How to use securesystemslib - 10 common examples
To help you get started, we’ve selected a few securesystemslib examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
theupdateframework / tuf / tests / test_repository_lib.py View on Github 
with open(invalid_metadata_file, 'w') as file_object:
file_object.write('bad extension on metadata file')
root_filename = 'root'
targets_filename = 'targets'
snapshot_metadata = \
repo_lib.generate_snapshot_metadata(metadata_directory, version,
expiration_date, root_filename,
targets_filename,
consistent_snapshot=False)
self.assertTrue(tuf.formats.SNAPSHOT_SCHEMA.matches(snapshot_metadata))
# Test improperly formatted arguments.
self.assertRaises(securesystemslib.exceptions.FormatError, repo_lib.generate_snapshot_metadata,
3, version, expiration_date,
root_filename, targets_filename, consistent_snapshot=False)
self.assertRaises(securesystemslib.exceptions.FormatError, repo_lib.generate_snapshot_metadata,
metadata_directory, '3', expiration_date,
root_filename, targets_filename, consistent_snapshot=False)
self.assertRaises(securesystemslib.exceptions.FormatError, repo_lib.generate_snapshot_metadata,
metadata_directory, version, '3',
root_filename, targets_filename, consistent_snapshot=False)
self.assertRaises(securesystemslib.exceptions.FormatError, repo_lib.generate_snapshot_metadata,
metadata_directory, version, expiration_date,
3, targets_filename, consistent_snapshot=False)
self.assertRaises(securesystemslib.exceptions.FormatError, repo_lib.generate_snapshot_metadata,
metadata_directory, version, expiration_date,
root_filename, 3, consistent_snapshot=False)
self.assertRaises(securesystemslib.exceptions.FormatError, repo_lib.generate_snapshot_metadata,
metadata_directory, version, expiration_date,# KEYID is used as the filename. The key is saved to the current working
# directory.
default_keypath = interface.generate_and_write_rsa_keypair(password='pw')
self.assertTrue(os.path.exists(default_keypath))
self.assertTrue(os.path.exists(default_keypath + '.pub'))
written_key = interface.import_rsa_publickey_from_file(default_keypath + '.pub')
self.assertEqual(written_key['keyid'], os.path.basename(default_keypath))
os.remove(default_keypath)
os.remove(default_keypath + '.pub')
# Test improperly formatted arguments.
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_rsa_keypair, 3, bits=2048, password='pw')
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_rsa_keypair, test_keypath, bits='bad',
password='pw')
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_rsa_keypair, test_keypath, bits=2048,
password=3)
# Test invalid 'bits' argument.
self.assertRaises(securesystemslib.exceptions.FormatError,
interface.generate_and_write_rsa_keypair, test_keypath, bits=1024,
password='pw')def test_set_console_log_level(self):
# Test setting a console log level without first adding one.
self.assertRaises(securesystemslib.exceptions.Error, tuf.log.set_console_log_level)
# Normal case. Default log level. Setting the console log level first
# requires adding a console logger.
tuf.log.add_console_handler()
tuf.log.set_console_log_level()
# Expected log levels.
for level in log_levels:
tuf.log.set_console_log_level(level)
# Test for improperly formatted argument.
self.assertRaises(securesystemslib.exceptions.FormatError, tuf.log.set_console_log_level, '123')
# Test for invalid argument.
self.assertRaises(securesystemslib.exceptions.FormatError, tuf.log.set_console_log_level, 51)def test_unpack_rule_not_list(self):
"""Test rule syntax error, not a list. """
rule = "CREATE stuff"
with self.assertRaises(securesystemslib.exceptions.FormatError):
unpack_rule(rule)project = developer_tool.create_new_project(project_name, metadata_directory)
self.assertTrue(isinstance(project, developer_tool.Project))
self.assertTrue(project.layout_type == 'repo-like')
self.assertTrue(project.prefix == '')
self.assertTrue(project.project_name == project_name)
self.assertTrue(project.metadata_directory ==
os.path.join(metadata_directory,METADATA_DIRECTORY_NAME))
self.assertTrue(project.targets_directory ==
os.path.join(metadata_directory,TARGETS_DIRECTORY_NAME))
# Create a blank project without a valid metadata directory.
self.assertRaises(securesystemslib.exceptions.FormatError, developer_tool.create_new_project,
0, metadata_directory, location_in_repository)
self.assertRaises(securesystemslib.exceptions.FormatError, developer_tool.create_new_project,
project_name, 0, location_in_repository)
self.assertRaises(securesystemslib.exceptions.FormatError, developer_tool.create_new_project,
project_name, metadata_directory, 0)
# Create a new project with a flat layout.
targets_directory = tempfile.mkdtemp(dir = local_tmp)
metadata_directory = tempfile.mkdtemp(dir = local_tmp)
project = developer_tool.create_new_project(project_name, metadata_directory,
location_in_repository, targets_directory)
self.assertTrue(isinstance(project, developer_tool.Project))
self.assertTrue(project.layout_type == 'flat')
self.assertTrue(project.prefix == location_in_repository)
self.assertTrue(project.project_name == project_name)
self.assertTrue(project.metadata_directory == metadata_directory)
self.assertTrue(project.targets_directory == targets_directory)
# Finally, check that if targets_directory is set, it is valid.def test_wrong_expected_materials(self):
"""Test that the material rule validators catch malformed ones."""
