fixup! feat: key interface

connaisseur/trust_root.py

@@ -4,15 +4,15 @@
 import ecdsa
 import rsa
 
-from connaisseur.exceptions import NoSuchClassError
+from connaisseur.exceptions import InvalidFormatException
 
 KMS_REGEX = r"^(awskms|gcpkms|azurekms|hashivault|k8s):\/{2,3}[a-zA-Z0-9_.+\/:-]+$"
 KEYLESS_REGEX = r"^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$"
 
 
 class TrustRootInterface:
     """
-    Interface form which all trust anchors inherit.
+    Interface from which all trust roots inherit.
     """
 
     def __new__(cls, data: object):
@@ -29,23 +29,24 @@ def __str__(self) -> str:
 
 class TrustRoot(TrustRootInterface):
     """
-    Abstract TrustRoot class used for verification.
+    Abstract TrustRoot class used to represent key material or similar entities, used in
+    signature verification processes.
 
-    May contain a public key, reference to a key or any other type of trust anchor.
+    May contain a public key, reference to a key or any other type of trust root.
     """
 
     value: object
 
     def __new__(cls, data: str):
         try:
-            tr_cls, tr_data = TrustRoot.__get_tr_type_cls_and_data(data)
+            tr_cls, tr_data = TrustRoot.__get_type_cls_and_data(data)
             return tr_cls.__new__(tr_cls, tr_data)
         except Exception as err:
-            msg = "Cannot discern trust anchor type."
-            raise NoSuchClassError(message=msg, tr_data=tr_data) from err
+            msg = "Error loading the trust root."
+            raise InvalidFormatException(message=msg) from err
 
     @staticmethod
-    def __get_tr_type_cls_and_data(data: str):
+    def __get_type_cls_and_data(data: str):
         if re.match(KEYLESS_REGEX, data):
             return KeyLessTrustRoot, data
         elif re.match(KMS_REGEX, data):

connaisseur/validators/cosign/cosign_validator.py

@@ -74,7 +74,7 @@ def __get_pinned_trust_roots(self, tr_name: str, required: list, threshold: int)
         tr_name = tr_name or "default"
         available_trs = list(map(lambda t: t["name"], self.trust_roots))
 
-        # generate list of pinned trust anchors
+        # generate list of pinned trust roots
         if tr_name == "*":
             if len(required) >= threshold:
                 pinned_trs = required
@@ -83,7 +83,7 @@ def __get_pinned_trust_roots(self, tr_name: str, required: list, threshold: int)
         else:
             pinned_trs = [tr_name]
 
-        # check if pinned trust anchors exist in available trust roots
+        # check if pinned trust roots exist in available trust roots
         missing_trs = set(pinned_trs) - set(available_trs)
         if missing_trs:
             msg = 'Trust roots "{tr_names}" not configured for validator "{validator_name}".'
@@ -223,8 +223,8 @@ def __get_cosign_validated_digests(self, image: str, trust_root: dict):
 
     def __validate_using_trust_root(self, image: str, trust_root: TrustRoot):
         """
-        Call the `CosignValidator.__invoke_cosign` method, using a specific trust anchor.
-        Depending on the type of trust anchor, the `CosignValidator.__invoke_cosign`
+        Call the `CosignValidator.__invoke_cosign` method, using a specific trust root.
+        Depending on the type of trust root, the `CosignValidator.__invoke_cosign`
         method will be called with different arguments.
         """
         # reminder when implementing RSA validation:
@@ -247,8 +247,11 @@ def __validate_using_trust_root(self, image: str, trust_root: TrustRoot):
 
     def __invoke_cosign(self, image: str, tr_args: list):
         """
-        Invoke the Cosign binary in a subprocess for a specific `image` given a
-        `trust_root` and return the returncode, stdout and stderr.
+        Invoke the Cosign binary in a subprocess for a specific `image` given trust root
+        argument list (`tr_args`) and return the returncode, stdout and stderr. The trust
+        root argument list includes a cosign option keyword and the trust root itself,
+        either as inline argument or pipeable input with an inline reference. The
+        composition of the list is dependant on the type of trust root.
 
         Raises an exception if Cosign times out.
         """