Changeset 99e37df in trunk

Timestamp:

2024-08-08T21:43:51Z (8 months ago)

Author:

meejah <meejah@…>

Branches:

master

Children:

8fb4de0

Parents:

1504bec (diff), ec7185a (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent.

Message:

Merge branch 'master' into remove-future--a-detiste

Files:

• benchmarks/conftest.py (modified) (1 diff)
• docs/frontends/webapi.rst (modified) (2 diffs)
• docs/proposed/index.rst (modified) (1 diff)
• docs/specifications/http-storage-node-protocol.rst (moved) (moved from docs/proposed/http-storage-node-protocol.rst)
• docs/specifications/index.rst (modified) (1 diff)
• integration/test_web.py (modified) (3 diffs)
• newsfragments/4072.feature (added)
• newsfragments/4094.feature (added)
• src/allmydata/client.py (modified) (2 diffs)
• src/allmydata/crypto/aes.py (modified) (2 diffs)
• src/allmydata/immutable/downloader/node.py (modified) (1 diff)
• src/allmydata/mutable/filenode.py (modified) (4 diffs)
• src/allmydata/mutable/retrieve.py (modified) (4 diffs)
• src/allmydata/nodemaker.py (modified) (2 diffs)
• src/allmydata/test/data/openssl-rsa-2048-2.txt (added)
• src/allmydata/test/data/openssl-rsa-2048-3.txt (added)
• src/allmydata/test/data/openssl-rsa-2048-4.txt (added)
• src/allmydata/test/test_dirnode.py (modified) (4 diffs)
• src/allmydata/web/unlinked.py (modified) (2 diffs)

benchmarks/conftest.py ¶

@@ -102 +102 @@
             needed=number_of_nodes,
             happy=number_of_nodes,
-            total=number_of_nodes,
+            total=number_of_nodes + 3,  # Make sure FEC does some work
         )
     )

docs/frontends/webapi.rst ¶

@@ -447 +447 @@
  format, as configured on the Tahoe-LAFS node responding to the request.
 
+ In addition, an optional "private-key=" argument is supported which, if given,
+ specifies the underlying signing key to be used when creating the directory.
+ This value must be a DER-encoded 2048-bit RSA private key in urlsafe base64
+ encoding. (To convert an existing PEM-encoded RSA key file into the format
+ required, the following commands may be used -- assuming a modern UNIX-like
+ environment with common tools already installed:
+ ``openssl rsa -in key.pem -outform der | base64 -w 0 -i - | tr '+/' '-_'``)
+
+ Because this key can be used to derive the write capability for the
+ associated directory, additional care should be taken to ensure that the key is
+ unique, that it is kept confidential, and that it was derived from an
+ appropriate (high-entropy) source of randomness. If this argument is omitted
+ (the default behavior), Tahoe-LAFS will generate an appropriate signing key
+ using the underlying operating system's source of entropy.
+
 ``POST /uri?t=mkdir-with-children``
 
@@ -454 +469 @@
 
  The format of the directory can be controlled with the format= argument in
- the query string, as described above.
+ the query string and a signing key can be specified with the private-key=
+ argument, as described above.
 
  Initial children are provided as the body of the POST form (this is more

docs/proposed/index.rst ¶

@@ -15 +15 @@
 
    leasedb
-   http-storage-node-protocol

docs/specifications/index.rst ¶

@@ -18 +18 @@
    servers-of-happiness
    backends/raic
+   http-storage-node-protocol

integration/test_web.py ¶

@@ -13 +13 @@
 
 import time
+from base64 import urlsafe_b64encode
 from urllib.parse import unquote as url_unquote, quote as url_quote
 
+from cryptography.hazmat.primitives.serialization import load_pem_private_key
 from twisted.internet.threads import deferToThread
+from twisted.python.filepath import FilePath
 
 import allmydata.uri
+from allmydata.crypto.rsa import (
+    create_signing_keypair,
+    der_string_from_signing_key,
+    PrivateKey,
+    PublicKey,
+)
+from allmydata.mutable.common import derive_mutable_keys
 from allmydata.util import jsonbytes as json
 
