches({'a': ['x', 3], 'e': ['', '']}))
self.assertFalse(
dictof_schema.matches({
'a': ['x', 'y'],
'e': ['', ''],
'd': ['a', 'b']
}))
# Test conditions for invalid arguments in a schema definition.
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.DictOf, 1, 1)
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.DictOf, [1], [1])
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.DictOf, {'a': 1}, 1)
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.DictOf, SCHEMA.AnyString(), 1)
def test_OneOf(self):
# Test conditions for valid arguments.
oneof_schema = SCHEMA.OneOf([
SCHEMA.ListOf(SCHEMA.Integer()),
SCHEMA.String('Hello'),
SCHEMA.String('bye')
])
self.assertTrue(oneof_schema.matches([]))
self.assertTrue(oneof_schema.matches('bye'))
self.assertTrue(oneof_schema.matches([1, 2]))
# Test conditions for invalid arguments.
self.assertFalse(oneof_schema.matches(3))
self.assertFalse(oneof_schema.matches(['Hi']))
# Test conditions for invalid arguments in a schema definition.
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.OneOf, 1)
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.OneOf, [1])
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.OneOf, {'a': 1})
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.OneOf, [SCHEMA.AnyString(), 1])
def test_AllOf(self):
# Test conditions for valid arguments.
allof_schema = SCHEMA.AllOf([SCHEMA.Any(),
SCHEMA.AnyString(),
SCHEMA.String('a')])
self.assertTrue(allof_schema.matches('a'))
# Test conditions for invalid arguments.
self.assertFalse(allof_schema.matches('b'))
# Test conditions for invalid arguments in a schema definition.
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.AllOf, 1)
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.AllOf, [1])
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.AllOf, {'a': 1})
self.assertRaises(securesystemslib.exceptions.FormatError, SCHEMA.AllOf, [SCHEMA.AnyString(), 1])
def test_Struct(self):
# Test conditions for valid arguments.
struct_schema = SCHEMA.Struct([
SCHEMA.ListOf(SCHEMA.AnyString()),
SCHEMA.AnyString(),
SCHEMA.String('X')
])
struct2_schema = SCHEMA.Struct([SCHEMA.String('X')], allow_more=True)
struct3_schema = SCHEMA.Struct(
[SCHEMA.String('X'), SCHEMA.Integer()], [SCHEMA.Integer()])
self.assertTrue(struct_schema.matches([[], 'Q', 'X']))
self.assertTrue(struct2_schema.matches(['X']))
self.assertTrue(struct2_schema.matches(['X', 'Y']))
self.assertTrue(struct2_schema.matches(['X', ['Y', 'Z']]))
self.assertTrue(struct3_schema.matches(['X', 3]))
self.assertTrue(struct3_schema.matches(['X', 3, 9]))
# Test conditions for invalid arguments.
self.assertFalse(struct_schema.matches(False))
self.assertFalse(struct_schema.matches('Foo'))
self.assertFalse(struct_schema.matches([[], 'Q', 'D']))
self.assertFalse(struct_schema.matches([[3], 'Q', 'X']))
self.assertFalse(struct_schema.matches([[], 'Q', 'X', 'Y']))
self.assertFalse(struct2_schema.matches([]))
self.assertFalse(struct2_schema.matches([['X']]))
self.assertFalse(struct3_schema.matches([]))
self.assertFalse(struct3_schema.matches({}))
self.assertFalse(struct3_schema.matches(['X']))
self.assertFalse(struct3_schema.matches(['X', 3, 9, 11]))
self.assertFalse(struct3_schema.matches(['X', 3, 'A']))
# Test conditions for invalid arguments in a schema definition.
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.Struct, 1)
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.Struct, [1])
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.Struct, {'a': 1})
self.assertRaises(securesystemslib.exceptions.FormatError,
SCHEMA.Struct, [SCHEMA.AnyString(), 1])
def test_AnyString(self):
# Test conditions for valid arguments.
anystring_schema = SCHEMA.AnyString()
self.assertTrue(anystring_schema.matches(''))
self.assertTrue(anystring_schema.matches('a string'))
# Test conditions for invalid arguments.
self.assertFalse(anystring_schema.matches(['a']))
self.assertFalse(anystring_schema.matches(3))
self.assertFalse(anystring_schema.matches({'a': 'string'}))
