removed abstract methods from Key Class and only kept the methods on …

…the SSlibKey subclass, added strict typing for SSlibKey to both AzureSigner and GCPSigner
secure-systems-lab · Jul 2, 2024 · 84fc3ea · 84fc3ea
1 parent cbe34d8
commit 84fc3ea
Show file tree

Hide file tree

Showing 6 changed files with 34 additions and 64 deletions.
diff --git a/securesystemslib/signer/_azure_signer.py b/securesystemslib/signer/_azure_signer.py
@@ -6,7 +6,7 @@
 
 import securesystemslib.hash as sslib_hash
 from securesystemslib.exceptions import UnsupportedLibraryError
-from securesystemslib.signer._key import Key, SSlibKey
+from securesystemslib.signer._key import SSlibKey
 from securesystemslib.signer._signer import SecretsHandler, Signature, Signer
 from securesystemslib.signer._utils import compute_default_keyid
 
@@ -28,7 +28,10 @@
         PublicFormat,
     )
 except ImportError:
-    AZURE_IMPORT_ERROR = "Signing with Azure Key Vault requires azure-identity, azure-keyvault-keys and cryptography."
+    AZURE_IMPORT_ERROR = (
+        "Signing with Azure Key Vault requires azure-identity, "
+        "azure-keyvault-keys and cryptography."
+    )
 
 logger = logging.getLogger(__name__)
 
@@ -62,7 +65,7 @@ class AzureSigner(Signer):
 
     SCHEME = "azurekms"
 
-    def __init__(self, az_key_uri: str, public_key: Key):
+    def __init__(self, az_key_uri: str, public_key: SSlibKey):
         if AZURE_IMPORT_ERROR:
             raise UnsupportedLibraryError(AZURE_IMPORT_ERROR)
 
@@ -84,7 +87,7 @@ def __init__(self, az_key_uri: str, public_key: Key):
         self._public_key = public_key
 
     @property
-    def public_key(self) -> Key:
+    def public_key(self) -> SSlibKey:
         return self._public_key
 
     @staticmethod
@@ -125,7 +128,7 @@ def _create_crypto_client(
             raise e
 
     @staticmethod
-    def _get_signature_algorithm(public_key: Key) -> "SignatureAlgorithm":
+    def _get_signature_algorithm(public_key: SSlibKey) -> "SignatureAlgorithm":
         """Return SignatureAlgorithm after parsing the public key"""
         if public_key.keytype != "ecdsa":
             logger.info("only EC keys are supported for now")
@@ -159,7 +162,7 @@ def _get_keytype_and_scheme(crv: str) -> Tuple[str, str]:
     def from_priv_key_uri(
         cls,
         priv_key_uri: str,
-        public_key: Key,
+        public_key: SSlibKey,
         secrets_handler: Optional[SecretsHandler] = None,
     ) -> "AzureSigner":
         uri = parse.urlparse(priv_key_uri)
@@ -171,7 +174,9 @@ def from_priv_key_uri(
         return cls(az_key_uri, public_key)
 
     @classmethod
-    def import_(cls, az_vault_name: str, az_key_name: str) -> Tuple[str, Key]:
+    def import_(
+        cls, az_vault_name: str, az_key_name: str
+    ) -> Tuple[str, SSlibKey]:
         """Load key and signer details from KMS
 
         Returns the private key uri and the public key. This method should only

diff --git a/securesystemslib/signer/_gcp_signer.py b/securesystemslib/signer/_gcp_signer.py
@@ -6,7 +6,7 @@
 
 import securesystemslib.hash as sslib_hash
 from securesystemslib import exceptions
-from securesystemslib.signer._key import Key, SSlibKey
+from securesystemslib.signer._key import SSlibKey
 from securesystemslib.signer._signer import SecretsHandler, Signature, Signer
 from securesystemslib.signer._utils import compute_default_keyid
 
@@ -55,7 +55,7 @@ class GCPSigner(Signer):
 
     SCHEME = "gcpkms"
 
-    def __init__(self, gcp_keyid: str, public_key: Key):
+    def __init__(self, gcp_keyid: str, public_key: SSlibKey):
         if GCP_IMPORT_ERROR:
             raise exceptions.UnsupportedLibraryError(GCP_IMPORT_ERROR)
 
@@ -65,14 +65,14 @@ def __init__(self, gcp_keyid: str, public_key: Key):
         self.client = kms.KeyManagementServiceClient()
 
     @property
-    def public_key(self) -> Key:
+    def public_key(self) -> SSlibKey:
         return self._public_key
 
     @classmethod
     def from_priv_key_uri(
         cls,
         priv_key_uri: str,
-        public_key: Key,
+        public_key: SSlibKey,
         secrets_handler: Optional[SecretsHandler] = None,
     ) -> "GCPSigner":
         uri = parse.urlparse(priv_key_uri)
@@ -83,7 +83,7 @@ def from_priv_key_uri(
         return cls(uri.path, public_key)
 
     @classmethod
-    def import_(cls, gcp_keyid: str) -> Tuple[str, Key]:
+    def import_(cls, gcp_keyid: str) -> Tuple[str, SSlibKey]:
         """Load key and signer details from KMS
 
