From 09971aea1609f87f7f39bc8719ee644f7a26c08d Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Thu, 1 Dec 2022 11:08:05 +0200 Subject: [PATCH] tests, examples: Stop using Key constructors New Securesystemslib Keys can now be instantiated in two ways: * deserialize via Key.from_dict() as before * generate new keys via implementation specific methods Fix all cases where we call Key() or Key.from_securesystemslib_key() and use SSlibKey methods instead. Fix related tests. Signed-off-by: Jussi Kukkonen --- examples/manual_repo/basic_repo.py | 11 +++++------ examples/manual_repo/hashed_bin_delegation.py | 5 ++--- .../manual_repo/succinct_hash_bin_delegations.py | 4 ++-- tests/generated_data/generate_md.py | 4 ++-- tests/repository_simulator.py | 6 +++--- tests/test_api.py | 12 ++++-------- tests/test_metadata_eq_.py | 6 +++--- tests/test_metadata_serialization.py | 2 +- 8 files changed, 22 insertions(+), 28 deletions(-) diff --git a/examples/manual_repo/basic_repo.py b/examples/manual_repo/basic_repo.py index 20ebe09a..aa002d0f 100644 --- a/examples/manual_repo/basic_repo.py +++ b/examples/manual_repo/basic_repo.py @@ -27,13 +27,12 @@ from typing import Any, Dict from securesystemslib.keys import generate_ed25519_key -from securesystemslib.signer import SSlibSigner +from securesystemslib.signer import SSlibKey, SSlibSigner from tuf.api.metadata import ( SPECIFICATION_VERSION, DelegatedRole, Delegations, - Key, Metadata, MetaFile, Root, @@ -157,7 +156,7 @@ def _in(days: float) -> datetime: for name in ["targets", "snapshot", "timestamp", "root"]: keys[name] = generate_ed25519_key() roles["root"].signed.add_key( - Key.from_securesystemslib_key(keys[name]), name + SSlibKey.from_securesystemslib_key(keys[name]), name ) # NOTE: We only need the public part to populate root, so it is possible to use @@ -173,7 +172,7 @@ def _in(days: float) -> datetime: # required signature threshold. another_root_key = generate_ed25519_key() roles["root"].signed.add_key( - Key.from_securesystemslib_key(another_root_key), "root" + SSlibKey.from_securesystemslib_key(another_root_key), "root" ) roles["root"].signed.roles["root"].threshold = 2 @@ -271,7 +270,7 @@ def _in(days: float) -> datetime: # https://theupdateframework.github.io/specification/latest/#delegations roles["targets"].signed.delegations = Delegations( keys={ - keys[delegatee_name]["keyid"]: Key.from_securesystemslib_key( + keys[delegatee_name]["keyid"]: SSlibKey.from_securesystemslib_key( keys[delegatee_name] ) }, @@ -345,7 +344,7 @@ def _in(days: float) -> datetime: roles["root"].signed.revoke_key(keys["root"]["keyid"], "root") roles["root"].signed.add_key( - Key.from_securesystemslib_key(new_root_key), "root" + SSlibKey.from_securesystemslib_key(new_root_key), "root" ) roles["root"].signed.version += 1 diff --git a/examples/manual_repo/hashed_bin_delegation.py b/examples/manual_repo/hashed_bin_delegation.py index 5a4e2a00..eb2d81d7 100644 --- a/examples/manual_repo/hashed_bin_delegation.py +++ b/examples/manual_repo/hashed_bin_delegation.py @@ -23,12 +23,11 @@ from typing import Any, Dict, Iterator, List, Tuple from securesystemslib.keys import generate_ed25519_key -from securesystemslib.signer import SSlibSigner +from securesystemslib.signer import SSlibKey, SSlibSigner from tuf.api.metadata import ( DelegatedRole, Delegations, - Key, Metadata, TargetFile, Targets, @@ -146,7 +145,7 @@ def find_hash_bin(path: str) -> str: # Create preliminary delegating targets role (bins) and add public key for # delegated targets (bin_n) to key store. Delegation details are update below. roles["bins"] = Metadata(Targets(expires=_in(365))) -bin_n_key = Key.from_securesystemslib_key(keys["bin-n"]) +bin_n_key = SSlibKey.from_securesystemslib_key(keys["bin-n"]) roles["bins"].signed.delegations = Delegations( keys={bin_n_key.keyid: bin_n_key}, roles={}, diff --git a/examples/manual_repo/succinct_hash_bin_delegations.py b/examples/manual_repo/succinct_hash_bin_delegations.py index 6e86c0d6..4c4ffdb9 100644 --- a/examples/manual_repo/succinct_hash_bin_delegations.py +++ b/examples/manual_repo/succinct_hash_bin_delegations.py @@ -25,7 +25,7 @@ from typing import Dict, Tuple from securesystemslib.keys import generate_ed25519_key -from securesystemslib.signer import SSlibSigner +from securesystemslib.signer import SSlibKey, SSlibSigner from tuf.api.metadata import ( Delegations, @@ -82,7 +82,7 @@ def create_key() -> Tuple[Key, SSlibSigner]: """Generates a new Key and Signer.""" sslib_key = generate_ed25519_key() - return Key.from_securesystemslib_key(sslib_key), SSlibSigner(sslib_key) + return SSlibKey.from_securesystemslib_key(sslib_key), SSlibSigner(sslib_key) # Create