diff options
author | Daniel Wagner-Hall <daniel@matrix.org> | 2015-10-16 15:07:56 +0100 |
---|---|---|
committer | Daniel Wagner-Hall <daniel@matrix.org> | 2015-10-16 15:07:56 +0100 |
commit | c225d63e9e50226dce510dda298ad3877460e69a (patch) | |
tree | bc6fccc38ccd03320bb3e7534eceb1e3dcecdbba | |
parent | Verify third party ID server certificates (diff) | |
download | synapse-c225d63e9e50226dce510dda298ad3877460e69a.tar.xz |
Add signing host and keyname to signatures
-rw-r--r-- | synapse/api/auth.py | 14 | ||||
-rw-r--r-- | synapse/util/third_party_invites.py | 2 |
2 files changed, 10 insertions, 6 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py index aee9b8a14f..5c83aafa7d 100644 --- a/synapse/api/auth.py +++ b/synapse/api/auth.py @@ -416,11 +416,15 @@ class Auth(object): key_validity_url ) return False - verify_key = nacl.signing.VerifyKey(decode_base64(public_key)) - encoded_signature = join_third_party_invite["signature"] - signature = decode_base64(encoded_signature) - verify_key.verify(token, signature) - return True + for _, signature_block in join_third_party_invite["signatures"].items(): + for key_name, encoded_signature in signature_block.items(): + if not key_name.startswith("ed25519:"): + return False + verify_key = nacl.signing.VerifyKey(decode_base64(public_key)) + signature = decode_base64(encoded_signature) + verify_key.verify(token, signature) + return True + return False except (KeyError, BadSignatureError,): return False diff --git a/synapse/util/third_party_invites.py b/synapse/util/third_party_invites.py index 335a9755b2..792db5ba39 100644 --- a/synapse/util/third_party_invites.py +++ b/synapse/util/third_party_invites.py @@ -23,7 +23,7 @@ JOIN_KEYS = { "token", "public_key", "key_validity_url", - "signature", + "signatures", "sender", } |