mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
Add Key.from_securesystemslib_key
The securesystemslib key dictionary representation includes the private key in keyval. TUF key doesn't handle it in any way, but considering that we allow unrecognized symbols in the format, we should exclude the private key otherwise this could lead to misuse. A call to securesystemslib.keys.format_keyval_to_metadata with the default private=False would do exactly that. Signed-off-by: Velichka Atanasova <avelichka@vmware.com>
This commit is contained in:
Velichka Atanasova
parent
8482f2c473
commit
c875b7ed04
2 changed files with 30 additions and 0 deletions
|
|
@ -54,6 +54,10 @@
|
|||
Signature
|
||||
)
|
||||
|
||||
from securesystemslib.keys import (
|
||||
generate_ed25519_key
|
||||
)
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
|
||||
|
|
@ -421,6 +425,14 @@ def test_metadata_verify_delegate(self):
|
|||
root.verify_delegate('snapshot', snapshot)
|
||||
|
||||
|
||||
def test_key_class(self):
|
||||
# Test if from_securesystemslib_key removes the private key from keyval
|
||||
# of a securesystemslib key dictionary.
|
||||
sslib_key = generate_ed25519_key()
|
||||
key = Key.from_securesystemslib_key(sslib_key)
|
||||
self.assertFalse('private' in key.keyval.keys())
|
||||
|
||||
|
||||
def test_metadata_root(self):
|
||||
root_path = os.path.join(
|
||||
self.repo_dir, 'metadata', 'root.json')
|
||||
|
|
|
|||
|
|
@ -562,6 +562,24 @@ def to_securesystemslib_key(self) -> Dict[str, Any]:
|
|||
"keyval": self.keyval,
|
||||
}
|
||||
|
||||
@classmethod
|
||||
def from_securesystemslib_key(cls, key_dict: Dict[str, Any]) -> "Key":
|
||||
"""
|
||||
Creates a Key object from a securesystemlib key dict representation
|
||||
removing the private key from keyval.
|
||||
"""
|
||||
key_meta = sslib_keys.format_keyval_to_metadata(
|
||||
key_dict["keytype"],
|
||||
key_dict["scheme"],
|
||||
key_dict["keyval"],
|
||||
)
|
||||
return cls(
|
||||
key_dict["keyid"],
|
||||
key_meta["keytype"],
|
||||
key_meta["scheme"],
|
||||
key_meta["keyval"],
|
||||
)
|
||||
|
||||
def verify_signature(
|
||||
self,
|
||||
metadata: Metadata,
|
||||
|
|
|
|||
Loading…
Reference in a new issue