Change new _Delegator.verify_delegate to take payload bytes and
signatures instead of a Metadata object and a payload serializer.
This allows using verify_delegate for payloads that do not come in
a Metadata container, but e.g. in a DSSE envelope (see #2385).
Usage becomes a bit more cumbersome, but still feels reasonable with the
recently added shortcut for default canonical bytes representation of
Metadata.signed.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
- Add shortcut to canonical json representation of self.signed
- Use in tests and Metadata.sign
- Do not use in _Delegator.verify_delegate (will be updated in subsequent
commit).
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Remove duplicate docstrings: these are already documented in
_DelegatorMixin and sphinx will find them there.
Tweak a few other strings to remove duplication in the sentence.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Metadata API: Improve dosctrings
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Avoid Metadata.verify_delegate() now that it's deprecated.
Note that this commit does not try to make any code cleanups
that are now possible: this is the minimal change to use the new
API.
Future improvements can make code in TrustedMetadataSet and
Updater slightly easier to read: as an example there's no need for
TrustedMetadataSet to actually store or expose actual Metadata in its
cache -- Signed is all that's needed.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This makes logical sense and makes a lot of code using
verify_delegate() a little easier since there is no need to keep a
reference to the containing metadata anymore.
The implementation is in practice in a new class but that's an
implementation detail that allows sharing between Targets and Root.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Use the same solution for producing the paths as we already do in ngclient
* Fix linting issues
* Modify the test results according to new code (I believe these are
correct, although some cases are so edge cases that disagreement may
exist. Most importantly I think the method should always return as
many paths as there are hashes listed
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The default value "targets" makes sense because now the top-level
metadata can be accessed in a standard way:
root(), timestamp(), snapshot() and targets()
and likewise for the edit_X() functions
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
These are equivalent to the edit_X() context managers but for cases
where user is not interested in creating a new version of the metadata.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
New names:
do_snapshot()
do_timestamp()
This is in preparation of using the old names for another purpose.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The advantage here is that code within the context can take advantage
of the correct typing. This is already visible in the example code but
is even more useful in real applications.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
targets_infos() and snapshot_info() are helpers used by snapshot and
timestamp. Some Repository implementations do not need
snapshot/timestamp (think e.g. a signing tool that never modifies online
roles), so the helpers should not be required.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This is useful for those who want to use the default fetcher
but modify some attributes
The file itself could be moved to tuf/ngclient/ but this is not done yet
as sigstore-python is using this internal module. Move can be done once
sigstore-python 1.0 is no longer relevant.
Fixes#2268
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Simplify the lookup of delegated keys and roles by moving it to
Targets and Root: this follows the examples set by add_key() and
remove_key().
Most of the methods are trivial but they make sense because this way
the calling code does not have to care if the object is a Targets or a
Root: the same methods work on both.
The new methods are public since they are useful to applications as
well.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
verify_delegate() unfortunately needs an almost complete rewrite
as the Key.verify_signature() API change affects it quite a bit.
Refactoring the role and key lookup into a separate method makes the
code readable again.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Key has been moved to Securesystemslib: use it from there.
This still fails tests as Key API has changed a bit: issues are fixed
in followup commits.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The properties in TrustedMetadataSet are a bit difficult to use
with static typing since they return Optional but in many cases
we know the "None"-case is impossible.
Remove None from annotation: the idea is that calling the property
getter too early is a programming error: it will result in KeyError
which is consistent:
* trusted_set["timestamp"] raises KeyError if timestamp is not set
* trusted_set.timestamp raises KeyError if timestamp is not set
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>