tools/docs/crypto/update_crypto_support.py

#!/usr/bin/env python
#
# Copyright (C) 2017 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

"""Updates a JSON data file of supported algorithms.

Takes input on stdin a list of provided algorithms as produced by
ListProviders.java along with a JSON file of the previous set of algorithm
support and what the current API level is, and produces an updated JSON
record of algorithm support.
"""

import argparse
import collections
import copy
import datetime
import json
import sys

SUPPORTED_CATEGORIES = [
    'AlgorithmParameterGenerator',
    'AlgorithmParameters',
    'CertificateFactory',
    'CertPathBuilder',
    'CertPathValidator',
    'CertStore',
    'Cipher',
    'KeyAgreement',
    'KeyFactory',
    'KeyGenerator',
    'KeyManagerFactory',
    'KeyPairGenerator',
    'KeyStore',
    'Mac',
    'MessageDigest',
    'SecretKeyFactory',
    'SecureRandom',
    'Signature',
    'SSLContext',
    'TrustManagerFactory',
]


def find_by_name(seq, name):
    """Returns the first element in seq with the given name."""
    for item in seq:
        if item['name'] == name:
            return item
    return None


def sort_by_name(seq):
    """Returns a copy of the input sequence sorted by name."""
    return sorted(seq, key=lambda x: x['name'])


def normalize_name(name):
    """Returns a normalized version of the given algorithm name."""
    name = name.upper()
    # BouncyCastle uses X.509 with an alias of X509, Conscrypt does the
    # reverse.  X.509 is the official name of the standard, so use that.
    if name == "X509":
        name = "X.509"
    # PKCS5PADDING and PKCS7PADDING are the same thing (more accurately, PKCS#5
    # is a special case of PKCS#7), but providers are inconsistent in their
    # naming.  Use PKCS5PADDING because that's what our docs have used
    # historically.
    if name.endswith("/PKCS7PADDING"):
        name = name[:-1 * len("/PKCS7PADDING")] + "/PKCS5PADDING"
    return name

def get_current_data(f):
    """Returns a map of the algorithms in the given input.

    The input file-like object must supply a "BEGIN ALGORITHM LIST" line
    followed by any number of lines of an algorithm category and algorithm name
    separated by whitespace followed by a "END ALGORITHM LIST" line.  The
    input can supply arbitrary values outside of the BEGIN and END lines, it
    will be ignored.

    The returned algorithms will have their names normalized.

    Raises:
      EOFError: If either the BEGIN or END sentinel lines are not present.
      ValueError: If a line between the BEGIN and END sentinel lines is not
        made up of two identifiers separated by whitespace.
    """
    current_data = collections.defaultdict(list)

    saw_begin = False
    saw_end = False
    for line in f.readlines():
        line = line.strip()
        if not saw_begin:
            if line.strip() == 'BEGIN ALGORITHM LIST':
                saw_begin = True
            continue
        if line == 'END ALGORITHM LIST':
            saw_end = True
            break
        category, algorithm = line.split()
        if category not in SUPPORTED_CATEGORIES:
            continue
        current_data[category].append(normalize_name(algorithm))

    if not saw_begin:
        raise EOFError(
            'Reached the end of input without encountering the begin sentinel')
    if not saw_end:
        raise EOFError(
            'Reached the end of input without encountering the end sentinel')
    return dict(current_data)


def update_data(prev_data, current_data, api_level, date):
    """Returns a copy of prev_data, modified to take into account current_data.

    Updates the algorithm support metadata structure by starting with the
    information in prev_data and updating it to take into account the algorithms
    listed in current_data.  Algorithms not present in current_data will still
    be present in the return value, but their supported_api_levels may be
    modified to indicate that they are no longer supported.

    Args:
      prev_data: The data on algorithm support from the previous API level.
      current_data: The algorithms supported in the current API level, as a map
        from algorithm category to list of algorithm names.
      api_level: An integer representing the current API level.
      date: A datetime object containing the time of update.
    """
    new_data = {'categories': []}

    for category in SUPPORTED_CATEGORIES:
        prev_category = find_by_name(prev_data['categories'], category)
        if prev_category is None:
            prev_category = {'name': category, 'algorithms': []}
        current_category = (
            current_data[category] if category in current_data else [])
        new_category = {'name': category, 'algorithms': []}
        prev_algorithms = [x['name'] for x in prev_category['algorithms']]
        alg_union = set(prev_algorithms) | set(current_category)
        for alg in alg_union:
            new_algorithm = {'name': alg}
            new_level = None
            if alg in current_category and alg in prev_algorithms:
                # Both old and new have it, just ensure the API level is right
                prev_alg = find_by_name(prev_category['algorithms'], alg)
                if prev_alg['supported_api_levels'].endswith('+'):
                    new_level = prev_alg['supported_api_levels']
                else:
                    new_level = (prev_alg['supported_api_levels']
                                 + ',%d+' % api_level)
            elif alg in prev_algorithms:
                # Only in the old set, so ensure the API level is marked
                # as ending
                prev_alg = find_by_name(prev_category['algorithms'], alg)
                if prev_alg['supported_api_levels'].endswith('+'):
                    # The algorithm is newly missing, so modify the support
                    # to end at the previous level
                    new_level = prev_alg['supported_api_levels'][:-1]
                    if not new_level.endswith(str(api_level - 1)):
                        new_level += '-%d' % (api_level - 1)
                else:
                    new_level = prev_alg['supported_api_levels']
                new_algorithm['deprecated'] = 'true'
            else:
                # Only in the new set, so add it
                new_level = '%d+' % api_level
            new_algorithm['supported_api_levels'] = new_level
            new_category['algorithms'].append(new_algorithm)
        if new_category['algorithms']:
            new_category['algorithms'] = sort_by_name(
                new_category['algorithms'])
            new_data['categories'].append(new_category)
    new_data['categories'] = sort_by_name(new_data['categories'])
    new_data['api_level'] = str(api_level)
    new_data['last_updated'] = date.strftime('%Y-%m-%d %H:%M:%S UTC')

    return new_data


def main():
    parser = argparse.ArgumentParser(description='Update JSON support file')
    parser.add_argument('--api_level',
                        required=True,
                        type=int,
                        help='The current API level')
    parser.add_argument('--rewrite_file',
                        action='store_true',
                        help='If specified, rewrite the'
                             ' input file with the result')
    parser.add_argument('file',
                        help='The JSON file to update')
    args = parser.parse_args()

    f = open(args.file)
    # JSON doesn't allow comments, but we have some header docs in our file,
    # so strip comments out before parsing
    stripped_contents = ''
    for line in f:
        if not line.strip().startswith('#'):
            stripped_contents += line
    prev_data = json.loads(stripped_contents)
    f.close()

    current_data = get_current_data(sys.stdin)

    new_data = update_data(prev_data,
                           current_data,
                           args.api_level,
                           datetime.datetime.utcnow())

    if args.rewrite_file:
        f = open(args.file, 'w')
        f.write('# This file is autogenerated.'
                '  See libcore/tools/docs/crypto/README for details.\n')
        json.dump(
            new_data, f, indent=2, sort_keys=True, separators=(',', ': '))
        f.close()
    else:
        print json.dumps(
            new_data, indent=2, sort_keys=True, separators=(',', ': '))


if __name__ == '__main__':
    main()