Richard van der Hoff
a82c96b87f
Rewrite get_server_verify_keys, again.
...
Attempt to simplify the logic in get_server_verify_keys by splitting it into
two methods.
2019-05-30 18:20:40 +01:00
Richard van der Hoff
540f40f0cd
Merge pull request #5251 from matrix-org/rav/server_keys/01-check_sig
...
Ensure that server_keys fetched via a notary server are correctly signed.
2019-05-28 21:32:17 +01:00
Richard van der Hoff
fa1b293da2
Simplification to Keyring.wait_for_previous_lookups. ( #5250 )
...
The list of server names was redundant, since it was equivalent to the keys on
the server_to_deferred map. This reduces the number of large lists being passed
around, and has the benefit of deduplicating the entries in `wait_on`.
2019-05-24 22:17:18 +01:00
Richard van der Hoff
b825d1c800
Improve error handling/logging for perspectives-key fetching.
...
In particular, don't give up on the first failure.
2019-05-24 15:46:25 +01:00
Richard van der Hoff
753b1270da
Require sig from origin server on perspectives responses
2019-05-23 15:01:09 +01:00
Richard van der Hoff
895b79ac2e
Factor out KeyFetchers from KeyRing
...
Rather than have three methods which have to have the same interface,
factor out a separate interface which is provided by three implementations.
I find it easier to grok the code this way.
2019-05-23 13:46:47 +01:00
Richard van der Hoff
b75537beaf
Store key validity time in the storage layer
...
This is a first step to checking that the key is valid at the required moment.
The idea here is that, rather than passing VerifyKey objects in and out of the
storage layer, we instead pass FetchKeyResult objects, which simply wrap the
VerifyKey and add a valid_until_ts field.
2019-05-23 11:52:22 +01:00
Richard van der Hoff
84660d91b2
Simplify process_v2_response ( #5236 )
...
* Pass time_added_ms into process_v2_response
* Simplify process_v2_response
We can merge old_verify_keys into verify_keys, and reduce the number of dicts
flying around.
2019-05-23 11:51:39 +01:00
Richard van der Hoff
cc187f9337
Remove unused VerifyKey.expired and .time_added fields ( #5235 )
...
These were never used, and poking arbitary data into objects from other
packages seems confusing at best.
2019-05-23 11:46:05 +01:00
Richard van der Hoff
2e052110ee
Rewrite store_server_verify_key to store several keys at once ( #5234 )
...
Storing server keys hammered the database a bit. This replaces the
implementation which stored a single key, with one which can do many updates at
once.
2019-05-23 11:45:39 +01:00
Richard van der Hoff
1a94de60e8
Run black on synapse.crypto.keyring ( #5232 )
2019-05-22 18:39:33 +01:00
Richard van der Hoff
fd8fb32bdd
remove extraneous exception logging
2019-04-25 22:02:03 +01:00
Richard van der Hoff
7ca638c761
Clarify logging when PDU signature checking fails
2019-04-25 20:55:12 +01:00
Andrew Morgan
6824ddd93d
Config option for verifying federation certificates (MSC 1711) ( #4967 )
2019-04-25 14:22:49 +01:00
Andrew Morgan
caa76e6021
Remove periods from copyright headers ( #5046 )
2019-04-11 17:08:13 +01:00
Richard van der Hoff
18b69be00f
Rewrite Datastore.get_server_verify_keys
...
Rewrite this so that it doesn't hammer the database.
2019-04-09 00:00:10 +01:00
Richard van der Hoff
f88a9e6323
Remove redundant merged_keys dict
...
There's no point in collecting a merged dict of keys: it is sufficient to
consider just the new keys which have been fetched by the most recent
key_fetch_fns.
2019-04-08 22:36:18 +01:00
Richard van der Hoff
7d2a0c848e
Fix from_server buglet in get_keys_from_perspectives
...
make sure we store the name of the server the keys came from, rather than the
origin server, after doing a fetch-from-perspectives.
2019-04-08 12:51:16 +01:00
Richard van der Hoff
6ae9361510
Hoist server_name check out of process_v2_response
...
It's easier to check it in the caller than to complicate the interface with an
extra param.
2019-04-04 19:12:54 +01:00
Richard van der Hoff
ef27d434d1
Clean up Keyring.process_v2_response
...
Make this just return the key dict, rather than a single-entry dict mapping the
server name to the key dict. It's easy for the caller to get the server name
from from the response object anyway.
