gitlord
/
synapse
kopie van https://github.com/matrix-org/synapse.git
1
0
Vork 0
Code Kwesties 0 Publicaties 671 Wiki Activiteit
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11670 Commits
842 Branches
297 MiB
 
 
 
 
 
 
Tree: 99dd975dae
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van '99dd975dae'
${ noResults }
synapse/tests/crypto/test_keyring.py

220 regels
8.0 KiB
Ruw Blame Geschiedenis 

  1. # -*- coding: utf-8 -*-

  2. # Copyright 2017 New Vector Ltd.

  3. #

  4. # Licensed under the Apache License, Version 2.0 (the "License");

  5. # you may not use this file except in compliance with the License.

  6. # You may obtain a copy of the License at

  7. #

  8. #     http://www.apache.org/licenses/LICENSE-2.0

  9. #

  10. # Unless required by applicable law or agreed to in writing, software

  11. # distributed under the License is distributed on an "AS IS" BASIS,

  12. # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. # See the License for the specific language governing permissions and

  14. # limitations under the License.

  15. import time

  16. 

  17. from mock import Mock

  18. 

  19. import signedjson.key

  20. import signedjson.sign

  21. 

  22. from twisted.internet import defer, reactor

  23. 

  24. from synapse.api.errors import SynapseError

  25. from synapse.crypto import keyring

  26. from synapse.util import Clock, logcontext

  27. from synapse.util.logcontext import LoggingContext

  28. 

  29. from tests import unittest, utils

  30. 

  31. 

  32. class MockPerspectiveServer(object):

  33.     def __init__(self):

  34.         self.server_name = "mock_server"

  35.         self.key = signedjson.key.generate_signing_key(0)

  36. 

  37.     def get_verify_keys(self):

  38.         vk = signedjson.key.get_verify_key(self.key)

  39.         return {"%s:%s" % (vk.alg, vk.version): vk}

  40. 

  41.     def get_signed_key(self, server_name, verify_key):

  42.         key_id = "%s:%s" % (verify_key.alg, verify_key.version)

  43.         res = {

  44.             "server_name": server_name,

  45.             "old_verify_keys": {},

  46.             "valid_until_ts": time.time() * 1000 + 3600,

  47.             "verify_keys": {

  48.                 key_id: {"key": signedjson.key.encode_verify_key_base64(verify_key)}

  49.             },

  50.         }

  51.         signedjson.sign.sign_json(res, self.server_name, self.key)

  52.         return res

  53. 

  54. 

  55. class KeyringTestCase(unittest.TestCase):

  56.     @defer.inlineCallbacks

  57.     def setUp(self):

  58.         self.mock_perspective_server = MockPerspectiveServer()

  59.         self.http_client = Mock()

  60.         self.hs = yield utils.setup_test_homeserver(

  61.             self.addCleanup, handlers=None, http_client=self.http_client

  62.         )

  63.         keys = self.mock_perspective_server.get_verify_keys()

  64.         self.hs.config.perspectives = {self.mock_perspective_server.server_name: keys}

  65. 

  66.     def check_context(self, _, expected):

  67.         self.assertEquals(

  68.             getattr(LoggingContext.current_context(), "request", None), expected

  69.         )

  70. 

  71.     @defer.inlineCallbacks

  72.     def test_wait_for_previous_lookups(self):

  73.         sentinel_context = LoggingContext.current_context()

  74. 

  75.         kr = keyring.Keyring(self.hs)

  76. 

  77.         lookup_1_deferred = defer.Deferred()

  78.         lookup_2_deferred = defer.Deferred()

  79. 

  80.         with LoggingContext("one") as context_one:

  81.             context_one.request = "one"

  82. 

  83.             wait_1_deferred = kr.wait_for_previous_lookups(

  84.                 ["server1"], {"server1": lookup_1_deferred}

  85.             )

  86. 

  87.             # there were no previous lookups, so the deferred should be ready

  88.             self.assertTrue(wait_1_deferred.called)

  89.             # ... so we should have preserved the LoggingContext.

  90.             self.assertIs(LoggingContext.current_context(), context_one)

  91.             wait_1_deferred.addBoth(self.check_context, "one")

  92. 

  93.         with LoggingContext("two") as context_two:

  94.             context_two.request = "two"

  95. 

  96.             # set off another wait. It should block because the first lookup

  97.             # hasn't yet completed.

  98.             wait_2_deferred = kr.wait_for_previous_lookups(

  99.                 ["server1"], {"server1": lookup_2_deferred}

  100.             )

  101.             self.assertFalse(wait_2_deferred.called)

  102.             # ... so we should have reset the LoggingContext.

  103.             self.assertIs(LoggingContext.current_context(), sentinel_context)

  104.             wait_2_deferred.addBoth(self.check_context, "two")

  105. 

