remove dependency on http_message_signatures

dnstapir/key_cache.py

@@ -5,8 +5,32 @@
 import redis
 from expiringdict import ExpiringDict
 from opentelemetry import trace
+from pydantic import BaseModel, Field
 
-tracer = trace.get_tracer("tapir.tracer")
+tracer = trace.get_tracer("dnstapir.tracer")
+
+
+class RedisSettings(BaseModel):
+    host: str = Field(description="Redis hostname")
+    port: int = Field(description="Redis port", default=6379)
+
+
+class KeyCacheSettings(BaseModel):
+    size: int = Field(description="Cache size", default=1000)
+    ttl: int = Field(description="Cache TTL", default=300)
+    redis: RedisSettings | None = None
+
+
+def key_cache_from_settings(settings: KeyCacheSettings):
+    memory_key_cache = MemoryKeyCache(size=settings.size, ttl=settings.ttl)
+    if settings.redis:
+        redis_client = redis.StrictRedis(host=settings.redis.host, port=settings.redis.port)
+        redis_key_cache = RedisKeyCache(redis_client=redis_client, ttl=settings.ttl)
+        return CombinedKeyCache([memory_key_cache, redis_key_cache]) if settings.size else redis_key_cache
+    elif settings.size:
+        return memory_key_cache
+    else:
+        return DummyKeyCache()
 
 
 class KeyCache:

dnstapir/key_resolver.py

@@ -3,23 +3,40 @@
 from urllib.parse import urljoin
 
 import httpx
+from cryptography.hazmat.primitives.asymmetric.ec import EllipticCurvePublicKey
+from cryptography.hazmat.primitives.asymmetric.ed448 import Ed448PublicKey
+from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PublicKey
+from cryptography.hazmat.primitives.asymmetric.rsa import RSAPublicKey
 from cryptography.hazmat.primitives.serialization import load_pem_public_key
-from http_message_signatures import HTTPSignatureKeyResolver
 from opentelemetry import metrics, trace
 
 from .key_cache import KeyCache
 
-tracer = trace.get_tracer("tapir.tracer")
-meter = metrics.get_meter("tapir.meter")
+type PublicKey = Ed25519PublicKey | Ed448PublicKey | EllipticCurvePublicKey | RSAPublicKey
 
+tracer = trace.get_tracer("dnstapir.tracer")
+meter = metrics.get_meter("dnstapir.meter")
 
 public_key_get_counter = meter.create_counter(
     "aggregates.public_key_get_counter",
     description="The number of public key lookups",
 )
 
 
-class CacheKeyResolver(HTTPSignatureKeyResolver):
+def key_resolver_from_client_database(client_database: str, key_cache: KeyCache | None = None):
+    if client_database.startswith("http://") or client_database.startswith("https://"):
+        return UrlKeyResolver(client_database_base_url=client_database, key_cache=key_cache)
+    else:
+        return FileKeyResolver(client_database_directory=client_database, key_cache=key_cache)
+
+
+class KeyResolver:
+    @abstractmethod
+    def resolve_public_key(self, key_id: str) -> PublicKey:
+        pass
+
+
+class CacheKeyResolver(KeyResolver):
     def __init__(self, key_cache: KeyCache | None):
         self.key_cache = key_cache
 

pyproject.toml

@@ -7,25 +7,26 @@ readme = "README.md"
 
 [tool.poetry.dependencies]
 python = "^3.12"
+botocore = "^1.35.44"
+expiringdict = "^1.2.2"
+fastapi = "^0.115.2"
+httpx = "^0.27.2"
+jsonformatter = "^0.3.2"
+opentelemetry-exporter-otlp = "^1.27.0"
+opentelemetry-instrumentation-botocore = "^0.48b0"
+opentelemetry-instrumentation-fastapi = "^0.48b0"
+opentelemetry-instrumentation-pymongo = "^0.48b0"
+pydantic = "^2.9.2"
+pymongo = "^4.10.1"
+redis = "^5.1.1"
+cryptography = "^43.0.3"
 
 [tool.poetry.group.dev.dependencies]
 pytest = "^8.2.0"
 ruff = ">=0.7.0"
 pytest-ruff = "^0.4.1"
 fakeredis = "^2.25.1"
 pytest-httpx = "^0.32.0"
-http-message-signatures = "^0.5.0"
-jsonformatter = "^0.3.2"
-opentelemetry-instrumentation-fastapi = "^0.48b0"
-opentelemetry-exporter-otlp = "^1.27.0"
-opentelemetry-instrumentation-botocore = "^0.48b0"
-opentelemetry-instrumentation-pymongo = "^0.48b0"
-httpx = "^0.27.2"
-redis = "^5.1.1"
-expiringdict = "^1.2.2"
-fastapi = "^0.115.2"
-botocore = "^1.35.44"
-pymongo = "^4.10.1"
 
 [build-system]
 requires = ["poetry-core"]