Skip to content

Commit

Permalink
Linting
Browse files Browse the repository at this point in the history
  • Loading branch information
@DarkaMaul
DarkaMaul committed Oct 2, 2024
1 parent 4d59e41 commit 254229c
Show file tree
Hide file tree
Showing 7 changed files with 54 additions and 40 deletions.
3 changes: 3 additions & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,13 +55,16 @@ lint: $(VENV)/pyvenv.cfg
ruff format --check && \
ruff check
cargo fmt --check --manifest-path rust/Cargo.toml
cargo fmt --check --manifest-path rust/tsp-asn1/Cargo.toml


.PHONY: reformat
reformat:
. $(VENV_BIN)/activate && \
ruff format && \
ruff check --fix
cargo fmt --manifest-path rust/Cargo.toml
cargo fmt --manifest-path rust/tsp-asn1/Cargo.toml

.PHONY: doc
doc:
Expand Down
1 change: 1 addition & 0 deletions pyproject.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ module-name = "sigstore_tsp._rust"
[tool.ruff]
line-length = 100
include = ["src/**/*.py"]
target-version = "py39"

[tool.ruff.lint]
select = ["E", "F", "I", "W", "UP", "TCH"]
71 changes: 38 additions & 33 deletions rust/src/lib.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ impl TimeStampReq {
Some(req_policy) => {
let py_oid = crate::util::oid_to_py_oid(py, &req_policy)?;
Ok(Some(py_oid.into_py(py)))
},
}
None => Ok(None),
}
}
Expand All @@ -62,14 +62,15 @@ impl TimeStampReq {
fn message_imprint(&self, py: pyo3::Python<'_>) -> PyResult<PyMessageImprint> {
Ok(PyMessageImprint {
contents: OwnedMessageImprint::try_new(self.raw.borrow_owner().clone_ref(py), |v| {

let req = asn1::parse_single::<RawTimeStampReq>(v.as_bytes(py))
.map_err(|e| PyValueError::new_err(format!("invalid message imprint: {:?}", e)));
let req = asn1::parse_single::<RawTimeStampReq>(v.as_bytes(py)).map_err(|e| {
PyValueError::new_err(format!("invalid message imprint: {:?}", e))
});
match req {
Ok(res) => Ok(res.message_imprint),
Err(_) => Err(PyValueError::new_err("Unable to retrieve message imprint"))
Err(_) => Err(PyValueError::new_err("Unable to retrieve message imprint")),
}
}).map_err(|e| PyValueError::new_err(format!("invalid message imprint: {:?}", e)))?,
})
.map_err(|e| PyValueError::new_err(format!("invalid message imprint: {:?}", e)))?,
})
}

Expand Down Expand Up @@ -154,9 +155,7 @@ impl TimeStampResp {
}
Ok(status_list)
}
None => {
Ok(pyo3::types::PyList::empty_bound(py))
}
None => Ok(pyo3::types::PyList::empty_bound(py)),
}
}

Expand All @@ -165,9 +164,9 @@ impl TimeStampResp {
fn tst_info(&self, py: pyo3::Python<'_>) -> PyResult<PyTSTInfo> {
let py_tstinfo = PyTSTInfo {
raw: OwnedTSTInfo::try_new(self.raw.borrow_owner().clone_ref(py), |v| {

let rsp = asn1::parse_single::<RawTimeStampResp>(v.as_bytes(py))
.map_err(|e| PyValueError::new_err(format!("invalid TimeStampResp: {:?}", e))).unwrap();
.map_err(|e| PyValueError::new_err(format!("invalid TimeStampResp: {:?}", e)))
.unwrap();

match rsp.time_stamp_token {
Some(TimeStampToken {
Expand All @@ -192,7 +191,8 @@ impl TimeStampResp {
let py_signed_data = SignedData {
raw: OwnedSignedData::try_new(self.raw.borrow_owner().clone_ref(py), |v| {
let resp = asn1::parse_single::<RawTimeStampResp>(v.as_bytes(py))
.map_err(|e| PyValueError::new_err(format!("invalid TimeStampResp: {:?}", e))).unwrap();
.map_err(|e| PyValueError::new_err(format!("invalid TimeStampResp: {:?}", e)))
.unwrap();

match resp.time_stamp_token {
Some(TimeStampToken {
Expand Down Expand Up @@ -259,9 +259,7 @@ impl SignedData {
let raw = asn1::write_single(&cert).expect("TODO").clone();
py_certs.add(pyo3::types::PyBytes::new_bound(py, &raw))?;
}
_ => {
return Err(PyValueError::new_err("Unknown certificate type"))
}
_ => return Err(PyValueError::new_err("Unknown certificate type")),
}
}
Ok(py_certs)
Expand All @@ -276,24 +274,29 @@ impl SignedData {
let py_signer_info = SignerInfo {
raw: OwnedSignerInfo::try_new(self.raw.borrow_owner().clone_ref(py), |v| {
let resp = asn1::parse_single::<RawTimeStampResp>(v.as_bytes(py))
.map_err(|e| PyValueError::new_err(format!("invalid Signer Data: {:?}", v.as_bytes(py)))).unwrap();
.map_err(|e| {
PyValueError::new_err(format!(
"invalid Signer Data: {:?}",
v.as_bytes(py)
))
})
.unwrap();

match resp.time_stamp_token {
Some(TimeStampToken {
_content_type,
content: tsp_asn1::tsp::Content::SignedData(signed_data),
}) => {

let signer_info = signed_data.into_inner().signer_infos.nth(i).unwrap();
Ok(signer_info)
}
None => Err(PyValueError::new_err("missing TimeStampToken")),
_content_type,
content: tsp_asn1::tsp::Content::SignedData(signed_data),
}) => {
let signer_info = signed_data.into_inner().signer_infos.nth(i).unwrap();
Ok(signer_info)
}
None => Err(PyValueError::new_err("missing TimeStampToken")),
}
})
.unwrap(),
};
py_set.add(py_signer_info.into_py(py))?;
i = i+1;
i = i + 1;
}

Ok(py_set.to_object(py))
Expand Down Expand Up @@ -384,7 +387,7 @@ impl PyTSTInfo {
Some(req_policy) => {
let py_oid = crate::util::oid_to_py_oid(py, &req_policy)?;
Ok(Some(py_oid.into_py(py)))
},
}
None => Ok(None),
}
}
Expand Down Expand Up @@ -553,7 +556,10 @@ mod sigstore_tsp {
use super::parse_timestamp_request;

#[pymodule_export]
use super::{PyTSTInfo, PyMessageImprint, Accuracy, SignerInfo, SignedData, TimeStampResp, TimeStampReq};
use super::{
Accuracy, PyMessageImprint, PyTSTInfo, SignedData, SignerInfo, TimeStampReq,
TimeStampResp,
};

#[pymodule_export]
use crate::oid::ObjectIdentifier;
Expand All @@ -563,13 +569,13 @@ mod sigstore_tsp {
#[cfg(test)]
mod tests {
use super::OwnedTimeStampResp;
use tsp_asn1::tsp::RawTimeStampResp;
use asn1::SimpleAsn1Readable;
use tsp_asn1::tsp::RawTimeStampResp;

#[test]
fn test() {
pyo3::prepare_freethreaded_python();

