Refactor hash algo check in GCPSigner

Minimally refactor EAFP to LBYL to avoid clunky re-raise.

Signed-off-by: Lukas Puehringer <[email protected]>

Author: lukpueh

securesystemslib/signer/_gcp_signer.py

@@ -163,29 +163,22 @@ def _get_hash_algorithm(public_key: Key) -> str:
         # TODO: This could be a public abstract method on Key so that GCPSigner
         # would not be tied to a specific Key implementation -- not all keys
         # have a pre hash algorithm though.
-        if public_key.keytype == "rsa":
-            # hash algorithm is encoded as last scheme portion
-            algo = public_key.scheme.split("-")[-1]
-        elif public_key.keytype in [
-            "ecdsa",
-            "ecdsa-sha2-nistp256",
-            "ecdsa-sha2-nistp384",
-        ]:
+        if (
+            public_key.keytype == "rsa" and public_key.scheme.endswith(("256", "512"))
+        ) or (
             # nistp256 uses sha-256, nistp384 uses sha-384
-            bits = public_key.scheme.split("-nistp")[-1]
-            algo = f"sha{bits}"
+            # TODO: Check for invalid type/scheme combinations (#766)
+            public_key.keytype
+            in ["ecdsa", "ecdsa-sha2-nistp256", "ecdsa-sha2-nistp384"]
+            and public_key.scheme.endswith(("256", "384"))
+        ):
+            algo = public_key.scheme[-3:]
         else:
             raise exceptions.UnsupportedAlgorithmError(
-                f"Unsupported key type {public_key.keytype} in key {public_key.keyid}"
+                f"Unsupported {public_key.keytype}/{public_key.scheme} "
+                f"(type/scheme) in key {public_key.keyid}"
             )
 
-        # trigger UnsupportedAlgorithm if appropriate
-        # TODO: validate scheme/algo in constructor (#766)
-        try:
-            _ = hashlib.new(algo)
-        except (ValueError, TypeError) as e:
-            raise exceptions.UnsupportedAlgorithmError(algo) from e
-
         return algo
 
     def sign(self, payload: bytes) -> Signature: