Add signing host and keyname to signatures

author: Daniel Wagner-Hall <daniel@matrix.org> 2015-10-16 15:07:56 +0100
committer: Daniel Wagner-Hall <daniel@matrix.org> 2015-10-16 15:07:56 +0100
commit: c225d63e9e50226dce510dda298ad3877460e69a (patch)
tree: bc6fccc38ccd03320bb3e7534eceb1e3dcecdbba /synapse/api/auth.py
parent: Verify third party ID server certificates (diff)
download: synapse-c225d63e9e50226dce510dda298ad3877460e69a.tar.xz
1 files changed, 9 insertions, 5 deletions
diff --git a/synapse/api/auth.py b/synapse/api/auth.py
index aee9b8a14f..5c83aafa7d 100644
--- a/synapse/api/auth.py
+++ b/synapse/api/auth.py
@@ -416,11 +416,15 @@ class Auth(object):
                     key_validity_url
                 )
                 return False
-            verify_key = nacl.signing.VerifyKey(decode_base64(public_key))
-            encoded_signature = join_third_party_invite["signature"]
-            signature = decode_base64(encoded_signature)
-            verify_key.verify(token, signature)
-            return True
+            for _, signature_block in join_third_party_invite["signatures"].items():
+                for key_name, encoded_signature in signature_block.items():
+                    if not key_name.startswith("ed25519:"):
+                        return False
+                    verify_key = nacl.signing.VerifyKey(decode_base64(public_key))
+                    signature = decode_base64(encoded_signature)
+                    verify_key.verify(token, signature)
+                    return True
+            return False
         except (KeyError, BadSignatureError,):
             return False
author	Daniel Wagner-Hall <daniel@matrix.org>	2015-10-16 15:07:56 +0100
committer	Daniel Wagner-Hall <daniel@matrix.org>	2015-10-16 15:07:56 +0100
commit	c225d63e9e50226dce510dda298ad3877460e69a (patch)
tree	bc6fccc38ccd03320bb3e7534eceb1e3dcecdbba /synapse/api/auth.py
parent	Verify third party ID server certificates (diff)
download	synapse-c225d63e9e50226dce510dda298ad3877460e69a.tar.xz