+++ /dev/null
-"""Store and retrieve wheel signing / verifying keys.
-
-Given a scope (a package name, + meaning "all packages", or - meaning
-"no packages"), return a list of verifying keys that are trusted for that
-scope.
-
-Given a package name, return a list of (scope, key) suggested keys to sign
-that package (only the verifying keys; the private signing key is stored
-elsewhere).
-
-Keys here are represented as urlsafe_b64encoded strings with no padding.
-
-Tentative command line interface:
-
-# list trusts
-wheel trust
-# trust a particular key for all
-wheel trust + key
-# trust key for beaglevote
-wheel trust beaglevote key
-# stop trusting a key for all
-wheel untrust + key
-
-# generate a key pair
-wheel keygen
-
-# import a signing key from a file
-wheel import keyfile
-
-# export a signing key
-wheel export key
-"""
-
-import json
-import os.path
-
-from ..util import native, load_config_paths, save_config_path
-
-
-class WheelKeys(object):
- SCHEMA = 1
- CONFIG_NAME = 'wheel.json'
-
- def __init__(self):
- self.data = {'signers': [], 'verifiers': []}
-
- def load(self):
- # XXX JSON is not a great database
- for path in load_config_paths('wheel'):
- conf = os.path.join(native(path), self.CONFIG_NAME)
- if os.path.exists(conf):
- with open(conf, 'r') as infile:
- self.data = json.load(infile)
- for x in ('signers', 'verifiers'):
- if x not in self.data:
- self.data[x] = []
- if 'schema' not in self.data:
- self.data['schema'] = self.SCHEMA
- elif self.data['schema'] != self.SCHEMA:
- raise ValueError(
- "Bad wheel.json version {0}, expected {1}".format(
- self.data['schema'], self.SCHEMA))
- break
- return self
-
- def save(self):
- # Try not to call this a very long time after load()
- path = save_config_path('wheel')
- conf = os.path.join(native(path), self.CONFIG_NAME)
- with open(conf, 'w+') as out:
- json.dump(self.data, out, indent=2)
- return self
-
- def trust(self, scope, vk):
- """Start trusting a particular key for given scope."""
- self.data['verifiers'].append({'scope': scope, 'vk': vk})
- return self
-
- def untrust(self, scope, vk):
- """Stop trusting a particular key for given scope."""
- self.data['verifiers'].remove({'scope': scope, 'vk': vk})
- return self
-
- def trusted(self, scope=None):
- """Return list of [(scope, trusted key), ...] for given scope."""
- trust = [(x['scope'], x['vk']) for x in self.data['verifiers']
- if x['scope'] in (scope, '+')]
- trust.sort(key=lambda x: x[0])
- trust.reverse()
- return trust
-
- def signers(self, scope):
- """Return list of signing key(s)."""
- sign = [(x['scope'], x['vk']) for x in self.data['signers'] if x['scope'] in (scope, '+')]
- sign.sort(key=lambda x: x[0])
- sign.reverse()
- return sign
-
- def add_signer(self, scope, vk):
- """Remember verifying key vk as being valid for signing in scope."""
- self.data['signers'].append({'scope': scope, 'vk': vk})
OSDN Git Service
