def __init__(
self,
version: int,
is_expired: bool,
snapshot_keys_idx: list,
targets: dict,
delegations: dict,
snapshot_sign_keys_idx: list=None,
**kwargs) -> None:
super().__init__(**kwargs)
self.role_name = 'snapshot'
if snapshot_sign_keys_idx is None:
snapshot_sign_keys_idx = snapshot_keys_idx
# TODO manipulate version
targets_version = targets['signed']['version']
targets_json = self.jsonify(targets)
signed = {
'_type': 'Snapshot',
'version': version,
'expires': '2017-01-01T00:00:00Z' if is_expired else '2038-01-19T03:14:06Z',
'meta': {
'targets.json': {
'hashes': {
'sha256': sha256(targets_json, bad_hash=False),
'sha512': sha512(targets_json, bad_hash=False),
},
'length': len(targets_json),
'version': targets_version,
},
},
}
for (name, meta) in delegations.items():
delegation_json = self.jsonify(meta)
signed['meta'][name] = {
'hashes': {
'sha256': sha256(delegation_json, bad_hash=False),
'sha512': sha512(delegation_json, bad_hash=False),
},
'length': len(delegation_json),
'version': meta['signed']['version'], # TODO manipulate version
}
sig_directives = [(self.get_key(i), False) for i in snapshot_sign_keys_idx]
self.value = {'signed': signed, 'signatures': self.sign(sig_directives, signed)}
def __init__(
self,
name: str,
content: bytes,
hardware_id: str,
do_write: bool = True,
alteration: str = None,
ecu_identifier: str = None,
) -> None:
self.name = name
self.content = content
self.do_write = do_write
bad_hash = False
size_mod = 0
bad_ecu_id = False
bad_hw_id = False
if alteration is None:
pass
elif alteration == 'bad-hash':
bad_hash = True
elif alteration == 'oversized':
size_mod = -1
elif alteration == 'bad-ecu-id':
if ecu_identifier is None:
raise ValueError('Tried to modify ECU ID with no ECU ID')
bad_ecu_id = True
elif alteration == 'bad-hw-id':
bad_hw_id = True
else:
raise ValueError('Unknown alteration: {}'.format(alteration))
self.meta = {
'length': len(content) + size_mod,
'hashes': {
'sha256': sha256(content, bad_hash=bad_hash),
'sha512': sha512(content, bad_hash=bad_hash),
},
'custom': {},
}
if ecu_identifier is None:
# Only used by Image repo metadata.
self.meta['custom'] = {
'hardwareIds': [
hardware_id + ('-XXX' if bad_hw_id else ''),
],
}
else:
# Only used by Director metadata.
ecu_identifier = ecu_identifier + ('-XXX' if bad_ecu_id else '')
self.meta['custom']['ecuIdentifiers'] = {
ecu_identifier: {
'hardwareId': hardware_id + ('-XXX' if bad_hw_id else ''),
},
}
def __init__(self,
snapshot: dict,
timestamp_keys_idx: list,
timestamp_keys_bad_sign_idx: list,
timestamp_version: int,
is_expired: bool,
snapshot_version: int,
timestamp_sign_keys_idx: list = None,
**kwargs) -> None:
super().__init__(is_delegation=False, **kwargs)
self.role_name = 'timestamp'
if timestamp_sign_keys_idx is None:
timestamp_sign_keys_idx = timestamp_keys_idx
if snapshot_version is None:
snapshot_version = snapshot['signed']['version']
snapshot_json = self.cjson(snapshot)
signed = {
'_type': kwargs.get('_type', 'Timestamp'),
'version': 1, # TODO
'expires':
'2017-01-01T00:00:00Z' if is_expired else '2038-01-19T03:14:06Z',
'meta': {
'snapshot.json': {
'version': snapshot_version,
'length':
len(self.jsonify(snapshot)
), # Server returns snapshot.json with self.jsonify
'hashes': {
'sha256': sha256(snapshot_json, bad_hash=False),
'sha512': sha512(snapshot_json, bad_hash=False),
},
},
},
}
sig_directives = [(self.get_key(i), i in timestamp_keys_bad_sign_idx)
for i in timestamp_sign_keys_idx]
self.value = {
'signed': signed,
'signatures': self.sign(sig_directives, signed)
}
def key_id(self, pub: str, bad_id: bool) -> str:
return sha256(self.cjson(pub).encode('utf-8'), bad_id)
def __init__(
self,
version: int,
is_expired: bool,
snapshot_keys_idx: list,
targets: dict,
delegations: dict, # role_name -> contents_dict
snapshot_sign_keys_idx: list = None,
targets_version: int = None,
add_targets_hash_and_length: bool = False,
**kwargs) -> None:
super().__init__(is_delegation=False, **kwargs)
self.role_name = 'snapshot'
if snapshot_sign_keys_idx is None:
snapshot_sign_keys_idx = snapshot_keys_idx
if targets_version:
targets_version = targets_version
else:
targets_version = targets['signed']['version']
signed = {
'_type': kwargs.get('_type', 'Snapshot'),
'version': version,
'expires':
'2017-01-01T00:00:00Z' if is_expired else '2038-01-19T03:14:06Z',
'meta': {
'targets.json': {
'version': targets_version,
},
},
}
if add_targets_hash_and_length:
targets_content = self.cjson(targets).encode('utf-8')
signed['meta']['targets.json']['hashes'] = {
'sha256': sha256(targets_content, False),
}
signed['meta']['targets.json']['length'] = len(targets_content)
for (name, meta) in delegations.items():
if name == SKIPPED_DELEGATION_NAME:
continue
if meta.snapshot_version:
delegation_version = meta.snapshot_version
else:
delegation_version = meta.value['signed']['version']
signed['meta'][name + '.json'] = {
'version': delegation_version,
}
sig_directives = [(self.get_key(i), False)
for i in snapshot_sign_keys_idx]
self.value = {
'signed': signed,
'signatures': self.sign(sig_directives, signed)
}