python-tuf/tuf/api
Jussi Kukkonen 414dfc829f Metadata API: Move signature verification to Key
This is likely not needed by users of the API (as they are interested
in the higher level functionality "verify delegate metadata with
threshold of signatures").

Moving verify to Key makes the API cleaner because including both
"verify myself" and "verify a delegate with threshold" can look awkward
in Metadata, and because the ugly Securesystemslib integration is now
Key class implementation detail (see Key.to_securesystemslib_key()).

Also raise on verify failure instead of returning false: this was found
to confuse API users (and was arguably not a pythonic way to handle it).

* Name the function verify_signature() to make it clear what is being
  verified.
* Assume only one signature per keyid exists: see #1422
* Raise only UnsignedMetadataError (when no signatures or verify failure),
  the remaining lower level errors will be handled in #1351
* Stop using a "keystore" in tests for the public keys: everything we
  need is in metadata already

This changes API, but also should not be something API users want to
call in the future when "verify a delegate with threshold" exists.

Signed-off-by: Jussi Kukkonen <jkukkonen@vmware.com>
2021-06-07 13:20:26 +03:00
..
serialization Fix black docstring indentation errors 2021-04-27 14:08:24 +03:00
__init__.py tuf/api: Expose tuf.api as a package 2020-10-15 14:35:14 +01:00
metadata.py Metadata API: Move signature verification to Key 2021-06-07 13:20:26 +03:00
pylintrc Metadata API/pylintrc: Use old style logging 2021-05-11 11:47:38 +03:00