synapse 2.177.0__py311-none-any.whl → 2.178.0__py311-none-any.whl

synapse/lib/config.py

@@ -392,10 +392,16 @@ class Config(c_abc.MutableMapping):
         else:
             return
 
-    def reqConfValu(self, key):
+    def reqConfValu(self, key):  # pragma: no cover
         '''
-        Get a configuration value.  If that value is not present in the schema
-        or is not set, then raise an exception.
+        Deprecated. Use ``req(key)`` API instead.
+        '''
+        s_common.deprecated('Config.reqConfValu(), use req() instead.')
+        return self.req(key)
+
+    def req(self, key):
+        '''
+        Get a configuration value. If that value is not present in the schema or is not set, then raise an exception.
 
         Args:
             key (str): The key to require.
@@ -403,17 +409,15 @@ class Config(c_abc.MutableMapping):
         Returns:
             The requested value.
         '''
-        # Ensure that the key is in self.json_schema
         if key not in self.json_schema.get('properties', {}):
-            raise s_exc.BadArg(mesg='Required key is not present in the configuration schema.',
-                               key=key)
+            raise s_exc.BadArg(mesg=f'The {key} configuration option is not present in the configuration schema.',
+                               name=key)
 
-        # Ensure that the key is present in self.conf
-        if key not in self.conf:
-            raise s_exc.NeedConfValu(mesg='Required key is not present in configuration data.',
-                                     key=key)
+        valu = self.conf.get(key, s_common.novalu)
+        if valu is not s_common.novalu:
+            return valu
 
-        return self.conf.get(key)
+        raise s_exc.NeedConfValu(mesg=f'The {key} configuration option is required.', name=key)
 
     def reqKeyValid(self, key, value):
         '''

synapse/lib/coro.py

@@ -148,6 +148,19 @@ async def ornot(func, *args, **kwargs):
         return await retn
     return retn
 
+bgtasks = set()
+def create_task(coro):
+
+    task = asyncio.get_running_loop().create_task(coro)
+    bgtasks.add(task)
+
+    def done(t):
+        bgtasks.remove(t)
+
+    task.add_done_callback(done)
+
+    return task
+
 class GenrHelp:
 
     def __init__(self, genr):

synapse/lib/layer.py

@@ -1431,9 +1431,6 @@ class Layer(s_nexus.Pusher):
         self.growsize = self.layrinfo.get('growsize')
         self.logedits = self.layrinfo.get('logedits')
 
-        self.mapasync = core.conf.get('layer:lmdb:map_async')
-        self.maxreplaylog = core.conf.get('layer:lmdb:max_replay_log')
-
         # slim hooks to avoid async/fire
         self.nodeAddHook = None
         self.nodeDelHook = None
@@ -2728,8 +2725,6 @@ class Layer(s_nexus.Pusher):
         slabopts = {
             'readahead': True,
             'lockmemory': self.lockmemory,
-            'map_async': self.mapasync,
-            'max_replay_log': self.maxreplaylog,
         }
 
         if self.growsize is not None:

synapse/lib/link.py

@@ -164,7 +164,7 @@ class Link(s_base.Base):
                 self.reader._transport.abort()
             try:
                 await self.writer.wait_closed()
-            except (BrokenPipeError, ConnectionResetError) as e:
+            except Exception as e:
                 logger.debug('Link error waiting on close: %s', str(e))
 
         self.onfini(fini)

synapse/lib/lmdbslab.py

@@ -838,7 +838,7 @@ class Slab(s_base.Base):
                 'recovering': slab.recovering,
                 'maxsize': slab.maxsize,
                 'growsize': slab.growsize,
-                'mapasync': slab.mapasync,
+                'mapasync': True,
 
             })
         return retn
@@ -851,6 +851,8 @@ class Slab(s_base.Base):
         kwargs.setdefault('lockmemory', False)
         kwargs.setdefault('map_async', True)
 
+        assert kwargs.get('map_async')
+
         opts = kwargs
 
         self.path = path
@@ -895,8 +897,6 @@ class Slab(s_base.Base):
                 logger.info(f'SYN_LOCKMEM_DISABLE envar set, skipping lockmem for {self.path}')
                 self.lockmemory = False
 
-        self.mapasync = opts.setdefault('map_async', True)
-
         self.mapsize = _mapsizeround(mapsize)
         if self.maxsize is not None:
             self.mapsize = min(self.mapsize, self.maxsize)

synapse/lib/nexus.py

@@ -91,7 +91,6 @@ class NexsRoot(s_base.Base):
         self.writeholds = set()
 
         self.applytask = None
-        self.applylock = asyncio.Lock()
 
         self.ready = asyncio.Event()
         self.donexslog = self.cell.conf.get('nexslog:en')
@@ -110,9 +109,7 @@ class NexsRoot(s_base.Base):
 
         logpath = s_common.genpath(self.dirn, 'slabs', 'nexuslog')
 
-        self.map_async = self.cell.conf.get('nexslog:async')
-        self.nexsslab = await s_lmdbslab.Slab.anit(path, map_async=self.map_async)
-        self.nexsslab.addResizeCallback(cell.checkFreeSpace)
+        self.nexsslab = await cell._initSlabFile(path)
 
         self.nexshot = await self.nexsslab.getHotCount('nexs:indx')
 
@@ -126,8 +123,7 @@ class NexsRoot(s_base.Base):
         elif vers != 2:
             raise s_exc.BadStorageVersion(mesg=f'Got nexus log version {vers}.  Expected 2.  Accidental downgrade?')
 