2019-04-04 19:12:54 +01:00
Erik Johnston
78c563b77c
Correctly log expected errors when fetching server keys
2019-03-11 14:11:10 +00:00
Erik Johnston
65d1003d01
raise_from already raises
2019-02-25 14:34:03 +00:00
Erik Johnston
41285ffe5b
Handle errors when fetching remote server keys
2019-02-23 15:09:39 +00:00
Amber Brown
561eebe170
fix to use makeContext so that we don't need to rebuild the certificateoptions each time
2019-02-19 16:18:05 +11:00
Erik Johnston
7fc1196a36
Correctly handle RequestSendFailed exceptions
...
This mainly reduces the number of exceptions we log.
2019-02-14 14:01:04 +00:00
Richard van der Hoff
9645728619
Don't create server contexts when TLS is disabled
...
we aren't going to use them anyway.
2019-02-11 21:32:01 +00:00
Erik Johnston
554ca58ea1
Make add_hashes_and_signatures operate on dicts
2019-01-29 11:12:38 +00:00
Erik Johnston
855a151015
Refactor event signing to work on dicts
...
This is in preparation for making EventBuilder format agnostic, which
means event signing should be done against the event dict rather than
the EventBuilder object.
2019-01-28 16:42:10 +00:00
Richard van der Hoff
97fd29c019
Don't send IP addresses as SNI ( #4452 )
...
The problem here is that we have cut-and-pasted an impl from Twisted, and then
failed to maintain it. It was fixed in Twisted in
https://github.com/twisted/twisted/pull/1047/files ; let's do the same here.
2019-01-24 09:34:44 +00:00
Richard van der Hoff
6bfa735a69
Make key fetches use regular federation client ( #4426 )
...
All this magic is redundant.
2019-01-22 11:04:20 +00:00
Amber Brown
23b0813599
Require ECDH key exchange & remove dh_params ( #4429 )
...
* remove dh_params and set better cipher string
2019-01-22 21:58:50 +11:00
Amber Brown
916efc8249
Remove fetching keys via the deprecated v1 kex method ( #4120 )
2018-10-31 23:14:39 +11:00
Richard van der Hoff
ef771cc4c2
Fix a number of flake8 errors
...
Broadly three things here:
* disable W504 which seems a bit whacko
* remove a bunch of `as e` expressions from exception handlers that don't use
them
* use `r""` for strings which include backslashes
Also, we don't use pep8 any more, so we can get rid of the duplicate config
there.
2018-10-24 10:39:03 +01:00
Amber Brown
33716c4aea
Merge pull request #3826 from matrix-org/rav/logging_for_keyring
...
add some logging for the keyring queue
2018-09-12 20:43:47 +10:00
Amber Brown
8fd93b5eea
Port crypto/ to Python 3 ( #3822 )
2018-09-12 20:16:31 +10:00
Richard van der Hoff
806964b5de
add some logging for the keyring queue
...
why is it so damn slow?
2018-09-06 18:51:06 +01:00
Erik Johnston
808d8e06aa
Don't log exceptions when failing to fetch server keys
...
Not being able to resolve or connect to remote servers is an expected
error, so we shouldn't log at ERROR with stacktraces.
2018-08-21 11:19:26 +01:00
Jeroen
2e9c73e8ca
more generic conversion of str/bytes to unicode
2018-08-09 21:31:26 +02:00
Jeroen
64899341dc
include private functions from twisted
2018-08-09 21:04:22 +02:00
Jeroen
d5c0ce4cad
updated docstring for ServerContextFactory
2018-08-08 19:25:01 +02:00
Jeroen
2903e65aff
fix isort
2018-07-29 19:47:08 +02:00
Jeroen
8e3f75b39a
fix accidental removal of hs
2018-07-27 12:17:31 +02:00
Jeroen
505530f36a
Merge remote-tracking branch 'upstream/develop' into send_sni_for_federation_requests
...
# Conflicts:
# synapse/crypto/context_factory.py
2018-07-14 20:24:46 +02:00
Jeroen
b5e157d895
Merge branch 'develop' into send_sni_for_federation_requests
...
# Conflicts:
# synapse/http/endpoint.py
2018-07-09 08:51:11 +02:00
Amber Brown
49af402019
run isort
2018-07-09 16:09:20 +10:00
Amber Brown
6350bf925e
Attempt to be more performant on PyPy ( #3462 )
2018-06-28 14:49:57 +01:00
Jeroen
95341a8f6f
take idna implementation from twisted
2018-06-26 21:15:14 +02:00
Jeroen
b7f34ee348
allow self-signed certificates
2018-06-26 20:41:05 +02:00
Jeroen
07b4f88de9
formatting changes for pep8
2018-06-25 12:31:16 +02:00
Jeroen
3d605853c8
send SNI for federation requests
2018-06-24 22:38:43 +02:00