Initial commit

.editorconfig

@@ -0,0 +1,12 @@
+root = true
+
+[*]
+charset = utf-8
+indent_style = tab
+indent_size = 4
+insert_final_newline = true
+end_of_line = lf
+
+[*.{yml,yaml}]
+indent_style = space
+indent_size = 2

.github/.templateMarker

@@ -0,0 +1 @@
+KOLANICH/python_project_boilerplate.py

.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    allow:
+      - dependency-type: "all"

.github/workflows/CI.yml

@@ -0,0 +1,15 @@
+name: CI
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: typical python workflow
+        uses: KOLANICH-GHActions/typical-python-workflow@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,10 @@
+__pycache__
+*.py[co]
+/*.egg-info
+*.srctrlbm
+*.srctrldb
+build
+dist
+.eggs
+monkeytype.sqlite3
+/.ipynb_checkpoints

.gitlab-ci.yml

@@ -0,0 +1,51 @@
+image: registry.gitlab.com/kolanich-subgroups/docker-images/fixed_python:latest
+
+variables:
+  DOCKER_DRIVER: overlay2
+  SAST_ANALYZER_IMAGE_TAG: latest
+  SAST_DISABLE_DIND: "true"
+  SAST_CONFIDENCE_LEVEL: 5
+  CODECLIMATE_VERSION: latest
+
+include:
+  - template: SAST.gitlab-ci.yml
+  - template: Code-Quality.gitlab-ci.yml
+  - template: License-Management.gitlab-ci.yml
+
+build:
+  tags:
+    - shared
+    - linux
+  stage: build
+  variables:
+    GIT_DEPTH: "1"
+    PYTHONUSERBASE: ${CI_PROJECT_DIR}/python_user_packages
+
+  before_script:
+    - export PATH="$PATH:$PYTHONUSERBASE/bin" # don't move into `variables`
+    - apt-get update
+    # todo:
+    #- apt-get -y install 
+    #- pip3 install --upgrade 
+    #- python3 ./fix_python_modules_paths.py
+
+  script:
+    - python3 -m build -nw bdist_wheel
+    - mv ./dist/*.whl ./dist/securesystemslib_KOLANICH-0.CI-py3-none-any.whl
+    - pip3 install --upgrade ./dist/*.whl
+    - coverage run --source=securesystemslib_KOLANICH -m --branch pytest --junitxml=./rspec.xml ./tests/test.py
+    - coverage report -m
+    - coverage xml
+
+  coverage: "/^TOTAL(?:\\s+\\d+){4}\\s+(\\d+%).+/"
+
+  cache:
+    paths:
+      - $PYTHONUSERBASE
+
+  artifacts:
+    paths:
+      - dist
+    reports:
+      junit: ./rspec.xml
+      cobertura: ./coverage.xml

Code_Of_Conduct.md

@@ -0,0 +1 @@
+No codes of conduct!

LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Santiago Torres
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

MANIFEST.in

@@ -0,0 +1,4 @@
+include UNLICENSE
+include *.md
+include tests
+include .editorconfig

