Add async pubkey cache and key fetch method (#71)

* async interface for pubkey cache

* try pinning some versions to avoid breaking python 3.8

* Revert "try pinning some versions to avoid breaking python 3.8"

This reverts commit c83ebbb.

* try python3.9+

* try pipfile

* install async-timeout for python39

* pin asyncio for pyre

Author: shreyav

.github/workflows/test.yaml

@@ -11,7 +11,7 @@ jobs:
     runs-on: "ubuntu-22.04"
     strategy:
       matrix:
-        python_version: ["3.8", "3.10"]
+        python_version: ["3.9", "3.10"]
     steps:
       - name: "Checkout"
         uses: "actions/checkout@v3"

Pipfile

@@ -4,6 +4,9 @@ verify_ssl = true
 name = "pypi"
 
 [packages]
+# Pin to avoid pyre issues:
+aiohttp = "<3.10"
+async-timeout = "*"
 bech32 = "*"
 coincurve = "*"
 cryptography = "*"
@@ -19,6 +22,7 @@ isort = "==5.11.4"
 pylint = "*"
 pyre-check = "*"
 pytest = "*"
+pytest-asyncio = "*"
 tomli = "*"
 wrapt = "*"
 # Need to lock this version to avoid breaking older python versions:

Pipfile.lock

@@ -2,4 +2,7 @@
 
 import setuptools
 
-setuptools.setup(include_package_data=True)
+setuptools.setup(
+    include_package_data=True,
+    python_requires=">=3.9",
+)

setup.py

@@ -34,7 +34,11 @@
 )
 from uma.protocol.post_tx_callback import PostTransactionCallback, UtxoWithAmount
 from uma.protocol.pubkey_response import PubkeyResponse
-from uma.public_key_cache import InMemoryPublicKeyCache, IPublicKeyCache
+from uma.public_key_cache import (
+    InMemoryPublicKeyCache,
+    IPublicKeyCache,
+    IAsyncPublicKeyCache,
+)
 from uma.signing_utils import sign_payload
 from uma.type_utils import none_throws
 from uma.uma import (
@@ -47,6 +51,7 @@
     create_uma_lnurlp_request_url,
     create_uma_lnurlp_response,
     fetch_public_key_for_vasp,
+    fetch_public_key_for_vasp_async,
     generate_nonce,
     get_vasp_domain_from_uma_address,
     is_uma_lnurlp_query,

uma/__init__.py

@@ -18,7 +18,7 @@
 from uma.protocol.payer_data import compliance_from_payer_data
 from uma.nonce_cache import InMemoryNonceCache
 from uma.protocol.pubkey_response import PubkeyResponse
-from uma.public_key_cache import InMemoryPublicKeyCache
+from uma.public_key_cache import InMemoryPublicKeyCache, IAsyncPublicKeyCache
 from uma.type_utils import none_throws
 from uma.protocol.post_tx_callback import UtxoWithAmount
 from uma.protocol.v0.payreq import PayRequest as V0PayRequest
@@ -33,6 +33,7 @@
     create_pay_request,
     create_post_transaction_callback,
     fetch_public_key_for_vasp,
+    fetch_public_key_for_vasp_async,
     is_uma_lnurlp_query,
     parse_lnurlp_request,
     parse_lnurlp_response,
@@ -77,6 +78,30 @@ def test_fetch_public_key() -> None:
         assert cache.fetch_public_key_for_vasp(vasp_domain) == expected_pubkey
 
 
+@pytest.mark.asyncio
+async def test_fetch_public_key_async() -> None:
+    cache = TestAsyncPublicKeyCache()
+    vasp_domain = "vasp2.com"
+    timestamp = int((datetime.now(timezone.utc) + timedelta(hours=1)).timestamp())
+    expected_pubkey = PubkeyResponse(
+        signing_pubkey=secrets.token_bytes(16),
+        encryption_pubkey=secrets.token_bytes(16),
+        expiration_timestamp=datetime.fromtimestamp(timestamp, timezone.utc),
+        encryption_cert_chain=None,
+        signing_cert_chain=None,
+    )
+    url = "https://vasp2.com/.well-known/lnurlpubkey"
+
+    with patch(
+        "uma.uma._run_http_get_async",
+        return_value=json.dumps(expected_pubkey.to_dict()),
+    ) as mock:
+        pubkey_response = await fetch_public_key_for_vasp_async(vasp_domain, cache)
+        mock.assert_called_once_with(url)
+        assert pubkey_response == expected_pubkey
+        assert await cache.fetch_public_key_for_vasp(vasp_domain) == expected_pubkey
+
+
 def _create_pubkey_response(
     signing_private_key: PrivateKey, encryption_private_key: PrivateKey
 ) -> PubkeyResponse:
@@ -1218,3 +1243,24 @@ def test_uma_invoice_signature() -> None:
 
