Don't use snapshot metadata when snapshot merkle trees are used.

This commit ensures that when snapshot merkle trees are used, the
client is not looking for version information in the snapshot
file, but instead waiting to download version information from
the snapshot merkle tree.

Another approach could be to download the snapshot merkle file
early to ensure that it exists before continuing the verification.

Signed-off-by: marinamoore <[email protected]>

Author: mnm678

tuf/client/updater.py

@@ -2025,7 +2025,9 @@ def _update_metadata_if_changed(self, metadata_role,
 
     # Ensure the referenced metadata has been loaded.  The 'root' role may be
     # updated without having 'snapshot' available.
-    if referenced_metadata not in self.metadata['current']:
+    # When snapshot merkle trees are used, there will not be a snapshot file.
+    # Instead, if the snapshot merkle file is missing, this will error below.
+    if 'merkle_root' not in self.metadata['current']['timestamp'] and referenced_metadata not in self.metadata['current']:
       raise tuf.exceptions.RepositoryError('Cannot update'
         ' ' + repr(metadata_role) + ' because ' + referenced_metadata + ' is'
         ' missing.')
@@ -2625,7 +2627,11 @@ def _refresh_targets_metadata(self, rolename='targets',
 
     roles_to_update = []
 
-    if rolename + '.json' in self.metadata['current']['snapshot']['meta']:
+    # Add the role if it is listed in snapshot. If snapshot merkle
+    # trees are used, the snaphot check will be done later when
+    # the merkle tree is verified
+    if 'merkle_root' in self.metadata['current']['timestamp'] or
+        rolename + '.json' in self.metadata['current']['snapshot']['meta']:
       roles_to_update.append(rolename)
 
     if refresh_all_delegated_roles: