diff options
| author | Erik Johnston <erik@matrix.org> | 2019-08-27 11:51:37 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-08-27 11:51:37 +0100 |
| commit | f5b50d0871939d15620a8889b1ad384622c74a96 (patch) | |
| tree | 20963a7464a29abe1eea900979355cc6d8f76d31 /synapse/crypto | |
| parent | Update 5909.misc (diff) | |
| parent | Don't implicitly include server signing key (diff) | |
| download | synapse-f5b50d0871939d15620a8889b1ad384622c74a96.tar.xz | |
Merge pull request #5895 from matrix-org/erikj/notary_key
Add config option to sign remote key query responses with a separate key.
Diffstat (limited to 'synapse/crypto')
| -rw-r--r-- | synapse/crypto/keyring.py | 11 |
1 files changed, 2 insertions, 9 deletions
diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py index 654accc843..7cfad192e8 100644 --- a/synapse/crypto/keyring.py +++ b/synapse/crypto/keyring.py @@ -29,7 +29,6 @@ from signedjson.key import ( from signedjson.sign import ( SignatureVerifyException, encode_canonical_json, - sign_json, signature_ids, verify_signed_json, ) @@ -539,13 +538,7 @@ class BaseV2KeyFetcher(object): verify_key=verify_key, valid_until_ts=key_data["expired_ts"] ) - # re-sign the json with our own key, so that it is ready if we are asked to - # give it out as a notary server - signed_key_json = sign_json( - response_json, self.config.server_name, self.config.signing_key[0] - ) - - signed_key_json_bytes = encode_canonical_json(signed_key_json) + key_json_bytes = encode_canonical_json(response_json) yield make_deferred_yieldable( defer.gatherResults( @@ -557,7 +550,7 @@ class BaseV2KeyFetcher(object): from_server=from_server, ts_now_ms=time_added_ms, ts_expires_ms=ts_valid_until_ms, - key_json_bytes=signed_key_json_bytes, + key_json_bytes=key_json_bytes, ) for key_id in verify_keys ], |