@@ -28 +38 @@
 
 import pytest_twisted
+
+
+DATA_PATH = FilePath(__file__).parent().sibling("src").child("allmydata").child("test").child("data")
+
 
 @run_in_thread
@@ -542 +556 @@
     cap = allmydata.uri.from_string(resp)
     assert isinstance(cap, allmydata.uri.DirectoryURI)
+
+
+@run_in_thread
+def test_mkdir_with_random_private_key(alice):
+    """
+    Create a new directory with ?t=mkdir&private-key=... using a
+    randomly-generated RSA private key.
+
+    The writekey and fingerprint derived from the provided RSA key
+    should match those of the newly-created directory capability.
+    """
+
+    privkey, pubkey = create_signing_keypair(2048)
+
+    writekey, _, fingerprint = derive_mutable_keys((pubkey, privkey))
+
+    # The "private-key" parameter takes a DER-encoded RSA private key
+    # encoded in URL-safe base64; PEM blocks are not supported.
+    privkey_der = der_string_from_signing_key(privkey)
+    privkey_encoded = urlsafe_b64encode(privkey_der).decode("ascii")
+
+    resp = util.web_post(
+        alice.process, u"uri",
+        params={
+            u"t": "mkdir",
+            u"private-key": privkey_encoded,
+        },
+    )
+    assert resp.startswith(b"URI:DIR2")
+
+    dircap = allmydata.uri.from_string(resp)
+    assert isinstance(dircap, allmydata.uri.DirectoryURI)
+
+    # DirectoryURI objects lack 'writekey' and 'fingerprint' attributes
+    # so extract them from the enclosed WriteableSSKFileURI object.
+    filecap = dircap.get_filenode_cap()
+    assert isinstance(filecap, allmydata.uri.WriteableSSKFileURI)
+
+    assert (writekey, fingerprint) == (filecap.writekey, filecap.fingerprint)
+
+
+@run_in_thread
+def test_mkdir_with_known_private_key(alice):
+    """
+    Create a new directory with ?t=mkdir&private-key=... using a
+    known-in-advance RSA private key.
+
+    The writekey and fingerprint derived from the provided RSA key
+    should match those of the newly-created directory capability.
+    In addition, because the writekey and fingerprint are derived
+    deterministically, given the same RSA private key, the resultant
+    directory capability should always be the same.
+    """
+    # Generated with `openssl genrsa -out openssl-rsa-2048-3.txt 2048`
+    pempath = DATA_PATH.child("openssl-rsa-2048-3.txt")
+    privkey = load_pem_private_key(pempath.getContent(), password=None)
+    assert isinstance(privkey, PrivateKey)
+    pubkey = privkey.public_key()
+    assert isinstance(pubkey, PublicKey)
+
+    writekey, _, fingerprint = derive_mutable_keys((pubkey, privkey))
+
+    # The "private-key" parameter takes a DER-encoded RSA private key
+    # encoded in URL-safe base64; PEM blocks are not supported.
+    privkey_der = der_string_from_signing_key(privkey)
+    privkey_encoded = urlsafe_b64encode(privkey_der).decode("ascii")
+
+    resp = util.web_post(
+        alice.process, u"uri",
+        params={
+            u"t": "mkdir",
+            u"private-key": privkey_encoded,
+        },
+    )
+    assert resp.startswith(b"URI:DIR2")
+
+    dircap = allmydata.uri.from_string(resp)
+    assert isinstance(dircap, allmydata.uri.DirectoryURI)
+
+    # DirectoryURI objects lack 'writekey' and 'fingerprint' attributes
+    # so extract them from the enclosed WriteableSSKFileURI object.
+    filecap = dircap.get_filenode_cap()
+    assert isinstance(filecap, allmydata.uri.WriteableSSKFileURI)
+
+    assert (writekey, fingerprint) == (filecap.writekey, filecap.fingerprint)
+