import binascii
import calendar
import re
import string
import datetime
import time
import six
import securesystemslib.schema as SCHEMA
import securesystemslib.exceptions
# Note that in the schema definitions below, the 'SCHEMA.Object' types allow
# additional keys which are not defined. Thus, any additions to them will be
# easily backwards compatible with clients that are already deployed.
ANY_STRING_SCHEMA = SCHEMA.AnyString()
LIST_OF_ANY_STRING_SCHEMA = SCHEMA.ListOf(ANY_STRING_SCHEMA)
# A datetime in 'YYYY-MM-DDTHH:MM:SSZ' ISO 8601 format. The "Z" zone designator
# for the zero UTC offset is always used (i.e., a numerical offset is not
# supported.) Example: '2015-10-21T13:20:00Z'. Note: This is a simple format
# check, and an ISO8601 string should be fully verified when it is parsed.
ISO8601_DATETIME_SCHEMA = SCHEMA.RegularExpression(
r'\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z')
# A Unix/POSIX time format. An integer representing the number of seconds
# since the epoch (January 1, 1970.) Metadata uses this format for the
# 'expires' field. Set 'hi' to the upper timestamp limit (year 2038), the max
# value of an int.
UNIX_TIMESTAMP_SCHEMA = SCHEMA.Integer(lo=0, hi=2147483647)
<Author>
Lukas Puehringer <*****@*****.**>
Santiago Torres-Arias <*****@*****.**>
<Started>
November 28, 2017.
<Copyright>
See LICENSE for licensing information.
<Purpose>
Format schemas for in-toto metadata, based on securesystemslib.schema.
The schemas can be verified using the following methods inherited from
securesystemslib.schema:
in_toto.formats.<SCHEMA>.check_match(<object to verify>)
in_toto.formats.<SCHEMA>.matches(<object to verify>)
`check_match` raises a securesystemslib.exceptions.FormatError and `matches`
returns False if the verified object does not match the schema (True
otherwise).
"""
import securesystemslib.schema as ssl_schema
# pylint: disable=bad-whitespace
PARAMETER_DICTIONARY_KEY = ssl_schema.RegularExpression(r'[a-zA-Z0-9_-]+')
PARAMETER_DICTIONARY_SCHEMA = ssl_schema.DictOf(
key_schema=PARAMETER_DICTIONARY_KEY, value_schema=ssl_schema.AnyString())
SEMVER_2_0_0_SCHEMA
])
# A datetime in 'YYYY-MM-DDTHH:MM:SSZ' ISO 8601 format. The "Z" zone designator
# for the zero UTC offset is always used (i.e., a numerical offset is not
# supported.) Example: '2015-10-21T13:20:00Z'. Note: This is a simple format
# check, and an ISO8601 string should be fully verified when it is parsed.
ISO8601_DATETIME_SCHEMA = SCHEMA.RegularExpression(
r'\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z')
# An integer representing the numbered version of a metadata file.
# Must be 1, or greater.
METADATAVERSION_SCHEMA = SCHEMA.Integer(lo=0)
# A relative file path (e.g., 'metadata/root/').
RELPATH_SCHEMA = SCHEMA.AnyString()
RELPATHS_SCHEMA = SCHEMA.ListOf(RELPATH_SCHEMA)
VERSIONINFO_SCHEMA = SCHEMA.Object(object_name='VERSIONINFO_SCHEMA',
version=METADATAVERSION_SCHEMA)
# A string representing a role's name.
ROLENAME_SCHEMA = SCHEMA.AnyString()
# A role's threshold value (i.e., the minimum number
# of signatures required to sign a metadata file).
# Must be 1 and greater.
THRESHOLD_SCHEMA = SCHEMA.Integer(lo=1)
# A hexadecimal value in '23432df87ab..' format.
HEX_SCHEMA = SCHEMA.RegularExpression(r'[a-fA-F0-9]+')
`check_match` raises a securesystemslib.exceptions.FormatError and `matches`
returns False if the verified object does not match the schema (True
otherwise).
