summary refs log tree commit diff
path: root/synapse/crypto
diff options
context:
space:
mode:
authorMark Haines <mjark@negativecurvature.net>2016-07-26 19:50:11 +0100
committerMark Haines <mjark@negativecurvature.net>2016-07-26 19:50:11 +0100
commita4b06b619c81f4a212323cc02565c7c893d5c2e5 (patch)
tree8fba5e5aa02235ed9ec7e5e9894826320d149997 /synapse/crypto
parentMerge pull request #952 from matrix-org/markjh/more_fixes (diff)
downloadsynapse-a4b06b619c81f4a212323cc02565c7c893d5c2e5.tar.xz
Add a couple more checks to the keyring
Diffstat (limited to '')
-rw-r--r--synapse/crypto/keyring.py11
1 files changed, 9 insertions, 2 deletions
diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py
index d08ee0aa91..627bd0d222 100644
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@@ -447,7 +447,7 @@ class Keyring(object):
                 )
 
             processed_response = yield self.process_v2_response(
-                perspective_name, response
+                perspective_name, response, only_from_server=False
             )
 
             for server_name, response_keys in processed_response.items():
@@ -527,7 +527,7 @@ class Keyring(object):
 
     @defer.inlineCallbacks
     def process_v2_response(self, from_server, response_json,
-                            requested_ids=[]):
+                            requested_ids=[], only_from_server=True):
         time_now_ms = self.clock.time_msec()
         response_keys = {}
         verify_keys = {}
@@ -551,6 +551,13 @@ class Keyring(object):
 
         results = {}
         server_name = response_json["server_name"]
+        if only_from_server:
+            if server_name != from_server:
+                raise ValueError(
+                    "Expected a response for server %r not %r" % (
+                        from_server, server_name
+                    )
+                )
         for key_id in response_json["signatures"].get(server_name, {}):
             if key_id not in response_json["verify_keys"]:
                 raise ValueError(