Merge pull request #1449 from MVrachev/key-validation

Metadata API: Add Key attributes types validation

Author: Jussi Kukkonen

tests/test_api.py

@@ -382,7 +382,7 @@ def test_key_class(self):
                     Key.from_dict("id", test_key_dict)
             # Test creating a Key instance with wrong keyval format.
             key_dict["keyval"] = {}
-            with self.assertRaises(ValueError):
+            with self.assertRaises(KeyError):
                 Key.from_dict("id", key_dict)
 
 

tuf/api/metadata.py

@@ -394,6 +394,8 @@ def bump_version(self) -> None:
 
 class Key:
     """A container class representing the public portion of a Key.
+    Please note that "Key" instances are not semanticly validated during
+    initialization. We consider this as responsibility of securesystemslib.
 
     Attributes:
         keyid: An identifier string that must uniquely identify a key within
@@ -416,8 +418,9 @@ def __init__(
         keyval: Dict[str, str],
         unrecognized_fields: Optional[Mapping[str, Any]] = None,
     ) -> None:
-        if not keyval.get("public"):
-            raise ValueError("keyval doesn't follow the specification format!")
+        val = keyval["public"]
+        if not all(isinstance(at, str) for at in [keyid, keytype, scheme, val]):
+            raise ValueError("Unexpected Key attributes types!")
         self.keyid = keyid
         self.keytype = keytype
         self.scheme = scheme