ASN.1: deal with empty private values in public key dicts

awwad · awwad · commit 1fda798d4060 · 2018-11-08T16:36:20.000-05:00
by removing them. This is potentially problematic as it might change
the keyid when converting to ASN.1 and back, but it'll have to do for
now, and we shouldn't have these things in there in the first place.
It's an edge case, and this is a compromise.

Signed-off-by: Sebastien Awwad &lt;sebastien.awwad@gmail.com&gt;
diff --git a/tuf/encoding/asn1_convert.py b/tuf/encoding/asn1_convert.py
@@ -180,8 +180,16 @@ def public_key_to_pyasn1(public_key_dict):
   # whether it replaces the previous one or is a second check_match on the same
   # arg.
   if 'private' in public_key_dict['keyval']:
-    raise tuf.exceptions.FormatError('Expected public key, received key dict '
-        'containing a private key entry!')
+
+    # TODO: Clean this conditional up! Removing an empty 'private' value is
+    # not ideal, and might change the keyid based on how we currently calculate
+    # keyids.... Empty strings don't seem to be OK as OctetStrings, though, so
+    # for now, we're doing this....
+    if not public_key_dict['keyval']['private']:
+      del public_key_dict['keyval']['private']
+    else:
+      raise tuf.exceptions.FormatError('Expected public key, received key dict '
+          'containing a private key entry!')
 
   # TODO: Intelligently handle PEM-style RSA keys, which have value set to an
   # ASCII-prefixed Base64 string like:
