datamodel/types: fix check for base64 encoded sha256

pin sha256 were used and tested for in incorrect format, refer to: https://www.rfc-editor.org/rfc/rfc7469#section-2.1.5

diff --git a/etc/config/config.dev.yaml b/etc/config/config.dev.yaml
index ef25a37aebf27653ef890f282edea7eab4e4dfe5..1ceddfb3841f87880a20434e06bc0d101da6bae9 100644 (file)
--- a/etc/config/config.dev.yaml
+++ b/etc/config/config.dev.yaml
@@ -64,9 +64,10 @@ forward:
         transport: tls
         hostname: odvr.nic.cz
       - address: [ 192.0.2.1, 192.0.2.2 ]
+        transport: tls
         pin-sha256:
-          - YmE3ODE2YmY4ZjAx+2ZlYTQxNDE0MGRlNWRhZTIyMjNiMDAzNjFhMzk/MTc3YTljYjQxMGZmNjFmMjAwMTVhZA==
-          - OTJmODU3ZDMyOWMwOWNlNTU4Y2M0YWNjMjI5NWE2NWJlMzY4MzRmMzY3NGU3NDAwNTI1YjMxZTMxYTgzMzQwMQ==
+          - d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=
+          - E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=
   - subtree: 1.168.192.in-addr.arpa
     options:
       dnssec: false

diff --git a/manager/knot_resolver_manager/datamodel/types/types.py b/manager/knot_resolver_manager/datamodel/types/types.py
index fa0d2793d2562cd381129792b557bf8d9c0052c6..d9a0b9105c07fdb4a7f39f01a9b33ed6c49af787 100644 (file)
--- a/manager/knot_resolver_manager/datamodel/types/types.py
+++ b/manager/knot_resolver_manager/datamodel/types/types.py
@@ -195,7 +195,7 @@ class PinSha256(PatternBase):
     A string that stores base64 encoded sha256.
     """
 
-    _re = re.compile(r"^[A-Za-z\d+/]{86}==$")
+    _re = re.compile(r"^[A-Za-z\d+/]{43}=$")
 
 
 class InterfacePort(StrBase):

diff --git a/tests/manager/datamodel/templates/test_common_macros.py b/tests/manager/datamodel/templates/test_common_macros.py
index 0e794fce6aaee8f381db6dc7ff5d4cf54360cf49..e64b278fd9401ada52a6044e3cc0a17d5fbfdb35 100644 (file)
--- a/tests/manager/datamodel/templates/test_common_macros.py
+++ b/tests/manager/datamodel/templates/test_common_macros.py
@@ -75,7 +75,7 @@ def test_tls_servers_table():
         ForwardServerSchema(
             {
                 "address": "192.0.2.1",
-                "pin-sha256": "OTJmODU3ZDMyOWMwOWNlNTU4Y2M0YWNjMjI5NWE2NWJlMzY4MzRmMzY3NGU3NDAwNTI1YjMxZTMxYTgzMzQwMQ==",
+                "pin-sha256": "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=",
             }
         ),
     ]

diff --git a/tests/manager/datamodel/types/test_custom_types.py b/tests/manager/datamodel/types/test_custom_types.py
index 5eebef3a053748db1671d3658ed7c7fd67d4badd..c82779c88b8e0b9302e41c7805a09d2b7c2525f0 100644 (file)
--- a/tests/manager/datamodel/types/test_custom_types.py
+++ b/tests/manager/datamodel/types/test_custom_types.py
@@ -97,8 +97,8 @@ def test_checked_path():
 @pytest.mark.parametrize(
     "val",
     [
-        "YmE3ODE2YmY4ZjAx+2ZlYTQxNDE0MGRlNWRhZTIyMjNiMDAzNjFhMzk/MTc3YTljYjQxMGZmNjFmMjAwMTVhZA==",
-        "OTJmODU3ZDMyOWMwOWNlNTU4Y2M0YWNjMjI5NWE2NWJlMzY4MzRmMzY3NGU3NDAwNTI1YjMxZTMxYTgzMzQwMQ==",
+        "d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=",
+        "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=",
     ],
 )
 def test_pin_sha256_valid(val: str):
@@ -109,9 +109,10 @@ def test_pin_sha256_valid(val: str):
 @pytest.mark.parametrize(
     "val",
     [
-        "!YmE3ODE2YmY4ZjAxY2ZlYTQxNDE0MGRlNWRhZTIyMjNiMDAzNjFhMzk2MTc3YTljjQxMGZmNjFmMjAwMTVhZA==",
-        "OTJmODU3ZDMyOWMwOWNlNTU4Y2M0YWNjMjI5NWE2NWJlMzY4MzRmMzY3NGU3NDAwNTI1YjMxZTMxYTgzMzQwMQ",
-        "YmFzZTY0IQ",
+        "d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM==",
+        "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g",
+        "!E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=",
+        "d6qzRu9zOE",
     ],
 )
 def test_pin_sha256_invalid(val: str):