diff --git a/securesystemslib/ecdsa_keys.py b/securesystemslib/ecdsa_keys.py index 6399ad55..53cf23bf 100755 --- a/securesystemslib/ecdsa_keys.py +++ b/securesystemslib/ecdsa_keys.py @@ -490,8 +490,6 @@ def create_ecdsa_encrypted_pem(private_pem, passphrase): # Does 'passphrase' have the correct format? securesystemslib.formats.PASSWORD_SCHEMA.check_match(passphrase) - encrypted_pem = None - private = load_pem_private_key(private_pem.encode('utf-8'), password=None, backend=default_backend()) diff --git a/securesystemslib/ed25519_keys.py b/securesystemslib/ed25519_keys.py index b636cc66..b3ac4176 100755 --- a/securesystemslib/ed25519_keys.py +++ b/securesystemslib/ed25519_keys.py @@ -326,7 +326,7 @@ def verify_signature(public_key, scheme, signature, data): if NACL: try: nacl_verify_key = nacl.signing.VerifyKey(public) - nacl_message = nacl_verify_key.verify(data, signature) + nacl_verify_key.verify(data, signature) valid_signature = True except nacl.exceptions.BadSignatureError: @@ -341,7 +341,7 @@ def verify_signature(public_key, scheme, signature, data): # The pure Python implementation raises 'Exception' if 'signature' is # invalid. - except Exception as e: + except Exception: pass # This is a defensive check for a valid 'scheme', which should have already diff --git a/securesystemslib/gpg/common.py b/securesystemslib/gpg/common.py index d6c33269..add9748e 100644 --- a/securesystemslib/gpg/common.py +++ b/securesystemslib/gpg/common.py @@ -354,7 +354,7 @@ def _assign_certified_key_info(bundle): signature["info"]["subpackets"].get(KEY_EXPIRATION_SUBPACKET) # No key expiration time, go to next certificate - if tmp_validity_period == None: + if tmp_validity_period is None: continue # Create shortcut to mandatory pre-parsed creation time subpacket @@ -363,7 +363,7 @@ def _assign_certified_key_info(bundle): tmp_is_primary_user = \ signature["info"]["subpackets"].get(PRIMARY_USERID_SUBPACKET) - if tmp_is_primary_user != None: + if tmp_is_primary_user is not None: tmp_is_primary_user = bool(tmp_is_primary_user[0]) # If we already have a primary user certified expiration date and this @@ -382,7 +382,7 @@ def _assign_certified_key_info(bundle): is_primary_user = tmp_is_primary_user sig_creation_time = tmp_sig_creation_time - if validity_period != None: + if validity_period is not None: bundle[PACKET_TYPE_PRIMARY_KEY]["key"]["validity_period"] = validity_period return bundle[PACKET_TYPE_PRIMARY_KEY]["key"] @@ -477,7 +477,7 @@ def _get_verified_subkeys(bundle): # subkey here validity_period = \ signature["info"]["subpackets"].get(KEY_EXPIRATION_SUBPACKET) - if validity_period != None: + if validity_period is not None: subkey["validity_period"] = struct.unpack(">I", validity_period)[0] verified_subkeys[subkey["keyid"]] = subkey diff --git a/securesystemslib/gpg/eddsa.py b/securesystemslib/gpg/eddsa.py index cf716b3e..50370853 100644 --- a/securesystemslib/gpg/eddsa.py +++ b/securesystemslib/gpg/eddsa.py @@ -17,17 +17,13 @@ """ import binascii -import struct import securesystemslib.exceptions import securesystemslib.gpg.util CRYPTO = True NO_CRYPTO_MSG = 'EdDSA key support for GPG requires the cryptography library' try: - import cryptography.hazmat.primitives.asymmetric.utils as pyca_utils import cryptography.hazmat.primitives.asymmetric.ed25519 as pyca_ed25519 - import cryptography.hazmat.backends as pyca_backends - import cryptography.hazmat.primitives.hashes as pyca_hashing import cryptography.exceptions except ImportError: CRYPTO = False diff --git a/securesystemslib/gpg/functions.py b/securesystemslib/gpg/functions.py index 8c157c51..cbb27973 100644 --- a/securesystemslib/gpg/functions.py +++ b/securesystemslib/gpg/functions.py @@ -21,8 +21,8 @@ import securesystemslib.exceptions import securesystemslib.gpg.common import securesystemslib.gpg.exceptions -from securesystemslib.gpg.constants import (GPG_EXPORT_PUBKEY_COMMAND, - GPG_SIGN_COMMAND, SIGNATURE_HANDLERS, FULLY_SUPPORTED_MIN_VERSION, SHA256, +from securesystemslib.gpg.constants import (GPG_SIGN_COMMAND, + SIGNATURE_HANDLERS, FULLY_SUPPORTED_MIN_VERSION, SHA256, HAVE_GPG, NO_GPG_MSG) import securesystemslib.process diff --git a/securesystemslib/gpg/util.py b/securesystemslib/gpg/util.py index 228335b7..a26eac59 100644 --- a/securesystemslib/gpg/util.py +++ b/securesystemslib/gpg/util.py @@ -198,12 +198,12 @@ def parse_packet_header(data, expected_type=None): raise securesystemslib.gpg.exceptions.PacketParsingError("Invalid old " "length") - if header_len == None or body_len == None: # pragma: no cover + if header_len is None or body_len is None: # pragma: no cover # Unreachable: One of above must have assigned lengths or raised error raise securesystemslib.gpg.exceptions.PacketParsingError("Could not " "determine packet length") - if expected_type != None and packet_type != expected_type: + if expected_type is not None and packet_type != expected_type: raise securesystemslib.gpg.exceptions.PacketParsingError("Expected packet " "{}, but got {} instead!".format(expected_type, packet_type)) diff --git a/securesystemslib/keys.py b/securesystemslib/keys.py index 28f24d29..e04f4c89 100755 --- a/securesystemslib/keys.py +++ b/securesystemslib/keys.py @@ -1114,7 +1114,6 @@ def import_rsakey_from_pem(pem, scheme='rsassa-pss-sha256'): securesystemslib.formats.RSA_SCHEME_SCHEMA.check_match(scheme) public_pem = '' - private_pem = '' # Ensure the PEM string has a public or private header and footer. Although # a simple validation of 'pem' is performed here, a fully valid PEM string is @@ -1862,7 +1861,6 @@ def import_ecdsakey_from_pem(pem, scheme='ecdsa-sha2-nistp256'): securesystemslib.formats.ECDSA_SCHEME_SCHEMA.check_match(scheme) public_pem = '' - private_pem = '' # Ensure the PEM string has a public or private header and footer. Although # a simple validation of 'pem' is performed here, a fully valid PEM string is diff --git a/securesystemslib/rsa_keys.py b/securesystemslib/rsa_keys.py index 32eb632b..7ecb499d 100755 --- a/securesystemslib/rsa_keys.py +++ b/securesystemslib/rsa_keys.py @@ -454,11 +454,6 @@ def verify_rsa_signature(signature, signature_scheme, public_key, data): # What about 'data'? securesystemslib.formats.DATA_SCHEMA.check_match(data) - # Verify whether the private key of 'public_key' produced 'signature'. - # Before returning the 'valid_signature' Boolean result, ensure 'RSASSA-PSS' - # was used as the signature scheme. - valid_signature = False - # Verify the RSASSA-PSS signature with pyca/cryptography. try: public_key_object = serialization.load_pem_public_key( diff --git a/securesystemslib/schema.py b/securesystemslib/schema.py index fc50ad65..de4c939f 100755 --- a/securesystemslib/schema.py +++ b/securesystemslib/schema.py @@ -806,7 +806,6 @@ def check_match(self, object): except KeyError: # If not an Optional schema, raise an exception. if not isinstance(schema, Optional): - message = 'Missing key ' + repr(key) + ' in ' + repr(self._object_name) raise securesystemslib.exceptions.FormatError( 'Missing key ' + repr(key) + ' in ' + repr(self._object_name)) diff --git a/securesystemslib/unittest_toolbox.py b/securesystemslib/unittest_toolbox.py index f1227c42..270f4b70 100755 --- a/securesystemslib/unittest_toolbox.py +++ b/securesystemslib/unittest_toolbox.py @@ -26,7 +26,6 @@ from __future__ import unicode_literals import os -import sys import shutil import unittest import tempfile