Replaced absolute paths to the components with relative ones.

securesystemslib/ecdsa_keys.py

@@ -67,8 +67,8 @@
   CRYPTO = False
 
 # Perform object format-checking and add ability to handle/raise exceptions.
-import securesystemslib.formats
-import securesystemslib.exceptions
+from . import formats
+from . import exceptions
 
 _SUPPORTED_ECDSA_SCHEMES = ['ecdsa-sha2-nistp256']
 
@@ -136,14 +136,14 @@ def generate_public_and_private(scheme='ecdsa-sha2-nistp256'):
   """
 
   if not CRYPTO: # pragma: no cover
-    raise securesystemslib.exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG)
+    raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG)
 
   # Does 'scheme' have the correct format?
   # Verify that 'scheme' is of the correct type, and that it's one of the
   # supported ECDSA .  It must conform to
   # 'securesystemslib.formats.ECDSA_SCHEME_SCHEMA'.  Raise
   # 'securesystemslib.exceptions.FormatError' if the check fails.
-  securesystemslib.formats.ECDSA_SCHEME_SCHEMA.check_match(scheme)
+  formats.ECDSA_SCHEME_SCHEMA.check_match(scheme)
 
   public_key = None
   private_key = None
@@ -158,7 +158,7 @@ def generate_public_and_private(scheme='ecdsa-sha2-nistp256'):
   # The ECDSA_SCHEME_SCHEMA.check_match() above should have detected any
   # invalid 'scheme'.  This is a defensive check.
   else: #pragma: no cover
-    raise securesystemslib.exceptions.UnsupportedAlgorithmError('An unsupported'
+    raise exceptions.UnsupportedAlgorithmError('An unsupported'
       ' scheme specified: ' + repr(scheme) + '.\n  Supported'
       ' algorithms: ' + repr(_SUPPORTED_ECDSA_SCHEMES))
 
@@ -225,19 +225,19 @@ def create_signature(public_key, private_key, data, scheme='ecdsa-sha2-nistp256'
   """
 
   if not CRYPTO: # pragma: no cover
-    raise securesystemslib.exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG)
+    raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG)
 
   # Do 'public_key' and 'private_key' have the correct format?
   # This check will ensure that the arguments conform to
   # 'securesystemslib.formats.PEMECDSA_SCHEMA'.  Raise
   # 'securesystemslib.exceptions.FormatError' if the check fails.
-  securesystemslib.formats.PEMECDSA_SCHEMA.check_match(public_key)
+  formats.PEMECDSA_SCHEMA.check_match(public_key)
 
   # Is 'private_key' properly formatted?
-  securesystemslib.formats.PEMECDSA_SCHEMA.check_match(private_key)
+  formats.PEMECDSA_SCHEMA.check_match(private_key)
 
   # Is 'scheme' properly formatted?
-  securesystemslib.formats.ECDSA_SCHEME_SCHEMA.check_match(scheme)
+  formats.ECDSA_SCHEME_SCHEMA.check_match(scheme)
 
   # 'ecdsa-sha2-nistp256' is the only currently supported ECDSA scheme, so this
   # if-clause isn't strictly needed.  Nevertheless, the conditional statement
@@ -251,13 +251,13 @@ def create_signature(public_key, private_key, data, scheme='ecdsa-sha2-nistp256'
       signature = private_key.sign(data, ec.ECDSA(hashes.SHA256()))
 
     except TypeError as e:
-      raise securesystemslib.exceptions.CryptoError('Could not create'
+      raise exceptions.CryptoError('Could not create'
         ' signature: ' + str(e))
 
   # A defensive check for an invalid 'scheme'.  The
   # ECDSA_SCHEME_SCHEMA.check_match() above should have already validated it.
   else: #pragma: no cover
-    raise securesystemslib.exceptions.UnsupportedAlgorithmError('Unsupported'
+    raise exceptions.UnsupportedAlgorithmError('Unsupported'
       ' signature scheme is specified: ' + repr(scheme))
 
   return signature, scheme
@@ -316,19 +316,19 @@ def verify_signature(public_key, scheme, signature, data):
   """
 
   if not CRYPTO: # pragma: no cover
-    raise securesystemslib.exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG)
+    raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG)
 
