verify_signature(): handle SerializationError

We should handle the possible SerializationError inside Key.verify_signature(), because the user of this API is not interested in SerializationError when he is trying to verify his signature. Note that the SerializationError can be thrown when calling signed_serializer.serialize() on the metadata signed part. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
theupdateframework · Feb 8, 2022 · 2f381ae · 2f381ae
1 parent 0b2f985
commit 2f381ae
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
@@ -60,6 +60,7 @@
 from tuf.api.serialization import (
  MetadataDeserializer,
  MetadataSerializer,
+ SerializationError,
  SignedSerializer,
 )
 
@@ -670,6 +671,7 @@ def verify_signature(
  sslib_exceptions.CryptoError,
  sslib_exceptions.FormatError,
  sslib_exceptions.UnsupportedAlgorithmError,
+ SerializationError,
  ) as e:
  raise exceptions.UnsignedMetadataError(
  f"Failed to verify {self.keyid} signature"