-        slabopts = {'map_async': self.map_async}
-        self.nexslog = await s_multislabseqn.MultiSlabSeqn.anit(logpath, slabopts=slabopts, cell=cell)
+        self.nexslog = await s_multislabseqn.MultiSlabSeqn.anit(logpath, cell=cell)
 
         # just in case were previously configured differently
         logindx = self.nexslog.index()
@@ -147,6 +143,9 @@ class NexsRoot(s_base.Base):
 
         self.onfini(fini)
 
+    def getNexsKids(self):
+        return list(self._nexskids.values())
+
     async def _migrateV1toV2(self, nexspath, logpath):
         '''
         Close the slab, move it to the new multislab location, then copy out the nexshot
@@ -195,8 +194,7 @@ class NexsRoot(s_base.Base):
 
         # Open a fresh slab where the old one used to be
         logger.warning(f'Re-opening fresh nexslog slab at {nexspath} for nexshot')
-        self.nexsslab = await s_lmdbslab.Slab.anit(nexspath, map_async=self.map_async)
-        self.nexsslab.addResizeCallback(self.cell.checkFreeSpace)
+        self.nexsslab = await self.cell._initSlabFile(nexspath)
 
         self.nexshot = await self.nexsslab.getHotCount('nexs:indx')
 
@@ -230,7 +228,7 @@ class NexsRoot(s_base.Base):
 
     async def enNexsLog(self):
 
-        async with self.applylock:
+        async with self.cell.nexslock:
 
             if self.donexslog:
                 return
@@ -309,7 +307,6 @@ class NexsRoot(s_base.Base):
         If I'm not a follower, mutate, otherwise, ask the leader to make the change and wait for the follower loop
         to hand me the result through a future.
         '''
-
         # pick up a reference to avoid race when we eventually can promote
         client = self.client
 
@@ -344,7 +341,7 @@ class NexsRoot(s_base.Base):
         if meta is None:
             meta = {}
 
-        async with self.applylock:
+        async with self.cell.nexslock:
             self.reqNotReadOnly()
             # Keep a reference to the shielded task to ensure it isn't GC'd
             self.applytask = asyncio.create_task(self._eat((nexsiden, event, args, kwargs, meta)))
@@ -577,6 +574,9 @@ class NexsRoot(s_base.Base):
                         if respfutu is not None:
                             respfutu.set_result(retn)
 
+            except s_exc.LinkShutDown:
+                logger.warning(f'mirror loop: leader closed the connection.')
+
             except Exception as exc:  # pragma: no cover
                 logger.exception(f'error in mirror loop: {exc}')
 
@@ -634,9 +634,21 @@ class Pusher(s_base.Base, metaclass=RegMethType):
             assert prev is not None, f'Failed removing {self.nexsiden}'
 
         self.onfini(onfini)
-
         self.nexsroot = nexsroot
 
+    async def modNexsRoot(self, ctor):
+
+        kids = [self]
+        if self.nexsroot is not None:
+            kids = self.nexsroot.getNexsKids()
+            await self.nexsroot.fini()
+
+        nexsroot = await ctor()
+
+        [kid.setNexsRoot(nexsroot) for kid in kids]
+
+        await nexsroot.startup()
+
     @classmethod
     def onPush(cls, event: str, passitem=False) -> Callable:
         '''

synapse/lib/stormlib/imap.py

@@ -50,6 +50,8 @@ class ImapLib(s_stormtypes.Lib):
                      'desc': 'The time to wait for all commands on the server to execute.'},
                     {'type': 'bool', 'name': 'ssl', 'default': True,
                      'desc': 'Use SSL to connect to the IMAP server.'},
+                    {'type': 'bool', 'name': 'ssl_verify', 'default': True,
+                     'desc': 'Perform SSL/TLS verification.'},
                 ),
                 'returns': {
                     'type': 'inet:imap:server',
@@ -69,17 +71,19 @@ class ImapLib(s_stormtypes.Lib):
             'connect': self.connect,
         }
 
-    async def connect(self, host, port=993, timeout=30, ssl=True):
+    async def connect(self, host, port=993, timeout=30, ssl=True, ssl_verify=True):
 
         self.runt.confirm(('storm', 'inet', 'imap', 'connect'))
 
         ssl = await s_stormtypes.tobool(ssl)
         host = await s_stormtypes.tostr(host)
         port = await s_stormtypes.toint(port)
+        ssl_verify = await s_stormtypes.tobool(ssl_verify)
         timeout = await s_stormtypes.toint(timeout, noneok=True)
 
         if ssl:
-            imap_cli = aioimaplib.IMAP4_SSL(host=host, port=port, timeout=timeout)
+            ctx = self.runt.snap.core.getCachedSslCtx(opts=None, verify=ssl_verify)
+            imap_cli = aioimaplib.IMAP4_SSL(host=host, port=port, timeout=timeout, ssl_context=ctx)
         else:
             imap_cli = aioimaplib.IMAP4(host=host, port=port, timeout=timeout)
 

synapse/lib/stormlib/smtp.py

@@ -96,6 +96,8 @@ class SmtpMessage(s_stormtypes.StormType):
                         'desc': 'Use the STARTTLS directive with the SMTP server.'},
                     {'name': 'timeout', 'type': 'int', 'default': 60,
                         'desc': 'The timeout (in seconds) to wait for message delivery.'},
+                    {'type': 'bool', 'name': 'ssl_verify', 'default': True,
+                     'desc': 'Perform SSL/TLS verification.'},
                   ),
                   'returns': {'type': 'list', 'desc': 'An ($ok, $valu) tuple.'}}},
 
@@ -148,7 +150,8 @@ class SmtpMessage(s_stormtypes.StormType):
     async def _getEmailHtml(self):
         return self.bodyhtml
 
-    async def send(self, host, port=25, user=None, passwd=None, usetls=False, starttls=False, timeout=60):
+    async def send(self, host, port=25, user=None, passwd=None, usetls=False, starttls=False, timeout=60,
+                   ssl_verify=True):
 
         self.runt.confirm(('storm', 'inet', 'smtp', 'send'))
 