   # Are the arguments properly formatted?
-  # If not, raise 'securesystemslib.exceptions.FormatError'.
-  securesystemslib.formats.PEMECDSA_SCHEMA.check_match(public_key)
-  securesystemslib.formats.ECDSA_SCHEME_SCHEMA.check_match(scheme)
-  securesystemslib.formats.ECDSASIGNATURE_SCHEMA.check_match(signature)
+  # If not, raise 'exceptions.FormatError'.
+  formats.PEMECDSA_SCHEMA.check_match(public_key)
+  formats.ECDSA_SCHEME_SCHEMA.check_match(scheme)
+  formats.ECDSASIGNATURE_SCHEMA.check_match(signature)
 
   ecdsa_key = load_pem_public_key(public_key.encode('utf-8'),
       backend=default_backend())
 
   if not isinstance(ecdsa_key, ec.EllipticCurvePublicKey):
-    raise securesystemslib.exceptions.FormatError('Invalid ECDSA public'
+    raise exceptions.FormatError('Invalid ECDSA public'
       ' key: ' + repr(public_key))
 
   else:
@@ -399,15 +399,15 @@ def create_ecdsa_public_and_private_from_pem(pem, password=None):
   """
 
   if not CRYPTO: # pragma: no cover
-    raise securesystemslib.exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG)
+    raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG)
 
   # Does 'pem' have the correct format?
   # This check will ensure 'pem' conforms to
   # 'securesystemslib.formats.ECDSARSA_SCHEMA'.
-  securesystemslib.formats.PEMECDSA_SCHEMA.check_match(pem)
+  formats.PEMECDSA_SCHEMA.check_match(pem)
 
   if password is not None:
-    securesystemslib.formats.PASSWORD_SCHEMA.check_match(password)
+    formats.PASSWORD_SCHEMA.check_match(password)
     password = password.encode('utf-8')
 
   else:
@@ -424,7 +424,7 @@ def create_ecdsa_public_and_private_from_pem(pem, password=None):
       backend=default_backend())
 
   except (ValueError, cryptography.exceptions.UnsupportedAlgorithm) as e:
-    raise securesystemslib.exceptions.CryptoError('Could not import private'
+    raise exceptions.CryptoError('Could not import private'
       ' PEM.\n' + str(e))
 
   public = private.public_key()
@@ -486,14 +486,14 @@ def create_ecdsa_encrypted_pem(private_pem, passphrase):
   """
 
   if not CRYPTO: # pragma: no cover
-    raise securesystemslib.exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG)
+    raise exceptions.UnsupportedLibraryError(NO_CRYPTO_MSG)
 
   # Does 'private_key' have the correct format?
   # Raise 'securesystemslib.exceptions.FormatError' if the check fails.
-  securesystemslib.formats.PEMRSA_SCHEMA.check_match(private_pem)
+  formats.PEMRSA_SCHEMA.check_match(private_pem)
 
   # Does 'passphrase' have the correct format?
-  securesystemslib.formats.PASSWORD_SCHEMA.check_match(passphrase)
+  formats.PASSWORD_SCHEMA.check_match(passphrase)
 
   encrypted_pem = None
 

securesystemslib/ed25519_keys.py

@@ -91,11 +91,11 @@
 
 # The optimized pure Python implementation of Ed25519.  If
 # PyNaCl cannot be imported and an attempt to use is made in this module, a
-# 'securesystemslib.exceptions.UnsupportedLibraryError' exception is raised.
-import securesystemslib._vendor.ed25519.ed25519
+# 'exceptions.UnsupportedLibraryError' exception is raised.
+from ._vendor.ed25519 import ed25519
 
-import securesystemslib.formats
-import securesystemslib.exceptions
+from . import formats
+from . import exceptions
 
 # Supported ed25519 signing schemes: 'ed25519'.  The pure Python implementation
 # (i.e., ed25519') and PyNaCl (i.e., 'nacl', libsodium + Python bindings)
@@ -145,7 +145,7 @@ def generate_public_and_private():
   """
 
   if not NACL: # pragma: no cover
-    raise securesystemslib.exceptions.UnsupportedLibraryError(NO_NACL_MSG)
+    raise exceptions.UnsupportedLibraryError(NO_NACL_MSG)
 
