Module rugged.commands.lib.signatures
Functions
def load_signature(key_type: str, keyid: str, path_to_signature: str) ‑> Dict[str, Any]-
Expand source code
def load_signature(key_type: str, keyid: str, path_to_signature: str) -> Dict[str, Any]: """ Load a signature from disk, and return it in the TUF format. """ # @TODO: Use match statement once we move to Python 3.10. # @TODO: Also, move to Python 3.10. if key_type == 'tuf': signature = _load_tuf_signature(path_to_signature) elif key_type == 'pem': signature = _load_pem_signature(path_to_signature) else: error = f"The '{key_type}' key type is not supported." log.error(error) raise RuggedKeyError(error) return { 'keyid': keyid, 'sig': signature }Load a signature from disk, and return it in the TUF format.
def verify_signature_is_valid_for_key(key_orig: Dict, signature: Dict, message: Dict) ‑> bool-
Expand source code
def verify_signature_is_valid_for_key(key_orig: Dict, signature: Dict, message: Dict) -> bool: """ Verify the provided signature is valid for the signed metadata and produced by a given key. """ keyid = signature['keyid'] # Do not alter the original key since it's a reference to the key in the message key = copy(key_orig) key['keyid'] = keyid try: canonical: str | None = encode_canonical(message) if canonical is None: raise RuggedMetadataError("Error preparing for signature verification.") canonical_bytes = canonical.encode("utf-8") if verify_signature(key, signature, canonical_bytes): log.debug(f"Signature verified for key {keyid}") return True else: log.error(f"Signature NOT verified for key {keyid}") return False except Exception as e: log_exception(e) error = f"Error verifying signature was generated by {keyid}." log.error(error) return FalseVerify the provided signature is valid for the signed metadata and produced by a given key.