* API changes covered:
* keys and interface modules removed
* SSlibSigner removed
* CryptoSigner added: this replaces the removed functionality
* DSSE "signatures" container type changed
* Currently pins a securesystemslib main branch commit:
this shoudl be reverted before merging, when securesystemslib
has made a release
* tests/generated_data/generate_md.py was simplified
* Encrypted test keys in tests/repository_data/keystore were replaced
with the unencrypted PEM versions of the same keys
* The public test keys in tests/repository_data/keystore were removed
as they were not used anymore
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This makes flake8-datetimez happier but has no effect on the result:
DTZ007 The use of `datetime.datetime.strptime()` without %z must be
followed by `.replace(tzinfo=)` or `.astimezone()
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Practically were changing API if we start requiring that
expires is non-naive because this no longer works:
metadata.signed.expires = datetime(3000,1,1)
We can make this work without API breaks though:
* it the input is naive, just use UTC
* if the input is not naive or UTC, raise
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Most importantly use strftime() to serialize the datetime
* Force the timezone as UTC when deserializing
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
22b2726413 claims to add all names
that were moved to the internal _payload module back to metadata.
LengthOrHashMismatchError was not added back. Now it is.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
* Rename Envelope to SimpleEnvelope:
Envelope should be the generic term in this context for something that
contains a payload and signatures. SimpleEnvelope is the specific
DSSE implementation (just like Metadata is the specific traditional
canonical JSON -based TUF envelope implementation).
* Add SimpleEnvelope class and method docstrings.
* Add convenience alias for ``self.signatures`` mapped to keyids for
compatibility with Metadata.signatures.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Allows to simultanously use those classes in different container /
signature wrapper APIs, e.g. Metadata API and Envelope API (DSSE).
All moved classes are imported into tuf.api.metadata scope for
backwards-compatibility.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
I still don't know how we should handle failures in signing
(maybe just let all of the weird exceptions raise instead of wrapping
them) but this makes the wrapping error at least a bit more useful.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
- adpot changes in dependabot.yml and remove --diff from ruff check.
- select pydocstyle, isort, pyflakes, pep8-naming, pycodestyle for ruff and ignore some small issues / add inline comments.
- adjust docstring length to 80 in various files
Signed-off-by: E3E <ntanzill@purdue.edu>
get_delegated_role() should not return a Role if the rolename is not
a delegated role. This is already true for "normal" DelegatedRole but
was not actually verified for SuccinctRoles.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This is helper to tell how many signatures are still required.
Also change the order of Roots given to RootVerificationResult
(this way first is version N, second is version N+1).
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This is a thin wrapper over two VerificationResults:
useful when verifying root signatures.
Now the API for getting verification results for root and
the API for getting the results for other metadata is different.
Client use cases can continue using verify_delegate() so should not
be affected.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This is an API break as VerificationResult changes:
* Now contains threshold
* Now contains Keys and not just keyids
Note that there is a small edge case functionality change:
* if the role does not have a key for the keyid, then we no longer
include that key in "unsigned"
I think that is an acceptable change.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
The method returns detailed information about signature verification of
a delegated role metadata.
Its implementation is taken from the verify_delegate method and slightly
updated. verify_delegate now is a thin wrapper on top of
get_verification_result.
fixes#2449
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Co-authored-by: Jussi Kukkonen <jkukkonen@google.com>
Change new _Delegator.verify_delegate to take payload bytes and
signatures instead of a Metadata object and a payload serializer.
This allows using verify_delegate for payloads that do not come in
a Metadata container, but e.g. in a DSSE envelope (see #2385).
Usage becomes a bit more cumbersome, but still feels reasonable with the
recently added shortcut for default canonical bytes representation of
Metadata.signed.
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
- Add shortcut to canonical json representation of self.signed
- Use in tests and Metadata.sign
- Do not use in _Delegator.verify_delegate (will be updated in subsequent
commit).
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Remove duplicate docstrings: these are already documented in
_DelegatorMixin and sphinx will find them there.
Tweak a few other strings to remove duplication in the sentence.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
Metadata API: Improve dosctrings
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
This makes logical sense and makes a lot of code using
verify_delegate() a little easier since there is no need to keep a
reference to the containing metadata anymore.
The implementation is in practice in a new class but that's an
implementation detail that allows sharing between Targets and Root.
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
* Use the same solution for producing the paths as we already do in ngclient
* Fix linting issues
* Modify the test results according to new code (I believe these are
correct, although some cases are so edge cases that disagreement may
exist. Most importantly I think the method should always return as
many paths as there are hashes listed
Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
