summary refs log tree commit diff
path: root/synapse/crypto/keyring.py
diff options
context:
space:
mode:
authorMark Haines <mjark@negativecurvature.net>2016-07-27 15:08:22 +0100
committerGitHub <noreply@github.com>2016-07-27 15:08:22 +0100
commit884b800899546828668a1fa2a4052118e6368f69 (patch)
tree5810b089a43d0e9e58150c5b62c6c374a9d27c50 /synapse/crypto/keyring.py
parentMerge pull request #954 from matrix-org/markjh/even_more_fixes (diff)
parentAdd a couple more checks to the keyring (diff)
downloadsynapse-884b800899546828668a1fa2a4052118e6368f69.tar.xz
Merge pull request #955 from matrix-org/markjh/only_from2
Add a couple more checks to the keyring
Diffstat (limited to 'synapse/crypto/keyring.py')
-rw-r--r--synapse/crypto/keyring.py11
1 files changed, 9 insertions, 2 deletions
diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py
index 826845f695..f687d41ccb 100644
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@@ -448,7 +448,7 @@ class Keyring(object):
                 )
 
             processed_response = yield self.process_v2_response(
-                perspective_name, response
+                perspective_name, response, only_from_server=False
             )
 
             for server_name, response_keys in processed_response.items():
@@ -528,7 +528,7 @@ class Keyring(object):
 
     @defer.inlineCallbacks
     def process_v2_response(self, from_server, response_json,
-                            requested_ids=[]):
+                            requested_ids=[], only_from_server=True):
         time_now_ms = self.clock.time_msec()
         response_keys = {}
         verify_keys = {}
@@ -552,6 +552,13 @@ class Keyring(object):
 
         results = {}
         server_name = response_json["server_name"]
+        if only_from_server:
+            if server_name != from_server:
+                raise ValueError(
+                    "Expected a response for server %r not %r" % (
+                        from_server, server_name
+                    )
+                )
         for key_id in response_json["signatures"].get(server_name, {}):
             if key_id not in response_json["verify_keys"]:
                 raise ValueError(