ReadMe.md

@@ -0,0 +1,17 @@
+securesystemslib_KOLANICH.py
+============================
+~~[wheel (GitLab)](https://gitlab.com/KOLANICH-libs/securesystemslib_KOLANICH.py/-/jobs/artifacts/master/raw/dist/securesystemslib_KOLANICH-0.CI-py3-none-any.whl?job=build)~~
+[wheel (GHA via `nightly.link`)](https://nightly.link/KOLANICH-libs/securesystemslib_KOLANICH.py/workflows/CI/master/securesystemslib_KOLANICH-0.CI-py3-none-any.whl)
+~~![GitLab Build Status](https://gitlab.com/KOLANICH-libs/securesystemslib_KOLANICH.py/badges/master/pipeline.svg)~~
+~~![GitLab Coverage](https://gitlab.com/KOLANICH-libs/securesystemslib_KOLANICH.py/badges/master/coverage.svg)~~
+[![GitHub Actions](https://github.com/KOLANICH-libs/securesystemslib_KOLANICH.py/workflows/CI/badge.svg)](https://github.com/KOLANICH-libs/securesystemslib_KOLANICH.py/actions/)
+[![Libraries.io Status](https://img.shields.io/librariesio/github/KOLANICH-libs/securesystemslib_KOLANICH.py.svg)](https://libraries.io/github/KOLANICH-libs/securesystemslib_KOLANICH.py)
+[![Code style: antiflash](https://img.shields.io/badge/code%20style-antiflash-FFF.svg)](https://github.com/KOLANICH-tools/antiflash.py)
+
+My additions to [`securesystemslib`](https://github.com/secure-systems-lab/securesystemslib).
+
+* https://github.com/secure-systems-lab/securesystemslib/pull/452 - implements a method to generate a `securesystemslib` `dict` for a `ed25519` key - used internally.
+* https://github.com/secure-systems-lab/securesystemslib/pull/451 - implements import of SSH keys. `from securesystemslib_KOLANICH.convert.ssh import import_ssh_key`
+* https://github.com/secure-systems-lab/securesystemslib/pull/453 - monkey-patches inconsistent keyids for ECDSA keys - just `import securesystemslib_KOLANICH`
+
+The most of this lib is licensed under `Unlicense`, but some files with portions copied from `securesystemslib` are licensed under `MIT`.

UNLICENSE

@@ -0,0 +1,24 @@
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org/>

pyproject.toml

@@ -0,0 +1,39 @@
+[build-system]
+requires = ["setuptools>=61.2.0", "setuptools_scm[toml]>=3.4.3"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "securesystemslib_KOLANICH"
+readme = "ReadMe.md"
+description = "A temporary workaround for non-merging my PRs into `securesystemslib`"
+authors = [{name = "KOLANICH"}]
+classifiers = [
+	"Development Status :: 4 - Beta",
+	"Environment :: Other Environment",
+	"Intended Audience :: Developers",
+	"License :: Public Domain",
+	"Operating System :: OS Independent",
+	"Programming Language :: Python",
+	"Programming Language :: Python :: 3",
+	"Programming Language :: Python :: 3 :: Only",
+	"Topic :: Software Development :: Libraries :: Python Modules",
+]
+keywords = ["securesystemslib_KOLANICH"]
+license = {text = "MIT AND Unlicense"}
+requires-python = ">=3.4"
+dynamic = ["version"]
+dependencies = [
+	"securesystemslib",
+	"cryptography",
+]
+
+[project.urls]
+Homepage = "https://github.com/KOLANICH-libs/securesystemslib_KOLANICH.py"
+
+[tool.setuptools]
+zip-safe = true
+
+[tool.setuptools.packages.find]
+include = ["securesystemslib_KOLANICH", "securesystemslib_KOLANICH.*"]
+
+[tool.setuptools_scm]

securesystemslib_KOLANICH/__init__.py

@@ -0,0 +1 @@
+__license__ = "Unlicense"

securesystemslib_KOLANICH/convert/__init__.py

@@ -0,0 +1 @@
+__license__ = "Unlicense"

