Sign outgoing PDUs.

2024-06-30 16:31:50 +00:00 · 2014-10-16 00:09:48 +01:00 · 2014-10-16 00:09:48 +01:00 · 66104da10c
commit 66104da10c
parent 1c445f88f6
9 changed files with 62 additions and 24 deletions
--- a/synapse/crypto/event_signing.py
+++ b/synapse/crypto/event_signing.py
@ -15,6 +15,7 @@
 # limitations under the License.


+from synapse.federation.units import Pdu
 from synapse.api.events.utils import prune_pdu
 from syutil.jsonutil import encode_canonical_json
 from syutil.base64util import encode_base64, decode_base64
@ -25,8 +26,7 @@ import hashlib

 def hash_event_pdu(pdu, hash_algortithm=hashlib.sha256):
    hashed = _compute_hash(pdu, hash_algortithm)
-    hashes[hashed.name] = encode_base64(hashed.digest())
-    pdu.hashes = hashes
+    pdu.hashes[hashed.name] = encode_base64(hashed.digest())
    return pdu


--- a/synapse/federation/pdu_codec.py
+++ b/synapse/federation/pdu_codec.py
@ -14,6 +14,7 @@
 # limitations under the License.

 from .units import Pdu
+from synapse.crypto.event_signing import hash_event_pdu, sign_event_pdu

 import copy

@ -33,6 +34,7 @@ def encode_event_id(pdu_id, origin):
 class PduCodec(object):

    def __init__(self, hs):
+        self.signing_key = hs.config.signing_key[0]
        self.server_name = hs.hostname
        self.event_factory = hs.get_event_factory()
        self.clock = hs.get_clock()
@ -99,4 +101,6 @@ class PduCodec(object):
        if "ts" not in kwargs:
            kwargs["ts"] = int(self.clock.time_msec())

-        return Pdu(**kwargs)
+        pdu = Pdu(**kwargs)
+        pdu = hash_event_pdu(pdu)
+        return sign_event_pdu(pdu, self.server_name, self.signing_key)
--- a/synapse/storage/init.py
+++ b/synapse/storage/init.py
@ -42,6 +42,7 @@ from .transactions import TransactionStore
 from .keys import KeyStore
 from .signatures import SignatureStore

+from syutil.base64util import decode_base64

 import json
 import logging
@ -168,11 +169,11 @@ class DataStore(RoomMemberStore, RoomStore,
                txn, pdu.pdu_id, pdu.origin, hash_alg, hash_bytes,
            )

-        signatures = pdu.sigatures.get(pdu.orgin, {})
+        signatures = pdu.signatures.get(pdu.origin, {})

-        for key_id, signature_base64 in signatures:
+        for key_id, signature_base64 in signatures.items():
            signature_bytes = decode_base64(signature_base64)
-            self.store_pdu_origin_signatures_txn(
+            self._store_pdu_origin_signature_txn(
                txn, pdu.pdu_id, pdu.origin, key_id, signature_bytes,
            )

--- a/synapse/storage/signatures.py
+++ b/synapse/storage/signatures.py
@ -47,7 +47,7 @@ class SignatureStore(SQLBaseStore):
            algorithm (str): Hashing algorithm.
            hash_bytes (bytes): Hash function output bytes.
        """
-        self._simple_insert_txn(self, txn, "pdu_hashes", {
+        self._simple_insert_txn(txn, "pdu_hashes", {
            "pdu_id": pdu_id,
            "origin": origin,
            "algorithm": algorithm,
@ -66,7 +66,7 @@ class SignatureStore(SQLBaseStore):
        query = (
            "SELECT key_id, signature"
            " FROM pdu_origin_signatures"
-            " WHERE WHERE pdu_id = ? and origin = ?"
+            " WHERE pdu_id = ? and origin = ?"
        )
        txn.execute(query, (pdu_id, origin))
        return dict(txn.fetchall())
@ -81,7 +81,7 @@ class SignatureStore(SQLBaseStore):
            key_id (str): Id for the signing key.
            signature (bytes): The signature.
        """
-        self._simple_insert_txn(self, txn, "pdu_origin_signatures", {
+        self._simple_insert_txn(txn, "pdu_origin_signatures", {
            "pdu_id": pdu_id,
            "origin": origin,
            "key_id": key_id,
--- a/tests/federation/test_pdu_codec.py
+++ b/tests/federation/test_pdu_codec.py
@ -23,14 +23,21 @@ from synapse.federation.units import Pdu

 from synapse.server import HomeServer

-from mock import Mock
+from mock import Mock, NonCallableMock
+
+from ..utils import MockKey


 class PduCodecTestCase(unittest.TestCase):
    def setUp(self):
-        self.hs = HomeServer("blargle.net")
-        self.event_factory = self.hs.get_event_factory()
+        self.mock_config = NonCallableMock()
+        self.mock_config.signing_key = [MockKey()]