"""
import in_toto.gpg.formats as gpg_formats
import securesystemslib.schema as ssl_schema
import securesystemslib.formats as ssl_formats
# Note: Verification keys can have private portions but in case of GPG we
# only have a PUBKEY_SCHEMA (because we never export private gpg keys from
# the gpg keyring)
ANY_VERIFICATION_KEY_SCHEMA = ssl_schema.OneOf(
[ssl_formats.ANYKEY_SCHEMA, gpg_formats.PUBKEY_SCHEMA])
ANY_VERIFICATION_KEY_DICT_SCHEMA = ssl_schema.DictOf(
key_schema=ssl_formats.KEYID_SCHEMA,
value_schema=ANY_VERIFICATION_KEY_SCHEMA)
ANY_PUBKEY_SCHEMA = ssl_schema.OneOf(
[ssl_formats.PUBLIC_KEY_SCHEMA, gpg_formats.PUBKEY_SCHEMA])
ANY_PUBKEY_DICT_SCHEMA = ssl_schema.DictOf(key_schema=ssl_formats.KEYID_SCHEMA,
value_schema=ANY_PUBKEY_SCHEMA)
ANY_SIGNATURE_SCHEMA = ssl_schema.OneOf(
[ssl_formats.SIGNATURE_SCHEMA, gpg_formats.SIGNATURE_SCHEMA])
ANY_STRING_SCHEMA = ssl_schema.AnyString()
LIST_OF_ANY_STRING_SCHEMA = ssl_schema.ListOf(ANY_STRING_SCHEMA)
"""
import in_toto.gpg.formats as gpg_formats
import securesystemslib.schema as ssl_schema
import securesystemslib.formats as ssl_formats
# Note: Verification keys can have private portions but in case of GPG we
# only have a PUBKEY_SCHEMA (because we never export private gpg keys from
# the gpg keyring)
ANY_VERIFICATION_KEY_SCHEMA = ssl_schema.OneOf(
[ssl_formats.ANYKEY_SCHEMA, gpg_formats.PUBKEY_SCHEMA])
ANY_VERIFICATION_KEY_DICT_SCHEMA = ssl_schema.DictOf(
key_schema=ssl_formats.KEYID_SCHEMA,
value_schema=ANY_VERIFICATION_KEY_SCHEMA)
ANY_PUBKEY_SCHEMA = ssl_schema.OneOf(
[ssl_formats.PUBLIC_KEY_SCHEMA, gpg_formats.PUBKEY_SCHEMA])
ANY_PUBKEY_DICT_SCHEMA = ssl_schema.DictOf(key_schema=ssl_formats.KEYID_SCHEMA,
value_schema=ANY_PUBKEY_SCHEMA)
ANY_SIGNATURE_SCHEMA = ssl_schema.OneOf(
[ssl_formats.SIGNATURE_SCHEMA, gpg_formats.SIGNATURE_SCHEMA])
ANY_STRING_SCHEMA = ssl_schema.AnyString()
LIST_OF_ANY_STRING_SCHEMA = ssl_schema.ListOf(ANY_STRING_SCHEMA)
PARAMETER_DICTIONARY_KEY = ssl_schema.RegularExpression(r'[a-zA-Z0-9_-]+')
PARAMETER_DICTIONARY_SCHEMA = ssl_schema.DictOf(
key_schema=PARAMETER_DICTIONARY_KEY, value_schema=ssl_schema.AnyString())
import binascii
import calendar
import re
import datetime
import time
import six
import securesystemslib.schema as SCHEMA
import securesystemslib.exceptions
# Note that in the schema definitions below, the 'SCHEMA.Object' types allow
# additional keys which are not defined. Thus, any additions to them will be
# easily backwards compatible with clients that are already deployed.
ANY_STRING_SCHEMA = SCHEMA.AnyString()
LIST_OF_ANY_STRING_SCHEMA = SCHEMA.ListOf(ANY_STRING_SCHEMA)
# A datetime in 'YYYY-MM-DDTHH:MM:SSZ' ISO 8601 format. The "Z" zone designator
# for the zero UTC offset is always used (i.e., a numerical offset is not
# supported.) Example: '2015-10-21T13:20:00Z'. Note: This is a simple format
# check, and an ISO8601 string should be fully verified when it is parsed.
ISO8601_DATETIME_SCHEMA = SCHEMA.RegularExpression(r'\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z')
# A Unix/POSIX time format. An integer representing the number of seconds
# since the epoch (January 1, 1970.) Metadata uses this format for the
# 'expires' field. Set 'hi' to the upper timestamp limit (year 2038), the max
# value of an int.
UNIX_TIMESTAMP_SCHEMA = SCHEMA.Integer(lo=0, hi=2147483647)
# A hexadecimal value in '23432df87ab..' format.
# supported.) Example: '2015-10-21T13:20:00Z'. Note: This is a simple format
# check, and an ISO8601 string should be fully verified when it is parsed.
ISO8601_DATETIME_SCHEMA = SCHEMA.RegularExpression(
r'\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z')
# A Unix/POSIX time format. An integer representing the number of seconds
# since the epoch (January 1, 1970.) Metadata uses this format for the
# 'expires' field. Set 'hi' to the upper timestamp limit (year 2038), the max
# value of an int.
UNIX_TIMESTAMP_SCHEMA = SCHEMA.Integer(lo=0, hi=2147483647)
