Update key id pattern (#41)

jschlyter · web-flow · commit e8ca9739e31a · 2025-01-07T10:18:00.000+01:00
* Update key id pattern
* Validate URLs when constructing UrlKeyResolver
diff --git a/dnstapir/key_resolver.py b/dnstapir/key_resolver.py
@@ -88,9 +88,18 @@ def get_public_key_pem(self, key_id: str) -> bytes:
 class UrlKeyResolver(CacheKeyResolver):
     def __init__(self, client_database_base_url: str, key_cache: KeyCache | None = None):
         super().__init__(key_cache=key_cache)
+
         self.client_database_base_url = client_database_base_url
         self._httpx_client: httpx.Client | None = None
-        self.key_id_pattern = "%s"
+        self.key_id_pattern = "{key_id}"
+
+        if urlparse(self.client_database_base_url).scheme not in ("http", "https"):
+            raise ValueError(f"Invalid URL: {self.client_database_base_url}")
+
+        if self.key_id_pattern in self.client_database_base_url:
+            test_url = self.client_database_base_url.replace(self.key_id_pattern, "test")
+            if urlparse(test_url).scheme not in ("http", "https"):
+                raise ValueError(f"Invalid URL pattern: {self.client_database_base_url}")
 
     def get_public_key_pem(self, key_id: str) -> bytes:
         with tracer.start_as_current_span("get_public_key_pem_from_url"):
diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "dnstapir"
-version = "1.2.0"
+version = "1.2.1"
 description = "DNS TAPIR Python Library"
 authors = ["Jakob Schlyter <jakob@kirei.se>"]
 readme = "README.md"
diff --git a/tests/test_key_resolver.py b/tests/test_key_resolver.py
@@ -66,7 +66,7 @@ def test_url_key_resolver_pattern(httpx_mock: HTTPXMock):
     httpx_mock.add_response(url=f"https://nodeman/api/v1/node/{key_id}/public_key", content=public_key_pem)
     httpx_mock.add_response(url="https://nodeman/api/v1/node/unknown/public_key", status_code=404)
 
-    resolver = UrlKeyResolver(client_database_base_url="https://nodeman/api/v1/node/%s/public_key")
+    resolver = UrlKeyResolver(client_database_base_url="https://nodeman/api/v1/node/{key_id}/public_key")
     res = resolver.resolve_public_key(key_id)
     assert res == public_key
 
@@ -77,6 +77,14 @@ def test_url_key_resolver_pattern(httpx_mock: HTTPXMock):
         _ = resolver.resolve_public_key("unknown")
 
 
+def test_url_bad_key_resolver_pattern():
+    with pytest.raises(ValueError):
+        _ = UrlKeyResolver(client_database_base_url="ftp://nodeman/api/v1/node/{key_id}/public_key")
+
+    with pytest.raises(ValueError):
+        _ = UrlKeyResolver(client_database_base_url="ftp://keys")
+
+
 def test_url_key_resolver_contextlib(httpx_mock: HTTPXMock):
     key_id = "xyzzy"
     public_key = ed25519.Ed25519PrivateKey.generate().public_key()
