Support creating a new directory with a pre-determined signing key #1365
Conversation
And appease type-checkers.
| self, | ||
| initial_children=None, | ||
| version=None, | ||
| *, |
There was a problem hiding this comment.
I don't think we use this syntax or type-hinting anywhere else in this codebase, so might cause more confusion than it solves? Ideally should gain a docstring (too/instead).
There was a problem hiding this comment.
I've added a docstring via f694224
The syntax and type-hinting follow the already-existing create_mutable_file function (just two functions down in the same module) which I was borrowing from. 00f82a4 adds the missing hints (if that's what you were referring to?) but I can take them out entirely and/or inline everything if that's what you would prefer -- just let me know. (I found a number of conflicting "styles" in use throughout the codebase and wasn't sure which to follow so I'm happy to have some guidance here on expected standards :).
There was a problem hiding this comment.
thanks for the docstring. leaving the type-hints is fine / good (just AFAIK they won't really "do" anything but that can come later)
src/allmydata/test/test_dirnode.py
Outdated
| keypair, the resulting filecap should also always be the same. | ||
| """ | ||
| # Randomly generated with `openssl genrsa -out privkey.pem 2048` | ||
| privkey_pem = """-----BEGIN RSA PRIVATE KEY----- |
There was a problem hiding this comment.
Could be worthwhile factoring these out into the existing src/allmydata/test/data/* directory for readability.
| unique, that it is kept confidential, and that it was derived from an | ||
| appropriate (high-entropy) source of randomness. If this argument is omitted | ||
| (the default behavior), Tahoe-LAFS will generate an appropriate signing key | ||
| using the underlying operating system's source of entropy. |
There was a problem hiding this comment.
If there's a straightforward command-line to do this, it might be nice to include an example (i.e. to turn a PEM file into "a DER-encoded urlsafe b64" string).
There was a problem hiding this comment.
I'm not sure if this counts as "straightforward", but here's an attempt.
|
Looks like one of those failures is something like "a test_system test -- test_mutable_mdmf -- times out, but doesn't get killed correctly causing follow-on "reactor is dirty" errors in several other tests ... the other two are "test_mutable_mdmf fails". ... not looking for further action in this PR but I looked so wanted to note it somewhere |
This PR adds support for specifying the signing key to use when creating a new mutable directory via the web API. More specifically, with this, users can pass an optional
private-key=...argument to POST?t=mkdiror?t=mkdir-with-childrenin order to specify the key to be used -- where the value ofprivate-keymust be a DER-encoded 2048-bit RSA private key in "urlsafe" base64 encoding. Because the resultant mutable directory writecap is (always) derived deterministically from its underlying signing key, additional care should be taken when generating and handling the this value. See the updateddocs/frontends/webapi.rstfor further details.Note that this PR effectively builds upon prior/existing work from #1245 (which previously added support for such a
private-key=...argument for new mutable files; this PR mainly extends such support to new mutable directories).Closes ticket 4094.