@@ -161,6 +164,7 @@ class SmtpMessage(s_stormtypes.StormType):
             port = await s_stormtypes.toint(port)
             usetls = await s_stormtypes.tobool(usetls)
             starttls = await s_stormtypes.tobool(starttls)
+            ssl_verify = await s_stormtypes.tobool(ssl_verify)
 
             if usetls and starttls:
                 raise s_exc.BadArg(mesg='usetls and starttls are mutually exclusive arguments.')
@@ -183,6 +187,10 @@ class SmtpMessage(s_stormtypes.StormType):
 
             recipients = [await s_stormtypes.tostr(e) for e in self.recipients]
 
+            ctx = None
+            if usetls or starttls:
+                ctx = self.runt.snap.core.getCachedSslCtx(opts=None, verify=ssl_verify)
+
             futu = aiosmtplib.send(message,
                                    port=port,
                                    hostname=host,
@@ -191,7 +199,9 @@ class SmtpMessage(s_stormtypes.StormType):
                                    use_tls=usetls,
                                    start_tls=starttls,
                                    username=user,
-                                   password=passwd)
+                                   password=passwd,
+                                   tls_context=ctx,
+                                   )
 
             await s_common.wait_for(futu, timeout=timeout)
 

synapse/lib/version.py

@@ -223,6 +223,6 @@ def reqVersion(valu, reqver,
 ##############################################################################
 # The following are touched during the release process by bumpversion.
 # Do not modify these directly.
-version = (2, 177, 0)
+version = (2, 178, 0)
 verstring = '.'.join([str(x) for x in version])
-commit = 'b7da795aeb690020e38e99dc5aa1f505cdc2d659'
+commit = '56bad29e241893b702ea437d500a0229e8e1956b'

synapse/telepath.py

@@ -997,12 +997,6 @@ class ClientV2(s_base.Base):
 
         await s_base.Base.__anit__(self)
 
-        # some ugly stuff in order to be backward compatible...
-        if not isinstance(urlinfo, (list, tuple)):
-            urlinfo = (urlinfo,)
-
-        urlinfo = [chopurl(u) for u in urlinfo]
-
         self.aha = None
 
         self.clients = {}
@@ -1012,9 +1006,9 @@ class ClientV2(s_base.Base):
 
         self.onlink = onlink
 
-        self.booturls = urlinfo
         self.bootdeque = collections.deque()
-        self.bootdeque.extend(self.booturls)
+
+        self.setBootUrls(urlinfo)
 
         self.ready = asyncio.Event()
         self.deque = collections.deque()
@@ -1033,6 +1027,16 @@ class ClientV2(s_base.Base):
 
         self.schedCoro(self._initBootProxy())
 
+    def setBootUrls(self, urlinfo):
+
+        if not isinstance(urlinfo, (list, tuple)):
+            urlinfo = (urlinfo,)
+
+        self.booturls = [chopurl(u) for u in urlinfo]
+
+        self.bootdeque.clear()
+        self.bootdeque.extend(self.booturls)
+
     def getNextBootUrl(self):
         if not self.bootdeque:
             self.bootdeque.extend(self.booturls)
@@ -1063,13 +1067,14 @@ class ClientV2(s_base.Base):
 
                 # regular telepath client behavior
                 proxy = await openinfo(urlinfo)
-                await self._onPoolLink(proxy, urlinfo)
 
                 async def reconnect():
                     if not self.isfini:
                         self.schedCoro(self._initBootProxy())
 
                 proxy.onfini(reconnect)
+
+                await self._onPoolLink(proxy, urlinfo)
                 return
 
             except Exception as e:
@@ -1210,20 +1215,16 @@ class Client(s_base.Base):
 
         await s_base.Base.__anit__(self)
 
-        if isinstance(urlinfo, (str, dict)):
-            urlinfo = (urlinfo,)
-
-        urlinfo = [chopurl(u) for u in urlinfo]
-
         if conf is None:
             conf = {}
 
         if opts is None:
             opts = {}
 
-        self._t_urlinfo = urlinfo
         self._t_urldeque = collections.deque()
 
+        self.setBootUrls(urlinfo)
+
         self._t_opts = opts
         self._t_conf = conf
 
@@ -1247,6 +1248,16 @@ class Client(s_base.Base):
 
         await self._fireLinkLoop()
 
+    def setBootUrls(self, urlinfo):
+
+        if not isinstance(urlinfo, (list, tuple)):
+            urlinfo = (urlinfo,)
+
+        self._t_urlinfo = [chopurl(u) for u in urlinfo]
+
+        self._t_urldeque.clear()
+        self._t_urldeque.extend(self._t_urlinfo)
+
     def _getNextUrl(self):
         if not self._t_urldeque:
             self._t_urldeque.extend(self._t_urlinfo)
@@ -1263,6 +1274,7 @@ class Client(s_base.Base):
     async def _fireLinkLoop(self):
         self._t_proxy = None
         self._t_ready.clear()
+        await self.fire('tele:client:linkloop')
         self.schedCoro(self._teleLinkLoop())
 
     async def _teleLinkLoop(self):
@@ -1281,7 +1293,7 @@ class Client(s_base.Base):
                 now = time.monotonic()
                 if now > lastlog + 60.0:  # don't logspam the disconnect message more than 1/min
                     url = s_urlhelp.sanitizeUrl(zipurl(urlinfo))
-                    logger.exception(f'telepath client ({url}) encountered an error: {e}')
+                    logger.warning(f'telepath client ({url}) encountered an error: {e}', exc_info=e)
                     lastlog = now
                 await self.waitfini(timeout=self._t_conf.get('retrysleep', 0.2))
 
@@ -1543,7 +1555,7 @@ async def openinfo(info):
             path, name = path.split(':')
         link = await s_link.unixconnect(path)
 
