From 6975b81cebfbda5041bd3e2e570bdc180b67896b Mon Sep 17 00:00:00 2001 From: Lukas Puehringer Date: Thu, 2 May 2024 09:48:52 +0200 Subject: [PATCH] Remove 3 stray global key type constants These feel a bit lost in the package-level namespace and are also only a subset of the key types supported in the signer API. Let's exclude them from the 1.0.0 API, and think of a suitable place when addressing #593. The patch also refactors an internal usage of one of the constants. Externally, they seem to be only imported (but unused) in in-toto, which is prepared for breaking changes in securesystemslib. Signed-off-by: Lukas Puehringer --- securesystemslib/__init__.py | 7 ------- securesystemslib/signer/_hsm_signer.py | 13 ++++++++----- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/securesystemslib/__init__.py b/securesystemslib/__init__.py index a8daf5ba..61744dab 100755 --- a/securesystemslib/__init__.py +++ b/securesystemslib/__init__.py @@ -12,10 +12,3 @@ logger = logging.getLogger(__name__) logger.setLevel(logging.WARNING) logger.addHandler(logging.StreamHandler()) - - -# Global constants -# TODO: Replace hard-coded key types with these constants (and add more) -KEY_TYPE_RSA = "rsa" -KEY_TYPE_ED25519 = "ed25519" -KEY_TYPE_ECDSA = "ecdsa" diff --git a/securesystemslib/signer/_hsm_signer.py b/securesystemslib/signer/_hsm_signer.py index 7c3b52ec..9318840a 100644 --- a/securesystemslib/signer/_hsm_signer.py +++ b/securesystemslib/signer/_hsm_signer.py @@ -10,7 +10,6 @@ from typing import Dict, Iterator, List, Optional, Tuple from urllib import parse -from securesystemslib import KEY_TYPE_ECDSA from securesystemslib.exceptions import UnsupportedLibraryError from securesystemslib.hash import digest from securesystemslib.signer._key import Key, SSlibKey @@ -18,6 +17,8 @@ from securesystemslib.signer._signer import SecretsHandler, Signer from securesystemslib.signer._utils import compute_default_keyid +_KEY_TYPE_ECDSA = "ecdsa" + # pylint: disable=wrong-import-position CRYPTO_IMPORT_ERROR = None try: @@ -217,11 +218,13 @@ def _find_key( ] ) if not keys: - raise ValueError(f"could not find {KEY_TYPE_ECDSA} key for {keyid}") + raise ValueError( + f"could not find {_KEY_TYPE_ECDSA} key for {keyid}" + ) if len(keys) > 1: raise ValueError( - f"found more than one {KEY_TYPE_ECDSA} key for {keyid}" + f"found more than one {_KEY_TYPE_ECDSA} key for {keyid}" ) return keys[0] @@ -327,8 +330,8 @@ def import_( keyval = {"public": public_pem} scheme = _SCHEME_FOR_CURVE[curve] - keyid = compute_default_keyid(KEY_TYPE_ECDSA, scheme, keyval) - key = SSlibKey(keyid, KEY_TYPE_ECDSA, scheme, keyval) + keyid = compute_default_keyid(_KEY_TYPE_ECDSA, scheme, keyval) + key = SSlibKey(keyid, _KEY_TYPE_ECDSA, scheme, keyval) return uri, key