Make keyids in Role a set

From the specification: "Clients MUST ensure that for any KEYID represented in this key list and in other files, only one unique key has that KEYID." The “only one unique key has that KEYID” is a requirement which can’t be achieved if two keyids are the same. So, in order to mandate that requirement it makes sense to use a set which will guarantee us the keyid’s uniqueness. Signed-off-by: Martin Vrachev <[email protected]>
theupdateframework · Apr 27, 2021 · 0c3131b · 0c3131b
1 parent ef71c2d
commit 0c3131b
Showing 1 changed file with 10 additions and 4 deletions.
diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
@@ -463,11 +463,17 @@ class Role:
 
     def __init__(
         self,
-        keyids: set,
+        keyids: list,
         threshold: int,
         unrecognized_fields: Optional[Mapping[str, Any]] = None,
     ) -> None:
-        self.keyids = keyids
+        keyids_set = set(keyids)
+        if len(keyids_set) != len(keyids):
+            raise ValueError(
+                f"keyids should be a list of unique strings,"
+                f" instead got {keyids}"
+            )
+        self.keyids = keyids_set
         self.threshold = threshold
         self.unrecognized_fields = unrecognized_fields or {}
 
@@ -482,7 +488,7 @@ def from_dict(cls, role_dict: Mapping[str, Any]) -> "Role":
     def to_dict(self) -> Dict:
         """Returns the dictionary representation of self."""
         return {
-            "keyids": self.keyids,
+            "keyids": list(self.keyids),
             "threshold": self.threshold,
             **self.unrecognized_fields,
         }
@@ -570,7 +576,7 @@ def add_key(
     ) -> None:
         """Adds new key for 'role' and updates the key store."""
         if keyid not in self.roles[role].keyids:
-            self.roles[role].keyids.append(keyid)
+            self.roles[role].keyids.add(keyid)
             self.keys[keyid] = key_metadata
 
     # Remove key for a role.