Include UNF URL in server_show_public_settings

irrd/mirroring/nrtm4/__init__.py

@@ -0,0 +1 @@
+UPDATE_NOTIFICATION_FILENAME = "update-notification-file.jose"

irrd/mirroring/nrtm4/nrtm4_server.py

@@ -27,6 +27,7 @@
 
 from ...utils.process_support import get_lockfile
 from ..retrieval import file_hash_sha256
+from . import UPDATE_NOTIFICATION_FILENAME
 from .jsonseq import jsonseq_encode, jsonseq_encode_one
 from .nrtm4_types import (
     NRTM4DeltaHeader,
@@ -250,7 +251,7 @@ def _write_unf(self) -> None:
         private_key = eckey_from_config(f"sources.{self.source}.nrtm4_server_private_key")
         assert private_key
         unf_serialized = jws_serialize(unf_content, private_key)
-        with open(self.path / "update-notification-file.json", "w") as unf_file:
+        with open(self.path / UPDATE_NOTIFICATION_FILENAME, "w") as unf_file:
             unf_file.write(unf_serialized)
         self.status.last_update_notification_file_update = unf.timestamp
 

irrd/mirroring/nrtm4/tests/test_nrtm4_client.py

@@ -5,6 +5,7 @@
 import pytest
 from joserfc import jws
 
+from irrd.mirroring.nrtm4 import UPDATE_NOTIFICATION_FILENAME
 from irrd.mirroring.nrtm4.jsonseq import jsonseq_encode
 from irrd.mirroring.nrtm4.nrtm4_client import NRTM4Client, NRTM4ClientError
 from irrd.mirroring.nrtm4.tests import (
@@ -21,8 +22,7 @@
 MOCK_SNAPSHOT_URL = "https://example.com/snapshot.2.json"
 MOCK_DELTA3_URL = "https://example.com/delta.3.json"
 MOCK_DELTA4_URL = "https://example.com/delta.4.json"
-MOCK_UNF_URL = "https://example.com/update-notification-file.json"
-MOCK_UNF_SIG_URL = "https://example.com/update-notification-file-signature-hash.json"
+MOCK_UNF_URL = "https://example.com/" + UPDATE_NOTIFICATION_FILENAME
 
 MOCK_UNF = {
     "nrtm_version": 4,

irrd/mirroring/nrtm4/tests/test_nrtm4_server.py

@@ -7,6 +7,7 @@
 from unittest.mock import create_autospec
 
 from irrd.conf import NRTM4_SERVER_DELTA_EXPIRY_TIME, PASSWORD_HASH_DUMMY_VALUE
+from irrd.mirroring.nrtm4 import UPDATE_NOTIFICATION_FILENAME
 from irrd.mirroring.nrtm4.jsonseq import jsonseq_decode
 from irrd.mirroring.nrtm4.nrtm4_server import NRTM4Server, NRTM4ServerWriter
 from irrd.mirroring.nrtm4.tests import MOCK_UNF_PRIVATE_KEY, MOCK_UNF_PRIVATE_KEY_STR
@@ -74,8 +75,7 @@ def test_nrtm4_server(self, tmpdir, config_override):
 
         delta_dangling_path = nrtm_path / "nrtm-delta.aaaaa.json.gz"
         snapshot_outdated_path = nrtm_path / "nrtm-snapshot.aaaaa.json.gz"
-        unf_signature_outdated_path = nrtm_path / "update-notification-file-signature-aaaaa.sig"
-        for path in delta_dangling_path, snapshot_outdated_path, unf_signature_outdated_path:
+        for path in delta_dangling_path, snapshot_outdated_path:
             path.touch()
             os.utime(path, (time.time() - 3600, time.time() - 3600))
 
@@ -249,7 +249,7 @@ def test_nrtm4_server(self, tmpdir, config_override):
         assert not mock_dh.other_calls
 
     def _load_unf(self, nrtm_path):
-        with open(nrtm_path / "update-notification-file.json", "rb") as f:
+        with open(nrtm_path / UPDATE_NOTIFICATION_FILENAME, "rb") as f:
             unf_content = f.read()
         unf_payload = jws_deserialize(unf_content, MOCK_UNF_PRIVATE_KEY)
         unf = json.loads(unf_payload.payload)

irrd/scripts/irrd_control.py

@@ -9,6 +9,7 @@
 import click
 from joserfc.rfc7518.ec_key import ECKey
 
+from irrd.mirroring.nrtm4 import UPDATE_NOTIFICATION_FILENAME
 from irrd.utils.crypto import (
     eckey_from_config,
     eckey_private_key_as_str,
@@ -192,17 +193,23 @@ def generate_private_key():
 
 @nrtm4.command()
 @click.argument("source")
-def server_show_public_key(source: str):
+def server_show_public_settings(source: str):
     """
-    Show the public key(s) matching the currently configured private keys.
+    Show the public parameters matching the current configuration for an NRTMv4 server.
     """
     private_key = eckey_from_config(f"sources.{source}.nrtm4_server_private_key", permit_empty=True)
     if not private_key:
         raise click.ClickException(f"Source {source} is not configured as an NRTMv4 server")
     public_key_str = eckey_public_key_as_str(private_key)
+    unf_url = (
+        get_setting(f"sources.{source}.nrtm4_server_base_url").rstrip("/")
+        + "/"
+        + UPDATE_NOTIFICATION_FILENAME
+    )
 
     click.echo(
-        f"Source {source} NRTMv4 server public keys (base64):\n"
+        f"Settings for {source} NRTMv4 server:\n"
+        f"Update Notification File URL: {unf_url}\n"
         f"Current public key (from nrtm4_server_private_key):\n{public_key_str}\n"
     )
 

irrd/scripts/tests/test_irrd_control.py

@@ -6,7 +6,7 @@
     cli,
     client_clear_known_keys,
     generate_private_key,
-    server_show_public_key,
+    server_show_public_settings,
     user_change_override,
     user_mfa_clear,
 )
@@ -240,17 +240,18 @@ def test_valid(self, config_override):
                     "TEST": {
                         "nrtm4_server_private_key": private_key_str,
                         "nrtm4_server_private_key_next": private_key_str,
+                        "nrtm4_server_base_url": "https://url/",
                     }
                 }
             }
         )
         runner = CliRunner()
-        result = runner.invoke(server_show_public_key, args=["TEST"])
+        result = runner.invoke(server_show_public_settings, args=["TEST"])
         assert result.exit_code == 0
         assert public_key_str in result.output
 
     def test_not_configured(self):
         runner = CliRunner()
-        result = runner.invoke(server_show_public_key, args=["TEST"])
+        result = runner.invoke(server_show_public_settings, args=["TEST"])
         assert result.exit_code == 1, result.output
         assert "not configured as an NRTMv4 server" in result.output