-
Notifications
You must be signed in to change notification settings - Fork 266
/
metadata_wrapper.py
177 lines (142 loc) · 3.91 KB
/
metadata_wrapper.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
#!/usr/bin/env python
# Copyright 2021, New York University and the TUF contributors
# SPDX-License-Identifier: MIT OR Apache-2.0
"""Metadata wrapper
"""
import time
from securesystemslib.keys import format_metadata_to_key
from tuf import exceptions, formats
from tuf.api import metadata
class MetadataWrapper:
"""Helper classes extending or adding missing
functionality to metadata API
"""
def __init__(self, meta):
self._meta = meta
@classmethod
def from_json_object(cls, raw_data):
"""Loads JSON-formatted TUF metadata from a file object."""
# Use local scope import to avoid circular import errors
# pylint: disable=import-outside-toplevel
from tuf.api.serialization.json import JSONDeserializer
deserializer = JSONDeserializer()
meta = deserializer.deserialize(raw_data)
return cls(meta=meta)
@classmethod
def from_json_file(cls, filename):
"""Loads JSON-formatted TUF metadata from a file."""
meta = metadata.Metadata.from_file(filename)
return cls(meta=meta)
@property
def signed(self):
"""
TODO
"""
return self._meta.signed
@property
def version(self):
"""
TODO
"""
return self._meta.signed.version
def verify(self, keys, threshold):
"""
TODO
"""
verified = 0
# 1.3. Check signatures
for key in keys:
self._meta.verify(key)
verified += 1
if verified < threshold:
raise exceptions.InsufficientKeysError
def persist(self, filename):
"""
TODO
"""
self._meta.to_file(filename)
def expires(self, reference_time=None):
"""
TODO
"""
if reference_time is None:
expires_timestamp = formats.datetime_to_unix_timestamp(
self._meta.signed.expires
)
reference_time = int(time.time())
if expires_timestamp < reference_time:
raise exceptions.ExpiredMetadataError
class RootWrapper(MetadataWrapper):
"""
TODO
"""
def keys(self, role):
"""
TODO
"""
keys = []
for keyid in self._meta.signed.roles[role]["keyids"]:
key_metadata = self._meta.signed.keys[keyid]
key, dummy = format_metadata_to_key(key_metadata)
keys.append(key)
return keys
def threshold(self, role):
"""
TODO
"""
return self._meta.signed.roles[role]["threshold"]
class TimestampWrapper(MetadataWrapper):
"""
TODO
"""
@property
def snapshot(self):
"""
TODO
"""
return self._meta.signed.meta["snapshot.json"]
class SnapshotWrapper(MetadataWrapper):
"""
TODO
"""
def role(self, name):
"""
TODO
"""
return self._meta.signed.meta[name + ".json"]
class TargetsWrapper(MetadataWrapper):
"""
TODO
"""
@property
def targets(self):
"""
TODO
"""
return self._meta.signed.targets
@property
def delegations(self):
"""
TODO
"""
return self._meta.signed.delegations
def keys(self, role):
"""
TODO
"""
keys = []
for delegation in self._meta.signed.delegations["roles"]:
if delegation["name"] == role:
for keyid in delegation["keyids"]:
key_metadata = self._meta.signed.delegations["keys"][keyid]
key, dummy = format_metadata_to_key(key_metadata)
keys.append(key)
return keys
def threshold(self, role):
"""
TODO
"""
for delegation in self._meta.signed.delegations["roles"]:
if delegation["name"] == role:
return delegation["threshold"]
return None