Elgato_dark/python-tuf
1
0
Fork 0
mirror of https://github.com/theupdateframework/python-tuf synced 2026-05-24 10:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

tests, examples: Stop using Key constructors

Browse source 
New Securesystemslib Keys can now be instantiated in two ways:
* deserialize via Key.from_dict() as before
* generate new keys via implementation specific methods

Fix all cases where we call Key() or Key.from_securesystemslib_key()
and use SSlibKey methods instead. Fix related tests.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This commit is contained in:
Jussi Kukkonen 2022-12-01 11:08:05 +02:00
parent 6dbadaa7b1
commit 09971aea16
8 changed files with 22 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
examples/manual_repo/basic_repo.py
View file

@ -27,13 +27,12 @@
from typing import Any, Dict
from securesystemslib.keys import generate_ed25519_key
from securesystemslib.signer import SSlibSigner
from securesystemslib.signer import SSlibKey, SSlibSigner
from tuf.api.metadata import (
SPECIFICATION_VERSION,
DelegatedRole,
Delegations,
Key,
Metadata,
MetaFile,
Root,
@ -157,7 +156,7 @@ def _in(days: float) -> datetime:
for name in ["targets", "snapshot", "timestamp", "root"]:
keys[name] = generate_ed25519_key()
roles["root"].signed.add_key(
Key.from_securesystemslib_key(keys[name]), name
SSlibKey.from_securesystemslib_key(keys[name]), name
)
# NOTE: We only need the public part to populate root, so it is possible to use
@ -173,7 +172,7 @@ def _in(days: float) -> datetime:
# required signature threshold.
another_root_key = generate_ed25519_key()
roles["root"].signed.add_key(
Key.from_securesystemslib_key(another_root_key), "root"
SSlibKey.from_securesystemslib_key(another_root_key), "root"
)
roles["root"].signed.roles["root"].threshold = 2
@ -271,7 +270,7 @@ def _in(days: float) -> datetime:
# https://theupdateframework.github.io/specification/latest/#delegations
roles["targets"].signed.delegations = Delegations(
keys={
keys[delegatee_name]["keyid"]: Key.from_securesystemslib_key(
keys[delegatee_name]["keyid"]: SSlibKey.from_securesystemslib_key(
keys[delegatee_name]
)
},
@ -345,7 +344,7 @@ def _in(days: float) -> datetime:
roles["root"].signed.revoke_key(keys["root"]["keyid"], "root")
roles["root"].signed.add_key(
Key.from_securesystemslib_key(new_root_key), "root"
SSlibKey.from_securesystemslib_key(new_root_key), "root"
)
roles["root"].signed.version += 1

5
examples/manual_repo/hashed_bin_delegation.py
View file

@ -23,12 +23,11 @@
from typing import Any, Dict, Iterator, List, Tuple
from securesystemslib.keys import generate_ed25519_key
from securesystemslib.signer import SSlibSigner
from securesystemslib.signer import SSlibKey, SSlibSigner
from tuf.api.metadata import (
DelegatedRole,
Delegations,
Key,
Metadata,
TargetFile,
Targets,
@ -146,7 +145,7 @@ def find_hash_bin(path: str) -> str:
# Create preliminary delegating targets role (bins) and add public key for
# delegated targets (bin_n) to key store. Delegation details are update below.
roles["bins"] = Metadata(Targets(expires=_in(365)))
bin_n_key = Key.from_securesystemslib_key(keys["bin-n"])
bin_n_key = SSlibKey.from_securesystemslib_key(keys["bin-n"])
roles["bins"].signed.delegations = Delegations(
keys={bin_n_key.keyid: bin_n_key},
roles={},

4
examples/manual_repo/succinct_hash_bin_delegations.py
View file

@ -25,7 +25,7 @@
from typing import Dict, Tuple
from securesystemslib.keys import generate_ed25519_key
from securesystemslib.signer import SSlibSigner
from securesystemslib.signer import SSlibKey, SSlibSigner
from tuf.api.metadata import (
Delegations,
@ -82,7 +82,7 @@
def create_key() -> Tuple[Key, SSlibSigner]:
"""Generates a new Key and Signer."""
sslib_key = generate_ed25519_key()
return Key.from_securesystemslib_key(sslib_key), SSlibSigner(sslib_key)
return SSlibKey.from_securesystemslib_key(sslib_key), SSlibSigner(sslib_key)
# Create one signing key for all bins, and one for the delegating targets role.