# A hexadecimal value in '23432df87ab..' format.
HASH_SCHEMA = SCHEMA.RegularExpression(r'[a-fA-F0-9]+')
# A dict in {'sha256': '23432df87ab..', 'sha512': '34324abc34df..', ...} format.
HASHDICT_SCHEMA = SCHEMA.DictOf(key_schema=SCHEMA.AnyString(),
value_schema=HASH_SCHEMA)
# A hexadecimal value in '23432df87ab..' format.
HEX_SCHEMA = SCHEMA.RegularExpression(r'[a-fA-F0-9]+')
# A key identifier (e.g., a hexadecimal value identifying an RSA key).
KEYID_SCHEMA = HASH_SCHEMA
# A list of KEYID_SCHEMA.
KEYIDS_SCHEMA = SCHEMA.ListOf(KEYID_SCHEMA)
# The signing scheme used by a key to generate a signature (e.g.,
# 'rsassa-pss-sha256' is one of the signing schemes for key type 'rsa').
SCHEME_SCHEMA = SCHEMA.AnyString()
<Author>
Lukas Puehringer <*****@*****.**>
Santiago Torres-Arias <*****@*****.**>
<Started>
November 28, 2017.
<Copyright>
See LICENSE for licensing information.
<Purpose>
Format schemas for in-toto metadata, based on securesystemslib.schema.
The schemas can be verified using the following methods inherited from
securesystemslib.schema:
in_toto.formats.<SCHEMA>.check_match(<object to verify>)
in_toto.formats.<SCHEMA>.matches(<object to verify>)
`check_match` raises a securesystemslib.exceptions.FormatError and `matches`
returns False if the verified object does not match the schema (True
otherwise).
"""
import securesystemslib.schema as ssl_schema
PARAMETER_DICTIONARY_KEY = ssl_schema.RegularExpression(r'[a-zA-Z0-9_-]+')
PARAMETER_DICTIONARY_SCHEMA = ssl_schema.DictOf(
key_schema = PARAMETER_DICTIONARY_KEY,
value_schema = ssl_schema.AnyString())
)
# Any subclass of `securesystemslib.schema.Object` stores the schemas that
# define the attributes of the object in its `_required` property, even if
# such a schema is of type `Optional`.
# TODO: Find a way that does not require to access a protected member
schema._required.append(subkey_schema_tuple) # pylint: disable=protected-access
return schema
GPG_HASH_ALGORITHM_STRING = "pgp+SHA2"
PGP_RSA_PUBKEY_METHOD_STRING = "pgp+rsa-pkcsv1.5"
PGP_DSA_PUBKEY_METHOD_STRING = "pgp+dsa-fips-180-2"
RSA_PUBKEYVAL_SCHEMA = ssl_schema.Object(
object_name = "RSA_PUBKEYVAL_SCHEMA",
e = ssl_schema.AnyString(),
n = ssl_formats.HEX_SCHEMA
)
# We have to define RSA_PUBKEY_SCHEMA in two steps, because it is
# self-referential. Here we define a shallow _RSA_PUBKEY_SCHEMA, which we use
# below to create the self-referential RSA_PUBKEY_SCHEMA.
_RSA_PUBKEY_SCHEMA = ssl_schema.Object(
object_name = "RSA_PUBKEY_SCHEMA",
type = ssl_schema.String("rsa"),
method = ssl_schema.String(PGP_RSA_PUBKEY_METHOD_STRING),
hashes = ssl_schema.ListOf(ssl_schema.String(GPG_HASH_ALGORITHM_STRING)),
keyid = ssl_formats.KEYID_SCHEMA,
keyval = ssl_schema.Object(
public = RSA_PUBKEYVAL_SCHEMA,
import binascii
import calendar
import datetime
import time
import copy
import securesystemslib.formats
import securesystemslib.schema as SCHEMA
import tuf
import six
SPECIFICATION_VERSION_SCHEMA = SCHEMA.AnyString()
# A datetime in 'YYYY-MM-DDTHH:MM:SSZ' ISO 8601 format. The "Z" zone designator
# for the zero UTC offset is always used (i.e., a numerical offset is not
# supported.) Example: '2015-10-21T13:20:00Z'. Note: This is a simple format
# check, and an ISO8601 string should be fully verified when it is parsed.
ISO8601_DATETIME_SCHEMA = SCHEMA.RegularExpression(r'\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}Z')
# An integer representing the numbered version of a metadata file.
# Must be 1, or greater.
METADATAVERSION_SCHEMA = SCHEMA.Integer(lo=0)
VERSIONINFO_SCHEMA = SCHEMA.Object(
object_name = 'VERSIONINFO_SCHEMA',
version = METADATAVERSION_SCHEMA)
