Merge pull request #1386 from sechkova/root_add_key

Jussi Kukkonen · web-flow · commit 9a397b9eff06 · 2021-05-14T09:27:17.000+03:00
Fix Root.add_key() argument's type
diff --git a/tests/test_api.py b/tests/test_api.py
@@ -48,10 +48,6 @@
     import_ed25519_privatekey_from_file
 )
 
-from securesystemslib.keys import (
-    format_keyval_to_metadata
-)
-
 from securesystemslib.signer import (
     SSlibSigner
 )
@@ -234,7 +230,7 @@ def test_metadata_base(self):
         is_expired = md.signed.is_expired(md.signed.expires - timedelta(days=1))
         self.assertFalse(is_expired)
 
-        # Test is_expired without reference_time, 
+        # Test is_expired without reference_time,
         # manipulating md.signed.expires
         expires = md.signed.expires
         md.signed.expires = datetime.utcnow()
@@ -244,7 +240,7 @@ def test_metadata_base(self):
         is_expired = md.signed.is_expired()
         self.assertFalse(is_expired)
         md.signed.expires = expires
-        
+
     def test_metadata_snapshot(self):
         snapshot_path = os.path.join(
                 self.repo_dir, 'metadata', 'snapshot.json')
@@ -394,9 +390,10 @@ def test_metadata_root(self):
         root_key2 =  import_ed25519_publickey_from_file(
                     os.path.join(self.keystore_dir, 'root_key2.pub'))
 
+
         keyid = root_key2['keyid']
-        key_metadata = format_keyval_to_metadata(
-            root_key2['keytype'], root_key2['scheme'], root_key2['keyval'])
+        key_metadata = Key(root_key2['keytype'], root_key2['scheme'],
+            root_key2['keyval'])
 
         # Assert that root does not contain the new key
         self.assertNotIn(keyid, root.signed.roles['root'].keyids)
@@ -409,6 +406,10 @@ def test_metadata_root(self):
         self.assertIn(keyid, root.signed.roles['root'].keyids)
         self.assertIn(keyid, root.signed.keys)
 
+        # Confirm that the newly added key does not break
+        # the object serialization
+        root.to_dict()
+
         # Try adding the same key again and assert its ignored.
         pre_add_keyid = root.signed.roles['root'].keyids.copy()
         root.signed.add_key('root', keyid, key_metadata)
diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
@@ -578,9 +578,7 @@ def to_dict(self) -> Dict[str, Any]:
         return root_dict
 
     # Update key for a role.
-    def add_key(
-        self, role: str, keyid: str, key_metadata: Dict[str, Any]
-    ) -> None:
+    def add_key(self, role: str, keyid: str, key_metadata: Key) -> None:
         """Adds new key for 'role' and updates the key store."""
         self.roles[role].keyids.add(keyid)
         self.keys[keyid] = key_metadata
