Hoist server_name check out of process_v2_response

It's easier to check it in the caller than to complicate the interface with an
extra param.
This commit is contained in:
Richard van der Hoff 2019-04-04 19:12:54 +01:00
parent ef27d434d1
commit 6ae9361510

View File

@ -495,7 +495,7 @@ class Keyring(object):
)
processed_response = yield self.process_v2_response(
perspective_name, response, only_from_server=False
perspective_name, response
)
server_name = response["server_name"]
@ -543,6 +543,11 @@ class Keyring(object):
or server_name not in response[u"signatures"]):
raise KeyLookupError("Key response not signed by remote server")
if response["server_name"] != server_name:
raise KeyLookupError("Expected a response for server %r not %r" % (
server_name, response["server_name"]
))
response_keys = yield self.process_v2_response(
from_server=server_name,
requested_ids=[requested_key_id],
@ -560,7 +565,7 @@ class Keyring(object):
@defer.inlineCallbacks
def process_v2_response(
self, from_server, response_json, requested_ids=[], only_from_server=True
self, from_server, response_json, requested_ids=[],
):
"""Parse a 'Server Keys' structure from the result of a /key request
@ -586,10 +591,6 @@ class Keyring(object):
We will store the json for these key ids as well as any that are
actually in the response
only_from_server (bool): if True, we will check that the server_name in the
the response (ie, the server which originated the key) matches
from_server.
Returns:
Deferred[dict[str, nacl.signing.VerifyKey]]:
map from key_id to key object
@ -616,13 +617,6 @@ class Keyring(object):
old_verify_keys[key_id] = verify_key
server_name = response_json["server_name"]
if only_from_server:
if server_name != from_server:
raise KeyLookupError(
"Expected a response for server %r not %r" % (
from_server, server_name
)
)
for key_id in response_json["signatures"].get(server_name, {}):
if key_id not in response_json["verify_keys"]:
raise KeyLookupError(