item = SupplyChainItem()
with self.assertRaises(securesystemslib.exceptions.FormatError):
item.expected_materials = [["NONFOO"]]
item._validate_expected_materials()
with self.assertRaises(securesystemslib.exceptions.FormatError):
item.validate()
with self.assertRaises(securesystemslib.exceptions.FormatError):
item.expected_materials = "PFF"
item._validate_expected_materials()
with self.assertRaises(securesystemslib.exceptions.FormatError):
item.validate()
# for more thorough tests, check the test_rulelib.py module
item.expected_materials = [["CREATE", "foo"]]
item._validate_expected_materials()
item.validate()def check_match(self, object):
if self._string != object:
message = 'Expected: '+repr(self._string)
raise securesystemslib.exceptions.FormatError(message)def test_create_signature(self):
global public
global private
data = b'The quick brown fox jumps over the lazy dog'
scheme = 'ed25519'
signature, scheme = securesystemslib.ed25519_keys.create_signature(public,
private, data, scheme)
# Verify format of returned values.
self.assertEqual(True,
securesystemslib.formats.ED25519SIGNATURE_SCHEMA.matches(signature))
self.assertEqual(True, securesystemslib.formats.ED25519_SIG_SCHEMA.matches(scheme))
self.assertEqual('ed25519', scheme)
# Check for improperly formatted argument.
self.assertRaises(securesystemslib.exceptions.FormatError,
securesystemslib.ed25519_keys.create_signature, 123, private, data,
scheme)
self.assertRaises(securesystemslib.exceptions.FormatError,
securesystemslib.ed25519_keys.create_signature, public, 123, data,
scheme)
# Check for invalid 'data'.
self.assertRaises(securesystemslib.exceptions.CryptoError,
securesystemslib.ed25519_keys.create_signature, public, private, 123,# Verify that _load_metadata_from_file() doesn't raise an exception for
# improperly formatted metadata, and doesn't load the bad file.
with open(role1_filepath, 'ab') as file_object:
file_object.write(b'bad JSON data')
self.repository_updater._load_metadata_from_file('current', 'role1')
self.assertEqual(len(self.repository_updater.metadata['current']), 5)
# Test if we fail gracefully if we can't deserialize a meta file
self.repository_updater._load_metadata_from_file('current', 'empty_file')
self.assertFalse('empty_file' in self.repository_updater.metadata['current'])
# Test invalid metadata set argument (must be either
# 'current' or 'previous'.)
self.assertRaises(securesystemslib.exceptions.Error,
self.repository_updater._load_metadata_from_file,
'bad_metadata_set', 'role1')# Computing the hash and length of the tempfile.
digest_object = securesystemslib.hash.digest_filename(filepath, algorithm='sha256')
file_hash = {'sha256' : digest_object.hexdigest()}
file_length = os.path.getsize(filepath)
# Test: Expected input.
self.assertEqual(securesystemslib.util.get_file_details(filepath),
(file_length, file_hash))
# Test: Incorrect input.
bogus_inputs = [self.random_string(), 1234, [self.random_string()],
{'a': 'b'}, None]
for bogus_input in bogus_inputs:
if isinstance(bogus_input, six.string_types):
self.assertRaises(securesystemslib.exceptions.Error,
securesystemslib.util.get_file_details, bogus_input)
else:
self.assertRaises(securesystemslib.exceptions.FormatError,
securesystemslib.util.get_file_details, bogus_input)securesystemslib
A library that provides cryptographic and general-purpose routines for Secure Systems Lab projects at NYU
Package Health Score
78 / 100Popular securesystemslib functions
- securesystemslib.exceptions
- securesystemslib.exceptions.CryptoError
- securesystemslib.exceptions.Error
- securesystemslib.exceptions.FormatError
- securesystemslib.exceptions.InvalidNameError
- securesystemslib.formats
- securesystemslib.formats.BOOLEAN_SCHEMA.check_match
- securesystemslib.formats.NAME_SCHEMA.check_match
- securesystemslib.formats.PASSWORD_SCHEMA.check_match
- securesystemslib.formats.PATH_SCHEMA.check_match
- securesystemslib.keys
- securesystemslib.schema
- securesystemslib.schema.AnyString
- securesystemslib.schema.Object
- securesystemslib.schema.Optional
- securesystemslib.schema.String
- securesystemslib.util
- securesystemslib.util.ensure_parent_dir
- securesystemslib.util.get_file_details
- securesystemslib.util.load_json_file