From 22239022c7ad4e3f8537794971a2d5f468c8e79d Mon Sep 17 00:00:00 2001
From: meejah <meejah@meejah.ca>
Date: Mon, 4 Jan 2021 21:49:15 -0700
Subject: [PATCH] test: invalid cert key

---
 src/allmydata/grid_manager.py           |  2 +-
 src/allmydata/test/test_grid_manager.py | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/src/allmydata/grid_manager.py b/src/allmydata/grid_manager.py
index 39f258fd1..c288a34bb 100644
--- a/src/allmydata/grid_manager.py
+++ b/src/allmydata/grid_manager.py
@@ -332,7 +332,7 @@ def parse_grid_manager_certificate(gm_data):
     if set(js.keys()) != required_keys:
             raise ValueError(
                 "Grid Manager certificate must contain: {}".format(
-                    ", ".join("'{}'".format(k) for k in js.keys()),
+                    ", ".join("'{}'".format(k) for k in required_keys),
                 )
             )
     return js
diff --git a/src/allmydata/test/test_grid_manager.py b/src/allmydata/test/test_grid_manager.py
index c3b85bbee..c28afd5fd 100644
--- a/src/allmydata/test/test_grid_manager.py
+++ b/src/allmydata/test/test_grid_manager.py
@@ -90,6 +90,31 @@ class GridManagerUtilities(SyncTestCase):
         certs = config.get_grid_manager_certificates()
         self.assertEqual([fake_cert], certs)
 
+    def test_load_certificates_unknown_key(self):
+        """
+        An error is reported loading certificates with invalid keys in them
+        """
+        cert_path = self.mktemp()
+        fake_cert = {
+            "certificate": "{\"expires\":1601687822,\"public_key\":\"pub-v0-cbq6hcf3pxcz6ouoafrbktmkixkeuywpcpbcomzd3lqbkq4nmfga\",\"version\":22}",
+            "signature": "fvjd3uvvupf2v6tnvkwjd473u3m3inyqkwiclhp7balmchkmn3px5pei3qyfjnhymq4cjcwvbpqmcwwnwswdtrfkpnlaxuih2zbdmda",
+            "something-else": "not valid in a v0 certificate"
+        }
+        with open(cert_path, "w") as f:
+            f.write(json.dumps(fake_cert))
+        config_data = (
+            "[grid_manager_certificates]\n"
+            "ding = {}\n".format(cert_path)
+        )
+        config = config_from_string("/foo", "portnum", config_data, client_valid_config())
+        with self.assertRaises(ValueError) as ctx:
+            certs = config.get_grid_manager_certificates()
+
+        self.assertIn(
+            "Unknown key in Grid Manager certificate",
+            str(ctx.exception)
+        )
+
     def test_load_certificates_missing(self):
         """
         An error is reported for missing certificates