From e25e4e610114407709d2d1fabfdef38e19694f0a Mon Sep 17 00:00:00 2001
From: Jean-Paul Calderone <exarkun@twistedmatrix.com>
Date: Wed, 21 Jul 2021 14:58:29 -0400
Subject: [PATCH] Begin to teach PaymentController about allowed public keys
Now PaymentController has a set of these as an attribute. It could possibly
consider making some decisions based on this value now.
---
src/_zkapauthorizer/controller.py | 5 +++++
src/_zkapauthorizer/resource.py | 2 ++
src/_zkapauthorizer/storage_common.py | 7 +++++++
src/_zkapauthorizer/tests/fixtures.py | 1 +
src/_zkapauthorizer/tests/test_controller.py | 11 +++++++++++
src/_zkapauthorizer/tests/test_plugin.py | 1 +
6 files changed, 27 insertions(+)
diff --git a/src/_zkapauthorizer/controller.py b/src/_zkapauthorizer/controller.py
index 69571ca..fa1cecd 100644
--- a/src/_zkapauthorizer/controller.py
+++ b/src/_zkapauthorizer/controller.py
@@ -705,6 +705,9 @@ class PaymentController(object):
redeeming a voucher, if no other count is given when the redemption is
started.
+ :ivar set[unicode] allowed_public_keys: The base64-encoded public keys for
+ which to accept tokens.
+
:ivar dict[unicode, Redeeming] _active: A mapping from voucher identifiers
which currently have redemption attempts in progress to a
``Redeeming`` state representing the attempt.
@@ -735,6 +738,8 @@ class PaymentController(object):
redeemer = attr.ib()
default_token_count = attr.ib()
+ allowed_public_keys = attr.ib(validator=attr.validators.instance_of(set))
+
num_redemption_groups = attr.ib(default=16)
_clock = attr.ib(default=None)
diff --git a/src/_zkapauthorizer/resource.py b/src/_zkapauthorizer/resource.py
index e5e31ea..cc58494 100644
--- a/src/_zkapauthorizer/resource.py
+++ b/src/_zkapauthorizer/resource.py
@@ -64,6 +64,7 @@ from .storage_common import (
get_configured_shares_total,
get_configured_pass_value,
get_configured_lease_duration,
+ get_configured_allowed_public_keys,
)
from .pricecalculator import (
@@ -157,6 +158,7 @@ def from_configuration(
store,
redeemer,
default_token_count,
+ allowed_public_keys=get_configured_allowed_public_keys(node_config),
clock=clock,
)
diff --git a/src/_zkapauthorizer/storage_common.py b/src/_zkapauthorizer/storage_common.py
index 487c164..22fa766 100644
--- a/src/_zkapauthorizer/storage_common.py
+++ b/src/_zkapauthorizer/storage_common.py
@@ -132,6 +132,13 @@ def get_configured_lease_duration(node_config):
return 31 * 24 * 60 * 60
+def get_configured_allowed_public_keys(node_config):
+ """
+ Read the set of allowed issuer public keys from the given configuration.
+ """
+ return set()
+
+
def required_passes(bytes_per_pass, share_sizes):
"""
Calculate the number of passes that are required to store shares of the
diff --git a/src/_zkapauthorizer/tests/fixtures.py b/src/_zkapauthorizer/tests/fixtures.py
index 1b22650..39d111c 100644
--- a/src/_zkapauthorizer/tests/fixtures.py
+++ b/src/_zkapauthorizer/tests/fixtures.py
@@ -136,6 +136,7 @@ class ConfiglessMemoryVoucherStore(Fixture):
# minimum token count requirement (can't have fewer tokens
# than groups).
num_redemption_groups=1,
+ allowed_public_keys={self._public_key},
clock=Clock(),
).redeem(
voucher,
diff --git a/src/_zkapauthorizer/tests/test_controller.py b/src/_zkapauthorizer/tests/test_controller.py
index 73398aa..e96aafb 100644
--- a/src/_zkapauthorizer/tests/test_controller.py
+++ b/src/_zkapauthorizer/tests/test_controller.py
@@ -231,6 +231,7 @@ class PaymentControllerTests(TestCase):
store,
DummyRedeemer(public_key),
default_token_count=100,
+ allowed_public_keys={public_key},
clock=Clock(),
)
@@ -267,6 +268,7 @@ class PaymentControllerTests(TestCase):
store,
NonRedeemer(),
default_token_count=100,
+ allowed_public_keys=set(),
clock=Clock(),
)
self.assertThat(
@@ -304,6 +306,7 @@ class PaymentControllerTests(TestCase):
# Require more success than we're going to get so it doesn't
# finish.
num_redemption_groups=counter,
+ allowed_public_keys={public_key},
clock=Clock(),
)
@@ -360,6 +363,7 @@ class PaymentControllerTests(TestCase):
),
default_token_count=num_tokens,
num_redemption_groups=num_redemption_groups,
+ allowed_public_keys={public_key},
clock=Clock(),
)
self.assertThat(
@@ -386,6 +390,7 @@ class PaymentControllerTests(TestCase):
# The number of redemption groups must not change for
# redemption of a particular voucher.
num_redemption_groups=num_redemption_groups,
+ allowed_public_keys={public_key},
clock=Clock(),
)
@@ -421,6 +426,7 @@ class PaymentControllerTests(TestCase):
redeemer,
default_token_count=num_tokens,
num_redemption_groups=num_redemption_groups,
+ allowed_public_keys=set(),
clock=Clock(),
)
self.assertThat(
@@ -445,6 +451,7 @@ class PaymentControllerTests(TestCase):
store,
DummyRedeemer(public_key),
default_token_count=100,
+ allowed_public_keys={public_key},
clock=Clock(),
)
self.assertThat(
@@ -473,6 +480,7 @@ class PaymentControllerTests(TestCase):
store,
DoubleSpendRedeemer(),
default_token_count=100,
+ allowed_public_keys=set(),
clock=Clock(),
)
self.assertThat(
@@ -503,6 +511,7 @@ class PaymentControllerTests(TestCase):
store,
UnpaidRedeemer(),
default_token_count=100,
+ allowed_public_keys=set(),
clock=Clock(),
)
self.assertThat(
@@ -523,6 +532,7 @@ class PaymentControllerTests(TestCase):
store,
DummyRedeemer(public_key),
default_token_count=100,
+ allowed_public_keys={public_key},
clock=Clock(),
)
@@ -553,6 +563,7 @@ class PaymentControllerTests(TestCase):
store,
UnpaidRedeemer(),
default_token_count=100,
+ allowed_public_keys=set(),
clock=clock,
)
self.assertThat(
diff --git a/src/_zkapauthorizer/tests/test_plugin.py b/src/_zkapauthorizer/tests/test_plugin.py
index 0db1a37..4975c04 100644
--- a/src/_zkapauthorizer/tests/test_plugin.py
+++ b/src/_zkapauthorizer/tests/test_plugin.py
@@ -500,6 +500,7 @@ class ClientPluginTests(TestCase):
DummyRedeemer(public_key),
default_token_count=num_passes,
num_redemption_groups=1,
+ allowed_public_keys={public_key},
clock=Clock(),
)
# Get a token inserted into the store.
--
GitLab