From cd34793b0a45d2524dc283b0b34abbe0fed1f2eb Mon Sep 17 00:00:00 2001
From: Martin Vrachev <mvrachev@vmware.com>
Date: Fri, 28 Jan 2022 20:03:20 +0200
Subject: [PATCH] Move nonunique sigs test to serialization tests

Move the duplicating signatures tests from test_metadata_base function
in test_api.py into test_metadata_serialization.py.
This is a more logical place to store this test case as
test_metadata_base is actually focused on testing
Metadata.signed.is_expired.
That also is the reason why I renamed test_metadata_base to
test_metadata_signed_is_expired.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
---
 tests/test_api.py                    | 10 +---------
 tests/test_metadata_serialization.py |  7 ++++++-
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/tests/test_api.py b/tests/test_api.py
index 82e13c74..ff52952d 100755
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -276,7 +276,7 @@ def test_verify_failures(self) -> None:
             timestamp_key.verify_signature(md_obj)
         sig.signature = correct_sig
 
-    def test_metadata_base(self) -> None:
+    def test_metadata_signed_is_expired(self) -> None:
         # Use of Snapshot is arbitrary, we're just testing the base class
         # features with real data
         snapshot_path = os.path.join(self.repo_dir, "metadata", "snapshot.json")
@@ -303,14 +303,6 @@ def test_metadata_base(self) -> None:
         self.assertFalse(is_expired)
         md.signed.expires = expires
 
-        # Test deserializing metadata with non-unique signatures:
-        data = md.to_dict()
-        data["signatures"].append(
-            {"keyid": data["signatures"][0]["keyid"], "sig": "foo"}
-        )
-        with self.assertRaises(ValueError):
-            Metadata.from_dict(data)
-
     def test_metadata_verify_delegate(self) -> None:
         root_path = os.path.join(self.repo_dir, "metadata", "root.json")
         root = Metadata[Root].from_file(root_path)
diff --git a/tests/test_metadata_serialization.py b/tests/test_metadata_serialization.py
index 797e79f4..32df05ed 100644
--- a/tests/test_metadata_serialization.py
+++ b/tests/test_metadata_serialization.py
@@ -42,11 +42,16 @@ class TestSerialization(unittest.TestCase):
             { "_type": "timestamp", "spec_version": "1.0.0", "version": 1, "expires": "2030-01-01T00:00:00Z", \
             "meta": {"snapshot.json": {"hashes": {"sha256" : "abc"}, "version": 1}}} \
         }',
+        "non unique duplicating signatures": b'{"signed": \
+                { "_type": "timestamp", "spec_version": "1.0.0", "version": 1, "expires": "2030-01-01T00:00:00Z", \
+                "meta": {"snapshot.json": {"hashes": {"sha256" : "abc"}, "version": 1}}}, \
+            "signatures": [{"keyid": "id", "sig": "b"}, {"keyid": "id", "sig": "b"}] \
+        }',
     }
 
     @utils.run_sub_tests_with_dataset(invalid_metadata)
     def test_invalid_metadata_serialization(self, test_data: bytes) -> None:
-        # We expect a DeserializationError reraised from KeyError.
+        # We expect a DeserializationError reraised from ValueError or KeyError.
         with self.assertRaises(DeserializationError):
             Metadata.from_bytes(test_data)