   # Generate ed25519's seed key by calling os.urandom().  The random bytes
   # returned should be suitable for cryptographic use and is OS-specific.
@@ -225,19 +225,19 @@ def create_signature(public_key, private_key, data, scheme):
   """
 
   if not NACL: # pragma: no cover
-    raise securesystemslib.exceptions.UnsupportedLibraryError(NO_NACL_MSG)
+    raise exceptions.UnsupportedLibraryError(NO_NACL_MSG)
 
   # Does 'public_key' have the correct format?
   # This check will ensure 'public_key' conforms to
   # 'securesystemslib.formats.ED25519PUBLIC_SCHEMA', which must have length 32
   # bytes.  Raise 'securesystemslib.exceptions.FormatError' if the check fails.
-  securesystemslib.formats.ED25519PUBLIC_SCHEMA.check_match(public_key)
+  formats.ED25519PUBLIC_SCHEMA.check_match(public_key)
 
   # Is 'private_key' properly formatted?
-  securesystemslib.formats.ED25519SEED_SCHEMA.check_match(private_key)
+  formats.ED25519SEED_SCHEMA.check_match(private_key)
 
   # Is 'scheme' properly formatted?
-  securesystemslib.formats.ED25519_SIG_SCHEMA.check_match(scheme)
+  formats.ED25519_SIG_SCHEMA.check_match(scheme)
 
   # Signing the 'data' object requires a seed and public key.
   # nacl.signing.SigningKey.sign() generates the signature.
@@ -256,13 +256,13 @@ def create_signature(public_key, private_key, data, scheme):
       signature = nacl_sig.signature
 
     except (ValueError, TypeError, nacl.exceptions.CryptoError) as e:
-      raise securesystemslib.exceptions.CryptoError('An "ed25519" signature'
+      raise exceptions.CryptoError('An "ed25519" signature'
           ' could not be created with PyNaCl.' + str(e))
 
   # This is a defensive check for a valid 'scheme', which should have already
   # been validated in the check_match() above.
   else: #pragma: no cover
-    raise securesystemslib.exceptions.UnsupportedAlgorithmError('Unsupported'
+    raise exceptions.UnsupportedAlgorithmError('Unsupported'
       ' signature scheme is specified: ' + repr(scheme))
 
   return signature, scheme
@@ -316,7 +316,7 @@ def verify_signature(public_key, scheme, signature, data):
 
   <Side Effects>
     nacl.signing.VerifyKey.verify() called if available, otherwise
-    securesystemslib._vendor.ed25519.ed25519.checkvalid() called to do the
+    ed25519.checkvalid() called to do the
     verification.
 
   <Returns>
@@ -327,13 +327,13 @@ def verify_signature(public_key, scheme, signature, data):
   # This check will ensure 'public_key' conforms to
   # 'securesystemslib.formats.ED25519PUBLIC_SCHEMA', which must have length 32
   # bytes.  Raise 'securesystemslib.exceptions.FormatError' if the check fails.
-  securesystemslib.formats.ED25519PUBLIC_SCHEMA.check_match(public_key)
+  formats.ED25519PUBLIC_SCHEMA.check_match(public_key)
 
   # Is 'scheme' properly formatted?
-  securesystemslib.formats.ED25519_SIG_SCHEMA.check_match(scheme)
+  formats.ED25519_SIG_SCHEMA.check_match(scheme)
 
   # Is 'signature' properly formatted?
-  securesystemslib.formats.ED25519SIGNATURE_SCHEMA.check_match(signature)
+  formats.ED25519SIGNATURE_SCHEMA.check_match(signature)
 
   # Verify 'signature'.  Before returning the Boolean result, ensure 'ed25519'
   # was used as the signature scheme.
@@ -353,7 +353,7 @@ def verify_signature(public_key, scheme, signature, data):
     # Verify 'ed25519' signature with the pure Python implementation.
     else:
       try:
-        securesystemslib._vendor.ed25519.ed25519.checkvalid(signature,
+        ed25519.checkvalid(signature,
             data, public)
         valid_signature = True
 
@@ -367,7 +367,7 @@ def verify_signature(public_key, scheme, signature, data):
   else: #pragma: no cover
     message = 'Unsupported ed25519 signature scheme: ' + repr(scheme) + '.\n' + \
       'Supported schemes: ' + repr(_SUPPORTED_ED25519_SIGNING_SCHEMES) + '.'
-    raise securesystemslib.exceptions.UnsupportedAlgorithmError(message)
+    raise exceptions.UnsupportedAlgorithmError(message)
 
   return valid_signature
 

securesystemslib/formats.py

@@ -79,8 +79,8 @@
 import time
 import six
 
-import securesystemslib.schema as SCHEMA
-import securesystemslib.exceptions
+from . import schema as SCHEMA
+from . import exceptions
 
