diff --git a/tuf/ngclient/_internal/trusted_metadata_set.py b/tuf/ngclient/_internal/trusted_metadata_set.py index dae06b13..b8d0ffac 100644 --- a/tuf/ngclient/_internal/trusted_metadata_set.py +++ b/tuf/ngclient/_internal/trusted_metadata_set.py @@ -117,19 +117,19 @@ def root(self) -> Metadata[Root]: return self._trusted_set[Root.type] @property - def timestamp(self) -> Optional[Metadata[Timestamp]]: - """Get current timestamp ``Metadata`` or ``None``""" - return self._trusted_set.get(Timestamp.type) + def timestamp(self) -> Metadata[Timestamp]: + """Get current timestamp ``Metadata``""" + return self._trusted_set[Timestamp.type] @property - def snapshot(self) -> Optional[Metadata[Snapshot]]: - """Get current snapshot ``Metadata`` or ``None``""" - return self._trusted_set.get(Snapshot.type) + def snapshot(self) -> Metadata[Snapshot]: + """Get current snapshot ``Metadata``""" + return self._trusted_set[Snapshot.type] @property - def targets(self) -> Optional[Metadata[Targets]]: - """Get current targets ``Metadata`` or ``None``""" - return self._trusted_set.get(Targets.type) + def targets(self) -> Metadata[Targets]: + """Get current top-level targets ``Metadata``""" + return self._trusted_set[Targets.type] # Methods for updating metadata def update_root(self, data: bytes) -> Metadata[Root]: @@ -149,7 +149,7 @@ def update_root(self, data: bytes) -> Metadata[Root]: Returns: Deserialized and verified root ``Metadata`` object """ - if self.timestamp is not None: + if Timestamp.type in self._trusted_set: raise RuntimeError("Cannot update root after timestamp") logger.debug("Updating root") @@ -199,7 +199,7 @@ def update_timestamp(self, data: bytes) -> Metadata[Timestamp]: Returns: Deserialized and verified timestamp ``Metadata`` object """ - if self.snapshot is not None: + if Snapshot.type in self._trusted_set: raise RuntimeError("Cannot update timestamp after snapshot") # client workflow 5.3.10: Make sure final root is not expired. @@ -219,7 +219,7 @@ def update_timestamp(self, data: bytes) -> Metadata[Timestamp]: # If an existing trusted timestamp is updated, # check for a rollback attack - if self.timestamp is not None: + if Timestamp.type in self._trusted_set: # Prevent rolling back timestamp version if new_timestamp.signed.version < self.timestamp.signed.version: raise exceptions.BadVersionNumberError( @@ -253,7 +253,6 @@ def update_timestamp(self, data: bytes) -> Metadata[Timestamp]: def _check_final_timestamp(self) -> None: """Raise if timestamp is expired""" - assert self.timestamp is not None # nosec if self.timestamp.signed.is_expired(self.reference_time): raise exceptions.ExpiredMetadataError("timestamp.json is expired") @@ -288,9 +287,9 @@ def update_snapshot( Deserialized and verified snapshot ``Metadata`` object """ - if self.timestamp is None: + if Timestamp.type not in self._trusted_set: raise RuntimeError("Cannot update snapshot before timestamp") - if self.targets is not None: + if Targets.type in self._trusted_set: raise RuntimeError("Cannot update snapshot after targets") logger.debug("Updating snapshot") @@ -317,7 +316,7 @@ def update_snapshot( # used in rollback protection: it is checked when targets is updated # If an existing trusted snapshot is updated, check for rollback attack - if self.snapshot is not None: + if Snapshot.type in self._trusted_set: for filename, fileinfo in self.snapshot.signed.meta.items(): new_fileinfo = new_snapshot.signed.meta.get(filename) @@ -348,8 +347,6 @@ def update_snapshot( def _check_final_snapshot(self) -> None: """Raise if snapshot is expired or meta version does not match""" - assert self.snapshot is not None # nosec - assert self.timestamp is not None # nosec if self.snapshot.signed.is_expired(self.reference_time): raise exceptions.ExpiredMetadataError("snapshot.json is expired") snapshot_meta = self.timestamp.signed.snapshot_meta @@ -392,7 +389,7 @@ def update_delegated_targets( Returns: Deserialized and verified targets ``Metadata`` object """ - if self.snapshot is None: + if Snapshot.type not in self._trusted_set: raise RuntimeError("Cannot load targets before snapshot") # Targets cannot be loaded if final snapshot is expired or its version diff --git a/tuf/ngclient/updater.py b/tuf/ngclient/updater.py index 467a446f..87974362 100644 --- a/tuf/ngclient/updater.py +++ b/tuf/ngclient/updater.py @@ -168,7 +168,7 @@ def get_targetinfo(self, target_path: str) -> Optional[TargetFile]: ``TargetFile`` instance or ``None``. """ - if self._trusted_set.targets is None: + if Targets.type not in self._trusted_set: self.refresh() return self._preorder_depth_first_walk(target_path) @@ -361,7 +361,6 @@ def _load_snapshot(self) -> None: # Local snapshot does not exist or is invalid: update from remote logger.debug("Local snapshot not valid as final: %s", e) - assert self._trusted_set.timestamp is not None # nosec snapshot_meta = self._trusted_set.timestamp.signed.snapshot_meta length = snapshot_meta.length or self.config.snapshot_max_length version = None @@ -390,8 +389,6 @@ def _load_targets(self, role: str, parent_role: str) -> Metadata[Targets]: # Local 'role' does not exist or is invalid: update from remote logger.debug("Failed to load local %s: %s", role, e) - assert self._trusted_set.snapshot is not None # nosec - snapshot = self._trusted_set.snapshot.signed metainfo = snapshot.meta.get(f"{role}.json") if metainfo is None: