Skip to content

Commit

Permalink
repository: Update to some new tuf API
Browse files Browse the repository at this point in the history
* Use verify_delegate() from Root, Targets
* Use helpers like Repository.root(), Repository.targets()
  • Loading branch information
jku committed Feb 6, 2024
1 parent df28ea9 commit 3a3da4c
Showing 1 changed file with 6 additions and 7 deletions.
13 changes: 6 additions & 7 deletions repo/tuf_on_ci/_repository.py
Original file line number Diff line number Diff line change
Expand Up @@ -212,9 +212,8 @@ def close(self, rolename: str, md: Metadata) -> None:
md.signatures[key.keyid] = Signature(key.keyid, "")

if rolename in ["timestamp", "snapshot"]:
root_md: Metadata[Root] = self.open("root")
# repository should never write unsigned online roles
root_md.verify_delegate(rolename, md)
self.root().verify_delegate(rolename, md.signed_bytes, md.signatures)

filename = self._get_filename(rolename)
data = md.to_bytes(JSONSerializer())
Expand Down Expand Up @@ -509,17 +508,17 @@ def is_signed(self, rolename: str) -> bool:
false in this case: this is useful when repository decides if it needs a new
online role version.
"""
role_md = self.open(rolename)
md = self.open(rolename)
if rolename in ["root", "timestamp", "snapshot", "targets"]:
delegator = self.open("root")
delegator: Root | Targets = self.root()
else:
delegator = self.open("targets")
delegator = self.targets()
try:
delegator.verify_delegate(rolename, role_md)
delegator.verify_delegate(rolename, md.signed_bytes, md.signatures)
except UnsignedMetadataError:
return False

signing_days, _ = self.signing_expiry_period(rolename)
delta = timedelta(days=signing_days)

return datetime.utcnow() + delta < role_md.signed.expires
return datetime.utcnow() + delta < md.signed.expires

0 comments on commit 3a3da4c

Please sign in to comment.