Fetch verify key locally rather than trying to do so over federation if origin and host are the same. (#11129)

* add tests for fetching key locally * add logic to check if origin server is same as host and fetch verify key locally rather than over federation * add changelog * slight refactor, add docstring, change changelog entry * Make changelog entry one line * remove verify_json_locally and push locality check to process_request, add function process_request_locally * remove leftover code reference * refactor to add common call to 'verify_json and associated handling code * add type hint to process_json * add some docstrings + very slight refactor
2025-08-09 14:12:10 -04:00 · 2021-10-28 10:27:17 -07:00 · 2021-10-28 10:27:17 -07:00 · e002faee01
commit e002faee01
parent adc0d35b17
3 changed files with 58 additions and 29 deletions
--- a/tests/crypto/test_keyring.py
+++ b/tests/crypto/test_keyring.py
@ -197,6 +197,18 @@ class KeyringTestCase(unittest.HomeserverTestCase):
        # self.assertFalse(d.called)
        self.get_success(d)

+    def test_verify_for_server_locally(self):
+        """Ensure that locally signed JSON can be verified without fetching keys
+        over federation
+        """
+        kr = keyring.Keyring(self.hs)
+        json1 = {}
+        signedjson.sign.sign_json(json1, self.hs.hostname, self.hs.signing_key)
+
+        # Test that verify_json_for_server succeeds on a object signed by ourselves
+        d = kr.verify_json_for_server(self.hs.hostname, json1, 0)
+        self.get_success(d)
+
    def test_verify_json_for_server_with_null_valid_until_ms(self):
        """Tests that we correctly handle key requests for keys we've stored
        with a null `ts_valid_until_ms`