first commit

projecten1/lib/python3.6/site-packages/wheel/signatures/keys.py

@@ -0,0 +1,101 @@
+"""Store and retrieve wheel signing / verifying keys.
+
+Given a scope (a package name, + meaning "all packages", or - meaning
+"no packages"), return a list of verifying keys that are trusted for that
+scope.
+
+Given a package name, return a list of (scope, key) suggested keys to sign
+that package (only the verifying keys; the private signing key is stored
+elsewhere).
+
+Keys here are represented as urlsafe_b64encoded strings with no padding.
+
+Tentative command line interface:
+
+# list trusts
+wheel trust
+# trust a particular key for all
+wheel trust + key
+# trust key for beaglevote
+wheel trust beaglevote key
+# stop trusting a key for all
+wheel untrust + key
+
+# generate a key pair
+wheel keygen
+
+# import a signing key from a file
+wheel import keyfile
+
+# export a signing key
+wheel export key
+"""
+
+import json
+import os.path
+
+from ..util import native, load_config_paths, save_config_path
+
+
+class WheelKeys(object):
+    SCHEMA = 1
+    CONFIG_NAME = 'wheel.json'
+
+    def __init__(self):
+        self.data = {'signers': [], 'verifiers': []}
+
+    def load(self):
+        # XXX JSON is not a great database
+        for path in load_config_paths('wheel'):
+            conf = os.path.join(native(path), self.CONFIG_NAME)
+            if os.path.exists(conf):
+                with open(conf, 'r') as infile:
+                    self.data = json.load(infile)
+                    for x in ('signers', 'verifiers'):
+                        if x not in self.data:
+                            self.data[x] = []
+                    if 'schema' not in self.data:
+                        self.data['schema'] = self.SCHEMA
+                    elif self.data['schema'] != self.SCHEMA:
+                        raise ValueError(
+                            "Bad wheel.json version {0}, expected {1}".format(
+                                self.data['schema'], self.SCHEMA))
+                break
+        return self
+
+    def save(self):
+        # Try not to call this a very long time after load()
+        path = save_config_path('wheel')
+        conf = os.path.join(native(path), self.CONFIG_NAME)
+        with open(conf, 'w+') as out:
+            json.dump(self.data, out, indent=2)
+        return self
+
+    def trust(self, scope, vk):
+        """Start trusting a particular key for given scope."""
+        self.data['verifiers'].append({'scope': scope, 'vk': vk})
+        return self
+
+    def untrust(self, scope, vk):
+        """Stop trusting a particular key for given scope."""
+        self.data['verifiers'].remove({'scope': scope, 'vk': vk})
+        return self
+
+    def trusted(self, scope=None):
+        """Return list of [(scope, trusted key), ...] for given scope."""
+        trust = [(x['scope'], x['vk']) for x in self.data['verifiers']
+                 if x['scope'] in (scope, '+')]
+        trust.sort(key=lambda x: x[0])
+        trust.reverse()
+        return trust
+
+    def signers(self, scope):
+        """Return list of signing key(s)."""
+        sign = [(x['scope'], x['vk']) for x in self.data['signers'] if x['scope'] in (scope, '+')]
+        sign.sort(key=lambda x: x[0])
+        sign.reverse()
+        return sign
+
+    def add_signer(self, scope, vk):
+        """Remember verifying key vk as being valid for signing in scope."""
+        self.data['signers'].append({'scope': scope, 'vk': vk})