+        self.hs = HomeServer(
+            "blargle.net",
+            config=self.mock_config,
+        )
+        self.event_factory = self.hs.get_event_factory()
        self.codec = PduCodec(self.hs)

    def test_decode_event_id(self):
--- a/tests/rest/test_events.py
+++ b/tests/rest/test_events.py
@ -28,7 +28,7 @@ from synapse.server import HomeServer
 # python imports
 import json

-from ..utils import MockHttpResource, MemoryDataStore
+from ..utils import MockHttpResource, MemoryDataStore, MockKey
 from .utils import RestTestCase

 from mock import Mock, NonCallableMock
@ -122,6 +122,9 @@ class EventStreamPermissionsTestCase(RestTestCase):
        persistence_service = Mock(spec=["get_latest_pdus_in_context"])
        persistence_service.get_latest_pdus_in_context.return_value = []

+        self.mock_config = NonCallableMock()
+        self.mock_config.signing_key = [MockKey()]
+
        hs = HomeServer(
            "test",
            db_pool=None,
@ -139,7 +142,7 @@ class EventStreamPermissionsTestCase(RestTestCase):
            ratelimiter=NonCallableMock(spec_set=[
                "send_message",
            ]),
-            config=NonCallableMock(),
+            config=self.mock_config,
        )
        self.ratelimiter = hs.get_ratelimiter()
        self.ratelimiter.send_message.return_value = (True, 0)
--- a/tests/rest/test_profile.py
+++ b/tests/rest/test_profile.py
@ -18,9 +18,9 @@
 from tests import unittest
 from twisted.internet import defer

-from mock import Mock
+from mock import Mock, NonCallableMock

-from ..utils import MockHttpResource
+from ..utils import MockHttpResource, MockKey

 from synapse.api.errors import SynapseError, AuthError
 from synapse.server import HomeServer
@ -41,6 +41,9 @@ class ProfileTestCase(unittest.TestCase):
            "set_avatar_url",
        ])

+        self.mock_config = NonCallableMock()
+        self.mock_config.signing_key = [MockKey()]
+
        hs = HomeServer("test",
            db_pool=None,
            http_client=None,
@ -48,6 +51,7 @@ class ProfileTestCase(unittest.TestCase):
            federation=Mock(),
            replication_layer=Mock(),
            datastore=None,
+            config=self.mock_config,
        )

        def _get_user_by_req(request=None):
--- a/tests/rest/test_rooms.py
+++ b/tests/rest/test_rooms.py
@ -27,7 +27,7 @@ from synapse.server import HomeServer
 import json
 import urllib

-from ..utils import MockHttpResource, MemoryDataStore
+from ..utils import MockHttpResource, MemoryDataStore, MockKey
 from .utils import RestTestCase

 from mock import Mock, NonCallableMock
@ -50,6 +50,9 @@ class RoomPermissionsTestCase(RestTestCase):
        persistence_service = Mock(spec=["get_latest_pdus_in_context"])
        persistence_service.get_latest_pdus_in_context.return_value = []

+        self.mock_config = NonCallableMock()
+        self.mock_config.signing_key = [MockKey()]
+
        hs = HomeServer(
            "red",
            db_pool=None,
@ -61,7 +64,7 @@ class RoomPermissionsTestCase(RestTestCase):
            ratelimiter=NonCallableMock(spec_set=[
                "send_message",
            ]),
-            config=NonCallableMock(),
+            config=self.mock_config,
        )
        self.ratelimiter = hs.get_ratelimiter()
        self.ratelimiter.send_message.return_value = (True, 0)
@ -408,6 +411,9 @@ class RoomsMemberListTestCase(RestTestCase):
        persistence_service = Mock(spec=["get_latest_pdus_in_context"])
        persistence_service.get_latest_pdus_in_context.return_value = []

