tests: adopt sslib changes in test_sign_failures

fixes #2444 SSlibSigner was changed recently (secure-stystems-lab/securesystemslib#604) to fail on bad input data (keydict) at init instead of when signing. The patched test used to trigger expects a Signer.sign error from an SSlibSigner, which is no longer possible. To still get the desired error, the test uses a custom signer, which does raise on sign. Signed-off-by: Lukas Puehringer <lukas.puehringer@nyu.edu>
2026-05-24 10:08:28 +00:00 · 2023-08-16 16:36:27 +02:00 · 2023-08-16 16:36:27 +02:00 · d45d65521b
commit d45d65521b
parent 016e16c1a9
1 changed files with 24 additions and 8 deletions
--- a/tests/test_api.py
+++ b/tests/test_api.py
@ -15,7 +15,7 @@
 import unittest
 from copy import copy
 from datetime import datetime, timedelta
-from typing import Any, ClassVar, Dict
+from typing import Any, ClassVar, Dict, Optional

 from securesystemslib import exceptions as sslib_exceptions
 from securesystemslib import hash as sslib_hash
@ -24,7 +24,12 @@
    import_ed25519_publickey_from_file,
 )
 from securesystemslib.keys import generate_ed25519_key
-from securesystemslib.signer import SSlibKey, SSlibSigner
+from securesystemslib.signer import (
+    SecretsHandler,
+    Signer,
+    SSlibKey,
+    SSlibSigner,
+)

 from tests import utils
 from tuf.api import exceptions
@ -234,16 +239,27 @@ def test_sign_verify(self) -> None:

    def test_sign_failures(self) -> None:
        # Test throwing UnsignedMetadataError because of signing problems
-        # related to bad information in the signer.
        md = Metadata.from_file(
            os.path.join(self.repo_dir, "metadata", "snapshot.json")
        )
-        key_dict = copy(self.keystore[Snapshot.type])
-        key_dict["keytype"] = "rsa"
-        key_dict["scheme"] = "bad_scheme"
-        sslib_signer = SSlibSigner(key_dict)
+
+        class FailingSigner(Signer):  # pylint: disable=missing-class-docstring
+            @classmethod
+            def from_priv_key_uri(
+                cls,
+                priv_key_uri: str,
+                public_key: Key,
+                secrets_handler: Optional[SecretsHandler] = None,
+            ) -> "Signer":
+                pass
+
+            def sign(self, payload: bytes) -> Signature:
+                raise RuntimeError("signing failed")
+
+        failing_signer = FailingSigner()
+
        with self.assertRaises(exceptions.UnsignedMetadataError):
-            md.sign(sslib_signer)
+            md.sign(failing_signer)

    def test_key_verify_failures(self) -> None:
        root_path = os.path.join(self.repo_dir, "metadata", "root.json")