Refactor to use changed format metadata to key

In commit b7a15fdee7dee899c098b01fe64d604635b2b132
or pr secure-systems-lab/securesystemslib#227
in securesystemslib I change the function arguments of the
format_metadata_to_key function in securesystemslib/keys.py
to add the opportunity to use custom keyid hash algorithms without
chainging the securesystemslib.settings.HASH_ALGORITHMS variable.

With this commit, I make use of the above changes in tuf.

Signed-off-by: Martin Vrachev <[email protected]>

tuf/client/updater.py

@@ -952,7 +952,8 @@ def _import_delegations(self, parent_role):
         # We specify the keyid to ensure that it's the correct keyid
         # for the key.
         try:
-          key, _ = securesystemslib.keys.format_metadata_to_key(keyinfo, keyid)
+          key, _ = securesystemslib.keys.format_metadata_to_key(keyinfo, keyid,
+              keyid_hash_algorithms=keyinfo['keyid_hash_algorithms'])
 
           tuf.keydb.add_key(key, repository_name=self.repository_name)
 

tuf/keydb.py

@@ -122,7 +122,8 @@ def create_keydb_from_root_metadata(root_metadata, repository_name='default'):
       # format_metadata_to_key() uses the provided keyid as the default keyid.
       # All other keyids returned are ignored.
 
-      key_dict, _ = securesystemslib.keys.format_metadata_to_key(key_metadata, keyid)
+      key_dict, _ = securesystemslib.keys.format_metadata_to_key(key_metadata,
+          keyid, keyid_hash_algorithms=key_metadata['keyid_hash_algorithms'])
 
       # Make sure to update key_dict['keyid'] to use one of the other valid
       # keyids, otherwise add_key() will have no reference to it.

tuf/repository_lib.py

@@ -645,7 +645,8 @@ def _load_top_level_metadata(repository, top_level_filenames, repository_name):
     for keyid, key_metadata in six.iteritems(targets_metadata['delegations']['keys']):
 
       # Use the keyid found in the delegation
-      key_object, _ = securesystemslib.keys.format_metadata_to_key(key_metadata, keyid)
+      key_object, _ = securesystemslib.keys.format_metadata_to_key(key_metadata,
+          keyid, keyid_hash_algorithms=key_metadata['keyid_hash_algorithms'])
 
       # Add 'key_object' to the list of recognized keys.  Keys may be shared,
       # so do not raise an exception if 'key_object' has already been loaded.

tuf/repository_tool.py

@@ -3187,12 +3187,8 @@ def load_repository(repository_directory, repository_name='default',
       # The repo may have used hashing algorithms for the generated keyids
       # that doesn't match the client's set of hash algorithms.  Make sure
       # to only used the repo's selected hashing algorithms.
-      hash_algorithms = securesystemslib.settings.HASH_ALGORITHMS
-      securesystemslib.settings.HASH_ALGORITHMS = \
-          key_metadata['keyid_hash_algorithms']
-      key_object, keyids = \
-          securesystemslib.keys.format_metadata_to_key(key_metadata)
-      securesystemslib.settings.HASH_ALGORITHMS = hash_algorithms
+      key_object, keyids = securesystemslib.keys.format_metadata_to_key(key_metadata,
+          keyid_hash_algorithms=key_metadata['keyid_hash_algorithms'])
       try:
         for keyid in keyids: # pragma: no branch
           key_object['keyid'] = keyid