Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
securesystemslib.exceptions.FormatError are also expected if any of the arguments are malformed.
OSError may rise if the metadata_directory/project.cfg file exists and
is non-writeable
A 'project.cfg' configuration file is created or overwritten.
None.
"""
# Schema check for the arguments.
securesystemslib.formats.PATH_SCHEMA.check_match(metadata_directory)
securesystemslib.formats.PATH_SCHEMA.check_match(prefix)
securesystemslib.formats.PATH_SCHEMA.check_match(targets_directory)
securesystemslib.formats.RELPATH_SCHEMA.check_match(project_name)
cfg_file_directory = metadata_directory
# Check whether the layout type is 'flat' or 'repo-like'.
# If it is, the .cfg file should be saved in the previous directory.
if layout_type == 'repo-like':
cfg_file_directory = os.path.dirname(metadata_directory)
junk, targets_directory = os.path.split(targets_directory)
junk, metadata_directory = os.path.split(metadata_directory)
# Can the file be opened?
project_filename = os.path.join(cfg_file_directory, PROJECT_FILENAME)
# Build the fields of the configuration file.
not 'ecdsa-sha2-nistp256').
securesystemslib.exceptions.CryptoError, if 'filepath' cannot be decrypted.
'password' is used to decrypt the 'filepath' key file.
An ECDSA key object of the form: 'securesystemslib.formats.ECDSAKEY_SCHEMA'.
"""
# Does 'filepath' have the correct format?
# Ensure the arguments have the appropriate number of objects and object
# types, and that all dict keys are properly named.
# Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch.
securesystemslib.formats.PATH_SCHEMA.check_match(filepath)
# If the caller does not provide a password argument, prompt for one.
# Password confirmation disabled here, which should ideally happen only
# when creating encrypted key files (i.e., improve usability).
if password is None: # pragma: no cover
# It is safe to specify the full path of 'filepath' in the prompt and not
# worry about leaking sensitive information about the key's location.
# However, care should be taken when including the full path in exceptions
# and log files.
password = get_password('Enter a password for the encrypted ECDSA'
' key (' + TERM_RED + filepath + TERM_RESET + '): ',
confirm=False)
# Does 'password' have the correct format?
securesystemslib.formats.PASSWORD_SCHEMA.check_match(password)
securesystemslib.exceptions.FormatError, if the arguments are improperly
formatted.
IOError, if 'metadata_filepath' cannot be opened.
None.
Metadata content that is normally signed by the repository tool (i.e., the
"signed" portion of a metadata file).
"""
# Are the argument properly formatted?
securesystemslib.formats.PATH_SCHEMA.check_match(metadata_filepath)
signable = securesystemslib.util.load_json_file(metadata_filepath)
# Is 'signable' a valid metadata file?
tuf.formats.SIGNABLE_SCHEMA.check_match(signable)
return securesystemslib.formats.encode_canonical(signable['signed'])
Any other runtime (e.g., IO) exception.
The 'filename' file is created, or overwritten if it exists.
The filename of the written file.
"""
# Do the arguments have the correct format?
# This check ensures arguments have the appropriate number of objects and
# object types, and that all dict keys are properly named.
# Raise 'securesystemslib.exceptions.FormatError' if the check fails.
tuf.formats.SIGNABLE_SCHEMA.check_match(metadata)
securesystemslib.formats.PATH_SCHEMA.check_match(filename)
tuf.formats.METADATAVERSION_SCHEMA.check_match(version_number)
securesystemslib.formats.BOOLEAN_SCHEMA.check_match(consistent_snapshot)
# Verify the directory of 'filename', and convert 'filename' to its absolute
# path so that temporary files are moved to their expected destinations.
filename = os.path.abspath(filename)
written_filename = filename
_check_directory(os.path.dirname(filename))
# Generate the actual metadata file content of 'metadata'. Metadata is
# saved as JSON and includes formatting, such as indentation and sorted
# objects. The new digest of 'metadata' is also calculated to help determine
# if re-saving is required.
file_content = _get_written_metadata(metadata)
# We previously verified whether new metadata needed to be written (i.e., has
strings are viewed as files and not directories: 'a/b/c', 'a/b/c.txt'.
confined_directories:
A list, or a tuple, of directory strings.
securesystemslib.exceptions.FormatError: On incorrect format of the input.
Boolean. True, if path is either the empty string
or in 'confined_paths'; False, otherwise.
"""
# Do the arguments have the correct format?
# Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch.
securesystemslib.formats.PATH_SCHEMA.check_match(filepath)
securesystemslib.formats.NAMES_SCHEMA.check_match(confined_directories)
for confined_directory in confined_directories:
# The empty string (arbitrarily chosen) signifies the client is confined
# to all directories and subdirectories. No need to check 'filepath'.
if confined_directory == '':
return True
# Normalized paths needed, to account for up-level references, etc.
# callers have the option of setting the list of directories in
# 'confined_directories'.
filepath = os.path.normpath(filepath)
confined_directory = os.path.normpath(confined_directory)
# A caller may restrict himself to specific directories on the
# remote repository. The list of paths in 'confined_path', not including
keystore.
None.
A signable object conformant to 'tuf.formats.SIGNABLE_SCHEMA'.
