mirror of
https://github.com/theupdateframework/python-tuf
synced 2026-05-24 10:08:28 +00:00
sign sslib.exceptions -> UnsignedMetadataError
Catch Metadata.sign() securesystemslib exceptions and instead throw a more general UnsignedMetadataError exception. We don't want to expose securesystemslib exceptions and it's better to replace them with a more general exception that could be easily handled. As the signer is an argument implementing securesystemslib.signer.Signer interface we don't know what exception will it throw. That's why we need to catch all possible exceptions during signing and raise UnsignedMetadataError. That is the same reason why we should move the serialization outside the "try" block, so a tuf.api.serialization.SerializationError can propagate and warn the user that 'signed' cannot be serialized. Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
This commit is contained in:
parent
b5fbfed194
commit
896e552fd7
2 changed files with 10 additions and 4 deletions
|
|
@ -10,6 +10,7 @@
|
|||
|
||||
#### Repository errors ####
|
||||
|
||||
# pylint: disable=unused-import
|
||||
from securesystemslib.exceptions import StorageError
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -304,9 +304,7 @@ def sign(
|
|||
Raises:
|
||||
tuf.api.serialization.SerializationError:
|
||||
'signed' cannot be serialized.
|
||||
securesystemslib.exceptions.CryptoError, \
|
||||
securesystemslib.exceptions.UnsupportedAlgorithmError:
|
||||
Signing errors.
|
||||
exceptions.UnsignedMetadataError: Signing errors.
|
||||
|
||||
Returns:
|
||||
Securesystemslib Signature object that was added into signatures.
|
||||
|
|
@ -319,7 +317,14 @@ def sign(
|
|||
|
||||
signed_serializer = CanonicalJSONSerializer()
|
||||
|
||||
signature = signer.sign(signed_serializer.serialize(self.signed))
|
||||
bytes_data = signed_serializer.serialize(self.signed)
|
||||
|
||||
try:
|
||||
signature = signer.sign(bytes_data)
|
||||
except Exception as e:
|
||||
raise exceptions.UnsignedMetadataError(
|
||||
"Problem signing the metadata"
|
||||
) from e
|
||||
|
||||
if not append:
|
||||
self.signatures.clear()
|
||||
|
|
|
|||
Loading…
Reference in a new issue