From e7cff3bba8e25924248f719d4ef46c3ddeebf17f Mon Sep 17 00:00:00 2001
From: Vladimir Diaz <vladimir.v.diaz@gmail.com>
Date: Thu, 26 Apr 2018 11:39:53 -0400
Subject: [PATCH] Fix bug in sig.py's get_signature_status

get_signature_status() incorrectly uses the role's threshold in roledb instead of using the one supplied in the 'threshold' argument to the function

Signed-off-by: Vladimir Diaz <vladimir.v.diaz@gmail.com>
---
 tuf/sig.py | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/tuf/sig.py b/tuf/sig.py
index 486ad300..2f572c89 100755
--- a/tuf/sig.py
+++ b/tuf/sig.py
@@ -67,7 +67,7 @@
 
 
 def get_signature_status(signable, role=None, repository_name='default',
-                         threshold=None, keyids=None):
+    threshold=None, keyids=None):
   """
   <Purpose>
     Return a dictionary representing the status of the signatures listed in
@@ -214,12 +214,16 @@ def get_signature_status(signable, role=None, repository_name='default',
   # securesystemslib.exceptions.UnknownRoleError if we were given an invalid
   # role.
   if role is not None:
-    try:
-      threshold = \
-        tuf.roledb.get_role_threshold(role, repository_name=repository_name)
+    if threshold is None:
+      try:
+        threshold = \
+          tuf.roledb.get_role_threshold(role, repository_name=repository_name)
 
-    except tuf.exceptions.UnknownRoleError:
-      raise
+      except tuf.exceptions.UnknownRoleError:
+        raise
+
+    else:
+      logger.debug('Not using roledb.py\'s threshold for ' + repr(role))
 
   else:
     threshold = 0