diff --git a/src/_zkapauthorizer/controller.py b/src/_zkapauthorizer/controller.py index 69571ca2c03ab26d3389775df4849f1134b0e256..fa1cecda38348a93d0917ed40c68f4ae0a272901 100644 --- a/src/_zkapauthorizer/controller.py +++ b/src/_zkapauthorizer/controller.py @@ -705,6 +705,9 @@ class PaymentController(object): redeeming a voucher, if no other count is given when the redemption is started. + :ivar set[unicode] allowed_public_keys: The base64-encoded public keys for + which to accept tokens. + :ivar dict[unicode, Redeeming] _active: A mapping from voucher identifiers which currently have redemption attempts in progress to a ``Redeeming`` state representing the attempt. @@ -735,6 +738,8 @@ class PaymentController(object): redeemer = attr.ib() default_token_count = attr.ib() + allowed_public_keys = attr.ib(validator=attr.validators.instance_of(set)) + num_redemption_groups = attr.ib(default=16) _clock = attr.ib(default=None) diff --git a/src/_zkapauthorizer/resource.py b/src/_zkapauthorizer/resource.py index e5e31eae14212a1b9d9f9ad716e96ae27460d786..cc584940fd1cb44f329a43932d483bdb929e3508 100644 --- a/src/_zkapauthorizer/resource.py +++ b/src/_zkapauthorizer/resource.py @@ -64,6 +64,7 @@ from .storage_common import ( get_configured_shares_total, get_configured_pass_value, get_configured_lease_duration, + get_configured_allowed_public_keys, ) from .pricecalculator import ( @@ -157,6 +158,7 @@ def from_configuration( store, redeemer, default_token_count, + allowed_public_keys=get_configured_allowed_public_keys(node_config), clock=clock, ) diff --git a/src/_zkapauthorizer/storage_common.py b/src/_zkapauthorizer/storage_common.py index 487c164aa7f5cce69a2e9a66d5cbbfaa475ecd4e..22fa76676d92cdd657bb995ccf95fa7928af7b03 100644 --- a/src/_zkapauthorizer/storage_common.py +++ b/src/_zkapauthorizer/storage_common.py @@ -132,6 +132,13 @@ def get_configured_lease_duration(node_config): return 31 * 24 * 60 * 60 +def get_configured_allowed_public_keys(node_config): + """ + Read the set of allowed issuer public keys from the given configuration. + """ + return set() + + def required_passes(bytes_per_pass, share_sizes): """ Calculate the number of passes that are required to store shares of the diff --git a/src/_zkapauthorizer/tests/fixtures.py b/src/_zkapauthorizer/tests/fixtures.py index 1b226500bc327358f4dfa3ee28b981b209ca9d88..39d111cb1b356ea90cb9be6f72f4c66f319b8959 100644 --- a/src/_zkapauthorizer/tests/fixtures.py +++ b/src/_zkapauthorizer/tests/fixtures.py @@ -136,6 +136,7 @@ class ConfiglessMemoryVoucherStore(Fixture): # minimum token count requirement (can't have fewer tokens # than groups). num_redemption_groups=1, + allowed_public_keys={self._public_key}, clock=Clock(), ).redeem( voucher, diff --git a/src/_zkapauthorizer/tests/test_controller.py b/src/_zkapauthorizer/tests/test_controller.py index 73398aabd9fcbdaecdb4e8b4ed4c0dcbb27b2ff8..e96aafbc0c999d13075f543dabc05703a6e838e4 100644 --- a/src/_zkapauthorizer/tests/test_controller.py +++ b/src/_zkapauthorizer/tests/test_controller.py @@ -231,6 +231,7 @@ class PaymentControllerTests(TestCase): store, DummyRedeemer(public_key), default_token_count=100, + allowed_public_keys={public_key}, clock=Clock(), ) @@ -267,6 +268,7 @@ class PaymentControllerTests(TestCase): store, NonRedeemer(), default_token_count=100, + allowed_public_keys=set(), clock=Clock(), ) self.assertThat( @@ -304,6 +306,7 @@ class PaymentControllerTests(TestCase): # Require more success than we're going to get so it doesn't # finish. num_redemption_groups=counter, + allowed_public_keys={public_key}, clock=Clock(), ) @@ -360,6 +363,7 @@ class PaymentControllerTests(TestCase): ), default_token_count=num_tokens, num_redemption_groups=num_redemption_groups, + allowed_public_keys={public_key}, clock=Clock(), ) self.assertThat( @@ -386,6 +390,7 @@ class PaymentControllerTests(TestCase): # The number of redemption groups must not change for # redemption of a particular voucher. num_redemption_groups=num_redemption_groups, + allowed_public_keys={public_key}, clock=Clock(), ) @@ -421,6 +426,7 @@ class PaymentControllerTests(TestCase): redeemer, default_token_count=num_tokens, num_redemption_groups=num_redemption_groups, + allowed_public_keys=set(), clock=Clock(), ) self.assertThat( @@ -445,6 +451,7 @@ class PaymentControllerTests(TestCase): store, DummyRedeemer(public_key), default_token_count=100, + allowed_public_keys={public_key}, clock=Clock(), ) self.assertThat( @@ -473,6 +480,7 @@ class PaymentControllerTests(TestCase): store, DoubleSpendRedeemer(), default_token_count=100, + allowed_public_keys=set(), clock=Clock(), ) self.assertThat( @@ -503,6 +511,7 @@ class PaymentControllerTests(TestCase): store, UnpaidRedeemer(), default_token_count=100, + allowed_public_keys=set(), clock=Clock(), ) self.assertThat( @@ -523,6 +532,7 @@ class PaymentControllerTests(TestCase): store, DummyRedeemer(public_key), default_token_count=100, + allowed_public_keys={public_key}, clock=Clock(), ) @@ -553,6 +563,7 @@ class PaymentControllerTests(TestCase): store, UnpaidRedeemer(), default_token_count=100, + allowed_public_keys=set(), clock=clock, ) self.assertThat( diff --git a/src/_zkapauthorizer/tests/test_plugin.py b/src/_zkapauthorizer/tests/test_plugin.py index 0db1a375d2ffe5c1c7143920909f4a346f6791c5..4975c048be3b1a476f1c39f7d812f8060bc82232 100644 --- a/src/_zkapauthorizer/tests/test_plugin.py +++ b/src/_zkapauthorizer/tests/test_plugin.py @@ -500,6 +500,7 @@ class ClientPluginTests(TestCase): DummyRedeemer(public_key), default_token_count=num_passes, num_redemption_groups=1, + allowed_public_keys={public_key}, clock=Clock(), ) # Get a token inserted into the store.