Make keyids in Role a set

From the specification: "Clients MUST ensure that for any KEYID represented in this key list and in other files, only one unique key has that KEYID." The “only one unique key has that KEYID” is a requirement which can’t be achieved if two keyids are the same. So, in order to mandate that requirement it makes sense to use a set which will guarantee us the keyid’s uniqueness. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
2026-05-24 10:08:28 +00:00 · 2021-04-22 18:24:41 +03:00 · 2021-04-22 18:24:41 +03:00 · 0c3131b4a2
commit 0c3131b4a2
parent ef71c2df76
1 changed files with 10 additions and 4 deletions
--- a/tuf/api/metadata.py
+++ b/tuf/api/metadata.py
@ -463,11 +463,17 @@ class Role:

    def __init__(
        self,
-        keyids: set,
+        keyids: list,
        threshold: int,
        unrecognized_fields: Optional[Mapping[str, Any]] = None,
    ) -> None:
-        self.keyids = keyids
+        keyids_set = set(keyids)
+        if len(keyids_set) != len(keyids):
+            raise ValueError(
+                f"keyids should be a list of unique strings,"
+                f" instead got {keyids}"
+            )
+        self.keyids = keyids_set
        self.threshold = threshold
        self.unrecognized_fields = unrecognized_fields or {}

@ -482,7 +488,7 @@ def from_dict(cls, role_dict: Mapping[str, Any]) -> "Role":
    def to_dict(self) -> Dict:
        """Returns the dictionary representation of self."""
        return {
-            "keyids": self.keyids,
+            "keyids": list(self.keyids),
            "threshold": self.threshold,
            **self.unrecognized_fields,
        }
@ -570,7 +576,7 @@ def add_key(
    ) -> None:
        """Adds new key for 'role' and updates the key store."""
        if keyid not in self.roles[role].keyids:
-            self.roles[role].keyids.append(keyid)
+            self.roles[role].keyids.add(keyid)
            self.keys[keyid] = key_metadata

    # Remove key for a role.