Sign outgoing PDUs.

2025-09-30 08:08:26 -04:00 · 2014-10-16 00:09:48 +01:00 · 2014-10-16 00:09:48 +01:00 · 66104da10c
commit 66104da10c
parent 1c445f88f6
9 changed files with 62 additions and 24 deletions
--- a/synapse/crypto/event_signing.py
+++ b/synapse/crypto/event_signing.py
@ -15,6 +15,7 @@
 # limitations under the License.


+from synapse.federation.units import Pdu
 from synapse.api.events.utils import prune_pdu
 from syutil.jsonutil import encode_canonical_json
 from syutil.base64util import encode_base64, decode_base64
@ -25,8 +26,7 @@ import hashlib

 def hash_event_pdu(pdu, hash_algortithm=hashlib.sha256):
    hashed = _compute_hash(pdu, hash_algortithm)
-    hashes[hashed.name] = encode_base64(hashed.digest())
-    pdu.hashes = hashes
+    pdu.hashes[hashed.name] = encode_base64(hashed.digest())
    return pdu


--- a/synapse/federation/pdu_codec.py
+++ b/synapse/federation/pdu_codec.py
@ -14,6 +14,7 @@
 # limitations under the License.

 from .units import Pdu
+from synapse.crypto.event_signing import hash_event_pdu, sign_event_pdu

 import copy

@ -33,6 +34,7 @@ def encode_event_id(pdu_id, origin):
 class PduCodec(object):

    def __init__(self, hs):
+        self.signing_key = hs.config.signing_key[0]
        self.server_name = hs.hostname
        self.event_factory = hs.get_event_factory()
        self.clock = hs.get_clock()
@ -99,4 +101,6 @@ class PduCodec(object):
        if "ts" not in kwargs:
            kwargs["ts"] = int(self.clock.time_msec())

-        return Pdu(**kwargs)
+        pdu = Pdu(**kwargs)
+        pdu = hash_event_pdu(pdu)
+        return sign_event_pdu(pdu, self.server_name, self.signing_key)
--- a/synapse/storage/init.py
+++ b/synapse/storage/init.py
@ -42,6 +42,7 @@ from .transactions import TransactionStore
 from .keys import KeyStore
 from .signatures import SignatureStore

+from syutil.base64util import decode_base64

 import json
 import logging
@ -168,11 +169,11 @@ class DataStore(RoomMemberStore, RoomStore,
                txn, pdu.pdu_id, pdu.origin, hash_alg, hash_bytes,
            )

-        signatures = pdu.sigatures.get(pdu.orgin, {})
+        signatures = pdu.signatures.get(pdu.origin, {})

-        for key_id, signature_base64 in signatures:
+        for key_id, signature_base64 in signatures.items():
            signature_bytes = decode_base64(signature_base64)
-            self.store_pdu_origin_signatures_txn(
+            self._store_pdu_origin_signature_txn(
                txn, pdu.pdu_id, pdu.origin, key_id, signature_bytes,
            )

--- a/synapse/storage/signatures.py
+++ b/synapse/storage/signatures.py
@ -47,7 +47,7 @@ class SignatureStore(SQLBaseStore):
            algorithm (str): Hashing algorithm.
            hash_bytes (bytes): Hash function output bytes.
        """
-        self._simple_insert_txn(self, txn, "pdu_hashes", {
+        self._simple_insert_txn(txn, "pdu_hashes", {
            "pdu_id": pdu_id,
            "origin": origin,
            "algorithm": algorithm,
@ -66,7 +66,7 @@ class SignatureStore(SQLBaseStore):
        query = (
            "SELECT key_id, signature"
            " FROM pdu_origin_signatures"
-            " WHERE WHERE pdu_id = ? and origin = ?"
+            " WHERE pdu_id = ? and origin = ?"
        )
        txn.execute(query, (pdu_id, origin))
        return dict(txn.fetchall())
@ -81,7 +81,7 @@ class SignatureStore(SQLBaseStore):
            key_id (str): Id for the signing key.
            signature (bytes): The signature.
        """
-        self._simple_insert_txn(self, txn, "pdu_origin_signatures", {
+        self._simple_insert_txn(txn, "pdu_origin_signatures", {
            "pdu_id": pdu_id,
            "origin": origin,
            "key_id": key_id,