  106.             # let the first lookup complete (in the sentinel context)

  107.             lookup_1_deferred.callback(None)

  108. 

  109.             # now the second wait should complete and restore our

  110.             # loggingcontext.

  111.             yield wait_2_deferred

  112. 

  113.     @defer.inlineCallbacks

  114.     def test_verify_json_objects_for_server_awaits_previous_requests(self):

  115.         clock = Clock(reactor)

  116.         key1 = signedjson.key.generate_signing_key(1)

  117. 

  118.         kr = keyring.Keyring(self.hs)

  119.         json1 = {}

  120.         signedjson.sign.sign_json(json1, "server10", key1)

  121. 

  122.         persp_resp = {

  123.             "server_keys": [

  124.                 self.mock_perspective_server.get_signed_key(

  125.                     "server10", signedjson.key.get_verify_key(key1)

  126.                 )

  127.             ]

  128.         }

  129.         persp_deferred = defer.Deferred()

  130. 

  131.         @defer.inlineCallbacks

  132.         def get_perspectives(**kwargs):

  133.             self.assertEquals(LoggingContext.current_context().request, "11")

  134.             with logcontext.PreserveLoggingContext():

  135.                 yield persp_deferred

  136.             defer.returnValue(persp_resp)

  137. 

  138.         self.http_client.post_json.side_effect = get_perspectives

  139. 

  140.         with LoggingContext("11") as context_11:

  141.             context_11.request = "11"

  142. 

  143.             # start off a first set of lookups

  144.             res_deferreds = kr.verify_json_objects_for_server(

  145.                 [("server10", json1), ("server11", {})]

  146.             )

  147. 

  148.             # the unsigned json should be rejected pretty quickly

  149.             self.assertTrue(res_deferreds[1].called)

  150.             try:

  151.                 yield res_deferreds[1]

  152.                 self.assertFalse("unsigned json didn't cause a failure")

  153.             except SynapseError:

  154.                 pass

  155. 

  156.             self.assertFalse(res_deferreds[0].called)

  157.             res_deferreds[0].addBoth(self.check_context, None)

  158. 

  159.             # wait a tick for it to send the request to the perspectives server

  160.             # (it first tries the datastore)

  161.             yield clock.sleep(1)  # XXX find out why this takes so long!

  162.             self.http_client.post_json.assert_called_once()

  163. 

  164.             self.assertIs(LoggingContext.current_context(), context_11)

  165. 

  166.             context_12 = LoggingContext("12")

  167.             context_12.request = "12"

  168.             with logcontext.PreserveLoggingContext(context_12):

  169.                 # a second request for a server with outstanding requests

  170.                 # should block rather than start a second call

  171.                 self.http_client.post_json.reset_mock()

  172.                 self.http_client.post_json.return_value = defer.Deferred()

  173. 

  174.                 res_deferreds_2 = kr.verify_json_objects_for_server(

  175.                     [("server10", json1)]

  176.                 )

  177.                 yield clock.sleep(1)

  178.                 self.http_client.post_json.assert_not_called()

  179.                 res_deferreds_2[0].addBoth(self.check_context, None)

  180. 

  181.             # complete the first request

  182.             with logcontext.PreserveLoggingContext():

  183.                 persp_deferred.callback(persp_resp)

  184.             self.assertIs(LoggingContext.current_context(), context_11)

  185. 

  186.             with logcontext.PreserveLoggingContext():

  187.                 yield res_deferreds[0]

  188.                 yield res_deferreds_2[0]

  189. 

  190.     @defer.inlineCallbacks

  191.     def test_verify_json_for_server(self):

  192.         kr = keyring.Keyring(self.hs)

  193. 

  194.         key1 = signedjson.key.generate_signing_key(1)

  195.         yield self.hs.datastore.store_server_verify_key(

  196.             "server9", "", time.time() * 1000, signedjson.key.get_verify_key(key1)

  197.         )

  198.         json1 = {}

  199.         signedjson.sign.sign_json(json1, "server9", key1)

  200. 

  201.         sentinel_context = LoggingContext.current_context()

  202. 

  203.         with LoggingContext("one") as context_one:

  204.             context_one.request = "one"

  205. 

  206.             defer = kr.verify_json_for_server("server9", {})

  207.             try:

  208.                 yield defer

  209.                 self.fail("should fail on unsigned json")

  210.             except SynapseError:

  211.                 pass

  212.             self.assertIs(LoggingContext.current_context(), context_one)

  213. 

  214.             defer = kr.verify_json_for_server("server9", json1)

  215.             self.assertFalse(defer.called)

  216.             self.assertIs(LoggingContext.current_context(), sentinel_context)

  217.             yield defer

  218. 

  219.             self.assertIs(LoggingContext.current_context(), context_one)