metadata api: Signed.expires string representation should not contain microseconds

[lukpueh]

Description of issue or feature request:

In signed._common_fields_to_dict we convert the value of the datetime object in Signed.expires to a date-time string.

From the TUF spec:

[...] The expected format of the combined date and time string is "YYYY-MM-DDTHH:MM:SSZ". [...] An example date-time string is "1985-10-21T01:21:00Z".

If the original datetime object contained microseconds, the date-time string representation of Signed.expires will too.

Reproducer:

from datetime import datetime
from tuf.api.metadata import Timestamp, MetaFile
Timestamp(1, "1.0.19", datetime(2021, 11, 16, 12, 0, 0, 123456), MetaFile(1)).to_dict()["expires"]

Current output:

'2021-11-16T12:00:00.123456Z'

Expected behavior:

'2021-11-16T12:00:00Z'

Proposed fix 1:

diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
index 25f14fe7..cdbd8595 100644
--- a/tuf/api/metadata.py
+++ b/tuf/api/metadata.py
@@ -480,7 +480,7 @@ class Signed(metaclass=abc.ABCMeta):
             "_type": self._type,
             "version": self.version,
             "spec_version": self.spec_version,
-            "expires": self.expires.isoformat() + "Z",
+            "expires": self.expires.replace(microsecond=0).isoformat() + "Z",
             **self.unrecognized_fields,
         }

Proposed fix 2:

diff --git a/tuf/api/metadata.py b/tuf/api/metadata.py
index 25f14fe7..20365cfe 100644
--- a/tuf/api/metadata.py
+++ b/tuf/api/metadata.py
@@ -480,7 +480,7 @@ class Signed(metaclass=abc.ABCMeta):
             "_type": self._type,
             "version": self.version,
             "spec_version": self.spec_version,
-            "expires": self.expires.isoformat() + "Z",
+            "expires": datetime.strftime(self.expires, "%Y-%m-%dT%H:%M:%SZ"),
             **self.unrecognized_fields,
         }

[jku]

yeah this is definitely not ideal. I suppose there are two options:

• error out if microseconds are found in serialization (not user friendly but a visible failure)
• do what you suggest: make sure the serialized content is valid, even modifying the content if needed

In both cases we could also:

• provide a public setter for expiry (taking a datetime (or even a timedelta from now) as input, flooring microseconds)
• use the setter in init()

these steps would make it easier for Metadata to not be in a state where it doesn't quite match the form it gets serialized into...

[lukpueh]

Good point! I guess, I'm fine either way. Losing (negligible) precision during serialisation doesn't seem like a big deal, and I don't think there is a realistic use case where this leads to unexpected behaviour. But yes, erroring seems safer.

Regardless, I'm all for providing the convenience setter you propose.

OTOH, I'm a little bit reserved about changing the signature of init, i.e. s/expires/expires_in/, because I think the Metadata class should look as much like the spec as possible. But I won't insist here either.

[ivanayov]

Can I take this please?