Update Python wrappers

trailofbits · Oct 1, 2024 · 9960494 · 9960494
1 parent c347055
commit 9960494
Show file tree

Hide file tree

Showing 3 changed files with 200 additions and 98 deletions.
diff --git a/src/sigstore_tsp/_rust/__init__.pyi b/src/sigstore_tsp/_rust/__init__.pyi
@@ -1,72 +1,24 @@
-class MessageImprint:
-    """Represents a Message Imprint (per RFC 3161)."""
-    @property
-    def hash_algorithm(self) -> ObjectIdentifier:
-        """Returns the Object Identifier of the Hash algorithm used."""
-        ...
+from sigstore_tsp.tsp import TimeStampRequest, TimeStampResponse
 
-    @property
-    def message(self) -> bytes:
-        """Return the hashed message."""
-        ...
+class PyMessageImprint: ...
 
+class TimeStampReq: ...
 
-class TimeStampRequest:
-    """Represents a Timestamp Request (per RFC 3161)."""
+class TimeStampResp: ...
 
-    @property
-    def version(self) -> int:
-        """Returns the version of the Timestamp Request."""
-        ...
+class ObjectIdentifier: ...
 
-    @property
-    def nonce(self) -> int:
-        """Returns the nonce generated for this request."""
-        ...
+class SignedData: ...
 
-    @property
-    def policy(self) -> ObjectIdentifier:
-        """Returns the request policy OID."""
-        ...
-
-    @property
-    def cert_req(self) -> bool:
-        """Is the certificate request present."""
-        ...
-
-    @property
-    def message_imprint(self) -> MessageImprint:
-        """Returns the Timestamp Request Message Imprint."""
-        ...
-
-    def as_bytes(self) -> bytes: 
-        """Returns the Timestamp Request as bytes."""
-        ...
-
+class PyTSTInfo: ...
 
+class Accuracy: ...
 
 def create_timestamp_request(
     data: bytes,
 ) -> TimeStampRequest: ...
 
 
-class TimeStampResponse:
-    @property
-    def status(self) -> int: ...
-
-    @property
-    def tst_info_version(self) -> int: ...
-
-    @property
-    def tst_info_nonce(self) -> int: ...
-
-    @property
-    def tst_info_policy(self) -> ObjectIdentifier: ...
-
 def parse_timestamp_response(
     data: bytes,
 ) -> TimeStampResponse: ...
-
-class ObjectIdentifier:
-    @property
-    def dotted_string(self) -> str:...
diff --git a/src/sigstore_tsp/base.py b/src/sigstore_tsp/base.py
@@ -4,7 +4,7 @@
 
 import enum
 
-from sigstore_tsp import _rust
+from sigstore_tsp import _rust, tsp
 
 
 class HashAlgorithm(enum.Enum):
@@ -81,7 +81,7 @@ def request_policy(self, request_policy: int) -> TimestampRequestBuilder:
             self._data, self._algorithm, request_policy, self._cert_req, self._extensions
         )
 
-    def build(self) -> _rust.TimeStampRequest:
+    def build(self) -> tsp.TimeStampRequest:
         """Build a TimestampRequest."""
         if self._data is None:
             msg = "Data must be for a Timestamp Request."
@@ -93,45 +93,6 @@ def build(self) -> _rust.TimeStampRequest:
         return _rust.create_timestamp_request(self._data)
 
 
-# //    PKIStatus ::= INTEGER {
-# //       granted                (0),
-# //       -- when the PKIStatus contains the value zero a TimeStampToken, as
-# //          requested, is present.
-# //       grantedWithMods        (1),
-# //        -- when the PKIStatus contains the value one a TimeStampToken,
-# //          with modifications, is present.
-# //       rejection              (2),
-# //       waiting                (3),
-# //       revocationWarning      (4),
-# //        -- this message contains a warning that a revocation is
-# //        -- imminent
-# //       revocationNotification (5)
-# //        -- notification that a revocation has occurred  }
-class PKIStatus(enum.IntEnum):
-    GRANTED = 0
-    GRANTED_WITH_MODS = 1
-    REJECTION = 2
-    WAITING = 3
-    REVOCATION_WARNING = 4
-    REVOCATION_NOTIFICATION = 5
-
-
-class TstInfo:
-    def __init__(self, raw: _rust.TimeStampResponse) -> None:
-        self.version: int = raw.tst_info_version
-        self.policy: _rust.ObjectIdentifier = raw.tst_info_policy
-
-
-class TimestampResponse:
-    def __init__(self, raw: _rust.TimeStampResponse) -> None:
-        self.raw: _rust.TimeStampResponse = raw
-        self.tst_info: TstInfo = TstInfo(raw)
-
-    @property
-    def status(self) -> PKIStatus:
-        return PKIStatus(self.raw.status)
-
-
-def decode_timestamp_response(data: bytes) -> _rust.TimestampResponse:
+def decode_timestamp_response(data: bytes) -> tsp.TimeStampResponse:
     """Decode a Timestamp response."""
     return _rust.parse_timestamp_response(data)
diff --git a/src/sigstore_tsp/tsp.py b/src/sigstore_tsp/tsp.py
@@ -0,0 +1,189 @@
+from __future__ import annotations
+
+import abc
+import datetime
+import enum
+
+import cryptography.x509
+
+from sigstore_tsp import _rust
+
+
+class ObjectIdentifier(metaclass=abc.ABCMeta):
+    @property
+    @abc.abstractmethod
+    def dotted_string(self) -> str:
+        """Returns the dotted string of the OID."""
+
+ObjectIdentifier.register(_rust.ObjectIdentifier)
+
+
+class MessageImprint(metaclass=abc.ABCMeta):
+    """Represents a Message Imprint (per RFC 3161)."""
+    @property
+    @abc.abstractmethod
+    def hash_algorithm(self) -> ObjectIdentifier:
+        """Returns the Object Identifier of the Hash algorithm used."""
+
+    @property
+    @abc.abstractmethod
+    def message(self) -> bytes:
+        """Return the hashed message."""
+
+MessageImprint.register(_rust.PyMessageImprint)
+
+class TimeStampRequest(metaclass=abc.ABCMeta):
+    """Represents a Timestamp Request (per RFC 3161)."""
+
+    @property
+    @abc.abstractmethod
+    def version(self) -> int:
+        """Returns the version of the Timestamp Request."""
+
+    @property
+    @abc.abstractmethod
+    def nonce(self) -> int:
+        """Returns the nonce generated for this request."""
+
+    @property
+    @abc.abstractmethod
+    def policy(self) -> ObjectIdentifier:
+        """Returns the request policy OID."""
+
+    @property
+    @abc.abstractmethod
+    def cert_req(self) -> bool:
+        """Is the certificate request present."""
+
+    @property
+    @abc.abstractmethod
+    def message_imprint(self) -> MessageImprint:
+        """Returns the Timestamp Request Message Imprint."""
+
+    @abc.abstractmethod
+    def as_bytes(self) -> bytes:
+        """Returns the Timestamp Request as bytes."""
+
+
+TimeStampRequest.register(_rust.TimeStampReq)
+
+class PKIStatus(enum.IntEnum):
+    GRANTED = 0
+    GRANTED_WITH_MODS = 1
+    REJECTION = 2
+    WAITING = 3
+    REVOCATION_WARNING = 4
+    REVOCATION_NOTIFICATION = 5
+
+
+class TimeStampResponse(metaclass=abc.ABCMeta):
+
+    @property
+    @abc.abstractmethod
+    def status(self) -> int:
+        """Returns the status of the Timestamp Response."""
+
+    @property
+    @abc.abstractmethod
+    def status_string(self) -> list[str]:
+        """Returns the status string."""
+
+    @property
+    @abc.abstractmethod
+    def tst_info(self) -> TimeStampTokenInfo:
+        """Returns the Timestamp Token Info."""
+
+    @property
+    @abc.abstractmethod
+    def signed_data(self) -> SignedData:
+        """Returns the Signed Data."""
+
+TimeStampResponse.register(_rust.TimeStampResp)
+
+
+class Accuracy(metaclass=abc.ABCMeta):
+
+    @property
+    @abc.abstractmethod
+    def seconds(self) -> int:
+        """Returns the seconds."""
+
+    @property
+    @abc.abstractmethod
+    def millis(self) -> int | None:
+        """Returns the seconds."""
+
+
+    @property
+    @abc.abstractmethod
+    def micros(self) -> int | None:
+        """Returns the seconds."""
+
+Accuracy.register(_rust.Accuracy)
+
+
+class TimeStampTokenInfo(metaclass=abc.ABCMeta):
+    @property
+    @abc.abstractmethod
+    def version(self) -> int:
+        """Returns the version."""
+
+    @property
+    @abc.abstractmethod
+    def policy(self) -> ObjectIdentifier:
+        """Returns the policy OID."""
+
+    @property
+    @abc.abstractmethod
+    def serial_number(self) -> int:
+        """Returns the Serial Number."""
+
+    @property
+    @abc.abstractmethod
+    def gen_time(self) -> datetime.datetime:
+        """Returns the policy OID."""
+
+    @property
+    @abc.abstractmethod
+    def accuracy(self) -> Accuracy:
+        """Returns the Accuracy."""
+
+    @property
+    @abc.abstractmethod
+    def ordering(self) -> bool:
+        """Returns the ordering."""
+
+    @property
+    @abc.abstractmethod
+    def nonce(self) -> bytes:
+        """Returns the nonce."""
+
+    @property
+    @abc.abstractmethod
+    def name(self) -> cryptography.x509.Name:
+        """Returns the name."""
+
+
+TimeStampTokenInfo.register(_rust.PyTSTInfo)
+
+
+class SignedData(metaclass=abc.ABCMeta):
+
+    @property
+    @abc.abstractmethod
+    def version(self) -> int:
+        """Returns the version."""
+
+    @property
+    @abc.abstractmethod
+    def digest_algorithms(self) -> set[ObjectIdentifier]:
+        """Returns the set of digest algorithms."""
+
+    @property
+    @abc.abstractmethod
+    def certificates(self) -> set[bytes]:
+        """Returns the set of certificates.
+        Warning: they are returned as a byte array and should be loaded.
+        """
+
+SignedData.register(_rust.SignedData)