Make non-repudiation PostgreSQL back-end certificate adding idempotent (

#9024) Closes #9021 changelog_begin changelog_end
digital-asset · Mar 4, 2021 · d347934 · d347934
1 parent eaf7fb6
commit d347934
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 1 deletion.
diff --git a/...l/src/main/scala/com/daml/nonrepudiation/postgresql/PostgresqlCertificateRepository.scala b/...l/src/main/scala/com/daml/nonrepudiation/postgresql/PostgresqlCertificateRepository.scala
@@ -25,7 +25,7 @@ final class PostgresqlCertificateRepository(transactor: Transactor[IO])(implicit
     getCertificate(fingerprint).query[X509Certificate].option.transact(transactor).unsafeRunSync()
 
   private def putKey(fingerprint: FingerprintBytes, certificate: X509Certificate): Fragment =
-    fr"insert into" ++ table ++ fr"""(fingerprint, certificate) values ($fingerprint, $certificate)"""
+    fr"insert into" ++ table ++ fr"""(fingerprint, certificate) values ($fingerprint, $certificate) on conflict do nothing"""
 
   override def put(certificate: X509Certificate): FingerprintBytes = {
     val fingerprint = FingerprintBytes.compute(certificate)

diff --git a/...repudiation-postgresql/src/test/scala/com/daml/nonrepudiation/postgresql/TablesSpec.scala b/...repudiation-postgresql/src/test/scala/com/daml/nonrepudiation/postgresql/TablesSpec.scala
@@ -38,6 +38,17 @@ final class TablesSpec
     }
   }
 
+  it should "guarantee that adding a certificate is idempotent" in {
+    initializeDatabase(postgresDatabase.url, maxPoolSize = 10).use { db =>
+      val (_, expectedCertificate) = generateKeyAndCertificate()
+      val fingerprint1 = db.certificates.put(expectedCertificate)
+      val fingerprint2 = db.certificates.put(expectedCertificate)
+      fingerprint1 shouldEqual fingerprint2
+      val certificate = db.certificates.get(fingerprint1)
+      certificate.value.getEncoded shouldEqual expectedCertificate.getEncoded
+    }
+  }
+
   it should "correctly read and write signed payloads" in {
     initializeDatabase(postgresDatabase.url, maxPoolSize = 10).use { db =>
       val (privateKey, expectedCertificate) = generateKeyAndCertificate()

diff --git a/...onents/non-repudiation/src/main/scala/com/daml/nonrepudiation/CertificateRepository.scala b/...onents/non-repudiation/src/main/scala/com/daml/nonrepudiation/CertificateRepository.scala
@@ -10,11 +10,16 @@ import com.codahale.metrics.Timer
 object CertificateRepository {
 
   trait Read {
+
     def get(fingerprint: FingerprintBytes): Option[X509Certificate]
+
   }
 
   trait Write {
+
+    /** Must guarantee idempotence. */
     def put(certificate: X509Certificate): FingerprintBytes
+
   }
 
   final class Timed(timer: Timer, delegate: Read) extends Read {