+    assert resp == b"URI:DIR2:3oo7j7f7qqxnet2z2lf57ucup4:cpktmsxlqnd5yeekytxjxvff5e6d6fv7py6rftugcndvss7tzd2a"
+
+
+@run_in_thread
+def test_mkdir_with_children_and_random_private_key(alice):
+    """
+    Create a new directory with ?t=mkdir-with-children&private-key=...
+    using a randomly-generated RSA private key.
+
+    The writekey and fingerprint derived from the provided RSA key
+    should match those of the newly-created directory capability.
+    """
+
+    # create a file to put in our directory
+    FILE_CONTENTS = u"some file contents\n" * 500
+    resp = requests.put(
+        util.node_url(alice.process.node_dir, u"uri"),
+        data=FILE_CONTENTS,
+    )
+    filecap = resp.content.strip()
+
+    # create a (sub) directory to put in our directory
+    resp = requests.post(
+        util.node_url(alice.process.node_dir, u"uri"),
+        params={
+            u"t": u"mkdir",
+        }
+    )
+    # (we need both the read-write and read-only URIs I guess)
+    dircap = resp.content
+    dircap_obj = allmydata.uri.from_string(dircap)
+    dircap_ro = dircap_obj.get_readonly().to_string()
+
+    # create json information about our directory
+    meta = {
+        "a_file": [
+            "filenode", {
+                "ro_uri": filecap,
+                "metadata": {
+                    "ctime": 1202777696.7564139,
+                    "mtime": 1202777696.7564139,
+                    "tahoe": {
+                        "linkcrtime": 1202777696.7564139,
+                        "linkmotime": 1202777696.7564139
+                    }
+                }
+            }
+        ],
+        "some_subdir": [
+            "dirnode", {
+                "rw_uri": dircap,
+                "ro_uri": dircap_ro,
+                "metadata": {
+                    "ctime": 1202778102.7589991,
+                    "mtime": 1202778111.2160511,
+                    "tahoe": {
+                        "linkcrtime": 1202777696.7564139,
+                        "linkmotime": 1202777696.7564139
+                    }
+                }
+            }
+        ]
+    }
+
+    privkey, pubkey = create_signing_keypair(2048)
+
+    writekey, _, fingerprint = derive_mutable_keys((pubkey, privkey))
+
+    # The "private-key" parameter takes a DER-encoded RSA private key
+    # encoded in URL-safe base64; PEM blocks are not supported.
+    privkey_der = der_string_from_signing_key(privkey)
+    privkey_encoded = urlsafe_b64encode(privkey_der).decode("ascii")
+
+    # create a new directory with one file and one sub-dir (all-at-once)
+    # with the supplied RSA private key
+    resp = util.web_post(
+        alice.process, u"uri",
+        params={
+            u"t": "mkdir-with-children",
+            u"private-key": privkey_encoded,
+        },
+        data=json.dumps(meta),
+    )
+    assert resp.startswith(b"URI:DIR2")
+
+    dircap = allmydata.uri.from_string(resp)
+    assert isinstance(dircap, allmydata.uri.DirectoryURI)
+
+    # DirectoryURI objects lack 'writekey' and 'fingerprint' attributes
+    # so extract them from the enclosed WriteableSSKFileURI object.
+    filecap = dircap.get_filenode_cap()
+    assert isinstance(filecap, allmydata.uri.WriteableSSKFileURI)
+
+    assert (writekey, fingerprint) == (filecap.writekey, filecap.fingerprint)
+
+
+@run_in_thread
+def test_mkdir_with_children_and_known_private_key(alice):
+    """
+    Create a new directory with ?t=mkdir-with-children&private-key=...
+    using a known-in-advance RSA private key.
+
+
+    The writekey and fingerprint derived from the provided RSA key
+    should match those of the newly-created directory capability.
+    In addition, because the writekey and fingerprint are derived
+    deterministically, given the same RSA private key, the resultant
+    directory capability should always be the same.
+    """
+
+    # create a file to put in our directory
+    FILE_CONTENTS = u"some file contents\n" * 500
+    resp = requests.put(
+        util.node_url(alice.process.node_dir, u"uri"),
+        data=FILE_CONTENTS,
+    )
+    filecap = resp.content.strip()
+
+    # create a (sub) directory to put in our directory
+    resp = requests.post(
+        util.node_url(alice.process.node_dir, u"uri"),
+        params={
+            u"t": u"mkdir",
+        }
+    )
+    # (we need both the read-write and read-only URIs I guess)
+    dircap = resp.content
+    dircap_obj = allmydata.uri.from_string(dircap)
+    dircap_ro = dircap_obj.get_readonly().to_string()
+
+    # create json information about our directory
+    meta = {
+        "a_file": [
+            "filenode", {
+                "ro_uri": filecap,
+                "metadata": {
+                    "ctime": 1202777696.7564139,
+                    "mtime": 1202777696.7564139,
+                    "tahoe": {
+                        "linkcrtime": 1202777696.7564139,
+                        "linkmotime": 1202777696.7564139
+                    }
+                }
+            }
+        ],
+        "some_subdir": [
+            "dirnode", {
+                "rw_uri": dircap,
+                "ro_uri": dircap_ro,
+                "metadata": {
+                    "ctime": 1202778102.7589991,
+                    "mtime": 1202778111.2160511,
+                    "tahoe": {
+                        "linkcrtime": 1202777696.7564139,
+                        "linkmotime": 1202777696.7564139
+                    }
+                }
+            }
+        ]
+    }
+
+    # Generated with `openssl genrsa -out openssl-rsa-2048-4.txt 2048`
+    pempath = DATA_PATH.child("openssl-rsa-2048-4.txt")
+    privkey = load_pem_private_key(pempath.getContent(), password=None)
+    assert isinstance(privkey, PrivateKey)
+    pubkey = privkey.public_key()
+    assert isinstance(pubkey, PublicKey)
+
+    writekey, _, fingerprint = derive_mutable_keys((pubkey, privkey))
+
+    # The "private-key" parameter takes a DER-encoded RSA private key
+    # encoded in URL-safe base64; PEM blocks are not supported.
+    privkey_der = der_string_from_signing_key(privkey)
+    privkey_encoded = urlsafe_b64encode(privkey_der).decode("ascii")
+
+    # create a new directory with one file and one sub-dir (all-at-once)
+    # with the supplied RSA private key
+    resp = util.web_post(
+        alice.process, u"uri",
+        params={
+            u"t": "mkdir-with-children",
+            u"private-key": privkey_encoded,
+        },
+        data=json.dumps(meta),
+    )
+    assert resp.startswith(b"URI:DIR2")
+
+    dircap = allmydata.uri.from_string(resp)
+    assert isinstance(dircap, allmydata.uri.DirectoryURI)
+
+    # DirectoryURI objects lack 'writekey' and 'fingerprint' attributes
+    # so extract them from the enclosed WriteableSSKFileURI object.
+    filecap = dircap.get_filenode_cap()
+    assert isinstance(filecap, allmydata.uri.WriteableSSKFileURI)
+
+    assert (writekey, fingerprint) == (filecap.writekey, filecap.fingerprint)
+
+    assert resp == b"URI:DIR2:ppwzpwrd37xi7tpribxyaa25uy:imdws47wwpzfkc5vfllo4ugspb36iit4cqps6ttuhaouc66jb2da"

src/allmydata/client.py ¶

@@ -33 +33 @@
 from allmydata.crypto import rsa, ed25519
 from allmydata.crypto.util import remove_prefix
+from allmydata.dirnode import DirectoryNode
 from allmydata.storage.server import StorageServer, FoolscapStorageServer
 from allmydata import storage_client
@@ -1126 +1127 @@
         return self.nodemaker.create_from_cap(write_uri, read_uri, deep_immutable=deep_immutable, name=name)
 
-    def create_dirnode(self, initial_children=None, version=None):
-        d = self.nodemaker.create_new_mutable_directory(initial_children, version=version)
+    def create_dirnode(
+        self,
+        initial_children: dict | None = None,
+        version: int | None = None,
+        *,
+        unique_keypair: tuple[rsa.PublicKey, rsa.PrivateKey] | None = None
+    ) -> DirectoryNode:
+        """
+        Create a new directory.
+
+        :param initial_children: If given, a structured dict representing the
+            initial content of the created directory. See
+            `docs/frontends/webapi.rst` for examples.
+
+        :param version: If given, an int representing the mutable file format
+            of the new object. Acceptable values are currently `SDMF_VERSION`
+            or `MDMF_VERSION` (corresponding to 0 or 1, respectively, as
+            defined in `allmydata.interfaces`). If no such value is provided,
+            the default mutable format will be used (currently SDMF).
+
+        :param unique_keypair: an optional tuple containing the RSA public
+            and private key to be used for the new directory. Typically, this
+            value is omitted (in which case a new random keypair will be
+            generated at creation time).
+
+            **Warning** This value independently determines the identity of
+            the mutable object to create.  There cannot be two different
+            mutable objects that share a keypair.  They will merge into one
+            object (with undefined contents).
+
+        :return: A Deferred which will fire with a representation of the new
+            directory after it has been created.
+        """
+        d = self.nodemaker.create_new_mutable_directory(
+            initial_children,
+            version=version,
+            keypair=unique_keypair,
+        )
         return d
 

src/allmydata/crypto/aes.py ¶

@@ -78 +78 @@
 
     _validate_cryptor(encryptor, encrypt=True)
-    if not isinstance(plaintext, bytes):
-        raise ValueError('Plaintext must be bytes')
+    if not isinstance(plaintext, (bytes, memoryview)):
+        raise ValueError(f'Plaintext must be bytes or memoryview: {type(plaintext)}')
 
     return encryptor.update(plaintext)
@@ -117 +117 @@
 
     _validate_cryptor(decryptor, encrypt=False)
-    if not isinstance(plaintext, bytes):
-        raise ValueError('Plaintext must be bytes')
+    if not isinstance(plaintext, (bytes, memoryview)):
+        raise ValueError(f'Plaintext must be bytes or memoryview: {type(plaintext)}')
 
     return decryptor.update(plaintext)

src/allmydata/immutable/downloader/node.py ¶

@@ -412 +412 @@
     def process_blocks(self, segnum, blocks):
         start = now()
-        d = defer.maybeDeferred(self._decode_blocks, segnum, blocks)
+        d = self._decode_blocks(segnum, blocks)
         d.addCallback(self._check_ciphertext_hash, segnum)
         def _deliver(result):

src/allmydata/mutable/filenode.py ¶

@@ -15 +15 @@
 from allmydata.util import hashutil, log, consumer, deferredutil, mathutil
 from allmydata.util.assertutil import precondition
+from allmydata.util.cputhreadpool import defer_to_thread
 from allmydata.uri import WriteableSSKFileURI, ReadonlySSKFileURI, \
                           WriteableMDMFFileURI, ReadonlyMDMFFileURI
@@ -129 +130 @@
         return self
 
-    def create_with_keys(self, keypair, contents,
+    @deferredutil.async_to_deferred
+    async def create_with_keys(self, keypair, contents,
                          version=SDMF_VERSION):
         """Call this to create a brand-new mutable file. It will create the
@@ -138 +140 @@
         """
         self._pubkey, self._privkey = keypair
-        self._writekey, self._encprivkey, self._fingerprint = derive_mutable_keys(
-            keypair,
+        self._writekey, self._encprivkey, self._fingerprint = await defer_to_thread(
+            derive_mutable_keys, keypair
         )
         if version == MDMF_VERSION:
@@ -150 +152 @@
         self._storage_index = self._uri.storage_index
         initial_contents = self._get_initial_contents(contents)
-        return self._upload(initial_contents, None)
+        return await self._upload(initial_contents, None)
 
     def _get_initial_contents(self, contents):

src/allmydata/mutable/retrieve.py ¶

@@ -5 +5 @@
 
 import time
-
 from itertools import count
+
 from zope.interface import implementer
 from twisted.internet import defer
@@ -874 +874 @@
         self.log("decoding segment %d" % segnum)
         if segnum == self._num_segments - 1:
-            d = defer.maybeDeferred(self._tail_decoder.decode, shares, shareids)
-        else:
-            d = defer.maybeDeferred(self._segment_decoder.decode, shares, shareids)
-        def _process(buffers):
-            segment = b"".join(buffers)
+            d = self._tail_decoder.decode(shares, shareids)
+        else:
+            d = self._segment_decoder.decode(shares, shareids)
+
+        # For larger shares, this can take a few milliseconds. As such, we want
+        # to unblock the event loop. In newer Python b"".join() will release
+        # the GIL: https://github.com/python/cpython/issues/80232
+        @deferredutil.async_to_deferred
+        async def _got_buffers(buffers):
+            return await defer_to_thread(lambda: b"".join(buffers))
+
+        d.addCallback(_got_buffers)
+
+        def _process(segment):
             self.log(format="now decoding segment %(segnum)s of %(numsegs)s",
                      segnum=segnum,
@@ -929 +938 @@
         )
 
-
-    def _try_to_validate_privkey(self, enc_privkey, reader, server):
+    @deferredutil.async_to_deferred
+    async def _try_to_validate_privkey(self, enc_privkey, reader, server):
         node_writekey = self._node.get_writekey()
-        alleged_privkey_s = decrypt_privkey(node_writekey, enc_privkey)
-        alleged_writekey = hashutil.ssk_writekey_hash(alleged_privkey_s)
-        if alleged_writekey != node_writekey:
+
+        def get_privkey():
+            alleged_privkey_s = decrypt_privkey(node_writekey, enc_privkey)
+            alleged_writekey = hashutil.ssk_writekey_hash(alleged_privkey_s)
+            if alleged_writekey != node_writekey:
+                return None
+            privkey, _ = rsa.create_signing_keypair_from_string(alleged_privkey_s)
+            return privkey
+
+        privkey = await defer_to_thread(get_privkey)
+        if privkey is None:
             self.log("invalid privkey from %s shnum %d" %
                      (reader, reader.shnum),
@@ -951 +968 @@
         self.log("got valid privkey from shnum %d on reader %s" %
                  (reader.shnum, reader))
-        privkey, _ = rsa.create_signing_keypair_from_string(alleged_privkey_s)
         self._node._populate_encprivkey(enc_privkey)
         self._node._populate_privkey(privkey)

src/allmydata/nodemaker.py ¶

@@ -136 +136 @@
         return d
 
-    def create_new_mutable_directory(self, initial_children=None, version=None):
+    def create_new_mutable_directory(
+        self,
+        initial_children=None,
+        version=None,
+        *,
+        keypair: tuple[PublicKey, PrivateKey] | None = None,
+    ):
         if initial_children is None:
             initial_children = {}
@@ -146 +152 @@
                                      MutableData(pack_children(initial_children,
                                                     n.get_writekey())),
-                                     version=version)
+                                     version=version,
+                                     keypair=keypair)
         d.addCallback(self._create_dirnode)
         return d

src/allmydata/test/test_dirnode.py ¶

@@ -10 +10 @@
 from twisted.internet import defer
 from twisted.internet.interfaces import IConsumer
+from twisted.python.filepath import FilePath
 from allmydata import uri, dirnode
 from allmydata.client import _Client
+from allmydata.crypto.rsa import create_signing_keypair
 from allmydata.immutable import upload
 from allmydata.immutable.literal import LiteralFileNode
@@ -20 +22 @@
      MDMF_VERSION, SDMF_VERSION
 from allmydata.mutable.filenode import MutableFileNode
-from allmydata.mutable.common import UncoordinatedWriteError
+from allmydata.mutable.common import (
+    UncoordinatedWriteError,
+    derive_mutable_keys,
+)
 from allmydata.util import hashutil, base32
 from allmydata.util.netstring import split_netstring
@@ -26 +31 @@
 from allmydata.test.common import make_chk_file_uri, make_mutable_file_uri, \
      ErrorMixin
+from allmydata.test.mutable.util import (
+    FakeStorage,
+    make_nodemaker_with_peers,
+    make_peer,
+)
 from allmydata.test.no_network import GridTestMixin
 from allmydata.unknown import UnknownNode, strip_prefix_for_ro
 from allmydata.nodemaker import NodeMaker
 from base64 import b32decode
+from cryptography.hazmat.primitives.serialization import load_pem_private_key
 import allmydata.test.common_util as testutil
 
@@ -1979 +1990 @@
         d.addCallback(_test_adder)
         return d
+
+
+class DeterministicDirnode(testutil.ReallyEqualMixin, testutil.ShouldFailMixin, unittest.TestCase):
+    def setUp(self):
+        # Copied from allmydata.test.mutable.test_filenode
+        super(DeterministicDirnode, self).setUp()
+        self._storage = FakeStorage()
+        self._peers = list(
+            make_peer(self._storage, n)
+            for n
+            in range(10)
+        )
+        self.nodemaker = make_nodemaker_with_peers(self._peers)
+
+    async def test_create_with_random_keypair(self):
+        """
+        Create a dirnode using a random RSA keypair.
+
+        The writekey and fingerprint of the enclosed mutable filecap
+        should match those derived from the given keypair.
+        """
+        privkey, pubkey = create_signing_keypair(2048)
+        writekey, _, fingerprint = derive_mutable_keys((pubkey, privkey))
+
+        node = await self.nodemaker.create_new_mutable_directory(
+            keypair=(pubkey, privkey)
+        )
+        self.failUnless(isinstance(node, dirnode.DirectoryNode))
+
+        dircap = uri.from_string(node.get_uri())
+        self.failUnless(isinstance(dircap, uri.DirectoryURI))
+
+        filecap = dircap.get_filenode_cap()
+        self.failUnless(isinstance(filecap, uri.WriteableSSKFileURI))
+
+        self.failUnlessReallyEqual(filecap.writekey, writekey)
+        self.failUnlessReallyEqual(filecap.fingerprint, fingerprint)
+
+    async def test_create_with_known_keypair(self):
+        """
+        Create a dirnode using a known RSA keypair.
+
+        The writekey and fingerprint of the enclosed mutable filecap
+        should match those derived from the given keypair. Because
+        these values are derived deterministically, given the same
+        keypair, the resulting filecap should also always be the same.
+        """
+        # Generated with `openssl genrsa -out openssl-rsa-2048-2.txt 2048`
+        pempath = FilePath(__file__).sibling("data").child("openssl-rsa-2048-2.txt")
+        privkey = load_pem_private_key(pempath.getContent(), password=None)
+        pubkey = privkey.public_key()
+        writekey, _, fingerprint = derive_mutable_keys((pubkey, privkey))
+
+        node = await self.nodemaker.create_new_mutable_directory(
+            keypair=(pubkey, privkey)
+        )
+        self.failUnless(isinstance(node, dirnode.DirectoryNode))
+
+        dircap = uri.from_string(node.get_uri())
+        self.failUnless(isinstance(dircap, uri.DirectoryURI))
+
+        filecap = dircap.get_filenode_cap()
+        self.failUnless(isinstance(filecap, uri.WriteableSSKFileURI))
+
+        self.failUnlessReallyEqual(filecap.writekey, writekey)
+        self.failUnlessReallyEqual(filecap.fingerprint, fingerprint)
+
+        self.failUnlessReallyEqual(
+            # Despite being named "to_string", this actually returns bytes..
+            dircap.to_string(),
+            b'URI:DIR2:n4opqgewgcn4mddu4oiippaxru:ukpe4z6xdlujdpguoabergyih3bj7iaafukdqzwthy2ytdd5bs2a'
+        )

src/allmydata/web/unlinked.py ¶

@@ -161 +161 @@
     if file_format:
         mt = get_mutable_type(file_format)
-    d = client.create_dirnode(version=mt)
+    d = client.create_dirnode(version=mt, unique_keypair=get_keypair(req))
     redirect = get_arg(req, "redirect_to_result", "false")
     if boolean_of_arg(redirect):
@@ -179 +179 @@
     kids_json = req.content.read()
     kids = convert_children_json(client.nodemaker, kids_json)
-    d = client.create_dirnode(initial_children=kids)
+    d = client.create_dirnode(initial_children=kids, unique_keypair=get_keypair(req))
     redirect = get_arg(req, "redirect_to_result", "false")
     if boolean_of_arg(redirect):