2017-03-22 14:54:20 +01:00
|
|
|
# Copyright 2017 Vector Creations Ltd
|
|
|
|
#
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
# you may not use this file except in compliance with the License.
|
|
|
|
# You may obtain a copy of the License at
|
|
|
|
#
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
#
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
# See the License for the specific language governing permissions and
|
|
|
|
# limitations under the License.
|
|
|
|
|
|
|
|
import signedjson.key
|
2022-12-09 18:36:32 +01:00
|
|
|
import signedjson.types
|
2020-01-30 12:25:59 +01:00
|
|
|
import unpaddedbase64
|
2018-07-09 08:09:20 +02:00
|
|
|
|
2019-04-03 19:10:24 +02:00
|
|
|
from synapse.storage.keys import FetchKeyResult
|
|
|
|
|
2017-03-22 14:54:20 +01:00
|
|
|
import tests.unittest
|
|
|
|
|
2020-01-30 12:25:59 +01:00
|
|
|
|
2022-12-09 18:36:32 +01:00
|
|
|
def decode_verify_key_base64(
|
|
|
|
key_id: str, key_base64: str
|
|
|
|
) -> signedjson.types.VerifyKey:
|
2020-01-30 12:25:59 +01:00
|
|
|
key_bytes = unpaddedbase64.decode_base64(key_base64)
|
|
|
|
return signedjson.key.decode_verify_key_bytes(key_id, key_bytes)
|
|
|
|
|
|
|
|
|
|
|
|
KEY_1 = decode_verify_key_base64(
|
|
|
|
"ed25519:key1", "fP5l4JzpZPq/zdbBg5xx6lQGAAOM9/3w94cqiJ5jPrw"
|
2019-04-08 23:00:11 +02:00
|
|
|
)
|
2020-01-30 12:25:59 +01:00
|
|
|
KEY_2 = decode_verify_key_base64(
|
|
|
|
"ed25519:key2", "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
|
2019-04-08 23:00:11 +02:00
|
|
|
)
|
2017-03-22 14:54:20 +01:00
|
|
|
|
|
|
|
|
2019-04-08 23:00:11 +02:00
|
|
|
class KeyStoreTestCase(tests.unittest.HomeserverTestCase):
|
2022-12-09 18:36:32 +01:00
|
|
|
def test_get_server_verify_keys(self) -> None:
|
2022-02-23 12:04:02 +01:00
|
|
|
store = self.hs.get_datastores().main
|
2019-04-08 23:00:11 +02:00
|
|
|
|
2019-05-23 12:45:39 +02:00
|
|
|
key_id_1 = "ed25519:key1"
|
|
|
|
key_id_2 = "ed25519:KEY_ID_2"
|
2023-02-14 20:03:35 +01:00
|
|
|
self.get_success(
|
|
|
|
store.store_server_verify_keys(
|
|
|
|
"from_server",
|
|
|
|
10,
|
2023-04-13 16:35:03 +02:00
|
|
|
{
|
|
|
|
("server1", key_id_1): FetchKeyResult(KEY_1, 100),
|
|
|
|
("server1", key_id_2): FetchKeyResult(KEY_2, 200),
|
|
|
|
},
|
2023-02-14 20:03:35 +01:00
|
|
|
)
|
2019-05-23 12:45:39 +02:00
|
|
|
)
|
2017-03-22 14:54:20 +01:00
|
|
|
|
2023-02-14 20:03:35 +01:00
|
|
|
res = self.get_success(
|
|
|
|
store.get_server_verify_keys(
|
|
|
|
[
|
|
|
|
("server1", key_id_1),
|
|
|
|
("server1", key_id_2),
|
|
|
|
("server1", "ed25519:key3"),
|
|
|
|
]
|
|
|
|
)
|
2018-08-10 15:54:09 +02:00
|
|
|
)
|
2017-03-22 14:54:20 +01:00
|
|
|
|
2019-04-08 15:51:07 +02:00
|
|
|
self.assertEqual(len(res.keys()), 3)
|
2019-05-23 12:45:39 +02:00
|
|
|
res1 = res[("server1", key_id_1)]
|
2019-04-03 19:10:24 +02:00
|
|
|
self.assertEqual(res1.verify_key, KEY_1)
|
|
|
|
self.assertEqual(res1.verify_key.version, "key1")
|
|
|
|
self.assertEqual(res1.valid_until_ts, 100)
|
2019-05-23 12:45:39 +02:00
|
|
|
|
|
|
|
res2 = res[("server1", key_id_2)]
|
2019-04-03 19:10:24 +02:00
|
|
|
self.assertEqual(res2.verify_key, KEY_2)
|
2019-05-23 12:45:39 +02:00
|
|
|
# version comes from the ID it was stored with
|
2019-04-03 19:10:24 +02:00
|
|
|
self.assertEqual(res2.verify_key.version, "KEY_ID_2")
|
|
|
|
self.assertEqual(res2.valid_until_ts, 200)
|
2019-04-08 15:51:07 +02:00
|
|
|
|
|
|
|
# non-existent result gives None
|
|
|
|
self.assertIsNone(res[("server1", "ed25519:key3")])
|
|
|
|
|
2022-12-09 18:36:32 +01:00
|
|
|
def test_cache(self) -> None:
|
2019-04-08 15:51:07 +02:00
|
|
|
"""Check that updates correctly invalidate the cache."""
