Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 4 commits
- 4 files changed
- 1 contributor
Commits on Dec 22, 2022
-
tests: Remove unnecessary type ignores
Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
-
Metadata API: use securesystemslib serialization
Use generic json de/serializers and seralization mixin provided by securesystemslib. **De/serializers** - tuf's metadata-specific `JSON[Des|S]erializer` now call into securesystemslib's generic `JSON[Des|S]erializer` for basic json de/serialization. - securesystemslib's `Base[Des|S]erializer` is now used as abstract interface for methods that de/serialize, though tuf's `Metadata[Des|S]erializer` and `SignedSerializer` still exist to avoid API break. NOTE: this makes typing slightly weaker, as `Base[Des|S]erializer` returns/takes `Any` instead of `Metadata` **SerializationMixin** - replaces `Metadata.[to|from]_[bytes|file]` with equivalent methods inherited from `SerializationMixin`. - `SerializationMixin` requires implementing `_default_serializer` and `_default_deserializer` helpers used in `[to|from]_[bytes|file]` methods. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
-
Metadata API: add dsse support
Add TUF-specific DSSE (`Envelope`) implementation and define abstract interface (`BaseMetadata`) for common `Envelope` and `Metadata` operations: - get_payload() -> Signed - sign() -> Signature - verify_delegate() -> None **Details** - `Envelope` inherits and calls generic methods from base `Envelope` in securesystemslib to sign and verify using the DSSE protocol. - `Envelope` overrides `sign` to add an `append` option, which is not available in the base `Envelope`. - `Envelope` provides a `from_signed` factory method, which serializes a `Signed` instance as payload. - `Envelope.get_payload` takes a `SignedDeserializer` instance to deserialize the payload contents (default: `SignedJSONDeserializer`). `Metadata.get_payload` just returns the already deserialized `signed` attribute. - `Metadata.[sign|verify_delegate]` methods take a `SignedSerializer` instance to serialize the payload prior to signing/verifying (default: `CanonicalJSONSerializer`). `Envelope.[sign|verify_delegate]` just signs/verifies the already serialized payload. - `BaseMetadata` subclasses inherit `[to|from]_[bytes|file]` convenience methods from `SerializationMixin`. In turn they must provide `_default_[de|s]erializer`s to be used by those methods. - `BaseMetadata` provides default `JSON[Des|S]erializer` for both `Envelope` and `Metadata`. - `JSONSerializer` requires a class to implement a `to_dict` method, which is defined by the `JSONSerializable` interface. `BaseMetadata` classes are `JSONSerializable`. - `JSONDeserializer` can deserialize json bytes into both `Envelope` and `Metadata`. It case handles based on the presence of a certain field. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
-
Test Envelope (dsse) and common metadata abstraction for exemplary root metadata: sign, verify, verify_delegate. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff no-key...dsse