sign sslib.exceptions -> UnsignedMetadataError

Catch Metadata.sign() securesystemslib exceptions and instead throw
a more general UnsignedMetadataError exception.
We don't want to expose securesystemslib exceptions and it's better
to replace them with a more general exception that could be easily
handled.

As the signer is an argument implementing securesystemslib.signer.Signer
interface we don't know what exception will it throw.
That's why we need to catch all possible exceptions during signing and
raise UnsignedMetadataError.
That is the same reason why we should move the serialization outside
the "try" block, so a tuf.api.serialization.SerializationError can
propagate and warn the user that 'signed' cannot be serialized.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
This commit is contained in:
Martin Vrachev 2022-01-26 20:09:40 +02:00
parent b5fbfed194
commit 896e552fd7
2 changed files with 10 additions and 4 deletions

View file

@ -10,6 +10,7 @@
#### Repository errors ####
# pylint: disable=unused-import
from securesystemslib.exceptions import StorageError

View file

@ -304,9 +304,7 @@ def sign(
Raises:
tuf.api.serialization.SerializationError:
'signed' cannot be serialized.
securesystemslib.exceptions.CryptoError, \
securesystemslib.exceptions.UnsupportedAlgorithmError:
Signing errors.
exceptions.UnsignedMetadataError: Signing errors.
Returns:
Securesystemslib Signature object that was added into signatures.
@ -319,7 +317,14 @@ def sign(
signed_serializer = CanonicalJSONSerializer()
signature = signer.sign(signed_serializer.serialize(self.signed))
bytes_data = signed_serializer.serialize(self.signed)
try:
signature = signer.sign(bytes_data)
except Exception as e:
raise exceptions.UnsignedMetadataError(
"Problem signing the metadata"
) from e
if not append:
self.signatures.clear()