-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Abstract methods added to Key for signing scheme dissection #837
base: main
Are you sure you want to change the base?
Abstract methods added to Key for signing scheme dissection #837
Conversation
…ing_name_str, get_padding_name added to Key class
securesystemslib/signer/_key.py
Outdated
"""Return payload padding name used for this key as a AsymmetricPadding""" | ||
|
||
raise NotImplementedError | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I can't really see a benefit of adding these to the Key interface. The only subclass, which implements them, is SSlibKey. Why don't make these SSlibKey-only methods?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In _azure_signer.py and _gcp_signer.py both AzureSigner
and GCPSigner
take in a public key which is a Key
object, on which they use the get hash method. Can this be changed to SSlibKey?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm. Good question. It looks like all Signer
implementations take Key
s, even though they can only handle specific Key implementations. That's probably okay. And I definitely don't want to disrupt anyone, by changing it.
But adding new behaviour to an abstract base class, which is specific to one subclass only, and raising NotImplementedError everywhere else, does not feel right.
Would it be okay to add regular functions, e.g. to _utils?
Thoughts, @jku?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I admit I didn't look at the specific uses in AzureSigner and GCPSigner yet but I would say it's fine for them to handle SSlibKey only -- that sounds correct to me, what else could the key be?
Whether that should be done in practice by type checking inside the AzureSigner and GCPSigner functions or by changing some public argument types I can't say without having a closer look...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! If the change isn't likely to bother any user, then I'd go with it. I'll give a detailed review after #836 is merged.
…the SSlibKey subclass, added strict typing for SSlibKey to both AzureSigner and GCPSigner
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, thanks!
I did leave one comment but I really don't think it's that important, this looks good to merge
class UnsupportedKeyType(Exception): # noqa: N818 | ||
pass |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this could be marked private (_UnsupportedKeyType) since I don't think we intend to leak it outside... but that's a nit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks mostly good. Please address inline comment and consider updating the PR title.
raise NotImplementedError | ||
|
||
def get_padding_name(self, hash_algorithm: None, salt_length: None) -> None: | ||
raise NotImplementedError |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These stubs are no longer needed, right?
Description of the changes being introduced by the pull request:
get_hash_algorithm_str
abstract method added to Key classget_hash_algorithm
abstract method added to Key classget_padding_name_str
abstract method added to Key classget_padding_name
abstract method added to Key classThis PR tries to make classes using the Key instance independent of the specific Key implementation.
It also includes the changes from PR #836.
Fixes #594