summary refs log tree commit diff
path: root/synapse/config/key.py
diff options
context:
space:
mode:
authorDavid Robertson <davidr@element.io>2022-03-29 22:37:50 +0100
committerGitHub <noreply@github.com>2022-03-29 21:37:50 +0000
commite0bb2681340752f2716f1f386139ca37c53f26cd (patch)
treec60634aa76eb05611b7371e6a4916ebc782707b7 /synapse/config/key.py
parentRoom batch: fix up handling of unknown prev_event_ids (#12316) (diff)
downloadsynapse-e0bb2681340752f2716f1f386139ca37c53f26cd.tar.xz
Fix typechecker problems exposed by signedjson 1.1.2 (#12326)
Diffstat (limited to 'synapse/config/key.py')
-rw-r--r--synapse/config/key.py13
1 files changed, 8 insertions, 5 deletions
diff --git a/synapse/config/key.py b/synapse/config/key.py
index ee83c6c06b..f5377e7d9c 100644
--- a/synapse/config/key.py
+++ b/synapse/config/key.py
@@ -16,7 +16,7 @@
 import hashlib
 import logging
 import os
-from typing import Any, Dict, Iterator, List, Optional
+from typing import TYPE_CHECKING, Any, Dict, Iterator, List, Optional
 
 import attr
 import jsonschema
@@ -38,6 +38,9 @@ from synapse.util.stringutils import random_string, random_string_with_symbols
 
 from ._base import Config, ConfigError
 
+if TYPE_CHECKING:
+    from signedjson.key import VerifyKeyWithExpiry
+
 INSECURE_NOTARY_ERROR = """\
 Your server is configured to accept key server responses without signature
 validation or TLS certificate validation. This is likely to be very insecure. If
@@ -300,7 +303,7 @@ class KeyConfig(Config):
 
     def read_old_signing_keys(
         self, old_signing_keys: Optional[JsonDict]
-    ) -> Dict[str, VerifyKey]:
+    ) -> Dict[str, "VerifyKeyWithExpiry"]:
         if old_signing_keys is None:
             return {}
         keys = {}
@@ -308,8 +311,8 @@ class KeyConfig(Config):
             if is_signing_algorithm_supported(key_id):
                 key_base64 = key_data["key"]
                 key_bytes = decode_base64(key_base64)
-                verify_key = decode_verify_key_bytes(key_id, key_bytes)
-                verify_key.expired_ts = key_data["expired_ts"]
+                verify_key: "VerifyKeyWithExpiry" = decode_verify_key_bytes(key_id, key_bytes)  # type: ignore[assignment]
+                verify_key.expired = key_data["expired_ts"]
                 keys[key_id] = verify_key
             else:
                 raise ConfigError(
@@ -422,7 +425,7 @@ def _parse_key_servers(
         server_name = server["server_name"]
         result = TrustedKeyServer(server_name=server_name)
 
-        verify_keys = server.get("verify_keys")
+        verify_keys: Optional[Dict[str, str]] = server.get("verify_keys")
         if verify_keys is not None:
             result.verify_keys = {}
             for key_id, key_base64 in verify_keys.items():