diff --git a/tuf/keys.py b/tuf/keys.py index 7a50736b..c3af4d66 100755 --- a/tuf/keys.py +++ b/tuf/keys.py @@ -224,7 +224,7 @@ def generate_rsa_key(bits=_DEFAULT_RSA_KEY_BITS): public, private = tuf.pycrypto_keys.generate_rsa_public_and_private(bits) else: # pragma: no cover - message = 'Invalid crypto library: '+repr(_RSA_CRYPTO_LIBRARY)+'.' + message = 'Invalid crypto library: ' + repr(_RSA_CRYPTO_LIBRARY) + '.' raise tuf.UnsupportedLibraryError(message) # Generate the keyid of the RSA key. 'key_value' corresponds to the @@ -551,9 +551,9 @@ def check_crypto_libraries(required_libraries): if 'rsa' in required_libraries and _RSA_CRYPTO_LIBRARY not in \ _SUPPORTED_RSA_CRYPTO_LIBRARIES: - message = 'The '+repr(_RSA_CRYPTO_LIBRARY)+' crypto library specified'+ \ - ' in "tuf.conf.RSA_CRYPTO_LIBRARY" is not supported.\n'+ \ - 'Supported crypto libraries: '+repr(_SUPPORTED_RSA_CRYPTO_LIBRARIES)+'.' + message = 'The ' + repr(_RSA_CRYPTO_LIBRARY) + ' crypto library specified' +\ + ' in "tuf.conf.RSA_CRYPTO_LIBRARY" is not supported.\n' +\ + 'Supported crypto libraries: ' + repr(_SUPPORTED_RSA_CRYPTO_LIBRARIES) + '.' raise tuf.UnsupportedLibraryError(message) if 'ed25519' in required_libraries and _ED25519_CRYPTO_LIBRARY not in \ @@ -697,8 +697,8 @@ def create_signature(key_dict, data): sig, method = tuf.pycrypto_keys.create_rsa_signature(private, data.encode('utf-8')) else: # pragma: no cover - message = 'Unsupported "tuf.conf.RSA_CRYPTO_LIBRARY": '+\ - repr(_RSA_CRYPTO_LIBRARY)+'.' + message = 'Unsupported "tuf.conf.RSA_CRYPTO_LIBRARY": ' +\ + repr(_RSA_CRYPTO_LIBRARY) + '.' raise tuf.UnsupportedLibraryError(message) elif keytype == 'ed25519': @@ -824,7 +824,7 @@ def verify_signature(key_dict, signature, data): if keytype == 'rsa': if _RSA_CRYPTO_LIBRARY == 'pycrypto': if 'pycrypto' not in _available_crypto_libraries: # pragma: no cover - message = 'Metadata downloaded from the remote repository specified'+\ + message = 'Metadata downloaded from the remote repository specified' +\ ' an RSA signature. Verifying RSA signatures requires PyCrypto.' +\ '\n$ pip install PyCrypto, or pip install tuf[tools].' raise tuf.UnsupportedLibraryError(message) @@ -833,7 +833,7 @@ def verify_signature(key_dict, signature, data): valid_signature = tuf.pycrypto_keys.verify_rsa_signature(sig, method, public, data) else: # pragma: no cover - message = 'Unsupported "tuf.conf.RSA_CRYPTO_LIBRARY": '+\ + message = 'Unsupported "tuf.conf.RSA_CRYPTO_LIBRARY": ' +\ repr(_RSA_CRYPTO_LIBRARY)+'.' raise tuf.UnsupportedLibraryError(message) @@ -944,7 +944,7 @@ def import_rsakey_from_encrypted_pem(encrypted_pem, password): tuf.pycrypto_keys.create_rsa_public_and_private_from_encrypted_pem(encrypted_pem, password) else: #pragma: no cover - message = 'Invalid crypto library: '+repr(_RSA_CRYPTO_LIBRARY)+'.' + message = 'Invalid crypto library: ' + repr(_RSA_CRYPTO_LIBRARY) + '.' raise tuf.UnsupportedLibraryError(message) # Generate the keyid of the RSA key. 'key_value' corresponds to the @@ -1120,7 +1120,7 @@ def encrypt_key(key_object, password): # check_crypto_libraries() should have fully verified _GENERAL_CRYPTO_LIBRARY. else: # pragma: no cover - message = 'Invalid crypto library: '+repr(_GENERAL_CRYPTO_LIBRARY)+'.' + message = 'Invalid crypto library: ' + repr(_GENERAL_CRYPTO_LIBRARY) + '.' raise tuf.UnsupportedLibraryError(message) return encrypted_key @@ -1218,7 +1218,7 @@ def decrypt_key(encrypted_key, passphrase): # check_crypto_libraries() should have fully verified _GENERAL_CRYPTO_LIBRARY. else: # pragma: no cover - message = 'Invalid crypto library: '+repr(_GENERAL_CRYPTO_LIBRARY)+'.' + message = 'Invalid crypto library: ' + repr(_GENERAL_CRYPTO_LIBRARY) + '.' raise tuf.UnsupportedLibraryError(message) # The corresponding encrypt_key() encrypts and stores key objects in @@ -1301,7 +1301,7 @@ def create_rsa_encrypted_pem(private_key, passphrase): # check_crypto_libraries() should have fully verified _RSA_CRYPTO_LIBRARY. else: # pragma: no cover - message = 'Invalid crypto library: '+repr(_RSA_CRYPTO_LIBRARY)+'.' + message = 'Invalid crypto library: ' + repr(_RSA_CRYPTO_LIBRARY) + '.' raise tuf.UnsupportedLibraryError(message) return encrypted_pem diff --git a/tuf/pycrypto_keys.py b/tuf/pycrypto_keys.py index 72c7e8b7..f3ac2382 100755 --- a/tuf/pycrypto_keys.py +++ b/tuf/pycrypto_keys.py @@ -295,7 +295,7 @@ def create_rsa_signature(private_key, data): rsa_key_object = Crypto.PublicKey.RSA.importKey(private_key) except (ValueError, IndexError, TypeError) as e: - message = 'Invalid private key or