 # Note that in the schema definitions below, the 'SCHEMA.Object' types allow
 # additional keys which are not defined. Thus, any additions to them will be
@@ -410,7 +410,7 @@ def _create_gpg_pubkey_with_subkey_schema(pubkey_schema):
   key_schema = KEYID_SCHEMA,
   value_schema = KEY_SCHEMA)
 
-ANY_SIGNATURE_SCHEMA = securesystemslib.schema.OneOf([SIGNATURE_SCHEMA,
+ANY_SIGNATURE_SCHEMA = SCHEMA.OneOf([SIGNATURE_SCHEMA,
     GPG_SIGNATURE_SCHEMA])
 
 # List of ANY_SIGNATURE_SCHEMA.
@@ -476,7 +476,7 @@ def datetime_to_unix_timestamp(datetime_object):
   # Raise 'securesystemslib.exceptions.FormatError' if not.
   if not isinstance(datetime_object, datetime.datetime):
     message = repr(datetime_object) + ' is not a datetime.datetime() object.'
-    raise securesystemslib.exceptions.FormatError(message)
+    raise exceptions.FormatError(message)
 
   unix_timestamp = calendar.timegm(datetime_object.timetuple())
 
@@ -514,7 +514,7 @@ def unix_timestamp_to_datetime(unix_timestamp):
 
   # Is 'unix_timestamp' properly formatted?
   # Raise 'securesystemslib.exceptions.FormatError' if there is a mismatch.
-  securesystemslib.formats.UNIX_TIMESTAMP_SCHEMA.check_match(unix_timestamp)
+  UNIX_TIMESTAMP_SCHEMA.check_match(unix_timestamp)
 
   # Convert 'unix_timestamp' to a 'time.struct_time',  in UTC.  The Daylight
   # Savings Time (DST) flag is set to zero.  datetime.fromtimestamp() is not
@@ -554,7 +554,7 @@ def format_base64(data):
     return binascii.b2a_base64(data).decode('utf-8').rstrip('=\n ')
 
   except (TypeError, binascii.Error) as e:
-    raise securesystemslib.exceptions.FormatError('Invalid base64'
+    raise exceptions.FormatError('Invalid base64'
       ' encoding: ' + str(e))
 
 
@@ -583,7 +583,7 @@ def parse_base64(base64_string):
 
   if not isinstance(base64_string, six.string_types):
     message = 'Invalid argument: '+repr(base64_string)
-    raise securesystemslib.exceptions.FormatError(message)
+    raise exceptions.FormatError(message)
 
   extra = len(base64_string) % 4
   if extra:
@@ -594,7 +594,7 @@ def parse_base64(base64_string):
     return binascii.a2b_base64(base64_string.encode('utf-8'))
 
   except (TypeError, binascii.Error) as e:
-    raise securesystemslib.exceptions.FormatError('Invalid base64'
+    raise exceptions.FormatError('Invalid base64'
       ' encoding: ' + str(e))
 
 
@@ -661,7 +661,7 @@ def _encode_canonical(object, output_function):
       _encode_canonical(value, output_function)
     output_function("}")
   else:
-    raise securesystemslib.exceptions.FormatError('I cannot encode '+repr(object))
+    raise exceptions.FormatError('I cannot encode '+repr(object))
 
 
 def encode_canonical(object, output_function=None):
@@ -724,9 +724,9 @@ def encode_canonical(object, output_function=None):
   try:
     _encode_canonical(object, output_function)
 
-  except (TypeError, securesystemslib.exceptions.FormatError) as e:
+  except (TypeError, exceptions.FormatError) as e:
     message = 'Could not encode ' + repr(object) + ': ' + str(e)
-    raise securesystemslib.exceptions.FormatError(message)
+    raise exceptions.FormatError(message)
 
   # Return the encoded 'object' as a string.
   # Note: Implies 'output_function' is None,

securesystemslib/gpg/__init__.py

@@ -21,3 +21,7 @@
   are almost guaranteed to have gpg installed, yet the same assumption can't be
   made for the gpgme python bindings.
 """
+from __future__ import absolute_import
+from . import constants
+from . import util
+util.constants = constants