Load trusted root in a separate private method

sechkova · sechkova · commit 6ada96cf9084 · 2021-08-27T11:54:45.000+03:00
Add an additional private method for loading the initial
trusted root metadata. The public method update_root() is
now used only externally for updating the intiial root.
The 'root' property is used only after its initialization
in the constructor and is not longer optional which makes
mypy happy.

This split results in cleaner code and the ability to annotate
the 'root' property as non-optional at the cost of some code
duplication.

Signed-off-by: Teodora Sechkova &lt;tsechkova@vmware.com&gt;
diff --git a/tuf/ngclient/_internal/trusted_metadata_set.py b/tuf/ngclient/_internal/trusted_metadata_set.py
@@ -98,7 +98,7 @@ def __init__(self, root_data: bytes):
         # Load and validate the local root metadata. Valid initial trusted root
         # metadata is required
         logger.debug("Updating initial trusted root")
-        self.update_root(root_data)
+        self._load_trusted_root(root_data)
 
     def __getitem__(self, role: str) -> Metadata:
         """Returns current Metadata for 'role'"""
@@ -161,15 +161,15 @@ def update_root(self, data: bytes) -> None:
                 f"Expected 'root', got '{new_root.signed.type}'"
             )
 
-        if self._trusted_set.get("root") is not None:
-            # We are not loading initial trusted root: verify the new one
-            self.root.verify_delegate("root", new_root)
+        # Verify that new root is signed by trusted root
+        self.root.verify_delegate("root", new_root)
 
-            if new_root.signed.version != self.root.signed.version + 1:
-                raise exceptions.ReplayedMetadataError(
-                    "root", new_root.signed.version, self.root.signed.version
-                )
+        if new_root.signed.version != self.root.signed.version + 1:
+            raise exceptions.ReplayedMetadataError(
+                "root", new_root.signed.version, self.root.signed.version
+            )
 
+        # Verify that new root is signed by itself
         new_root.verify_delegate("root", new_root)
 
         self._trusted_set["root"] = new_root
@@ -409,3 +409,24 @@ def update_delegated_targets(
 
         self._trusted_set[role_name] = new_delegate
         logger.debug("Updated %s delegated by %s", role_name, delegator_name)
+
+    def _load_trusted_root(self, data: bytes) -> None:
+        """Verifies and loads 'data' as trusted root metadata.
+
+        Note that an expired initial root is considered valid: expiry is
+        only checked for the final root in update_timestamp().
+        """
+        try:
+            new_root = Metadata[Root].from_bytes(data)
+        except DeserializationError as e:
+            raise exceptions.RepositoryError("Failed to load root") from e
+
+        if new_root.signed.type != "root":
+            raise exceptions.RepositoryError(
+                f"Expected 'root', got '{new_root.signed.type}'"
+            )
+
+        new_root.verify_delegate("root", new_root)
+
+        self._trusted_set["root"] = new_root
+        logger.debug("Loaded trusted root")