     assert verify_uma_invoice_signature(invoice, pubkey_response) is None
     assert invoice.signature is not None
+
+
+class TestAsyncPublicKeyCache(IAsyncPublicKeyCache):
+    def __init__(self) -> None:
+        self._cache = InMemoryPublicKeyCache()
+
+    async def fetch_public_key_for_vasp(
+        self, vasp_domain: str
+    ) -> Optional[PubkeyResponse]:
+        return self._cache.fetch_public_key_for_vasp(vasp_domain)
+
+    async def add_public_key_for_vasp(
+        self, vasp_domain: str, public_key: PubkeyResponse
+    ) -> None:
+        self._cache.add_public_key_for_vasp(vasp_domain, public_key)
+
+    async def remove_public_key_for_vasp(self, vasp_domain: str) -> None:
+        self._cache.remove_public_key_for_vasp(vasp_domain)
+
+    async def clear(self) -> None:
+        self._cache.clear()

uma/__tests__/test_uma.py

@@ -226,9 +226,9 @@ def append_backing_signature(
             BackingSignature(domain=domain, signature=backing_signature)
         )
         compliance.backing_signatures = backing_signatures
-        if self.payee_data is None:
-            self.payee_data = {}
-        self.payee_data["compliance"] = compliance.to_dict()
+        payee_data = self.payee_data or {}
+        payee_data["compliance"] = compliance.to_dict()
+        self.payee_data = payee_data
 
     def to_dict(self) -> Dict[str, Any]:
         resp = super().to_dict()

uma/protocol/payreq_response.py

@@ -56,3 +56,25 @@ def remove_public_key_for_vasp(self, vasp_domain: str) -> None:
 
     def clear(self) -> None:
         self._cache.clear()
+
+
+class IAsyncPublicKeyCache(ABC):
+    @abstractmethod
+    async def fetch_public_key_for_vasp(
+        self, vasp_domain: str
+    ) -> Optional[PubkeyResponse]:
+        pass
+
+    @abstractmethod
+    async def add_public_key_for_vasp(
+        self, vasp_domain: str, public_key: PubkeyResponse
+    ) -> None:
+        pass
+
+    @abstractmethod
+    async def remove_public_key_for_vasp(self, vasp_domain: str) -> None:
+        pass
+
+    @abstractmethod
+    async def clear(self) -> None:
+        pass

uma/public_key_cache.py

@@ -10,6 +10,7 @@
 from uuid import uuid4
 
 import requests
+from aiohttp import ClientSession
 from coincurve.ecdsa import cdata_to_der, der_to_cdata, signature_normalize
 from coincurve.keys import PublicKey
 from cryptography.exceptions import InvalidSignature
@@ -52,7 +53,7 @@
 )
 from uma.protocol.post_tx_callback import PostTransactionCallback, UtxoWithAmount
 from uma.protocol.pubkey_response import PubkeyResponse
-from uma.public_key_cache import IPublicKeyCache
+from uma.public_key_cache import IPublicKeyCache, IAsyncPublicKeyCache
 from uma.signing_utils import sign_payload
 from uma.type_utils import none_throws
 from uma.uma_invoice_creator import IUmaInvoiceCreator
@@ -86,6 +87,27 @@ def fetch_public_key_for_vasp(
     return public_key
 
 
+async def fetch_public_key_for_vasp_async(
+    vasp_domain: str, cache: IAsyncPublicKeyCache
+) -> PubkeyResponse:
+    public_key = await cache.fetch_public_key_for_vasp(vasp_domain)
+    if public_key:
+        return public_key
+
+    scheme = "http://" if is_domain_local(vasp_domain) else "https://"
+    url = scheme + vasp_domain + "/.well-known/lnurlpubkey"
+    try:
+        response_text = await _run_http_get_async(url)
+    except Exception as ex:
+        raise InvalidRequestException(
+            f"Unable to fetch pubkey from {vasp_domain}. Make sure the vasp domain is correct."
+        ) from ex
+
+    public_key = PubkeyResponse.from_json(response_text)
+    await cache.add_public_key_for_vasp(vasp_domain, public_key)
+    return public_key
+
+
 def create_pubkey_response(
     signing_cert_chain: str,
     encryption_cert_chain: str,
@@ -124,6 +146,13 @@ def _run_http_get(url: str) -> str:
     return response.text
 
 
+async def _run_http_get_async(url: str) -> str:
+    async with ClientSession() as session:
+        async with session.get(url) as response:
+            response.raise_for_status()
+            return await response.text()
+
+
 def generate_nonce() -> str:
     return str(random.randint(0, 0xFFFFFFFF))