synapse-product

mirror of https://git.anonymousland.org/anonymousland/synapse-product.git synced 2024-10-01 08:25:44 -04:00

Author	SHA1	Message	Date
Richard van der Hoff	099829d5a9	use attr.s for VerifyKeyRequest because namedtuple is awful	2019-05-30 17:39:28 +01:00
Richard van der Hoff	540f40f0cd	Merge pull request #5251 from matrix-org/rav/server_keys/01-check_sig Ensure that server_keys fetched via a notary server are correctly signed.	2019-05-28 21:32:17 +01:00
Richard van der Hoff	fa1b293da2	Simplification to Keyring.wait_for_previous_lookups. (#5250 ) The list of server names was redundant, since it was equivalent to the keys on the server_to_deferred map. This reduces the number of large lists being passed around, and has the benefit of deduplicating the entries in `wait_on`.	2019-05-24 22:17:18 +01:00
Richard van der Hoff	b825d1c800	Improve error handling/logging for perspectives-key fetching. In particular, don't give up on the first failure.	2019-05-24 15:46:25 +01:00
Richard van der Hoff	753b1270da	Require sig from origin server on perspectives responses	2019-05-23 15:01:09 +01:00
Richard van der Hoff	895b79ac2e	Factor out KeyFetchers from KeyRing Rather than have three methods which have to have the same interface, factor out a separate interface which is provided by three implementations. I find it easier to grok the code this way.	2019-05-23 13:46:47 +01:00
Richard van der Hoff	b75537beaf	Store key validity time in the storage layer This is a first step to checking that the key is valid at the required moment. The idea here is that, rather than passing VerifyKey objects in and out of the storage layer, we instead pass FetchKeyResult objects, which simply wrap the VerifyKey and add a valid_until_ts field.	2019-05-23 11:52:22 +01:00
Richard van der Hoff	84660d91b2	Simplify process_v2_response (#5236 ) * Pass time_added_ms into process_v2_response * Simplify process_v2_response We can merge old_verify_keys into verify_keys, and reduce the number of dicts flying around.	2019-05-23 11:51:39 +01:00
Richard van der Hoff	cc187f9337	Remove unused VerifyKey.expired and .time_added fields (#5235 ) These were never used, and poking arbitary data into objects from other packages seems confusing at best.	2019-05-23 11:46:05 +01:00
Richard van der Hoff	2e052110ee	Rewrite store_server_verify_key to store several keys at once (#5234 ) Storing server keys hammered the database a bit. This replaces the implementation which stored a single key, with one which can do many updates at once.	2019-05-23 11:45:39 +01:00
Richard van der Hoff	1a94de60e8	Run black on synapse.crypto.keyring (#5232 )	2019-05-22 18:39:33 +01:00
Richard van der Hoff	fd8fb32bdd	remove extraneous exception logging	2019-04-25 22:02:03 +01:00
Richard van der Hoff	7ca638c761	Clarify logging when PDU signature checking fails	2019-04-25 20:55:12 +01:00
Andrew Morgan	6824ddd93d	Config option for verifying federation certificates (MSC 1711) (#4967 )	2019-04-25 14:22:49 +01:00
Andrew Morgan	caa76e6021	Remove periods from copyright headers (#5046 )	2019-04-11 17:08:13 +01:00
Richard van der Hoff	18b69be00f	Rewrite Datastore.get_server_verify_keys Rewrite this so that it doesn't hammer the database.	2019-04-09 00:00:10 +01:00
Richard van der Hoff	f88a9e6323	Remove redundant merged_keys dict There's no point in collecting a merged dict of keys: it is sufficient to consider just the new keys which have been fetched by the most recent key_fetch_fns.	2019-04-08 22:36:18 +01:00
Richard van der Hoff	7d2a0c848e	Fix from_server buglet in get_keys_from_perspectives make sure we store the name of the server the keys came from, rather than the origin server, after doing a fetch-from-perspectives.	2019-04-08 12:51:16 +01:00
Richard van der Hoff	6ae9361510	Hoist server_name check out of process_v2_response It's easier to check it in the caller than to complicate the interface with an extra param.	2019-04-04 19:12:54 +01:00
Richard van der Hoff	ef27d434d1	Clean up Keyring.process_v2_response Make this just return the key dict, rather than a single-entry dict mapping the server name to the key dict. It's easy for the caller to get the server name from from the response object anyway.	2019-04-04 19:12:54 +01:00
