Only sign when we respond to remote key requests

author: Erik Johnston <erik@matrix.org> 2019-08-21 10:39:45 +0100
committer: Erik Johnston <erik@matrix.org> 2019-08-21 11:21:58 +0100
commit: 97cbc96093dcd878bc823f34d71437a08786a3e4 (patch)
tree: a1c35804e4eb7a86288bccfc874868f4bf31a85d /synapse/crypto
parent: Add config option for keys to use to sign keys (diff)
download: synapse-97cbc96093dcd878bc823f34d71437a08786a3e4.tar.xz
1 files changed, 1 insertions, 10 deletions
diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py
index a3b55e349e..abeb0ac26e 100644
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@@ -30,7 +30,6 @@ from signedjson.key import (
 from signedjson.sign import (
     SignatureVerifyException,
     encode_canonical_json,
-    sign_json,
     signature_ids,
     verify_signed_json,
 )
@@ -540,15 +539,7 @@ class BaseV2KeyFetcher(object):
                     verify_key=verify_key, valid_until_ts=key_data["expired_ts"]
                 )
 
-        # re-sign the json with our own keys, so that it is ready if we are
-        # asked to give it out as a notary server
-        signed_key_json = response_json
-        for signing_key in self.config.key_server_signing_keys:
-            signed_key_json = sign_json(
-                signed_key_json, self.config.server_name, signing_key
-            )
-
-        signed_key_json_bytes = encode_canonical_json(signed_key_json)
+        signed_key_json_bytes = encode_canonical_json(response_json)
 
         yield make_deferred_yieldable(
             defer.gatherResults(
author	Erik Johnston <erik@matrix.org>	2019-08-21 10:39:45 +0100
committer	Erik Johnston <erik@matrix.org>	2019-08-21 11:21:58 +0100
commit	97cbc96093dcd878bc823f34d71437a08786a3e4 (patch)
tree	a1c35804e4eb7a86288bccfc874868f4bf31a85d /synapse/crypto
parent	Add config option for keys to use to sign keys (diff)
download	synapse-97cbc96093dcd878bc823f34d71437a08786a3e4.tar.xz