From f61cf1a9d973d059445a604832629a3d3f354de2 Mon Sep 17 00:00:00 2001
From: Jussi Kukkonen <jkukkonen@google.com>
Date: Tue, 21 May 2024 10:10:57 +0300
Subject: [PATCH] GCPSigner: Add exception for unsupported keys

This seems correct-er and makes pylint happier.

Signed-off-by: Jussi Kukkonen <jkukkonen@google.com>
---
 securesystemslib/signer/_gcp_signer.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/securesystemslib/signer/_gcp_signer.py b/securesystemslib/signer/_gcp_signer.py
index 8dd6baaa..4beaf829 100644
--- a/securesystemslib/signer/_gcp_signer.py
+++ b/securesystemslib/signer/_gcp_signer.py
@@ -165,7 +165,7 @@ def _get_hash_algorithm(public_key: Key) -> str:
         if public_key.keytype == "rsa":
             # hash algorithm is encoded as last scheme portion
             algo = public_key.scheme.split("-")[-1]
-        if public_key.keytype in [
+        elif public_key.keytype in [
             "ecdsa",
             "ecdsa-sha2-nistp256",
             "ecdsa-sha2-nistp384",
@@ -173,6 +173,10 @@ def _get_hash_algorithm(public_key: Key) -> str:
             # nistp256 uses sha-256, nistp384 uses sha-384
             bits = public_key.scheme.split("-nistp")[-1]
             algo = f"sha{bits}"
+        else:
+            raise exceptions.UnsupportedAlgorithmError(
+                f"Unsupported key type {public_key.keytype} in key {public_key.keyid}"
+            )
 
         # trigger UnsupportedAlgorithm if appropriate
         _ = sslib_hash.digest(algo)