-    else:
+    elif scheme in ('tcp', 'ssl'):
 
         path = info.get('path')
         name = info.get('name', path[1:])
@@ -1592,6 +1604,9 @@ async def openinfo(info):
 
         link = await s_link.connect(host, port, linkinfo=linkinfo)
 
+    else:
+        raise s_exc.BadUrl(mesg=f'Invalid URL scheme: {scheme}')
+
     prox = await Proxy.anit(link, name)
     prox.onfini(link)
 

synapse/tests/files/aha/certs/cas/synapse.crt

@@ -0,0 +1,28 @@
+-----BEGIN CERTIFICATE-----
+MIIEvzCCAqegAwIBAgIRAIdu+9lQ3Z2nydXmG1/p2BAwDQYJKoZIhvcNAQELBQAw
+EjEQMA4GA1UEAwwHc3luYXBzZTAeFw0yNDA3MDgxMzAxNDBaFw0zNDA3MDYxMzAx
+NDBaMBIxEDAOBgNVBAMMB3N5bmFwc2UwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
+ggIKAoICAQDQ8AFyEbiRUsKdRFlm6WS5X2cp9339H3A0qsXLSRYsCZGc6oJtLX0/
+52xPGCrKlXde2jxHU8DMDiEzQ3iVJjzDbJWXgAoNVfwrNVS1zjlSZyExVfRrCbzo
+XpGeuNAIY/WCpsbSxM7mCVPuEZtbX2rY4XmdyBWUpd4dqoDDIK2wU329daJEVNpd
+y9wdbZ2lLNPmKGS6Kb7Th3mio+sHpHEi6gcfYzH+mOFdWFVAh602OFMUp+fLq3nG
+MyFHHLDC2vvPqVWf+T7Z1E8k85Zqw43TSUTwdlG6u8egC6soKQsEze6oi4fMAt0l
+a4bgMMWDMIKJuQ4f6THEq5vKwPj0E78aT6C4C7qSKeHZSf8IOj7l3ukdgl7Sbrga
+JCjpL1V5+EB8LTpxjjK+TDbXUwU/eKIJp/I2i7dd//nMRs9Wr2k6aIvAt9PbopA2
+kG4tCS93TmzCza3TCtc4BruFHz92ToLfxvgcNq6N/BboDVjDIeAKtrWpe9VHPEIy
+Eh23tAPcgPXmlOBZj4DKJ5YoGNbwYQaFDrLIHh1JzRGQbAh00JuaqDPH3kb1Q6sm
+VjUx4QpX34qj231Bpfgu2eZX2kiLvtW+qPPfxWY2RCms1Yb+GMeKAE+9E8rak8Nq
+oPvdqgdUUbneW1PRgBaalu7xDALH/DQm5R+baly5PEYi8gk/vsyaQwIDAQABoxAw
+DjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQB4Asv4TuAgF2vcOdxl
+mjPBwYueBDJrbbP2I6qjE9laO0xMyIN4Dp8ExbJyBKl/RlkSA/1cvJ7EyhlJnY1S
+Dps8EgKS5lQw0D/bFg8JQNgNec6jCxjfytRgYkhoikabz8HR2gmUIb0On6X+dvht
+L3Hv1/41Q4+Tig1JPRxP6C/hHcfLnCvmIsrMgKRbTGzb1AKfP8N93eZqDcA0nZo5
+Q0p+AdLQ6ilnh8895wQexoKs7mWImEzxUdTMZlf/YSQ9Nct3OKxtYg0IOk1KW9Fe
+sMstTDHg+/NJr2297vCmeNydYRGOTidLefebaNq0YnTm9cI3kPi/9etfUGeWHbrW
+aXXJCQ02uiWjrL9ykiifB6f0nve0m4ENWI11FypZ3nReMNDFIYSQfwlat6E/KTQ/
+5ih/NEgbY5KnMcUJqEKCBftfvfZyueE0frHClLZNi+YQNXD3ui6lmXzn8vmvaHeR
+dDfCifQ5TGHOlNmk9LMOv1Szx9CNswUwKDpSLklFp2lzI0JHTXm+NYCqeE+3cnrN
+vbsq55txmImj/Ekos5/kuv3Z2myJsDd2xT2eZ/QEkb7FOeO5RPrya3yXoSGNlkgs
+XG8vvCDNTeD6BJPWHjbu0ksZ6nxBFRsEmA2Ni8Y9ROUXUuJtwX+sYqHfAAVMLbiR
+wSujqDSopMoJSGr0hUT9kjbUSg==
+-----END CERTIFICATE-----

