-
Notifications
You must be signed in to change notification settings - Fork 271
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make new api compatible with the Signing interface #1272
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -20,10 +20,11 @@ | |
|
||
import tempfile | ||
|
||
from securesystemslib.keys import verify_signature | ||
from securesystemslib.util import persist_temp_file | ||
from securesystemslib.signer import Signer, Signature | ||
from securesystemslib.storage import (StorageBackendInterface, | ||
FilesystemBackend) | ||
from securesystemslib.keys import create_signature, verify_signature | ||
|
||
from tuf.api.serialization import (MetadataSerializer, MetadataDeserializer, | ||
SignedSerializer) | ||
|
@@ -90,12 +91,14 @@ def from_dict(cls, metadata: Mapping[str, Any]) -> 'Metadata': | |
else: | ||
raise ValueError(f'unrecognized metadata type "{_type}"') | ||
|
||
# NOTE: If Signature becomes a class, we should iterate over | ||
# metadata['signatures'], call Signature.from_dict for each item, and | ||
# pass a list of Signature objects to the Metadata constructor instead. | ||
signatures = [] | ||
for signature in metadata.pop('signatures'): | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Now popping the |
||
signature_obj = Signature.from_dict(signature) | ||
signatures.append(signature_obj) | ||
|
||
return cls( | ||
signed=inner_cls.from_dict(metadata.pop('signed')), | ||
signatures=metadata.pop('signatures')) | ||
signatures=signatures) | ||
|
||
@classmethod | ||
def from_file( | ||
|
@@ -139,8 +142,13 @@ def from_file( | |
|
||
def to_dict(self) -> Dict[str, Any]: | ||
"""Returns the dict representation of self. """ | ||
|
||
signatures = [] | ||
for sig in self.signatures: | ||
signatures.append(sig.to_dict()) | ||
|
||
return { | ||
'signatures': self.signatures, | ||
'signatures': signatures, | ||
'signed': self.signed.to_dict() | ||
} | ||
|
||
|
@@ -178,13 +186,14 @@ def to_file( | |
|
||
# Signatures. | ||
def sign( | ||
self, key: Mapping[str, Any], append: bool = False, | ||
self, signer: Signer, append: bool = False, | ||
signed_serializer: Optional[SignedSerializer] = None | ||
) -> Dict[str, Any]: | ||
"""Creates signature over 'signed' and assigns it to 'signatures'. | ||
|
||
Arguments: | ||
key: A securesystemslib-style private key object used for signing. | ||
signer: An object implementing the securesystemslib.signer.Signer | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Did |
||
interface. | ||
append: A boolean indicating if the signature should be appended to | ||
the list of signatures or replace any existing signatures. The | ||
default behavior is to replace signatures. | ||
|
@@ -209,8 +218,7 @@ def sign( | |
from tuf.api.serialization.json import CanonicalJSONSerializer | ||
signed_serializer = CanonicalJSONSerializer() | ||
|
||
signature = create_signature(key, | ||
signed_serializer.serialize(self.signed)) | ||
signature = signer.sign(signed_serializer.serialize(self.signed)) | ||
|
||
if append: | ||
self.signatures.append(signature) | ||
|
@@ -244,7 +252,7 @@ def verify(self, key: Mapping[str, Any], | |
|
||
""" | ||
signatures_for_keyid = list(filter( | ||
lambda sig: sig['keyid'] == key['keyid'], self.signatures)) | ||
lambda sig: sig.keyid == key['keyid'], self.signatures)) | ||
|
||
if not signatures_for_keyid: | ||
raise tuf.exceptions.Error( | ||
|
@@ -262,7 +270,7 @@ def verify(self, key: Mapping[str, Any], | |
signed_serializer = CanonicalJSONSerializer() | ||
|
||
return verify_signature( | ||
key, signatures_for_keyid[0], | ||
key, signatures_for_keyid[0].to_dict(), | ||
signed_serializer.serialize(self.signed)) | ||
|
||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Re-ordered imports alphabetically.