|
|
|
|
|
2022-02-23 12:04:02 +01:00
|
|
|
store = self.hs.get_datastores().main
|
2019-04-08 15:51:07 +02:00
|
|
|
|
|
|
|
key_id_1 = "ed25519:key1"
|
|
|
|
key_id_2 = "ed25519:key2"
|
|
|
|
|
2023-02-14 20:03:35 +01:00
|
|
|
self.get_success(
|
|
|
|
store.store_server_verify_keys(
|
|
|
|
"from_server",
|
|
|
|
0,
|
2023-04-13 16:35:03 +02:00
|
|
|
{
|
|
|
|
("srv1", key_id_1): FetchKeyResult(KEY_1, 100),
|
|
|
|
("srv1", key_id_2): FetchKeyResult(KEY_2, 200),
|
|
|
|
},
|
2023-02-14 20:03:35 +01:00
|
|
|
)
|
2019-05-23 12:45:39 +02:00
|
|
|
)
|
2019-04-08 15:51:07 +02:00
|
|
|
|
2023-02-14 20:03:35 +01:00
|
|
|
res = self.get_success(
|
|
|
|
store.get_server_verify_keys([("srv1", key_id_1), ("srv1", key_id_2)])
|
|
|
|
)
|
2019-04-08 15:51:07 +02:00
|
|
|
self.assertEqual(len(res.keys()), 2)
|
2019-04-03 19:10:24 +02:00
|
|
|
|
|
|
|
res1 = res[("srv1", key_id_1)]
|
|
|
|
self.assertEqual(res1.verify_key, KEY_1)
|
|
|
|
self.assertEqual(res1.valid_until_ts, 100)
|
|
|
|
|
|
|
|
res2 = res[("srv1", key_id_2)]
|
|
|
|
self.assertEqual(res2.verify_key, KEY_2)
|
|
|
|
self.assertEqual(res2.valid_until_ts, 200)
|
2019-04-08 15:51:07 +02:00
|
|
|
|
|
|
|
# we should be able to look up the same thing again without a db hit
|
2023-02-14 20:03:35 +01:00
|
|
|
res = self.get_success(store.get_server_verify_keys([("srv1", key_id_1)]))
|
2019-04-08 15:51:07 +02:00
|
|
|
self.assertEqual(len(res.keys()), 1)
|
2019-04-03 19:10:24 +02:00
|
|
|
self.assertEqual(res[("srv1", key_id_1)].verify_key, KEY_1)
|
2019-04-08 15:51:07 +02:00
|
|
|
|
|
|
|
new_key_2 = signedjson.key.get_verify_key(
|
|
|
|
signedjson.key.generate_signing_key("key2")
|
|
|
|
)
|
2019-05-23 12:45:39 +02:00
|
|
|
d = store.store_server_verify_keys(
|
2023-04-13 16:35:03 +02:00
|
|
|
"from_server", 10, {("srv1", key_id_2): FetchKeyResult(new_key_2, 300)}
|
2019-05-23 12:45:39 +02:00
|
|
|
)
|
2019-04-08 15:51:07 +02:00
|
|
|
self.get_success(d)
|
|
|
|
|
2023-02-14 20:03:35 +01:00
|
|
|
res = self.get_success(
|
|
|
|
store.get_server_verify_keys([("srv1", key_id_1), ("srv1", key_id_2)])
|
|
|
|
)
|
2017-03-22 14:54:20 +01:00
|
|
|
self.assertEqual(len(res.keys()), 2)
|
2019-04-03 19:10:24 +02:00
|
|
|
|
|
|
|
res1 = res[("srv1", key_id_1)]
|
|
|
|
self.assertEqual(res1.verify_key, KEY_1)
|
|
|
|
self.assertEqual(res1.valid_until_ts, 100)
|
|
|
|
|
|
|
|
res2 = res[("srv1", key_id_2)]
|
|
|
|
self.assertEqual(res2.verify_key, new_key_2)
|
|
|
|
self.assertEqual(res2.valid_until_ts, 300)
|