From 1fda798d4060d92bd3ca7cc322d882acaa0cd9f7 Mon Sep 17 00:00:00 2001 From: Sebastien Awwad Date: Mon, 22 Oct 2018 16:08:47 -0400 Subject: [PATCH] ASN.1: deal with empty private values in public key dicts by removing them. This is potentially problematic as it might change the keyid when converting to ASN.1 and back, but it'll have to do for now, and we shouldn't have these things in there in the first place. It's an edge case, and this is a compromise. Signed-off-by: Sebastien Awwad --- tuf/encoding/asn1_convert.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/tuf/encoding/asn1_convert.py b/tuf/encoding/asn1_convert.py index bfe81588..bdf1f748 100644 --- a/tuf/encoding/asn1_convert.py +++ b/tuf/encoding/asn1_convert.py @@ -180,8 +180,16 @@ def public_key_to_pyasn1(public_key_dict): # whether it replaces the previous one or is a second check_match on the same # arg. if 'private' in public_key_dict['keyval']: - raise tuf.exceptions.FormatError('Expected public key, received key dict ' - 'containing a private key entry!') + + # TODO: Clean this conditional up! Removing an empty 'private' value is + # not ideal, and might change the keyid based on how we currently calculate + # keyids.... Empty strings don't seem to be OK as OctetStrings, though, so + # for now, we're doing this.... + if not public_key_dict['keyval']['private']: + del public_key_dict['keyval']['private'] + else: + raise tuf.exceptions.FormatError('Expected public key, received key dict ' + 'containing a private key entry!') # TODO: Intelligently handle PEM-style RSA keys, which have value set to an # ASCII-prefixed Base64 string like: