From 8b6566ab3bbf0e6c87b764e45c9ce3658ec822d5 Mon Sep 17 00:00:00 2001
From: Martin Vrachev <mvrachev@vmware.com>
Date: Tue, 8 Feb 2022 13:04:50 +0200
Subject: [PATCH] from_securesystemslib_key() raise ValueError

If a securesystemslib.FormatError is raised inside
Key.from_securesystemslib_key() then reraise ValueError.
This is done so that our users don't have to import securesystemslib
in order to handle the error and because the securesystemslib error
itself is securesystemslib implementation-specific.

Signed-off-by: Martin Vrachev <mvrachev@vmware.com>
---
 tests/test_api.py   |  5 +++++
 tuf/api/metadata.py | 20 +++++++++++++++-----
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/tests/test_api.py b/tests/test_api.py
index 125bf64386..82e13c74ab 100755
--- a/tests/test_api.py
+++ b/tests/test_api.py
@@ -379,6 +379,11 @@ def test_key_class(self) -> None:
         key = Key.from_securesystemslib_key(sslib_key)
         self.assertFalse("private" in key.keyval.keys())
 
+        # Test raising ValueError with non-existent keytype
+        sslib_key["keytype"] = "bad keytype"
+        with self.assertRaises(ValueError):
+            Key.from_securesystemslib_key(sslib_key)
+
     def test_root_add_key_and_remove_key(self) -> None:
         root_path = os.path.join(self.repo_dir, "metadata", "root.json")
         root = Metadata[Root].from_file(root_path)
diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
index 09eb86c08a..927d3ca4b3 100644
--- a/tuf/api/metadata.py
+++ b/tuf/api/metadata.py
@@ -618,12 +618,22 @@ def from_securesystemslib_key(cls, key_dict: Dict[str, Any]) -> "Key":
 
         Args:
             key_dict: Key in securesystemlib dict representation.
+
+        Raises:
+            ValueError: ``key_dict`` value is not following the securesystemslib
+                format.
         """
-        key_meta = sslib_keys.format_keyval_to_metadata(
-            key_dict["keytype"],
-            key_dict["scheme"],
-            key_dict["keyval"],
-        )
+        try:
+            key_meta = sslib_keys.format_keyval_to_metadata(
+                key_dict["keytype"],
+                key_dict["scheme"],
+                key_dict["keyval"],
+            )
+        except sslib_exceptions.FormatError as e:
+            raise ValueError(
+                "key_dict value is not following the securesystemslib format"
+            ) from e
+
         return cls(
             key_dict["keyid"],
             key_meta["keytype"],