synapse/tests/files/aha/certs/cas/synapse.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKAIBAAKCAgEA0PABchG4kVLCnURZZulkuV9nKfd9/R9wNKrFy0kWLAmRnOqC
+bS19P+dsTxgqypV3Xto8R1PAzA4hM0N4lSY8w2yVl4AKDVX8KzVUtc45UmchMVX0
+awm86F6RnrjQCGP1gqbG0sTO5glT7hGbW19q2OF5ncgVlKXeHaqAwyCtsFN9vXWi
+RFTaXcvcHW2dpSzT5ihkuim+04d5oqPrB6RxIuoHH2Mx/pjhXVhVQIetNjhTFKfn
+y6t5xjMhRxywwtr7z6lVn/k+2dRPJPOWasON00lE8HZRurvHoAurKCkLBM3uqIuH
+zALdJWuG4DDFgzCCibkOH+kxxKubysD49BO/Gk+guAu6kinh2Un/CDo+5d7pHYJe
+0m64GiQo6S9VefhAfC06cY4yvkw211MFP3iiCafyNou3Xf/5zEbPVq9pOmiLwLfT
+26KQNpBuLQkvd05sws2t0wrXOAa7hR8/dk6C38b4HDaujfwW6A1YwyHgCra1qXvV
+RzxCMhIdt7QD3ID15pTgWY+AyieWKBjW8GEGhQ6yyB4dSc0RkGwIdNCbmqgzx95G
+9UOrJlY1MeEKV9+Ko9t9QaX4LtnmV9pIi77Vvqjz38VmNkQprNWG/hjHigBPvRPK
+2pPDaqD73aoHVFG53ltT0YAWmpbu8QwCx/w0JuUfm2pcuTxGIvIJP77MmkMCAwEA
+AQKCAgAxPqgwkQGt6tIoy//AVDkjwdsoVodQ3hSNrURiNe8uYPD7iYBFKEgRhEOQ
+XtNTHShd6FT1wMU7swbbNMdabAE9VD3rz8dOvlnpey/ki98Rz3HQ1X/+rHRkVkm/
+HbMWjyzB5voMmktjh4ZLIcY6ooIl7PrDl/GSMAfqeRHRK8YUPZFw0qV0soUnP1G5
+c+kIkci9wf5/rDAoXhFqpnTSP81Um9Ei8jfJ2JGhdRze0TufgGYAg9SLufZBIzLw
+NlBpFMDuAGzIgC/ymmou/OSSdFXcmzPO8ywvNWwHCkkEdav9rWXXPs+6Y2BpHe9T
+rtsWoRvbRw0Ps2BCCOp2vsXOjUrohP4I2iKb5ExHAQoKmewro2b/txJw39rnaWa5
+/E9OG5hvbXEt0o5dfeLgtQLXcTsjTGqbOO3bi4dS42Zz9DdnnHf9oNes5odxW2lp
+TCPJQozZuzY9J5toEltz2RBgX4ECWaXE1UnY6E4nm1zkDRc1xx7V1bXp6MsXWYx6
+MO62tprWb+zFz7M6yIz7fsB9339X5Ky+xtDPKBJk8qnOVFpMbHkefpiHs6tPlmyu
+1wIjeL+3Om2pAd1nEPuk02pOhiurthiqI6wwHI8X03RnF5HU9tKUKLMCjnD1PJuM
+Ysqj7pDdaezRic+mrQAyBqebLzEcZ+PRwOpPVCX3lo2G/BD1bQKCAQEA8u70QHiX
+l/OlcxTG4nVn62ljsWCY3FYTyfDtWrP3uZQ7zaLF+wlGX7MXo416zVHPvW4YtCkG
+1n6KdaQguuSbE+CgvzyCmCLtSYiXuA35dVa9a6TDG5nPvwPJeT99HPMg1xRXxCaC
+f8ilJ6WILD9sG6383a0fWC7ZlXpIFB+ZXmNaj82vS421BrbciH+sLO9jk94Drxnw
+aXe81G6Rkabw3w852y+0TgqOoiVis4rCBpCL1e7Oz+s6+kmpNvc/4NI9LZTk2B/l
+M++9aTi11p4Z/1paDffOPinmgKXOhb1fud6+j7XbNmvU+mgDc+95H93zA2rp37CT
+CU9jo5i/hNUDFQKCAQEA3Czy3iKpvDKtsq9cDStfg1Ysr1raqOKHr4cS01M3u5Xa
+Ku3ORGkiVcQJAfgWik5nFfbzbiX2SNUFB9jLQvIGnAxRTen6empfCCds9+HNS4PI
+E8Byyepr9H6LFpqLr/GDrTA4cXWez8r4BMZwsuYa/cOEZt9Uoq97DFlCEwL4YDD2
+ZDNLSLry7LhH4XN0oYU+7imj4fKebWDY2m/qc+OJ0+xMDg/dioFfWaIW5UnpteNY
+6YZFTOygosSRrvEKGKnaszVpDRLPcHKcEzIKX8Naf03898R1m+dM1Atc/UZa9pet
+6kpZpqpKoGHrXg7rNWWdPyJfm4bH1MoNqjABUIhd9wKCAQAV6xtcicTbr974oCJF
+omQq6EpXYajJEHcenD8+FMjAFLDEn/AO80pHLihu2EABMGV26O0PrDfyuF4TuSg+
+1IttYrH+Lx51TYltPga6U4BzZs0WXjpATkNhL51I9EJ8jy8iWLKGfxb9IoRMLHI5
+08sUQEF1Wr5ePXPiObMxJZy32Gz+Vod/YJy5q1wAcMx/DWZFnB1m+gcn7Oa7n/JA
+WviWl5AXx5kUBX3TAV6DZnyVDQug1LgSKF4c4PKEhBBeX3mnmCyBl3cdlX7YdIZr
+g75CvMstQXN5RlyGtO8KQAjYA1HcM4NAyL/hi+rr1epuxp67azUIuqy5hVEvHIQD
+Hxj1AoIBAQC8knrIKiP5neYKvgo29UjusaW/4i6YqrvPZ/6FpCZ9sRCT5+zbxrez
+gRy95P9ZIWFE/KbtVfIj2t5eJB2ijqt+h0YzVwxCQEx4LVw0yd4MqSd5U0B9Exu2
+4ZK6n064OD+w2zXcZwLHsWzOmi736gCACy6g9PIGDAl1QBVJNygHKqg8lXoLJqLc
+f9CAlWP02qxVSrCj2io6P9I689N3wg/Pw/g3qvrxn3BM0niNlMpoD/mcuHUuNxQ1
+k+m6TZN6IC/BgSMiIVQtWNu3zQn5jtU5Z1Ab3NVl26p/iePwwIsz3CEGIvu5tOwJ
+hRQTEO/+YbNV2VjNWZhY9VzSwB7AHKttAoIBADaDQIZC+2JcOAZnLCwfToYb0Ga4
+Hs0NFcO8/EH7PNTTlhbD5bVPW/6IlTkSDemMp89zdYoB3EAfevWK5pMp5XOpQfsA
+Puc2gueO/ICSb76YcabAdnOyB73Kb2PvqQ7yl6YP9U9IK3PBuZbDxiOcsM1h1yfL
+XlMjDH08/e5efDBaxeVDTXS63haFXTgRKHYdnEm63AzeR0PXvpD/az++aaxoxkAV
+SV/zudxSzx/O8zrVjl6lz1vb35jQ1s4X2T8EfGEjuXAGx7yV9MaEwLWH/RhHAUgD
+vHoSEcB5Q3hbSj0QBqHiSkKcGn5VYP3kXSGMF2438flUahpdMpeP4QTa3tA=
+-----END RSA PRIVATE KEY-----

