Metadata API: Add Key attributes types validation

In our discussion with Jussi we come to the conclusion that we want to verify that all Key attributes contain values in the expected types, but at the same time we don't want to focus validating the semantics behind them. The reason is that having a Key instance with invalid attributes is possible and supported by the spec. That's why we have "threshold" for the roles meaning we can have up to a certain number of invalid Keys until we satisfy the required threshold. Also, for deeper semantic validation it's better to be done in securesystemslib which does the actual work with keys. For context see: theupdateframework#1438 Signed-off-by: Martin Vrachev <[email protected]>
MVrachev · Jun 15, 2021 · 3df91a5 · 3df91a5
1 parent de78251
commit 3df91a5
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
@@ -398,8 +398,15 @@ def __init__(
         keyval: Dict[str, str],
         unrecognized_fields: Optional[Mapping[str, Any]] = None,
     ) -> None:
-        if not keyval.get("public"):
+        public_val = keyval.get("public")
+        if not public_val or not isinstance(public_val, str):
             raise ValueError("keyval doesn't follow the specification format!")
+        if not isinstance(scheme, str):
+            raise ValueError("scheme should be a string!")
+        if not isinstance(keytype, str):
+            raise ValueError("keytype should be a string!")
+        if not isinstance(keyid, str):
+            raise ValueError("keyid should be a string!")
         self.keyid = keyid
         self.keytype = keytype
         self.scheme = scheme