From 896e552fd78c113e25e5161d0bfbbe3476b7689b Mon Sep 17 00:00:00 2001 From: Martin Vrachev Date: Wed, 26 Jan 2022 20:09:40 +0200 Subject: [PATCH] sign sslib.exceptions -> UnsignedMetadataError Catch Metadata.sign() securesystemslib exceptions and instead throw a more general UnsignedMetadataError exception. We don't want to expose securesystemslib exceptions and it's better to replace them with a more general exception that could be easily handled. As the signer is an argument implementing securesystemslib.signer.Signer interface we don't know what exception will it throw. That's why we need to catch all possible exceptions during signing and raise UnsignedMetadataError. That is the same reason why we should move the serialization outside the "try" block, so a tuf.api.serialization.SerializationError can propagate and warn the user that 'signed' cannot be serialized. Signed-off-by: Martin Vrachev --- tuf/api/exceptions.py | 1 + tuf/api/metadata.py | 13 +++++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/tuf/api/exceptions.py b/tuf/api/exceptions.py index ff7186c2..cb926945 100644 --- a/tuf/api/exceptions.py +++ b/tuf/api/exceptions.py @@ -10,6 +10,7 @@ #### Repository errors #### +# pylint: disable=unused-import from securesystemslib.exceptions import StorageError diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py index 50454c4b..418190d8 100644 --- a/tuf/api/metadata.py +++ b/tuf/api/metadata.py @@ -304,9 +304,7 @@ def sign( Raises: tuf.api.serialization.SerializationError: 'signed' cannot be serialized. - securesystemslib.exceptions.CryptoError, \ - securesystemslib.exceptions.UnsupportedAlgorithmError: - Signing errors. + exceptions.UnsignedMetadataError: Signing errors. Returns: Securesystemslib Signature object that was added into signatures. @@ -319,7 +317,14 @@ def sign( signed_serializer = CanonicalJSONSerializer() - signature = signer.sign(signed_serializer.serialize(self.signed)) + bytes_data = signed_serializer.serialize(self.signed) + + try: + signature = signer.sign(bytes_data) + except Exception as e: + raise exceptions.UnsignedMetadataError( + "Problem signing the metadata" + ) from e if not append: self.signatures.clear()