Store key validity time in the storage layer

This is a first step to checking that the key is valid at the required moment. The idea here is that, rather than passing VerifyKey objects in and out of the storage layer, we instead pass FetchKeyResult objects, which simply wrap the VerifyKey and add a valid_until_ts field.
2025-08-08 00:22:22 -04:00 · 2019-04-03 18:10:24 +01:00 · 2019-04-03 18:10:24 +01:00 · b75537beaf
commit b75537beaf
parent 84660d91b2
6 changed files with 122 additions and 46 deletions
--- a/tests/crypto/test_keyring.py
+++ b/tests/crypto/test_keyring.py
@ -25,6 +25,7 @@ from twisted.internet import defer
 from synapse.api.errors import SynapseError
 from synapse.crypto import keyring
 from synapse.crypto.keyring import KeyLookupError
+from synapse.storage.keys import FetchKeyResult
 from synapse.util import logcontext
 from synapse.util.logcontext import LoggingContext

@ -201,7 +202,7 @@ class KeyringTestCase(unittest.HomeserverTestCase):
                (
                    "server9",
                    key1_id,
-                    signedjson.key.get_verify_key(key1),
+                    FetchKeyResult(signedjson.key.get_verify_key(key1), 1000),
                ),
            ],
        )
@ -251,9 +252,10 @@ class KeyringTestCase(unittest.HomeserverTestCase):
        server_name_and_key_ids = [(SERVER_NAME, ("key1",))]
        keys = self.get_success(kr.get_keys_from_server(server_name_and_key_ids))
        k = keys[SERVER_NAME][testverifykey_id]
-        self.assertEqual(k, testverifykey)
-        self.assertEqual(k.alg, "ed25519")
-        self.assertEqual(k.version, "ver1")
+        self.assertEqual(k.valid_until_ts, VALID_UNTIL_TS)
+        self.assertEqual(k.verify_key, testverifykey)
+        self.assertEqual(k.verify_key.alg, "ed25519")
+        self.assertEqual(k.verify_key.version, "ver1")

        # check that the perspectives store is correctly updated
        lookup_triplet = (SERVER_NAME, testverifykey_id, None)
@ -321,9 +323,10 @@ class KeyringTestCase(unittest.HomeserverTestCase):
        keys = self.get_success(kr.get_keys_from_perspectives(server_name_and_key_ids))
        self.assertIn(SERVER_NAME, keys)
        k = keys[SERVER_NAME][testverifykey_id]
-        self.assertEqual(k, testverifykey)
-        self.assertEqual(k.alg, "ed25519")
-        self.assertEqual(k.version, "ver1")
+        self.assertEqual(k.valid_until_ts, VALID_UNTIL_TS)
+        self.assertEqual(k.verify_key, testverifykey)
+        self.assertEqual(k.verify_key.alg, "ed25519")
+        self.assertEqual(k.verify_key.version, "ver1")

        # check that the perspectives store is correctly updated
        lookup_triplet = (SERVER_NAME, testverifykey_id, None)
@ -346,7 +349,10 @@ class KeyringTestCase(unittest.HomeserverTestCase):

@defer.inlineCallbacks
 def run_in_context(f, *args, **kwargs):
-    with LoggingContext("testctx"):
+    with LoggingContext("testctx") as ctx:
+        # we set the "request" prop to make it easier to follow what's going on in the
+        # logs.
+        ctx.request = "testctx"
        rv = yield f(*args, **kwargs)
    defer.returnValue(rv)