synapse/tests/files/aha/certs/hosts/00.aha.loop.vertex.link.crt

@@ -0,0 +1,30 @@
+-----BEGIN CERTIFICATE-----
+MIIFJTCCAw2gAwIBAgIRANebBnGvTlRt7CIGrH6WJagwDQYJKoZIhvcNAQELBQAw
+EjEQMA4GA1UEAwwHc3luYXBzZTAeFw0yNDA3MDgxMzAxNDFaFw0zNDA3MDYxMzAx
+NDFaMCIxIDAeBgNVBAMMFzAwLmFoYS5sb29wLnZlcnRleC5saW5rMIICIjANBgkq
+hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvXp4PAfmdzu5t6ADh/l3iVTRYbpPVnQz
+7bySmQlhTtNQFRDOHgEyfttpd0zTWoQZBiQr9H4ZjXE5W3XHdptHcPE718rzBcP3
+G+DDIbp5nbkccUb7lvMVt39/4n9lK64K5YdnRop4SGsnps2WJvrLv/7qhgXPedjF
+Yh/E7iR54C+wns4aKvD2gZV9vYudu6PcB3S/b/r0Vqykpsy6dFL1bKTvJCPyD4b3
+ZAXpHr8Cws9Chae8DPt3PkUFCMnRl4opG7i8w/aJABRiXS9whccP1H0uGMvRF69P
+E1eSjXytwFcBUOI3rTwnAWBOfQ1zwRAQ6nCQsjH/CKZffrKro6M7kT+rfE0EiDPG
+kqf0owa+av4Rv2D0qRXhOBsq/jWgCtznk4286JweaRW8Omk+ViG5JO0Pxczp0bpg
+qiExqpJ/O8HTAEKbI9MB2+qRcUVnJanJ2KXmPUWdTtJQuEtCoLfDExudzOJgMwb8
+i2cmXTeVwas2QKA5pD+OOlGKciQc0T2xPIE/Gm/3CWRBs1wj9fqJ85NG9zbtCPpT
+7yuruYyiuRJTAo9s8D4AGaoeQLhQ8JE4Xkfol9Pva/UTIaHoKux6aHYsXBUbEeZb
+RqO3BGViV86Po+1+t2lBHHfD/s/YTnT7cjm+dYQdS9GqrwzZr7lp538lFkmFeX7t
+wTZakkXWIGMCAwEAAaNmMGQwEQYJYIZIAYb4QgEBBAQDAgZAMAsGA1UdDwQEAwIF
+oDATBgNVHSUEDDAKBggrBgEFBQcDATAJBgNVHRMEAjAAMCIGA1UdEQQbMBmCFzAw
+LmFoYS5sb29wLnZlcnRleC5saW5rMA0GCSqGSIb3DQEBCwUAA4ICAQDFSKMqM/A9
+maLx5zMO917Ysw1odf1DsemYeDjoZPRMSC/PVIjJnaZqB7UH3/mUxX0uqk9NMjLD
+aq0u8vJqNnjxBzFWfcb5vcH05WC1lBIJj9Bd/tR+0jXL31COqZ5usljv/uL74hII
+MH9qiRqDE7eQq7Mcxz6qbXwGGqY5570iOBfvLConR8zCy0WEuDf3yB8/8XKaDsxA
+6TiaY35OZgR6yNA7q+1rpBUGCsX14mJMOVWtIaY5V2F4RHc+7HzdkW0o8XDHk4lS
+Tq/SAfjFsGt1bDLgmJ3HtI+lUBZtW+uKLZVHNnV4v7rAebu4TLUtbZXl7eeUBWpF
+mSP2rIs0RbR7Y3jAXg4WMu4fIeZkP/jUvPpgUfkiF5jevwc0GvG7h8u+6ybg9nrS
+09vlTXc08CRgtp2eYTnsSR7aJCr0kYo7ZTWbeo96gf/vJIVJcNnRZnvvfl1vyrZT
+QK13S6TzUbF1oAVHMH5nSun200D2CSzyjOYDnGpTGIdfbamI2KsphyUS/sVCETDP
+f8fC01rRBpjFc7w+ubYuRyiXEJpzbRJe2CWQZPxq0CZ7Yifgz7hIot5/F1EuNE5z
+elh6vtjcudEoQjOgUI4HABQe9nI6TUDfAKPlo/ffB4iHMBmC49WaCdu/6gQs0s7j
+KjhaMLwW7zaGUYFkdR1vcn3qeFnAM9cmBQ==
+-----END CERTIFICATE-----

