diff options
author | Richard van der Hoff <richard@matrix.org> | 2019-04-04 19:12:54 +0100 |
---|---|---|
committer | Richard van der Hoff <richard@matrix.org> | 2019-04-04 19:12:54 +0100 |
commit | 6ae9361510eb033d6a4dd9172c5e75bb4d0039dd (patch) | |
tree | e3e59888cf95f17a9cb9c638e0b310fbd9a7654d /synapse/crypto/keyring.py | |
parent | Clean up Keyring.process_v2_response (diff) | |
download | synapse-6ae9361510eb033d6a4dd9172c5e75bb4d0039dd.tar.xz |
Hoist server_name check out of process_v2_response
It's easier to check it in the caller than to complicate the interface with an extra param.
Diffstat (limited to 'synapse/crypto/keyring.py')
-rw-r--r-- | synapse/crypto/keyring.py | 20 |
1 files changed, 7 insertions, 13 deletions
diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py index 98b8b15680..54af60d711 100644 --- a/synapse/crypto/keyring.py +++ b/synapse/crypto/keyring.py @@ -495,7 +495,7 @@ class Keyring(object): ) processed_response = yield self.process_v2_response( - perspective_name, response, only_from_server=False + perspective_name, response ) server_name = response["server_name"] @@ -543,6 +543,11 @@ class Keyring(object): or server_name not in response[u"signatures"]): raise KeyLookupError("Key response not signed by remote server") + if response["server_name"] != server_name: + raise KeyLookupError("Expected a response for server %r not %r" % ( + server_name, response["server_name"] + )) + response_keys = yield self.process_v2_response( from_server=server_name, requested_ids=[requested_key_id], @@ -560,7 +565,7 @@ class Keyring(object): @defer.inlineCallbacks def process_v2_response( - self, from_server, response_json, requested_ids=[], only_from_server=True + self, from_server, response_json, requested_ids=[], ): """Parse a 'Server Keys' structure from the result of a /key request @@ -586,10 +591,6 @@ class Keyring(object): We will store the json for these key ids as well as any that are actually in the response - only_from_server (bool): if True, we will check that the server_name in the - the response (ie, the server which originated the key) matches - from_server. - Returns: Deferred[dict[str, nacl.signing.VerifyKey]]: map from key_id to key object @@ -616,13 +617,6 @@ class Keyring(object): old_verify_keys[key_id] = verify_key server_name = response_json["server_name"] - if only_from_server: - if server_name != from_server: - raise KeyLookupError( - "Expected a response for server %r not %r" % ( - from_server, server_name - ) - ) for key_id in response_json["signatures"].get(server_name, {}): if key_id not in response_json["verify_keys"]: raise KeyLookupError( |