Erik Johnston	78c563b77c	Correctly log expected errors when fetching server keys	2019-03-11 14:11:10 +00:00
Erik Johnston	65d1003d01	raise_from already raises	2019-02-25 14:34:03 +00:00
Erik Johnston	41285ffe5b	Handle errors when fetching remote server keys	2019-02-23 15:09:39 +00:00
Amber Brown	561eebe170	fix to use makeContext so that we don't need to rebuild the certificateoptions each time	2019-02-19 16:18:05 +11:00
Erik Johnston	7fc1196a36	Correctly handle RequestSendFailed exceptions This mainly reduces the number of exceptions we log.	2019-02-14 14:01:04 +00:00
Richard van der Hoff	9645728619	Don't create server contexts when TLS is disabled we aren't going to use them anyway.	2019-02-11 21:32:01 +00:00
Erik Johnston	554ca58ea1	Make add_hashes_and_signatures operate on dicts	2019-01-29 11:12:38 +00:00
Erik Johnston	855a151015	Refactor event signing to work on dicts This is in preparation for making EventBuilder format agnostic, which means event signing should be done against the event dict rather than the EventBuilder object.	2019-01-28 16:42:10 +00:00
Richard van der Hoff	97fd29c019	Don't send IP addresses as SNI (#4452 ) The problem here is that we have cut-and-pasted an impl from Twisted, and then failed to maintain it. It was fixed in Twisted in https://github.com/twisted/twisted/pull/1047/files; let's do the same here.	2019-01-24 09:34:44 +00:00
Richard van der Hoff	6bfa735a69	Make key fetches use regular federation client (#4426 ) All this magic is redundant.	2019-01-22 11:04:20 +00:00
Amber Brown	23b0813599	Require ECDH key exchange & remove dh_params (#4429 ) * remove dh_params and set better cipher string	2019-01-22 21:58:50 +11:00
Amber Brown	916efc8249	Remove fetching keys via the deprecated v1 kex method (#4120 )	2018-10-31 23:14:39 +11:00
Richard van der Hoff	ef771cc4c2	Fix a number of flake8 errors Broadly three things here: * disable W504 which seems a bit whacko * remove a bunch of `as e` expressions from exception handlers that don't use them * use `r""` for strings which include backslashes Also, we don't use pep8 any more, so we can get rid of the duplicate config there.	2018-10-24 10:39:03 +01:00
Amber Brown	33716c4aea	Merge pull request #3826 from matrix-org/rav/logging_for_keyring add some logging for the keyring queue	2018-09-12 20:43:47 +10:00
Amber Brown	8fd93b5eea	Port crypto/ to Python 3 (#3822 )	2018-09-12 20:16:31 +10:00
Richard van der Hoff	806964b5de	add some logging for the keyring queue why is it so damn slow?	2018-09-06 18:51:06 +01:00
Erik Johnston	808d8e06aa	Don't log exceptions when failing to fetch server keys Not being able to resolve or connect to remote servers is an expected error, so we shouldn't log at ERROR with stacktraces.	2018-08-21 11:19:26 +01:00
Jeroen	2e9c73e8ca	more generic conversion of str/bytes to unicode	2018-08-09 21:31:26 +02:00
Jeroen	64899341dc	include private functions from twisted	2018-08-09 21:04:22 +02:00
Jeroen	d5c0ce4cad	updated docstring for ServerContextFactory	2018-08-08 19:25:01 +02:00
Jeroen	2903e65aff	fix isort	2018-07-29 19:47:08 +02:00
Jeroen	8e3f75b39a	fix accidental removal of hs	2018-07-27 12:17:31 +02:00
Jeroen	505530f36a	Merge remote-tracking branch 'upstream/develop' into send_sni_for_federation_requests # Conflicts: # synapse/crypto/context_factory.py	2018-07-14 20:24:46 +02:00
Jeroen	b5e157d895	Merge branch 'develop' into send_sni_for_federation_requests # Conflicts: # synapse/http/endpoint.py	2018-07-09 08:51:11 +02:00
Amber Brown	49af402019	run isort	2018-07-09 16:09:20 +10:00
Amber Brown	6350bf925e	Attempt to be more performant on PyPy (#3462 )	2018-06-28 14:49:57 +01:00
Jeroen	95341a8f6f	take idna implementation from twisted	2018-06-26 21:15:14 +02:00
Jeroen	b7f34ee348	allow self-signed certificates	2018-06-26 20:41:05 +02:00
Jeroen	07b4f88de9	formatting changes for pep8	2018-06-25 12:31:16 +02:00
Jeroen	3d605853c8	send SNI for federation requests	2018-06-24 22:38:43 +02:00

1 2 3 4

184 Commits