synapse/tests/files/aha/certs/hosts/00.aha.loop.vertex.link.key

@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKgIBAAKCAgEAvXp4PAfmdzu5t6ADh/l3iVTRYbpPVnQz7bySmQlhTtNQFRDO
+HgEyfttpd0zTWoQZBiQr9H4ZjXE5W3XHdptHcPE718rzBcP3G+DDIbp5nbkccUb7
+lvMVt39/4n9lK64K5YdnRop4SGsnps2WJvrLv/7qhgXPedjFYh/E7iR54C+wns4a
+KvD2gZV9vYudu6PcB3S/b/r0Vqykpsy6dFL1bKTvJCPyD4b3ZAXpHr8Cws9Chae8
+DPt3PkUFCMnRl4opG7i8w/aJABRiXS9whccP1H0uGMvRF69PE1eSjXytwFcBUOI3
+rTwnAWBOfQ1zwRAQ6nCQsjH/CKZffrKro6M7kT+rfE0EiDPGkqf0owa+av4Rv2D0
+qRXhOBsq/jWgCtznk4286JweaRW8Omk+ViG5JO0Pxczp0bpgqiExqpJ/O8HTAEKb
+I9MB2+qRcUVnJanJ2KXmPUWdTtJQuEtCoLfDExudzOJgMwb8i2cmXTeVwas2QKA5
+pD+OOlGKciQc0T2xPIE/Gm/3CWRBs1wj9fqJ85NG9zbtCPpT7yuruYyiuRJTAo9s
+8D4AGaoeQLhQ8JE4Xkfol9Pva/UTIaHoKux6aHYsXBUbEeZbRqO3BGViV86Po+1+
+t2lBHHfD/s/YTnT7cjm+dYQdS9GqrwzZr7lp538lFkmFeX7twTZakkXWIGMCAwEA
+AQKCAgAgRonPk/ruiYZvoHqpgVWa149ZCc7055Nm5i3EksP4FOe5xuSNWN/cmwxi
+jXwdGY5XrPatzYMVxFkkWrIw4m9vbjAm6IOwEjr4DTe/+Y84zizpoNE/W8XxvW6v
+ysqVf66MfZ2adwDZOSOGdtOibSsi183kKX43f7TTq5y0ghMenJEF5A6yDNy4oxnJ
+nUwvh9B1lq37abCQSRU88ne6U91Jdejka5kSiwd+CsG0go36WCq5MKLIRVeBDGm4
+nwQsP5UUC0pgSRD6Kf69Z9TPfOKV7ALbp3BFDBA4t7yXjErejhODzxzzzeDJC7oi
+9BUpKE7xWF5VdE3Aj/KJVu8Ez0vYfTTr+IvhAOi6mOxmqYhcODzwehwiD5o0CiG8
+Igb3YzZjvgjjIhX0n5GsKSOWlxjXOMiuB221WvLIx/qlCXCJzR71XoX4YwPYn7GP
+LjjTVrMiLqN8UNEZ1AYH1sP9xlL/Dzg164EMBsRUIgQJo7DHXtpcEEpioyDRfLmm
+LsoT3MaNsd9EoNDKlTpNz1BrJtJR0GAQCvBOKOCIpXihiLRWj3d9gFe4ZO4JdNOd
+B+m1eZzXltus3Rc/7tGGKAfNt212IGKOalZsIpYN40C7C/iFr2miST6SUyBLhVaj
+3zbexSIbgj7QfT6IIMYZYrZBb2FfBALJa58ye/enNRGlcnFtwQKCAQEA8h7COxN8
+uotwC4T2PIFzjusGGCeAKx6PuRKfl4P8nzBic4BjvbKVrLc2W4hqqAu15uk5RkAk
+sdjd2IFpQzPsdbUTmKWNKYDclpMctqTifdxyjOSxIx9Hg22UkZKbVKyrjHKvlKkx
+o2E+p6XijAc8LvFLty7pSAe3uHv61bzEmEc+rJEoH+k5sQ1TQP43rbOLjvWNz4oS
+gFv1/437+uFaMglsgfP14fBYwaTQZc3mPIEbeO3e2D95kZ6+ptOnUagS+LDNNcCk
+F0YrFePPDP2GKZPLjfqoN4EGASSdXogcMDdQfVM/BmiZFYWAmSPKzwzm874mSRZA
+fXyNxH+0FsMzowKCAQEAyFcqVXTbKTRzTgssjnRIrfgwp7bDT9xoMG4PWPqrNKax
+f/Kg8CU/iJErkcriwcbheWKxKy6d8MgDcMZuDEM4gsfQxIeTLUPeiNvVCdtk8x0/
+twaX7R7KBRWR5Q4/SGZqoI5ZVZTNROpn1YwFlhJJXdJv0l0LxF2NGYSLXIqG99g2
+2kOlVBeAm4evoY6xHsp9dxVa41Bc3+KK/vrZezF9bQTq2NmtHyIUJ2jIMlgr+eAc
+Bq+yJLLHQ3c1NR8jKNK76E59dUkawsxPnSEc0KWh3g3L2udxy/+1eE3r+jj0jCII
+2MoiTFVCNnJ7LMdsGISkax5ZJX1blUflikIA72IsQQKCAQEAwLQsgRp8fni2f+Se
+mv+pOsniOt1NjIQxferNrKk3Kng3E5jPSc9Wg3X6xJVp1kAj0ho0JK6uxgJGZ6hw
+YDV2cSTi6O5y0OKoLwv9oXzQa75GSc9HER43K+rOgaJ/EMCxdQJeruKPCGtAk+xa
+yHqFsxMH4U9sCpFh72p19SHeExk5T93kYqmc6kchySvMouqxG+JisRlCqnkG7RRT
+xpUP1Z1ciH3kaKSD7/O+jhh3tBZKCFDCubijiHwhX+Q7Wql8GAWX/r1JnOCTMEP1
+qnAqFPN14pXqxuphHg3HVtLcJKAR5v2XvwEHPnLYLIqpQ2wQcVUZYbhdMcMtjoTZ
+j/hjIwKCAQEApmGdyvMNwJ7K1Bn7myN/6NuirObgNkb6UJ5XKLKl1UhLSdObTVXh
++e12ndI9mGkvgLwyH4bLrNiv4s0pQA3jtNl1zII7/O/MtSS9PT50DGRSMhLLwiY7
+6RUM4Yp/jAVisI0ILEc0YvO54GQ1j3kIbV8Dd1XHHAIF2Rd3FhgGF3f9ti9P8xLB
+wGljt2zmNIg+wtN9dCOdvmJKxZBXZjSn0g6vbAD8AksvKbuf6A/KFe/F1te7vzaq
+vqEWE1QUwyag4EGvd+SK0RUVWY3SfIXSdLRIhTiKDb4EXDF6tYjvsCHj7weQjIyS
+PN2+5mWIpKQkWMIPj08Y7FWVkMlYNXb3AQKCAQEAuXMzr9YD8r3kaF7vQmRiF3f7
+725mWjjBwcKrUW/ZgLMkfx2Pcn9Lt+1+ULVcEGwIuI8eoS/9LhI4WR6j6H8kkvOH
+TQ//5ZFiOJS2MaS9kSEVs5RVu0MhaWshrCiYOIcq3z1v4AiSxh/jNGc3Uc3eEiMy
+sxPA3YLKPahPTt3QEtwRagCsgFfBvj52RJg8TON3ZQoOACeUSRJlCgV7mxh+gRor
+1D8eevuSd+7IRlWnM7UCQQTtNie5mbOgd3fRuNI+vGFIwQnHmkg55iFE5TCRg4oS
+UeOhOVF+5BZp7qOn9j3FVWzkaGwfIredFWnfh9oENIW5orIGB/SbwEfWm8UtUw==
+-----END RSA PRIVATE KEY-----

