diff options
author | Richard van der Hoff <1389908+richvdh@users.noreply.github.com> | 2019-06-03 22:59:51 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-06-03 22:59:51 +0100 |
commit | fec2dcb1a538ab8ab447f724af1a94d5b3517197 (patch) | |
tree | d838fe733c5f5aed90019f85cf0fe7f0f6938dff /synapse/federation/transport/server.py | |
parent | Revert "Newsfile" (diff) | |
download | synapse-fec2dcb1a538ab8ab447f724af1a94d5b3517197.tar.xz |
Enforce validity period on server_keys for fed requests. (#5321)
When handling incoming federation requests, make sure that we have an up-to-date copy of the signing key. We do not yet enforce the validity period for event signatures.
Diffstat (limited to 'synapse/federation/transport/server.py')
-rw-r--r-- | synapse/federation/transport/server.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/synapse/federation/transport/server.py b/synapse/federation/transport/server.py index d0efc4e0d3..0db8858cf1 100644 --- a/synapse/federation/transport/server.py +++ b/synapse/federation/transport/server.py @@ -94,6 +94,7 @@ class NoAuthenticationError(AuthenticationError): class Authenticator(object): def __init__(self, hs): + self._clock = hs.get_clock() self.keyring = hs.get_keyring() self.server_name = hs.hostname self.store = hs.get_datastore() @@ -102,6 +103,7 @@ class Authenticator(object): # A method just so we can pass 'self' as the authenticator to the Servlets @defer.inlineCallbacks def authenticate_request(self, request, content): + now = self._clock.time_msec() json_request = { "method": request.method.decode('ascii'), "uri": request.uri.decode('ascii'), @@ -138,7 +140,7 @@ class Authenticator(object): 401, "Missing Authorization headers", Codes.UNAUTHORIZED, ) - yield self.keyring.verify_json_for_server(origin, json_request) + yield self.keyring.verify_json_for_server(origin, json_request, now) logger.info("Request from %s", origin) request.authenticated_entity = origin |