WIP: Add DSSE Envelope

securesystemslib/metadata.py

@@ -0,0 +1,82 @@
+"""Dead Simple Signing Envelope
+"""
+
+from typing import Any, List
+
+from securesystemslib import exceptions
+from securesystemslib import formats
+from securesystemslib.signer import Signature
+from securesystemslib.util import b64dec, b64enc
+
+
+class Envelope:
+    """DSSE Envelope.
+
+    Attributes:
+        payload: Arbitrary byte sequence of Serialized Body
+        payloadType: string that identifies how to interpret payload
+        signatures: List of Signature and GPG Signature
+
+    """
+
+    payload: bytes
+    payloadType: str
+    signatures: List[Signature]
+
+    def __init__(self, payload, payloadType, signatures):
+        self.payload = payload
+        self.payloadType = payloadType
+        self.signatures = signatures
+
+    def __eq__(self, other: Any) -> bool:
+        if not isinstance(other, Envelope):
+            return False
+
+        return (
+            self.payload == other.payload
+            and self.payloadType == other.payloadType
+            and self.signatures == other.signatures
+        )
+
+    @classmethod
+    def from_dict(cls, data: dict) -> "Envelope":
+        """Creates a Signature object from its JSON/dict representation.
+
+        Arguments:
+            data:
+                A dict containing a valid payload, payloadType and signatures
+
+        Raises:
+            KeyError: If any of the "payload", "payloadType" and "signatures"
+                fields are missing from the "data".
+
+        Returns:
+            A "Envelope" instance.
+        """
+
+        payload = b64dec(data['payload'])
+        payloadType = data['payloadType']
+
+        signatures = []
+        for signature in data['signatures']:
+            if formats.SIGNATURE_SCHEMA.matches(signature):
+                signatures.append(Signature.from_dict(signature))
+
+            elif formats.GPG_SIGNATURE_SCHEMA.matches(signature):
+                raise NotImplementedError
+
+            else:
+                raise exceptions.FormatError('Invalid signature')
+
+        return cls(payload, payloadType, signatures)
+
+    def to_dict(self) -> dict:
+        """Returns the JSON-serializable dictionary representation of self."""
+
+        return {
+            "payload": b64enc(self.payload),
+            "payloadType": self.payloadType,
+            "signatures": [
+                signature.to_dict() for signature in self.signatures
+            ],
+        }

securesystemslib/util.py

@@ -17,6 +17,8 @@
   that tries to import a working json module, load_json_* functions, etc.
 """
 
+import base64
+import binascii
 import json
 import os
 import logging
@@ -455,3 +457,51 @@ def digests_are_equal(digest1: str, digest2: str) -> bool:
       are_equal = False
 
   return are_equal
+
+
+def b64enc(data: bytes) -> str:
+  """
+  <Purpose>
+    To encode byte sequence into base64 string
+
+  <Arguments>
+    data:
+      Byte sequence to encode
+
+  <Exceptions>
+    TypeError: If "data" is not byte sequence
+
+  <Side Effects>
+    None.
+
+  <Return>
+    base64 string
+  """
+
+  return base64.standard_b64encode(data).decode('utf-8')
+
+
+def b64dec(string: str) -> bytes:
+  """
+  <Purpose>
+    To decode byte sequence from base64 string
+
+  <Arguments>
+    string:
+      base64 string to decode
+
+  <Exceptions>
+    binascii.Error: If invalid base64-encoded string
+
+  <Side Effects>
+    None.
+
+  <Return>
+    A byte sequence
+  """
+
+  data = string.encode('utf-8')
+  try:
+    return base64.b64decode(data, validate=True)
+  except binascii.Error:
+    return base64.b64decode(data, altchars='-_', validate=True)