summary refs log tree commit diff
path: root/synapse/groups
diff options
context:
space:
mode:
authorRichard van der Hoff <1389908+richvdh@users.noreply.github.com>2019-06-03 22:59:51 +0100
committerGitHub <noreply@github.com>2019-06-03 22:59:51 +0100
commitfec2dcb1a538ab8ab447f724af1a94d5b3517197 (patch)
treed838fe733c5f5aed90019f85cf0fe7f0f6938dff /synapse/groups
parentRevert "Newsfile" (diff)
downloadsynapse-fec2dcb1a538ab8ab447f724af1a94d5b3517197.tar.xz
Enforce validity period on server_keys for fed requests. (#5321)
When handling incoming federation requests, make sure that we have an
up-to-date copy of the signing key.

We do not yet enforce the validity period for event signatures.

Diffstat (limited to 'synapse/groups')
-rw-r--r--synapse/groups/attestations.py5
1 files changed, 3 insertions, 2 deletions
diff --git a/synapse/groups/attestations.py b/synapse/groups/attestations.py
index 786149be65..fa6b641ee1 100644
--- a/synapse/groups/attestations.py
+++ b/synapse/groups/attestations.py
@@ -97,10 +97,11 @@ class GroupAttestationSigning(object):
 
         # TODO: We also want to check that *new* attestations that people give
         # us to store are valid for at least a little while.
-        if valid_until_ms < self.clock.time_msec():
+        now = self.clock.time_msec()
+        if valid_until_ms < now:
             raise SynapseError(400, "Attestation expired")
 
-        yield self.keyring.verify_json_for_server(server_name, attestation)
+        yield self.keyring.verify_json_for_server(server_name, attestation, now)
 
     def create_attestation(self, group_id, user_id):
         """Create an attestation for the group_id and user_id with default