pyo3::Python::with_gil(|py| {
let data = hex::decode("308202ec3003020100308202e306092a864886f70d010702a08202d4308202d0020103310d300b06096086480165030402013081d9060b2a864886f70d0109100104a081c90481c63081c302010106092b0601040183bf30023051300d0609608648016503040203050004409b71d224bd62f3785d96d46ad3ea3d73319bfbc2890caadae2dff72519673ca72323c3d99ba5c11d7c7acc6e14b8c5da0c4663475c2e5c3adef46f73bcdec04302143e2f3211f06695a6fb447d11dadf37b2228e8ca1180f32303234313030323039323135355a3003020101a034a4323030310e300c060355040a13056c6f63616c311e301c0603550403131554657374205453412054696d657374616d70696e67a000318201dc308201d802010130483030310e300c060355040a13056c6f63616c311e301c06035504031315546573742054534120496e7465726d656469617465021461ab8956727edad25ee3c2cd663d5ddd719071a0300b0609608648016503040201a0820126301a06092a864886f70d010903310d060b2a864886f70d0109100104301c06092a864886f70d010905310f170d3234313030323039323135355a302f06092a864886f70d0109043122042089719cf333d5226a661aeab5807edcf53ba01f85323dc0415ee981f6c78d21953081b8060b2a864886f70d010910022f3181a83081a53081a230819f300d060960864801650304020305000440c04d4b48148c29c5cbab7919d432f6b1ae33995426613b4f759631108ff7d1e9c95537fac1acf43e2813754630c29abe6a0e3b804701ef3e04d3a17a4624c910304c3034a4323030310e300c060355040a13056c6f63616c311e301c06035504031315546573742054534120496e7465726d656469617465021461ab8956727edad25ee3c2cd663d5ddd719071a0300a06082a8648ce3d0403020446304402205333cdad93a03d3b22ebc3e84c560e9271fbedef0f97babf71c973a5ce4bd98e022001baf6b000e63eafac813c6e73bd46619bd2a6ebb161ca4e20b5c09a13e118c1")
.unwrap();
Expand All @@ -583,12 +589,11 @@ mod tests {

// Works
let raw = OwnedTimeStampResp::try_new(py_bytes.into(), |v| {
asn1::parse_single::<RawTimeStampResp>(v.as_bytes(py))
}).unwrap();
asn1::parse_single::<RawTimeStampResp>(v.as_bytes(py))
})
.unwrap();

assert_eq!(raw.borrow_dependent().status.status, 0);
});

}

}
2 changes: 1 addition & 1 deletion rust/tsp-asn1/src/certificate.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,4 @@ pub enum CertificateChoices<'a> {
#[implicit(2)]
AttributeCertificateV2(AttributeCertificateV2),
OtherCertificateFormat(asn1::Null), // TODO(dm)
}
}
2 changes: 1 addition & 1 deletion rust/tsp-asn1/src/lib.rs
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
pub mod certificate;
pub mod cms;
pub mod name;
pub mod tsp;
pub mod tsp;
4 changes: 3 additions & 1 deletion src/sigstore_tsp/tsp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,7 @@ def certificates(self) -> set[bytes]:
def signer_infos(self) -> set[SignerInfo]:
"""Returns the signers infos."""


SignedData.register(_rust.SignedData)


Expand All @@ -211,4 +212,5 @@ class SignerInfo(metaclass=abc.ABCMeta):
def version(self) -> int:
"""Returns the version."""

SignerInfo.register(_rust.SignerInfo)

SignerInfo.register(_rust.SignerInfo)
11 changes: 7 additions & 4 deletions src/sigstore_tsp/verify.py
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
"""Verification module."""

from __future__ import annotations

from dataclasses import dataclass
from typing import Union

import cryptography.x509

Expand All @@ -11,8 +11,8 @@

@dataclass
class VerifyOpts:
policy_id: Union[ObjectIdentifier | None]
tsa_certificate: Union[cryptography.x509.Certificate | None]
policy_id: ObjectIdentifier | None
tsa_certificate: cryptography.x509.Certificate | None
intermediates: list[cryptography.x509.Certificate]
roots: list[cryptography.x509.Certificate]
nonce: int
Expand Down Expand Up @@ -92,7 +92,10 @@ def _verify_tsr_with_chains(tsp_response: TimeStampResponse, opts: VerifyOpts) -
if signed_data.certificates:
verification_certificate = signed_data.certificates
elif not signed_data.certificates and opts.tsa_certificate:
verification_certificate = [ opts.tsa_certificate ]
verification_certificate = [opts.tsa_certificate]

if not verification_certificate:
return False

# https://github.com/digitorus/pkcs7/blob/3a137a8743524b3683ca4e11608d0dde37caee99/verify.go#L74
if len(signed_data.signer_infos) == 0:
Expand Down

0 comments on commit 254229c

Please sign in to comment.