* repository: Handle online key change situations in do_snapshot() and do_timestamp():
always create a new version if current version is not correctly signed
* remove expectedFailure marks from the related tests
Signed-off-by: h4l0gen <ks3913688@gmail.com>
Signed-off-by: Kapil Sharma <ks3913688@gmail.com>
* Remove exectuable flag from a couple of files
* Half of the test files have a shebang (but are
still not executable): remove the shebang
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
I'm not sure I agree with not using the parens in
raise SomeError
but being consistent is definitely better than not being consistent.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* API changes covered:
* keys and interface modules removed
* SSlibSigner removed
* CryptoSigner added: this replaces the removed functionality
* DSSE "signatures" container type changed
* Currently pins a securesystemslib main branch commit:
this shoudl be reverted before merging, when securesystemslib
has made a release
* tests/generated_data/generate_md.py was simplified
* Encrypted test keys in tests/repository_data/keystore were replaced
with the unencrypted PEM versions of the same keys
* The public test keys in tests/repository_data/keystore were removed
as they were not used anymore
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* application user-agent can be set with UpdaterConfig object
* Setting will affect the default fetcher only
* the application user-agent will be prefixed to the ngclient
default user-agent
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Minor fixes were needed, the only possibly interesting one is
the one in RequestsFetcher (use "yield from").
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
In RequestsFetcher it makes sense to raise "from e" but in
updater the error we raise is not related to the original
error: use "from None".
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This makes flake8-datetimez happier but has no effect on the result:
DTZ007 The use of `datetime.datetime.strptime()` without %z must be
followed by `.replace(tzinfo=)` or `.astimezone()
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Practically were changing API if we start requiring that
expires is non-naive because this no longer works:
metadata.signed.expires = datetime(3000,1,1)
We can make this work without API breaks though:
* it the input is naive, just use UTC
* if the input is not naive or UTC, raise
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Most importantly use strftime() to serialize the datetime
* Force the timezone as UTC when deserializing
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
22b2726413 claims to add all names
that were moved to the internal _payload module back to metadata.
LengthOrHashMismatchError was not added back. Now it is.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
The internal wrapping interface to case handle deserialization and
verification of traditional metadata vs. simple envelopes inside
trusted metadata set might be a more complicated solution than
necessary.
This removes the interface and instead adds the methods of the interface
implementations as helpers to trusted metadata set, and updates it to
to call one or the other function based on the envelope type
configuration flag.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
The flag allows adding other envelope types in the future (unlikely),
or parallel support (`METADATA & SIMPLE`) without breaking the API.
Internally, the flag is now just passed on to TrustedMetadataSet as
mandatory parameter. (Optional parameters make less sense when we
control all the invocations.)
This change requires updating all invocations of TrustedMetadataSet,
including the duplication of a test function.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
* Rename Envelope to SimpleEnvelope:
Envelope should be the generic term in this context for something that
contains a payload and signatures. SimpleEnvelope is the specific
DSSE implementation (just like Metadata is the specific traditional
canonical JSON -based TUF envelope implementation).
* Add SimpleEnvelope class and method docstrings.
* Add convenience alias for ``self.signatures`` mapped to keyids for
compatibility with Metadata.signatures.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
* Add `use_dsse` updater config parameter which indicates, if an updater
instance expects metadata to come in a DSSE envelope.
* Update TrustedMetadataSet to take an Unwrapper instance.
* Update Updater, to pass an EnvelopeUnwrapper to TrustedMetadataSet, if
configured with `use_dsse`.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Add Unwrapper implementation for DSSE Envelope. The order of
deserialization and signature verification differs from traditional
Metadata.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Change TrustedMetadataSet to load and verify metadata using a
MetadataUnwrapper instance.
IMPORTANT NOTES:
* Requires changing the TrustedMetadataSet to store payloads only, which
is okay, because signatures are no longer needed, after being verified
at load time.
* Includes a minor re-ordering of validation steps. That is, the
version increment for root metadata is now checked after signature
verification. Preserving the order would require including the check in
the Unwrapper interface, which is feasible but does not seem correct wrt
separation of responsibility.
Changes are adopted in updater, tests and _localrepo.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Add internal payload unwrapper interface and implementation for payloads
wrapped in Metadata.
This is an abstraction over behavior -- load signature wrapper, verify
signatures over payload, return deserialized payload -- which is common
for relevant signature wrappers (Metadata, DSSE Envelope), but performed
differently / in different order.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Allows to simultanously use those classes in different container /
signature wrapper APIs, e.g. Metadata API and Envelope API (DSSE).
All moved classes are imported into tuf.api.metadata scope for
backwards-compatibility.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
I still don't know how we should handle failures in signing
(maybe just let all of the weird exceptions raise instead of wrapping
them) but this makes the wrapping error at least a bit more useful.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
- adpot changes in dependabot.yml and remove --diff from ruff check.
- select pydocstyle, isort, pyflakes, pep8-naming, pycodestyle for ruff and ignore some small issues / add inline comments.
- adjust docstring length to 80 in various files
Signed-off-by: E3E <ntanzill@purdue.edu>
get_delegated_role() should not return a Role if the rolename is not
a delegated role. This is already true for "normal" DelegatedRole but
was not actually verified for SuccinctRoles.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This is helper to tell how many signatures are still required.
Also change the order of Roots given to RootVerificationResult
(this way first is version N, second is version N+1).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
