Sign evnets

2 files changed, 26 insertions, 0 deletions

diff --git a/synapse/crypto/event_signing.py b/synapse/crypto/event_signing.py
index 07e383e221..cb2db01c04 100644
--- a/synapse/crypto/event_signing.py
+++ b/synapse/crypto/event_signing.py
@@ -94,3 +94,23 @@ def verify_signed_event_pdu(pdu, signature_name, verify_key):
     tmp_pdu = prune_pdu(tmp_pdu)
     pdu_json = tmp_pdu.get_dict()
     verify_signed_json(pdu_json, signature_name, verify_key)
+
+
+def add_hashes_and_signatures(event, signature_name, signing_key,
+                              hash_algorithm=hashlib.sha256):
+    tmp_event = copy.deepcopy(event)
+    tmp_event = prune_event(tmp_event)
+    redact_json = tmp_event.get_dict()
+    redact_json.pop("signatures", None)
+    redact_json = sign_json(redact_json, signature_name, signing_key)
+    event.signatures = redact_json["signatures"]
+
+    event_json = event.get_full_dict()
+    #TODO: We need to sign the JSON that is going out via fedaration.
+    event_json.pop("age_ts", None)
+    event_json.pop("unsigned", None)
+    event_json.pop("signatures", None)
+    event_json.pop("hashes", None)
+    event_json_bytes = encode_canonical_json(event_json)
+    hashed = hash_algorithm(event_json_bytes)
+    event.hashes[hashed.name] = encode_base64(hashed.digest())
diff --git a/synapse/storage/__init__.py b/synapse/storage/__init__.py
index 31a0022d54..1f39a4094e 100644
--- a/synapse/storage/__init__.py
+++ b/synapse/storage/__init__.py
@@ -255,6 +255,12 @@ class DataStore(RoomMemberStore, RoomStore,
                 }
             )
 
+        for hash_alg, hash_base64 in event.hashes.items():
+            hash_bytes = decode_base64(hash_base64)
+            self._store_event_content_hash_txn(
+                txn, event.event_id, hash_alg, hash_bytes,
+            )
+
         if hasattr(event, "signatures"):
             signatures = event.signatures.get(event.origin, {})