4
tests/generated_data/generate_md.py
View file

@ -8,7 +8,7 @@
from datetime import datetime
from typing import Dict, List, Optional
from securesystemslib.signer import SSlibSigner
from securesystemslib.signer import SSlibKey, SSlibSigner
from tests import utils
from tuf.api.metadata import Key, Metadata, Root, Snapshot, Targets, Timestamp
@ -36,7 +36,7 @@
keys: Dict[str, Key] = {}
for index in range(4):
keys[f"ed25519_{index}"] = Key.from_securesystemslib_key(
keys[f"ed25519_{index}"] = SSlibKey.from_securesystemslib_key(
{
"keytype": "ed25519",
"scheme": "ed25519",

6
tests/repository_simulator.py
View file

@ -54,7 +54,7 @@
import securesystemslib.hash as sslib_hash
from securesystemslib.keys import generate_ed25519_key
from securesystemslib.signer import SSlibSigner
from securesystemslib.signer import SSlibKey, SSlibSigner
from tuf.api.exceptions import DownloadHTTPError
from tuf.api.metadata import (
@ -156,8 +156,8 @@ def all_targets(self) -> Iterator[Tuple[str, Targets]]:
@staticmethod
def create_key() -> Tuple[Key, SSlibSigner]:
sslib_key = generate_ed25519_key()
return Key.from_securesystemslib_key(sslib_key), SSlibSigner(sslib_key)
key = generate_ed25519_key()
return SSlibKey.from_securesystemslib_key(key), SSlibSigner(key)
def add_signer(self, role: str, signer: SSlibSigner) -> None:
if role not in self.signers:

12
tests/test_api.py
View file

@ -23,7 +23,7 @@
import_ed25519_publickey_from_file,
)
from securesystemslib.keys import generate_ed25519_key
from securesystemslib.signer import Signature, SSlibSigner
from securesystemslib.signer import SSlibKey, SSlibSigner
from tests import utils
from tuf.api import exceptions
@ -34,6 +34,7 @@
Key,
Metadata,
Root,
Signature,
Snapshot,
SuccinctRoles,
TargetFile,
@ -382,14 +383,9 @@ def test_key_class(self) -> None:
# Test if from_securesystemslib_key removes the private key from keyval
# of a securesystemslib key dictionary.
sslib_key = generate_ed25519_key()
key = Key.from_securesystemslib_key(sslib_key)
key = SSlibKey.from_securesystemslib_key(sslib_key)
self.assertFalse("private" in key.keyval.keys())
# Test raising ValueError with non-existent keytype
sslib_key["keytype"] = "bad keytype"
with self.assertRaises(ValueError):
Key.from_securesystemslib_key(sslib_key)
def test_root_add_key_and_revoke_key(self) -> None:
root_path = os.path.join(self.repo_dir, "metadata", "root.json")
root = Metadata[Root].from_file(root_path)
@ -399,7 +395,7 @@ def test_root_add_key_and_revoke_key(self) -> None:
os.path.join(self.keystore_dir, "root_key2.pub")
)
keyid = root_key2["keyid"]
key_metadata = Key(
key_metadata = SSlibKey(
keyid,
root_key2["keytype"],
root_key2["scheme"],

6
tests/test_metadata_eq_.py
View file

@ -12,17 +12,17 @@
import unittest
from typing import Any, ClassVar, Dict
from securesystemslib.signer import Signature
from securesystemslib.signer import SSlibKey
from tests import utils
from tuf.api.metadata import (
TOP_LEVEL_ROLE_NAMES,
DelegatedRole,
Delegations,
Key,
Metadata,
MetaFile,
Role,
Signature,
SuccinctRoles,
TargetFile,
)
@ -50,7 +50,7 @@ def setUpClass(cls) -> None:
cls.objects["Metadata"] = Metadata(cls.objects["Timestamp"], {})
cls.objects["Signed"] = cls.objects["Timestamp"]
cls.objects["Key"] = Key(
cls.objects["Key"] = SSlibKey(
"id", "rsa", "rsassa-pss-sha256", {"public": "foo"}
)
cls.objects["Role"] = Role(["keyid1", "keyid2"], 3)

2
tests/test_metadata_serialization.py
View file

@ -168,7 +168,7 @@ def test_valid_key_serialization(self, test_case_data: str) -> None:
@utils.run_sub_tests_with_dataset(invalid_keys)
def test_invalid_key_serialization(self, test_case_data: str) -> None:
case_dict = json.loads(test_case_data)
with self.assertRaises((TypeError, KeyError)):
with self.assertRaises((TypeError, KeyError, ValueError)):
keyid = case_dict.pop("keyid")
Key.from_dict(keyid, case_dict)