one signing key for all bins, and one for the delegating targets role. diff --git a/tests/generated_data/generate_md.py b/tests/generated_data/generate_md.py index fef33678..df459c1d 100644 --- a/tests/generated_data/generate_md.py +++ b/tests/generated_data/generate_md.py @@ -8,7 +8,7 @@ from datetime import datetime from typing import Dict, List, Optional -from securesystemslib.signer import SSlibSigner +from securesystemslib.signer import SSlibKey, SSlibSigner from tests import utils from tuf.api.metadata import Key, Metadata, Root, Snapshot, Targets, Timestamp @@ -36,7 +36,7 @@ keys: Dict[str, Key] = {} for index in range(4): - keys[f"ed25519_{index}"] = Key.from_securesystemslib_key( + keys[f"ed25519_{index}"] = SSlibKey.from_securesystemslib_key( { "keytype": "ed25519", "scheme": "ed25519", diff --git a/tests/repository_simulator.py b/tests/repository_simulator.py index abb7f371..1e8bebe9 100644 --- a/tests/repository_simulator.py +++ b/tests/repository_simulator.py @@ -54,7 +54,7 @@ import securesystemslib.hash as sslib_hash from securesystemslib.keys import generate_ed25519_key -from securesystemslib.signer import SSlibSigner +from securesystemslib.signer import SSlibKey, SSlibSigner from tuf.api.exceptions import DownloadHTTPError from tuf.api.metadata import ( @@ -156,8 +156,8 @@ def all_targets(self) -> Iterator[Tuple[str, Targets]]: @staticmethod def create_key() -> Tuple[Key, SSlibSigner]: - sslib_key = generate_ed25519_key() - return Key.from_securesystemslib_key(sslib_key), SSlibSigner(sslib_key) + key = generate_ed25519_key() + return SSlibKey.from_securesystemslib_key(key), SSlibSigner(key) def add_signer(self, role: str, signer: SSlibSigner) -> None: if role not in self.signers: diff --git a/tests/test_api.py b/tests/test_api.py index 1fd0a446..8aa096bf 100755 --- a/tests/test_api.py +++ b/tests/test_api.py @@ -23,7 +23,7 @@ import_ed25519_publickey_from_file, ) from securesystemslib.keys import generate_ed25519_key -from securesystemslib.signer import Signature, SSlibSigner +from securesystemslib.signer import SSlibKey, SSlibSigner from tests import utils from tuf.api import exceptions @@ -34,6 +34,7 @@ Key, Metadata, Root, + Signature, Snapshot, SuccinctRoles, TargetFile, @@ -382,14 +383,9 @@ def test_key_class(self) -> None: # Test if from_securesystemslib_key removes the private key from keyval # of a securesystemslib key dictionary. sslib_key = generate_ed25519_key() - key = Key.from_securesystemslib_key(sslib_key) + key = SSlibKey.from_securesystemslib_key(sslib_key) self.assertFalse("private" in key.keyval.keys()) - # Test raising ValueError with non-existent keytype - sslib_key["keytype"] = "bad keytype" - with self.assertRaises(ValueError): - Key.from_securesystemslib_key(sslib_key) - def test_root_add_key_and_revoke_key(self) -> None: root_path = os.path.join(self.repo_dir, "metadata", "root.json") root = Metadata[Root].from_file(root_path) @@ -399,7 +395,7 @@ def test_root_add_key_and_revoke_key(self) -> None: os.path.join(self.keystore_dir, "root_key2.pub") ) keyid = root_key2["keyid"] - key_metadata = Key( + key_metadata = SSlibKey( keyid, root_key2["keytype"], root_key2["scheme"], diff --git a/tests/test_metadata_eq_.py b/tests/test_metadata_eq_.py index a3b3f9fd..c8de6147 100644 --- a/tests/test_metadata_eq_.py +++ b/tests/test_metadata_eq_.py @@ -12,17 +12,17 @@ import unittest from typing import Any, ClassVar, Dict -from securesystemslib.signer import Signature +from securesystemslib.signer import SSlibKey from tests import utils from tuf.api.metadata import ( TOP_LEVEL_ROLE_NAMES, DelegatedRole, Delegations, - Key, Metadata, MetaFile, Role, + Signature, SuccinctRoles, TargetFile, ) @@ -50,7 +50,7 @@ def setUpClass(cls) -> None: cls.objects["Metadata"] = Metadata(cls.objects["Timestamp"], {}) cls.objects["Signed"] = cls.objects["Timestamp"] - cls.objects["Key"] = Key( + cls.objects["Key"] = SSlibKey( "id", "rsa", "rsassa-pss-sha256", {"public": "foo"} ) cls.objects["Role"] = Role(["keyid1", "keyid2"], 3) diff --git a/tests/test_metadata_serialization.py b/tests/test_metadata_serialization.py index 65d410bf..04c53775 100644 --- a/tests/test_metadata_serialization.py +++ b/tests/test_metadata_serialization.py @@ -168,7 +168,7 @@ def test_valid_key_serialization(self, test_case_data: str) -> None: @utils.run_sub_tests_with_dataset(invalid_keys) def test_invalid_key_serialization(self, test_case_data: str) -> None: case_dict = json.loads(test_case_data) - with self.assertRaises((TypeError, KeyError)): + with self.assertRaises((TypeError, KeyError, ValueError)): keyid = case_dict.pop("keyid") Key.from_dict(keyid, case_dict)