securesystemslib_KOLANICH/convert/hazmat.py

@@ -0,0 +1,133 @@
+"""
+This module contains functions to convert `cryptography.hazmat` keys into `securesystemlib` key dicts.
+"""
+
+
+import typing
+
+from cryptography.hazmat.backends.openssl.ec import _EllipticCurvePrivateKey, _EllipticCurvePublicKey
+from cryptography.hazmat.backends.openssl.ed25519 import _Ed25519PrivateKey, _Ed25519PublicKey
+from cryptography.hazmat.backends.openssl.rsa import _RSAPrivateKey, _RSAPublicKey
+from cryptography.hazmat.primitives.serialization import Encoding, NoEncryption, PrivateFormat, PublicFormat
+from securesystemslib.keys import import_ecdsakey_from_pem, import_rsakey_from_pem
+
+from ..keys import format_ed25519_dict
+
+
+__license__ = "Unlicense"
+
+
+def _hazmat_key_to_pem(
+	key: typing.Union[
+		_RSAPrivateKey,
+		_EllipticCurvePrivateKey,
+	]
+) -> str:
+	"""The approach already used in this lib is to convert keys into PEM and then to parse from it."""
+
+	if key.__class__.__name__.endswith("PrivateKey"):
+		serialized = key.private_bytes(
+			Encoding.PEM,
+			PrivateFormat.TraditionalOpenSSL,
+			NoEncryption(),
+		)
+	elif key.__class__.__name__.endswith("PublicKey"):
+		serialized = key.public_bytes(
+			Encoding.PEM,
+			PublicFormat.SubjectPublicKeyInfo,
+		)
+	else:
+		raise TypeError(key)
+
+	return serialized.decode("utf-8")
+
+
+def _import_hazmat_ed25519_private_key(
+	key: _Ed25519PrivateKey,
+) -> dict:
+	"""Imports hazmat ed25519 private key"""
+
+	pub = key.public_key().public_bytes(
+		Encoding.Raw,
+		PublicFormat.Raw,
+	)
+	sec = key.private_bytes(
+		Encoding.Raw,
+		PrivateFormat.Raw,
+		NoEncryption(),
+	)
+	return format_ed25519_dict(
+		pub,
+		sec,
+	)
+
+
+def _import_hazmat_ed25519_public_key(
+	key: _Ed25519PublicKey,
+) -> dict:
+	"""Imports hazmat ed25519 public key"""
+
+	pub = key.public_bytes(
+		Encoding.Raw,
+		PublicFormat.Raw,
+	)
+	return format_ed25519_dict(
+		pub,
+		None,
+	)
+
+
+def _import_rsa_key(
+	key: _RSAPrivateKey,
+) -> dict:
+	"""Imports hazmat RSA key"""
+
+	return import_rsakey_from_pem(_hazmat_key_to_pem(key))
+
+
+def _import_ecdsa_key(
+	key: _EllipticCurvePrivateKey,
+) -> dict:
+	"""Imports hazmat ECDSA key"""
+
+	return import_ecdsakey_from_pem(_hazmat_key_to_pem(key))
+
+
+_typeMapping = {
+	_Ed25519PrivateKey: _import_hazmat_ed25519_private_key,
+	_Ed25519PublicKey: _import_hazmat_ed25519_public_key,
+	_RSAPrivateKey: _import_rsa_key,
+	_RSAPublicKey: _import_rsa_key,
+	_EllipticCurvePrivateKey: _import_ecdsa_key,
+	_EllipticCurvePublicKey: _import_ecdsa_key,
+}
+
+
+def import_hazmat_key(key: typing.Union[_RSAPrivateKey, _EllipticCurvePrivateKey, _Ed25519PrivateKey]) -> dict:
+	"""
+	<Purpose>
+		Converts a `cryptography.hazmat` key into a dictionary conformant to 'securesystemslib.formats.KEY_SCHEMA'.
+
+	<Arguments>
+		key:
+			A key of the classes from `cryptography.hazmat` module. Currently only keys of `openssl` backend are implemented.
+
+	<Exceptions>
+		securesystemslib.exceptions.FormatError, if 'key_value' does not conform to
+		'securesystemslib.formats.KEYVAL_SCHEMA', or if the private key is not
+		present in 'key_value' if requested by the caller via 'private'.
+		NotImplementedError, if we cannot convert a key of this type.
+
+	<Side Effects>
+		None.
+
+	<Returns>
+		A 'securesystemslib.formats.KEY_SCHEMA' dictionary."""
+
+	key_type = type(key)
+	try:
+		mapper = _typeMapping[key_type]
+	except KeyError as ex:
+		raise NotImplementedError(key_type) from ex
+	else:
+		return mapper(key)