+        self.mock_config = NonCallableMock()
+        self.mock_config.signing_key = [MockKey()]
+
        hs = HomeServer(
            "red",
            db_pool=None,
@ -419,7 +425,7 @@ class RoomsMemberListTestCase(RestTestCase):
            ratelimiter=NonCallableMock(spec_set=[
                "send_message",
            ]),
-            config=NonCallableMock(),
+            config=self.mock_config,
        )
        self.ratelimiter = hs.get_ratelimiter()
        self.ratelimiter.send_message.return_value = (True, 0)
@ -497,6 +503,9 @@ class RoomsCreateTestCase(RestTestCase):
        persistence_service = Mock(spec=["get_latest_pdus_in_context"])
        persistence_service.get_latest_pdus_in_context.return_value = []

+        self.mock_config = NonCallableMock()
+        self.mock_config.signing_key = [MockKey()]
+
        hs = HomeServer(
            "red",
            db_pool=None,
@ -508,7 +517,7 @@ class RoomsCreateTestCase(RestTestCase):
            ratelimiter=NonCallableMock(spec_set=[
                "send_message",
            ]),
-            config=NonCallableMock(),
+            config=self.mock_config,
        )
        self.ratelimiter = hs.get_ratelimiter()
        self.ratelimiter.send_message.return_value = (True, 0)
@ -598,6 +607,9 @@ class RoomTopicTestCase(RestTestCase):
        persistence_service = Mock(spec=["get_latest_pdus_in_context"])
        persistence_service.get_latest_pdus_in_context.return_value = []

+        self.mock_config = NonCallableMock()
+        self.mock_config.signing_key = [MockKey()]
+
        hs = HomeServer(
            "red",
            db_pool=None,
@ -609,7 +621,7 @@ class RoomTopicTestCase(RestTestCase):
            ratelimiter=NonCallableMock(spec_set=[
                "send_message",
            ]),
-            config=NonCallableMock(),
+            config=self.mock_config,
        )
        self.ratelimiter = hs.get_ratelimiter()
        self.ratelimiter.send_message.return_value = (True, 0)
@ -712,6 +724,9 @@ class RoomMemberStateTestCase(RestTestCase):
        persistence_service = Mock(spec=["get_latest_pdus_in_context"])
        persistence_service.get_latest_pdus_in_context.return_value = []

+        self.mock_config = NonCallableMock()
+        self.mock_config.signing_key = [MockKey()]
+
        hs = HomeServer(
            "red",
            db_pool=None,
@ -723,7 +738,7 @@ class RoomMemberStateTestCase(RestTestCase):
            ratelimiter=NonCallableMock(spec_set=[
                "send_message",
            ]),
-            config=NonCallableMock(),
+            config=self.mock_config,
        )
        self.ratelimiter = hs.get_ratelimiter()
        self.ratelimiter.send_message.return_value = (True, 0)
@ -853,6 +868,9 @@ class RoomMessagesTestCase(RestTestCase):
        persistence_service = Mock(spec=["get_latest_pdus_in_context"])
        persistence_service.get_latest_pdus_in_context.return_value = []

+        self.mock_config = NonCallableMock()
+        self.mock_config.signing_key = [MockKey()]
+
        hs = HomeServer(
            "red",
            db_pool=None,
@ -864,7 +882,7 @@ class RoomMessagesTestCase(RestTestCase):
            ratelimiter=NonCallableMock(spec_set=[
                "send_message",
            ]),
-            config=NonCallableMock(),
+            config=self.mock_config,
        )
        self.ratelimiter = hs.get_ratelimiter()
        self.ratelimiter.send_message.return_value = (True, 0)
--- a/tests/utils.py
+++ b/tests/utils.py
@ -118,13 +118,14 @@ class MockHttpResource(HttpServer):
 class MockKey(object):
    alg = "mock_alg"
    version = "mock_version"
+    signature = b"\x9a\x87$"

    @property
    def verify_key(self):
        return self

    def sign(self, message):
-        return b"\x9a\x87$"
+        return self

    def verify(self, message, sig):
        assert sig == b"\x9a\x87$"