diff options
| author | Hubert Chathi <hubert@uhoreg.ca> | 2020-02-20 09:59:00 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-20 09:59:00 -0500 |
| commit | a90d0dc5c2650eea298f8d554ca74c2cf4c097eb (patch) | |
| tree | a604b5dcf99c09e031f1f40b926c02f9f1ea74ed | |
| parent | Add some clarifications to README.md in the database schema directory. (#6615) (diff) | |
| download | synapse-a90d0dc5c2650eea298f8d554ca74c2cf4c097eb.tar.xz | |
don't insert into the device table for remote cross-signing keys (#6956)
| -rw-r--r-- | changelog.d/6956.misc | 1 | ||||
| -rw-r--r-- | synapse/storage/data_stores/main/end_to_end_keys.py | 33 |
2 files changed, 19 insertions, 15 deletions
diff --git a/changelog.d/6956.misc b/changelog.d/6956.misc new file mode 100644 index 0000000000..5cb0894182 --- /dev/null +++ b/changelog.d/6956.misc @@ -0,0 +1 @@ +Don't record remote cross-signing keys in the `devices` table. diff --git a/synapse/storage/data_stores/main/end_to_end_keys.py b/synapse/storage/data_stores/main/end_to_end_keys.py index e551606f9d..001a53f9b4 100644 --- a/synapse/storage/data_stores/main/end_to_end_keys.py +++ b/synapse/storage/data_stores/main/end_to_end_keys.py @@ -680,11 +680,6 @@ class EndToEndKeyStore(EndToEndKeyWorkerStore, SQLBaseStore): 'user_signing' for a user-signing key key (dict): the key data """ - # the cross-signing keys need to occupy the same namespace as devices, - # since signatures are identified by device ID. So add an entry to the - # device table to make sure that we don't have a collision with device - # IDs - # the 'key' dict will look something like: # { # "user_id": "@alice:example.com", @@ -701,16 +696,24 @@ class EndToEndKeyStore(EndToEndKeyWorkerStore, SQLBaseStore): # The "keys" property must only have one entry, which will be the public # key, so we just grab the first value in there pubkey = next(iter(key["keys"].values())) - self.db.simple_insert_txn( - txn, - "devices", - values={ - "user_id": user_id, - "device_id": pubkey, - "display_name": key_type + " signing key", - "hidden": True, - }, - ) + + # The cross-signing keys need to occupy the same namespace as devices, + # since signatures are identified by device ID. So add an entry to the + # device table to make sure that we don't have a collision with device + # IDs. + # We only need to do this for local users, since remote servers should be + # responsible for checking this for their own users. + if self.hs.is_mine_id(user_id): + self.db.simple_insert_txn( + txn, + "devices", + values={ + "user_id": user_id, + "device_id": pubkey, + "display_name": key_type + " signing key", + "hidden": True, + }, + ) # and finally, store the key itself with self._cross_signing_id_gen.get_next() as stream_id: |