"""
# Do the arguments have the correct format?
# This check ensures arguments have the appropriate number of objects and
# object types, and that all dict keys are properly named.
# Raise 'securesystemslib.exceptions.FormatError' if the check fails.
tuf.formats.ANYROLE_SCHEMA.check_match(metadata_object)
securesystemslib.formats.KEYIDS_SCHEMA.check_match(keyids)
securesystemslib.formats.PATH_SCHEMA.check_match(filename)
securesystemslib.formats.NAME_SCHEMA.check_match(repository_name)
# Make sure the metadata is in 'signable' format. That is,
# it contains a 'signatures' field containing the result
# of signing the 'signed' field of 'metadata' with each
# keyid of 'keyids'.
signable = tuf.formats.make_signable(metadata_object)
# Sign the metadata with each keyid in 'keyids'. 'signable' should have
# zero signatures (metadata_object contained none).
for keyid in keyids:
# Load the signing key.
key = tuf.keydb.get_key(keyid, repository_name=repository_name)
# Generate the signature using the appropriate signing method.
if key['keytype'] in SUPPORTED_KEY_TYPES:
securesystemslib.exceptions.FormatError, if 'filepath' is improperly
formatted or is an unexpected key type.
The contents of 'filepath' is read and saved.
An ED25519 key object conformant to
'securesystemslib.formats.ED25519KEY_SCHEMA'.
"""
# Does 'filepath' have the correct format?
# Ensure the arguments have the appropriate number of objects and object
# types, and that all dict keys are properly named.
# Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch.
securesystemslib.formats.PATH_SCHEMA.check_match(filepath)
# ED25519 key objects are saved in json and metadata format. Return the
# loaded key object in securesystemslib.formats.ED25519KEY_SCHEMA' format that
# also includes the keyid.
ed25519_key_metadata = securesystemslib.util.load_json_file(filepath)
ed25519_key, junk = \
securesystemslib.keys.format_metadata_to_key(ed25519_key_metadata)
# Raise an exception if an unexpected key type is imported. Redundant
# validation of 'keytype'. 'securesystemslib.keys.format_metadata_to_key()'
# should have fully validated 'ed25519_key_metadata'.
if ed25519_key['keytype'] != 'ed25519': # pragma: no cover
message = 'Invalid key type loaded: ' + repr(ed25519_key['keytype'])
raise securesystemslib.exceptions.FormatError(message)
return ed25519_key
# Generate a new Ed25519 key object.
ed25519_key = securesystemslib.keys.generate_ed25519_key()
if not filepath:
filepath = os.path.join(os.getcwd(), ed25519_key['keyid'])
else:
logger.debug('The filepath has been specified. Not using the key\'s'
' KEYID as the default filepath.')
# Does 'filepath' have the correct format?
# Ensure the arguments have the appropriate number of objects and object
# types, and that all dict keys are properly named.
# Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch.
securesystemslib.formats.PATH_SCHEMA.check_match(filepath)
# If the caller does not provide a password argument, prompt for one.
if password is None: # pragma: no cover
# It is safe to specify the full path of 'filepath' in the prompt and not
# worry about leaking sensitive information about the key's location.
# However, care should be taken when including the full path in exceptions
# and log files.
password = get_password('Enter a password for the Ed25519'
' key (' + TERM_RED + filepath + TERM_RESET + '): ',
confirm=True)
else:
logger.debug('The password has been specified. Not prompting for one.')
# Does 'password' have the correct format?
The 'root.json' and 'targets.json' files are read.
The snapshot metadata object, conformant to 'tuf.formats.SNAPSHOT_SCHEMA'.
"""
# Do the arguments have the correct format?
# This check ensures arguments have the appropriate number of objects and
# object types, and that all dict keys are properly named.
# Raise 'securesystemslib.exceptions.FormatError' if the check fails.
securesystemslib.formats.PATH_SCHEMA.check_match(metadata_directory)
tuf.formats.METADATAVERSION_SCHEMA.check_match(version)
securesystemslib.formats.ISO8601_DATETIME_SCHEMA.check_match(expiration_date)
securesystemslib.formats.PATH_SCHEMA.check_match(root_filename)
securesystemslib.formats.PATH_SCHEMA.check_match(targets_filename)
securesystemslib.formats.BOOLEAN_SCHEMA.check_match(consistent_snapshot)
securesystemslib.formats.NAME_SCHEMA.check_match(repository_name)
metadata_directory = _check_directory(metadata_directory)
# Snapshot's 'fileinfodict' shall contain the version number of Root,
# Targets, and all delegated roles fo the repository.
fileinfodict = {}
fileinfodict[ROOT_FILENAME] = get_metadata_versioninfo(root_filename,
repository_name)
fileinfodict[TARGETS_FILENAME] = get_metadata_versioninfo(targets_filename,
repository_name)
# We previously also stored the compressed versions of roles in
# snapshot.json, however, this is no longer needed as their hashes and
securesystemslib.exceptions.Error, if a valid RSA key object cannot be
generated. This may be caused by an improperly formatted PEM file.
'filepath' is read and its contents extracted.
An RSA key object conformant to 'securesystemslib.formats.RSAKEY_SCHEMA'.
"""
# Does 'filepath' have the correct format?
# Ensure the arguments have the appropriate number of objects and object
# types, and that all dict keys are properly named.
# Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch.
securesystemslib.formats.PATH_SCHEMA.check_match(filepath)
# Is 'scheme' properly formatted?
securesystemslib.formats.RSA_SCHEME_SCHEMA.check_match(scheme)
# Read the contents of the key file that should be in PEM format and contains
# the public portion of the RSA key.
with open(filepath, 'rb') as file_object:
rsa_pubkey_pem = file_object.read().decode('utf-8')
# Convert 'rsa_pubkey_pem' to 'securesystemslib.formats.RSAKEY_SCHEMA' format.
try:
rsakey_dict = securesystemslib.keys.import_rsakey_from_public_pem(
rsa_pubkey_pem, scheme)
except securesystemslib.exceptions.FormatError as e:
raise securesystemslib.exceptions.Error('Cannot import improperly formatted'