From 3a3da4cf000bf2f76ec509656a31f64484ca59fc Mon Sep 17 00:00:00 2001 From: Jussi Kukkonen Date: Tue, 6 Feb 2024 14:03:31 +0200 Subject: [PATCH] repository: Update to some new tuf API * Use verify_delegate() from Root, Targets * Use helpers like Repository.root(), Repository.targets() --- repo/tuf_on_ci/_repository.py | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/repo/tuf_on_ci/_repository.py b/repo/tuf_on_ci/_repository.py index d2926fa2..67e87aa7 100644 --- a/repo/tuf_on_ci/_repository.py +++ b/repo/tuf_on_ci/_repository.py @@ -212,9 +212,8 @@ def close(self, rolename: str, md: Metadata) -> None: md.signatures[key.keyid] = Signature(key.keyid, "") if rolename in ["timestamp", "snapshot"]: - root_md: Metadata[Root] = self.open("root") # repository should never write unsigned online roles - root_md.verify_delegate(rolename, md) + self.root().verify_delegate(rolename, md.signed_bytes, md.signatures) filename = self._get_filename(rolename) data = md.to_bytes(JSONSerializer()) @@ -509,17 +508,17 @@ def is_signed(self, rolename: str) -> bool: false in this case: this is useful when repository decides if it needs a new online role version. """ - role_md = self.open(rolename) + md = self.open(rolename) if rolename in ["root", "timestamp", "snapshot", "targets"]: - delegator = self.open("root") + delegator: Root | Targets = self.root() else: - delegator = self.open("targets") + delegator = self.targets() try: - delegator.verify_delegate(rolename, role_md) + delegator.verify_delegate(rolename, md.signed_bytes, md.signatures) except UnsignedMetadataError: return False signing_days, _ = self.signing_expiry_period(rolename) delta = timedelta(days=signing_days) - return datetime.utcnow() + delta < role_md.signed.expires + return datetime.utcnow() + delta < md.signed.expires