         Returns the private key uri and the public key. This method should only

diff --git a/securesystemslib/signer/_key.py b/securesystemslib/signer/_key.py
@@ -203,32 +203,6 @@ def verify_signature(self, signature: Signature, data: bytes) -> None:
         """
         raise NotImplementedError
 
-    @abstractmethod
-    def get_hash_algorithm_str(self) -> Any:
-        """Returns payload hash algorithm used for this key as a str
-
-        Raises:
-            UnsupportedAlgorithmError: if key type not suported
-        """
-        raise NotImplementedError
-
-    @abstractmethod
-    def get_hash_algorithm(self) -> Any:
-        """Returns payload hash algorithm used for this key as a HashAlgorithm"""
-        raise NotImplementedError
-
-    @abstractmethod
-    def get_padding_name_str(self) -> Any:
-        """Return payload padding name used for this key as a str"""
-
-        raise NotImplementedError
-
-    @abstractmethod
-    def get_padding_name(self, hash_algorithm: Any, salt_length: Any) -> Any:
-        """Return payload padding name used for this key as a AsymmetricPadding"""
-
-        raise NotImplementedError
-
 
 class SSlibKey(Key):
     """Key implementation for RSA, Ed25519, ECDSA keys"""
@@ -433,6 +407,7 @@ def verify_signature(self, signature: Signature, data: bytes) -> None:
             ) from e
 
     def get_hash_algorithm_str(self) -> str:
+        """Returns the hash algorithm from the key scheme as a string."""
         # key scheme should always be of format xxx-xxx-xxx
         comps = self.scheme.split("-")
         if len(comps) != 3:  # noqa: PLR2004
@@ -460,6 +435,7 @@ def get_hash_algorithm_str(self) -> str:
         return hash_algo
 
     def get_hash_algorithm(self) -> "HashAlgorithm":
+        """Returns the hash algorithm from the key scheme as a HashAlgorithm"""
         name = self.get_hash_algorithm_str()
         algorithm: HashAlgorithm
         if name == "sha224":
@@ -474,12 +450,25 @@ def get_hash_algorithm(self) -> "HashAlgorithm":
         return algorithm
 
     def get_padding_name_str(self) -> str:
+        """Returns the padding name from the key scheme as a string"""
         padding_name = self.scheme.split("-")[1]
         return padding_name
 
     def get_padding_name(
         self, hash_algorithm: "HashAlgorithm", salt_length: Any
     ) -> "AsymmetricPadding":
+        """Returns the padding name from the key scheme as a AsymmetricPadding
+
+        Args:
+            hash_algorithm: the hash algorithm used as a HashAlgorithm
+                object, only for PSS.
+            selt_length: the salt length to use for PSS.
+                PSS.AUTO or PSS.DIGEST_LENGTH
+
+        Returns:
+            AsymmetricPadding
+
+        """
         name = self.get_padding_name_str()
         padding: AsymmetricPadding
         if name == "pss":

diff --git a/securesystemslib/signer/_signer.py b/securesystemslib/signer/_signer.py
@@ -4,7 +4,7 @@
 from abc import ABCMeta, abstractmethod
 from typing import Callable, Dict, Optional, Type
 
-from securesystemslib.signer._key import Key
+from securesystemslib.signer._key import Key, SSlibKey
 from securesystemslib.signer._signature import Signature
 
 logger = logging.getLogger(__name__)
@@ -80,7 +80,7 @@ def sign(self, payload: bytes) -> Signature:
     def from_priv_key_uri(
         cls,
         priv_key_uri: str,
-        public_key: Key,
+        public_key: SSlibKey,
         secrets_handler: Optional[SecretsHandler] = None,
     ) -> "Signer":
         """Factory constructor for a given private key URI

diff --git a/securesystemslib/signer/_sigstore_signer.py b/securesystemslib/signer/_sigstore_signer.py
@@ -91,18 +91,6 @@ def verify_signature(self, signature: Signature, data: bytes) -> None:
                 f"Unknown failure to verify signature by {self.keyid}"
             ) from e
 
-    def get_hash_algorithm_str(self) -> None:
-        raise NotImplementedError
-
-    def get_hash_algorithm(self) -> None:
-        raise NotImplementedError
-
-    def get_padding_name_str(self) -> None:
-        raise NotImplementedError
-
-    def get_padding_name(self, hash_algorithm: None, salt_length: None) -> None:
-        raise NotImplementedError
-
 
 class SigstoreSigner(Signer):
     """Sigstore signer.

diff --git a/securesystemslib/signer/_spx_signer.py b/securesystemslib/signer/_spx_signer.py
@@ -87,18 +87,6 @@ def verify_signature(self, signature: Signature, data: bytes) -> None:
                 f"Failed to verify signature by {self.keyid}"
             )
 
-    def get_hash_algorithm_str(self) -> None:
-        raise NotImplementedError
-
-    def get_hash_algorithm(self) -> None:
-        raise NotImplementedError
-
-    def get_padding_name_str(self) -> None:
-        raise NotImplementedError
-
-    def get_padding_name(self, hash_algorithm: None, salt_length: None) -> None:
-        raise NotImplementedError
-
 
 class SpxSigner(Signer):
     """SPHINCS+ signer.