synapse/tests/files/aha/certs/users/root@synapse.crt

@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIE9jCCAt6gAwIBAgIRAJGsran8ISfoaXuIMN7vAIAwDQYJKoZIhvcNAQELBQAw
+EjEQMA4GA1UEAwwHc3luYXBzZTAeFw0yNDA3MDgxMzAxNDFaFw0zNDA3MDYxMzAx
+NDFaMBcxFTATBgNVBAMMDHJvb3RAc3luYXBzZTCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAL42zY6E1q0RJIr9j+T6bPb7/f0RbwLJ2hza0/4qjAisNGQs
+t1WkWvpNR/l0+JHmXw78KQ1k8/WP+niIXZmakZdrMNQOf+BBY+MoNqFHtA1KoP0p
+b7f0hyQyRprYihSllA3uFZEagaylx9z5TliwclnCvB77whRZFU8f5PXH+wibWFvJ
+n4ycdFVLg93Rb6IiliMytc3CA4TEemDiL5410nZNipWGcYRmTUruWZCADYLSh6D+
+VJvY/sfoteBX1cvhCdL6DORKaxZnXsPthzkDPJYgLn+1E9hJ4vhuqgXIJ7VjqrPZ
+0wJtciZYb9YcJM6OqiWavW8AeLOEySEKO4NEGU0JduFpu4/9xnfhv/Atdv9YwK6j
+mJmxl/bV9dPhjszNG/D+RbCeBdhWebL1zcnt8indigLxSI9UgulBnjCJg4xHrJPO
+9tiXPi4ipFL4tIpiW4NYCWnJXAkCNgPBFGeFaEmzAxoiSh/iBIMfUgfMV26HzOUS
+2MAzq04/2nH4MjsZYtIKNx8sNZvC3QnDVH1ncGC8JcbSVZPH2jBmMRJJjhxDT7wM
+JbgJJomJ1mIP3a03FJpLTCxP8IbBTmq3TuOpqmhmiVHjBunACbNf6l6fhOJG3pMk
++VpWtIUiKyNMXvjxgM5bKi6sx1ivInxmPk0f2BPBTrYeLFCTj711A4XuHxSzAgMB
+AAGjQjBAMBEGCWCGSAGG+EIBAQQEAwIHgDALBgNVHQ8EBAMCB4AwEwYDVR0lBAww
+CgYIKwYBBQUHAwIwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAgEANZtBnHeo
+yatrA/s2BzOU0k4WGEUaFMrCi6cDyVAWQ6mhcQHqJ2C8Yi2xCd5Si2BEC0hiyJ4K
+wOpi/bkoyAh67bX/RchzqLTwfUYyM17ZH5yiqbPufjpJQAitAVaywCI0jXDpaYlM
+o2u6b3u8eUKhlfHSIzTJn1sVc0p0Ql0okhrHwwUfwN1lwkVDR/e+jF5GKAwjnkNc
+yu3yYYz0oHAg6ZOcQaaFASX7oBBpYnHfDvou3uoJTGfKevRgI5NwQDRG3gipudSi
+vIwWR2iyBjTZaICChmaBX7zVHLwOFN0LRv73tgEBcJwZ4oCvE64POpAL2pO+U52d
+fIFlIOPSuILtTTtBRvfTuIjEvVCF44g4JkPgPpaN9yPcdAOnBQkP7RkrMlQ1pKZ3
+S6uZh9Ar0jNx59ijYq2Y8o/yyEVveXIKbp3HLogfcLeEWUqjL3syP72WkfBWRWx9
+QELaYrFFxgtT4bKZSmyK4C4qwgSknm89Xp/JZFyKWAjYEmu9BAHDI29IBVbLzQAS
+ezrtG2CmyhejnGhwSMYNmv+dC+ahSeP5FQiixrrxaTJ0s3Ax5mvbQQqv9lBvkn9Z
+WpVNN5MHdHEWnvbK4kfFnVQIBfv3lvPl0C0vk3VSWZexXIOjNtkUK6/ALHV2n5AA
+BEJmC3OPyT3eNrlr7gCxuMoV6uDMeTCRpTY=
+-----END CERTIFICATE-----