From 1ce94b95cbc876de1054ffba07ca6eaaf8fc5f57 Mon Sep 17 00:00:00 2001 From: Martin Vrachev Date: Wed, 28 Apr 2021 13:01:41 +0300 Subject: [PATCH] keyid: verify adding an existing key is ignored Verify that adding an already existing key to keyid for a particular role in Root won't create duplicate key. Signed-off-by: Martin Vrachev --- tests/test_api.py | 5 +++++ tuf/api/metadata.py | 5 ++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tests/test_api.py b/tests/test_api.py index f174b7ec..193fe6b6 100755 --- a/tests/test_api.py +++ b/tests/test_api.py @@ -381,6 +381,11 @@ def test_metadata_root(self): self.assertIn(keyid, root.signed.roles['root'].keyids) self.assertIn(keyid, root.signed.keys) + # Try adding the same key again and assert its ignored. + pre_add_keyid = root.signed.roles['root'].keyids.copy() + root.signed.add_key('root', keyid, key_metadata) + self.assertEqual(pre_add_keyid, root.signed.roles['root'].keyids) + # Remove the key root.signed.remove_key('root', keyid) diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py index e070373d..99020519 100644 --- a/tuf/api/metadata.py +++ b/tuf/api/metadata.py @@ -577,9 +577,8 @@ def add_key( self, role: str, keyid: str, key_metadata: Mapping[str, Any] ) -> None: """Adds new key for 'role' and updates the key store.""" - if keyid not in self.roles[role].keyids: - self.roles[role].keyids.add(keyid) - self.keys[keyid] = key_metadata + self.roles[role].keyids.add(keyid) + self.keys[keyid] = key_metadata # Remove key for a role. def remove_key(self, role: str, keyid: str) -> None: