SYN-75 sign at the request level rather than the transaction level

synapse/federation/replication.py

@@ -25,8 +25,6 @@ from .persistence import PduActions, TransactionActions
 
 from synapse.util.logutils import log_function
 
-from syutil.crypto.jsonsign import sign_json
-
 import logging
 
 
@@ -66,8 +64,6 @@ class ReplicationLayer(object):
             hs, self.transaction_actions, transport_layer
         )
 
-        self.keyring = hs.get_keyring()
-
         self.handler = None
         self.edu_handlers = {}
         self.query_handlers = {}
@@ -296,10 +292,6 @@ class ReplicationLayer(object):
     @defer.inlineCallbacks
     @log_function
     def on_incoming_transaction(self, transaction_data):
-        yield self.keyring.verify_json_for_server(
-            transaction_data["origin"], transaction_data
-        )
-
         transaction = Transaction(**transaction_data)
 
         for p in transaction.pdus:
@@ -500,7 +492,6 @@ class _TransactionQueue(object):
     """
 
     def __init__(self, hs, transaction_actions, transport_layer):
-        self.signing_key = hs.config.signing_key[0]
         self.server_name = hs.hostname
         self.transaction_actions = transaction_actions
         self.transport_layer = transport_layer
@@ -615,9 +606,6 @@ class _TransactionQueue(object):
 
             # Actually send the transaction
 
-            server_name = self.server_name
-            signing_key = self.signing_key
-
             # FIXME (erikj): This is a bit of a hack to make the Pdu age
             # keys work
             def json_data_cb():
@@ -627,7 +615,6 @@ class _TransactionQueue(object):
                     for p in data["pdus"]:
                         if "age_ts" in p:
                             p["age"] = now - int(p["age_ts"])
-                data = sign_json(data, server_name, signing_key)
                 return data
 
             code, response = yield self.transport_layer.send_transaction(

synapse/federation/transport.py

@@ -163,27 +163,15 @@ class TransportLayer(object):
         if transaction.destination == self.server_name:
             raise RuntimeError("Transport layer cannot send to itself!")
 
-        if json_data_callback is None:
-            def json_data_callback():
-                return transaction.get_dict()
-
-        # FIXME (erikj): This is a bit of a hack to make the Pdu age
-        # keys work
-        def cb(destination, method, path_bytes, producer):
-            json_data = json_data_callback()
-            del json_data["destination"]
-            del json_data["transaction_id"]
-            producer.reset(json_data)
-
+        # FIXME: This is only used by the tests. The actual json sent is
+        # generated by the json_data_callback.
         json_data = transaction.get_dict()
-        del json_data["destination"]
-        del json_data["transaction_id"]
 
         code, response = yield self.client.put_json(
             transaction.destination,
             path=PREFIX + "/send/%s/" % transaction.transaction_id,
             data=json_data,
-            on_send_callback=cb,
+            json_data_callback=json_data_callback,
         )
 
         logger.debug(

synapse/federation/units.py

@@ -190,6 +190,11 @@ class Transaction(JsonEncodedObject):
         "destination",
     ]
 
+    internal_keys = [
+        "transaction_id",
+        "destination",
+    ]
+
     required_keys = [
         "transaction_id",
         "origin",