diff options
author | Erik Johnston <erik@matrix.org> | 2019-02-25 15:08:18 +0000 |
---|---|---|
committer | Erik Johnston <erik@matrix.org> | 2019-02-25 15:08:18 +0000 |
commit | 4b9e5076c40964a967a48a2c02623c81a43265aa (patch) | |
tree | ae977487f07c0e64e406ada53655b3f69edb664e /synapse/config/key.py | |
parent | Docs and arg name clarification (diff) | |
parent | Merge pull request #4723 from matrix-org/erikj/frontend_proxy_exception (diff) | |
download | synapse-4b9e5076c40964a967a48a2c02623c81a43265aa.tar.xz |
Merge branch 'develop' of github.com:matrix-org/synapse into anoa/public_rooms_federate
Diffstat (limited to 'synapse/config/key.py')
-rw-r--r-- | synapse/config/key.py | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/synapse/config/key.py b/synapse/config/key.py index 279c47bb48..35f05fa974 100644 --- a/synapse/config/key.py +++ b/synapse/config/key.py @@ -40,7 +40,7 @@ class KeyConfig(Config): def read_config(self, config): self.signing_key = self.read_signing_key(config["signing_key_path"]) self.old_signing_keys = self.read_old_signing_keys( - config["old_signing_keys"] + config.get("old_signing_keys", {}) ) self.key_refresh_interval = self.parse_duration( config["key_refresh_interval"] @@ -56,9 +56,9 @@ class KeyConfig(Config): if not self.macaroon_secret_key: # Unfortunately, there are people out there that don't have this # set. Lets just be "nice" and derive one from their secret key. - logger.warn("Config is missing missing macaroon_secret_key") - seed = self.signing_key[0].seed - self.macaroon_secret_key = hashlib.sha256(seed) + logger.warn("Config is missing macaroon_secret_key") + seed = bytes(self.signing_key[0]) + self.macaroon_secret_key = hashlib.sha256(seed).digest() self.expire_access_token = config.get("expire_access_token", False) @@ -66,35 +66,46 @@ class KeyConfig(Config): # falsification of values self.form_secret = config.get("form_secret", None) - def default_config(self, config_dir_path, server_name, is_generating_file=False, + def default_config(self, config_dir_path, server_name, generate_secrets=False, **kwargs): base_key_name = os.path.join(config_dir_path, server_name) - if is_generating_file: - macaroon_secret_key = random_string_with_symbols(50) - form_secret = '"%s"' % random_string_with_symbols(50) + if generate_secrets: + macaroon_secret_key = 'macaroon_secret_key: "%s"' % ( + random_string_with_symbols(50), + ) + form_secret = 'form_secret: "%s"' % random_string_with_symbols(50) else: - macaroon_secret_key = None - form_secret = 'null' + macaroon_secret_key = "# macaroon_secret_key: <PRIVATE STRING>" + form_secret = "# form_secret: <PRIVATE STRING>" return """\ - macaroon_secret_key: "%(macaroon_secret_key)s" + # a secret which is used to sign access tokens. If none is specified, + # the registration_shared_secret is used, if one is given; otherwise, + # a secret key is derived from the signing key. + # + %(macaroon_secret_key)s # Used to enable access token expiration. + # expire_access_token: False # a secret which is used to calculate HMACs for form values, to stop - # falsification of values - form_secret: %(form_secret)s + # falsification of values. Must be specified for the User Consent + # forms to work. + # + %(form_secret)s ## Signing Keys ## # Path to the signing key to sign messages with + # signing_key_path: "%(base_key_name)s.signing.key" # The keys that the server used to sign messages with but won't use # to sign new messages. E.g. it has lost its private key - old_signing_keys: {} + # + #old_signing_keys: # "ed25519:auto": # # Base64 encoded public key # key: "The public part of your old signing key." @@ -105,9 +116,11 @@ class KeyConfig(Config): # Used to set the valid_until_ts in /key/v2 APIs. # Determines how quickly servers will query to check which keys # are still valid. + # key_refresh_interval: "1d" # 1 Day. # The trusted servers to download signing keys from. + # perspectives: servers: "matrix.org": |