Change upgrade script to not check hashes or signatures

This commit is contained in:
Erik Johnston 2014-12-16 17:29:22 +00:00
parent f06161a307
commit 28f71ecf0d

View File

@ -21,7 +21,7 @@ from syutil.crypto.signing_key import decode_verify_key_bytes
from syutil.jsonutil import encode_canonical_json
import argparse
import dns.resolver
# import dns.resolver
import hashlib
import httplib
import json
@ -147,44 +147,44 @@ class Store(object):
store = Store()
def get_key(server_name):
print "Getting keys for: %s" % (server_name,)
targets = []
if ":" in server_name:
target, port = server_name.split(":")
targets.append((target, int(port)))
try:
answers = dns.resolver.query("_matrix._tcp." + server_name, "SRV")
for srv in answers:
targets.append((srv.target, srv.port))
except dns.resolver.NXDOMAIN:
targets.append((server_name, 8448))
except:
print "Failed to lookup keys for %s" % (server_name,)
return {}
for target, port in targets:
url = "https://%s:%i/_matrix/key/v1" % (target, port)
try:
keys = json.load(urllib2.urlopen(url, timeout=2))
verify_keys = {}
for key_id, key_base64 in keys["verify_keys"].items():
verify_key = decode_verify_key_bytes(
key_id, decode_base64(key_base64)
)
verify_signed_json(keys, server_name, verify_key)
verify_keys[key_id] = verify_key
print "Got keys for: %s" % (server_name,)
return verify_keys
except urllib2.URLError:
pass
except urllib2.HTTPError:
pass
except httplib.HTTPException:
pass
print "Failed to get keys for %s" % (server_name,)
return {}
# def get_key(server_name):
# print "Getting keys for: %s" % (server_name,)
# targets = []
# if ":" in server_name:
# target, port = server_name.split(":")
# targets.append((target, int(port)))
# try:
# answers = dns.resolver.query("_matrix._tcp." + server_name, "SRV")
# for srv in answers:
# targets.append((srv.target, srv.port))
# except dns.resolver.NXDOMAIN:
# targets.append((server_name, 8448))
# except:
# print "Failed to lookup keys for %s" % (server_name,)
# return {}
#
# for target, port in targets:
# url = "https://%s:%i/_matrix/key/v1" % (target, port)
# try:
# keys = json.load(urllib2.urlopen(url, timeout=2))
# verify_keys = {}
# for key_id, key_base64 in keys["verify_keys"].items():
# verify_key = decode_verify_key_bytes(
# key_id, decode_base64(key_base64)
# )
# verify_signed_json(keys, server_name, verify_key)
# verify_keys[key_id] = verify_key
# print "Got keys for: %s" % (server_name,)
# return verify_keys
# except urllib2.URLError:
# pass
# except urllib2.HTTPError:
# pass
# except httplib.HTTPException:
# pass
#
# print "Failed to get keys for %s" % (server_name,)
# return {}
def reinsert_events(cursor, server_name, signing_key):
@ -219,13 +219,20 @@ def reinsert_events(cursor, server_name, signing_key):
}
}
i = 0
N = len(events)
for event in events:
for alg_name in event.hashes:
if check_event_content_hash(event, algorithms[alg_name]):
pass
else:
pass
print "FAIL content hash %s %s" % (alg_name, event.event_id, )
if i % 100 == 0:
print "Processed: %d/%d events" % (i,N,)
i += 1
# for alg_name in event.hashes:
# if check_event_content_hash(event, algorithms[alg_name]):
# pass
# else:
# pass
# print "FAIL content hash %s %s" % (alg_name, event.event_id, )
have_own_correctly_signed = False
for host, sigs in event.signatures.items():
@ -233,7 +240,7 @@ def reinsert_events(cursor, server_name, signing_key):
for key_id in sigs:
if host not in server_keys:
server_keys[host] = get_key(host)
server_keys[host] = {} # get_key(host)
if key_id in server_keys[host]:
try:
verify_signed_json(