diff options
| author | David Lönnhager <david.l@mullvad.net> | 2025-03-06 17:40:25 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2025-03-07 10:21:26 +0100 |
| commit | a2bb3a2bfee997ca657906ec391a576327d07dfe (patch) | |
| tree | 6c803656b48dfae82efb397cd8c9614aa101b694 /mullvad-update/src/client | |
| parent | 2dc82d54771bcb4111b0611072f9d9321fd899dc (diff) | |
| download | mullvadvpn-a2bb3a2bfee997ca657906ec391a576327d07dfe.tar.xz mullvadvpn-a2bb3a2bfee997ca657906ec391a576327d07dfe.zip | |
Support multiple verifying keys in mullvad-update
Diffstat (limited to 'mullvad-update/src/client')
| -rw-r--r-- | mullvad-update/src/client/api.rs | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/mullvad-update/src/client/api.rs b/mullvad-update/src/client/api.rs index 62b550603f..d3e4ea1790 100644 --- a/mullvad-update/src/client/api.rs +++ b/mullvad-update/src/client/api.rs @@ -1,6 +1,7 @@ //! This module implements fetching of information about app versions use anyhow::Context; +use vec1::Vec1; use crate::format; use crate::version::{VersionInfo, VersionParameters}; @@ -19,7 +20,7 @@ pub struct HttpVersionInfoProvider { /// Accepted root certificate. Defaults are used unless specified pub pinned_certificate: Option<reqwest::Certificate>, /// Key to use for verifying the response - pub verifying_key: format::key::VerifyingKey, + pub verifying_keys: Vec1<format::key::VerifyingKey>, } #[async_trait::async_trait] @@ -41,7 +42,7 @@ impl HttpVersionInfoProvider { ) -> anyhow::Result<format::SignedResponse> { let raw_json = Self::get(&self.url, self.pinned_certificate.clone()).await?; let response = format::SignedResponse::deserialize_and_verify( - &self.verifying_key, + &self.verifying_keys, &raw_json, lowest_metadata_version, )?; @@ -101,6 +102,7 @@ impl HttpVersionInfoProvider { #[cfg(test)] mod test { use insta::assert_yaml_snapshot; + use vec1::vec1; use crate::version::VersionArchitecture; @@ -115,9 +117,9 @@ mod test { /// We're not testing the correctness of [version] here, only the HTTP client #[tokio::test] async fn test_http_version_provider() -> anyhow::Result<()> { - let verifying_key = - crate::format::key::VerifyingKey::from_hex(include_str!("../../test-pubkey")) - .expect("valid key"); + let valid_key = crate::format::key::VerifyingKey::from_hex(include_str!("../../test-pubkey")) + .expect("valid key"); + let verifying_keys = vec1![valid_key]; // Start HTTP server let mut server = mockito::Server::new_async().await; @@ -138,7 +140,7 @@ mod test { let info_provider = HttpVersionInfoProvider { url, pinned_certificate: None, - verifying_key, + verifying_keys, }; let info = info_provider |