Refactor to use changed format metadata to key

In commit b7a15fdee7dee899c098b01fe64d604635b2b132 or pr secure-systems-lab/securesystemslib#227 in securesystemslib I change the function arguments of the format_metadata_to_key function in securesystemslib/keys.py to add the opportunity to use custom keyid hash algorithms without chainging the securesystemslib.settings.HASH_ALGORITHMS variable. With this commit, I make use of the above changes in tuf. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
theupdateframework · Jul 7, 2020 · 152068b · 152068b
1 parent b309e1b
commit 152068b
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 18 deletions.
diff --git a/tuf/client/updater.py b/tuf/client/updater.py
@@ -956,10 +956,9 @@ def _import_delegations(self, parent_role):
  # The repo may have used hashing algorithms for the generated keyids
  # that doesn't match the client's set of hash algorithms. Make sure
  # to only used the repo's selected hashing algorithms.
- hash_algorithms = securesystemslib.settings.HASH_ALGORITHMS
- securesystemslib.settings.HASH_ALGORITHMS = keyinfo['keyid_hash_algorithms']
- key, keyids = securesystemslib.keys.format_metadata_to_key(keyinfo)
- securesystemslib.settings.HASH_ALGORITHMS = hash_algorithms
+ key, keyids = securesystemslib.keys.format_metadata_to_key(keyinfo,
+ default_keyid=None,
+ keyid_hash_algorithms=keyinfo['keyid_hash_algorithms'])
 
  for key_id in keyids:
  key['keyid'] = key_id

diff --git a/tuf/keydb.py b/tuf/keydb.py
@@ -126,10 +126,9 @@ def create_keydb_from_root_metadata(root_metadata, repository_name='default'):
  # The repo may have used hashing algorithms for the generated keyids that
  # doesn't match the client's set of hash algorithms. Make sure to only
  # used the repo's selected hashing algorithms.
- hash_algorithms = securesystemslib.settings.HASH_ALGORITHMS
- securesystemslib.settings.HASH_ALGORITHMS = key_metadata['keyid_hash_algorithms']
- key_dict, keyids = securesystemslib.keys.format_metadata_to_key(key_metadata)
- securesystemslib.settings.HASH_ALGORITHMS = hash_algorithms
+ key_dict, keyids = securesystemslib.keys.format_metadata_to_key(key_metadata,
+ default_keyid=None,
+ keyid_hash_algorithms=key_metadata['keyid_hash_algorithms'])
 
  try:
  for keyid in keyids:

diff --git a/tuf/repository_lib.py b/tuf/repository_lib.py
@@ -638,10 +638,9 @@ def _load_top_level_metadata(repository, top_level_filenames, repository_name):
  # The repo may have used hashing algorithms for the generated keyids
  # that doesn't match the client's set of hash algorithms. Make sure
  # to only used the repo's selected hashing algorithms.
- hash_algorithms = securesystemslib.settings.HASH_ALGORITHMS
- securesystemslib.settings.HASH_ALGORITHMS = key_metadata['keyid_hash_algorithms']
- key_object, keyids = securesystemslib.keys.format_metadata_to_key(key_metadata)
- securesystemslib.settings.HASH_ALGORITHMS = hash_algorithms
+ key_object, keyids = securesystemslib.keys.format_metadata_to_key(key_metadata,
+ default_keyid=None,
+ keyid_hash_algorithms=key_metadata['keyid_hash_algorithms'])
 
  # Add 'key_object' to the list of recognized keys. Keys may be shared,
  # so do not raise an exception if 'key_object' has already been loaded.

diff --git a/tuf/repository_tool.py b/tuf/repository_tool.py
@@ -3092,12 +3092,9 @@ def load_repository(repository_directory, repository_name='default',
  # The repo may have used hashing algorithms for the generated keyids
  # that doesn't match the client's set of hash algorithms. Make sure
  # to only used the repo's selected hashing algorithms.
- hash_algorithms = securesystemslib.settings.HASH_ALGORITHMS
- securesystemslib.settings.HASH_ALGORITHMS = \
- key_metadata['keyid_hash_algorithms']
- key_object, keyids = \
- securesystemslib.keys.format_metadata_to_key(key_metadata)
- securesystemslib.settings.HASH_ALGORITHMS = hash_algorithms
+ key_object, keyids = securesystemslib.keys.format_metadata_to_key(key_metadata,
+ default_keyid=None,
+ keyid_hash_algorithms=key_metadata['keyid_hash_algorithms'])
  try:
  for keyid in keyids: # pragma: no branch
  key_object['keyid'] = keyid