Remove 3 stray global key type constants

These feel a bit lost in the package-level namespace and are also only a subset of the key types supported in the signer API. Let's exclude them from the 1.0.0 API, and think of a suitable place when addressing secure-systems-lab#593. The patch also refactors an internal usage of one of the constants. Externally, they seem to be only imported (but unused) in in-toto, which is prepared for breaking changes in securesystemslib. Signed-off-by: Lukas Puehringer <[email protected]>
lukpueh · May 2, 2024 · 6975b81 · 6975b81
1 parent 402c898
commit 6975b81
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 12 deletions.
diff --git a/securesystemslib/__init__.py b/securesystemslib/__init__.py
@@ -12,10 +12,3 @@
 logger = logging.getLogger(__name__)
 logger.setLevel(logging.WARNING)
 logger.addHandler(logging.StreamHandler())
-
-
-# Global constants
-# TODO: Replace hard-coded key types with these constants (and add more)
-KEY_TYPE_RSA = "rsa"
-KEY_TYPE_ED25519 = "ed25519"
-KEY_TYPE_ECDSA = "ecdsa"
diff --git a/securesystemslib/signer/_hsm_signer.py b/securesystemslib/signer/_hsm_signer.py
@@ -10,14 +10,15 @@
 from typing import Dict, Iterator, List, Optional, Tuple
 from urllib import parse
 
-from securesystemslib import KEY_TYPE_ECDSA
 from securesystemslib.exceptions import UnsupportedLibraryError
 from securesystemslib.hash import digest
 from securesystemslib.signer._key import Key, SSlibKey
 from securesystemslib.signer._signature import Signature
 from securesystemslib.signer._signer import SecretsHandler, Signer
 from securesystemslib.signer._utils import compute_default_keyid
 
+_KEY_TYPE_ECDSA = "ecdsa"
+
 # pylint: disable=wrong-import-position
 CRYPTO_IMPORT_ERROR = None
 try:
@@ -217,11 +218,13 @@ def _find_key(
             ]
         )
         if not keys:
-            raise ValueError(f"could not find {KEY_TYPE_ECDSA} key for {keyid}")
+            raise ValueError(
+                f"could not find {_KEY_TYPE_ECDSA} key for {keyid}"
+            )
 
         if len(keys) > 1:
             raise ValueError(
-                f"found more than one {KEY_TYPE_ECDSA} key for {keyid}"
+                f"found more than one {_KEY_TYPE_ECDSA} key for {keyid}"
             )
 
         return keys[0]
@@ -327,8 +330,8 @@ def import_(
 
         keyval = {"public": public_pem}
         scheme = _SCHEME_FOR_CURVE[curve]
-        keyid = compute_default_keyid(KEY_TYPE_ECDSA, scheme, keyval)
-        key = SSlibKey(keyid, KEY_TYPE_ECDSA, scheme, keyval)
+        keyid = compute_default_keyid(_KEY_TYPE_ECDSA, scheme, keyval)
+        key = SSlibKey(keyid, _KEY_TYPE_ECDSA, scheme, keyval)
 
         return uri, key