diff options
author | Daniel Wagner-Hall <daniel@matrix.org> | 2015-10-16 15:07:56 +0100 |
---|---|---|
committer | Daniel Wagner-Hall <daniel@matrix.org> | 2015-10-16 15:07:56 +0100 |
commit | c225d63e9e50226dce510dda298ad3877460e69a (patch) | |
tree | bc6fccc38ccd03320bb3e7534eceb1e3dcecdbba /synapse/api/auth.py | |
parent | Verify third party ID server certificates (diff) | |
download | synapse-c225d63e9e50226dce510dda298ad3877460e69a.tar.xz |
Add signing host and keyname to signatures
Diffstat (limited to 'synapse/api/auth.py')
-rw-r--r-- | synapse/api/auth.py | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index aee9b8a14f..5c83aafa7d 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -416,11 +416,15 @@ class Auth(object): key_validity_url ) return False - verify_key = nacl.signing.VerifyKey(decode_base64(public_key)) - encoded_signature = join_third_party_invite["signature"] - signature = decode_base64(encoded_signature) - verify_key.verify(token, signature) - return True + for _, signature_block in join_third_party_invite["signatures"].items(): + for key_name, encoded_signature in signature_block.items(): + if not key_name.startswith("ed25519:"): + return False + verify_key = nacl.signing.VerifyKey(decode_base64(public_key)) + signature = decode_base64(encoded_signature) + verify_key.verify(token, signature) + return True + return False except (KeyError, BadSignatureError,): return False |