hash data: '+str(e) + message = 'Invalid private key or hash data: ' + str(e) raise tuf.CryptoError(message) # Generate RSSA-PSS signature. Raise 'tuf.CryptoError' for the expected @@ -311,7 +311,7 @@ def create_rsa_signature(private_key, data): raise tuf.CryptoError('Missing required RSA private key.') except IndexError: - message = 'An RSA signature cannot be generated: '+str(e) + message = 'An RSA signature cannot be generated: ' + str(e) raise tuf.CryptoError(message) else: @@ -474,7 +474,7 @@ def create_rsa_encrypted_pem(private_key, passphrase): passphrase=passphrase) except (ValueError, IndexError, TypeError) as e: - message = 'An encrypted RSA key in PEM format cannot be generated: '+str(e) + message = 'An encrypted RSA key in PEM format cannot be generated: ' + str(e) raise tuf.CryptoError(message) else: @@ -570,8 +570,8 @@ def create_rsa_public_and_private_from_encrypted_pem(encrypted_pem, passphrase): # If the passphrase is incorrect, PyCrypto returns: "RSA key format is not # supported". except (ValueError, IndexError, TypeError) as e: - message = 'RSA (public, private) tuple cannot be generated from the'+\ - ' encrypted PEM string: '+str(e) + message = 'RSA (public, private) tuple cannot be generated from the' +\ + ' encrypted PEM string: ' + str(e) # Raise 'tuf.CryptoError' and PyCrypto's exception message. Avoid # propogating PyCrypto's exception trace to avoid revealing sensitive error. raise tuf.CryptoError(message) @@ -692,7 +692,6 @@ def encrypt_key(key_object, password): def decrypt_key(encrypted_key, password): """ - Return a string containing 'encrypted_key' in non-encrypted form. The decrypt_key() function can be applied to the encrypted string to restore the original key object, a TUF key (e.g., RSAKEY_SCHEMA, ED25519KEY_SCHEMA). @@ -862,7 +861,7 @@ def _encrypt(key_data, derived_key_information): # checking for exceptions. Avoid propogating the exception trace and only # raise 'tuf.CryptoError', along with the cause of encryption failure. except (ValueError, IndexError, TypeError) as e: - message = 'The key data cannot be encrypted: '+str(e) + message = 'The key data cannot be encrypted: ' + str(e) raise tuf.CryptoError(message) # Generate the hmac of the ciphertext to ensure it has not been modified. @@ -951,7 +950,7 @@ def _decrypt(file_contents, password): # Note: decryption failure, due to malicious ciphertext, should not occur here # if the hmac check above passed. except (ValueError, IndexError, TypeError) as e: # pragma: no cover - raise tuf.CryptoError('Decryption failed: '+str(e)) + raise tuf.CryptoError('Decryption failed: ' + str(e)) return key_plaintext diff --git a/tuf/repository_lib.py b/tuf/repository_lib.py index fb747695..62efd001 100755 --- a/tuf/repository_lib.py +++ b/tuf/repository_lib.py @@ -1935,6 +1935,7 @@ def write_metadata_file(metadata, filename, compressions, consistent_snapshot): gzip_object = gzip.GzipFile(fileobj=file_object, mode='wb') try: gzip_object.write(file_content) + finally: gzip_object.close() @@ -2188,8 +2189,8 @@ def create_tuf_client_directory(repository_directory, client_directory): except OSError as e: if e.errno == errno.EEXIST: - message = 'Cannot create a fresh client metadata directory: '+ \ - repr(client_metadata_directory)+'. Already exists.' + message = 'Cannot create a fresh client metadata directory: ' +\ + repr(client_metadata_directory) + '. Already exists.' raise tuf.RepositoryError(message) else: diff --git a/tuf/repository_tool.py b/tuf/repository_tool.py index 1fb032e2..3210729c 100755 --- a/tuf/repository_tool.py +++ b/tuf/repository_tool.py @@ -469,7 +469,7 @@ def get_filepaths_in_directory(files_directory, recursive_walk=False, # Ensure a valid directory is given. if not os.path.isdir(files_directory): - message = repr(files_directory)+' is not a directory.' + message = repr(files_directory) + ' is not a directory.' raise tuf.Error(message) # A list of the target filepaths found in 'files_directory'. @@ -2271,8 +2271,8 @@ def delegate_hashed_bins(self, list_of_targets, keys_of_hashed_bins, for target_path in list_of_targets: target_path = os.path.abspath(target_path) if not target_path.startswith(self._targets_directory+os.sep): - message = 'A path in the list of targets argument is not '+\ - 'under the repository\'s targets directory: '+repr(target_path) + message = 'A path in the list of targets argument is not ' +\ + 'under the repository\'s targets directory: ' + repr(target_path) raise tuf.Error(message) # Determine the hash prefix of 'target_path' by computing the digest of