Enforce validity period on server_keys for fed requests. (#5321)

When handling incoming federation requests, make sure that we have an up-to-date copy of the signing key. We do not yet enforce the validity period for event signatures.
author: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> 2019-06-03 22:59:51 +0100
committer: GitHub <noreply@github.com> 2019-06-03 22:59:51 +0100
commit: fec2dcb1a538ab8ab447f724af1a94d5b3517197 (patch)
tree: d838fe733c5f5aed90019f85cf0fe7f0f6938dff /synapse/groups
parent: Revert "Newsfile" (diff)
download: synapse-fec2dcb1a538ab8ab447f724af1a94d5b3517197.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/synapse/groups/attestations.py b/synapse/groups/attestations.py
index 786149be65..fa6b641ee1 100644
--- a/synapse/groups/attestations.py
+++ b/synapse/groups/attestations.py
@@ -97,10 +97,11 @@ class GroupAttestationSigning(object):
 
         # TODO: We also want to check that *new* attestations that people give
         # us to store are valid for at least a little while.
-        if valid_until_ms < self.clock.time_msec():
+        now = self.clock.time_msec()
+        if valid_until_ms < now:
             raise SynapseError(400, "Attestation expired")
 
-        yield self.keyring.verify_json_for_server(server_name, attestation)
+        yield self.keyring.verify_json_for_server(server_name, attestation, now)
 
     def create_attestation(self, group_id, user_id):
         """Create an attestation for the group_id and user_id with default
author	Richard van der Hoff <1389908+richvdh@users.noreply.github.com>	2019-06-03 22:59:51 +0100
committer	GitHub <noreply@github.com>	2019-06-03 22:59:51 +0100
commit	fec2dcb1a538ab8ab447f724af1a94d5b3517197 (patch)
tree	d838fe733c5f5aed90019f85cf0fe7f0f6938dff /synapse/groups
parent	Revert "Newsfile" (diff)
download	synapse-fec2dcb1a538ab8ab447f724af1a94d5b3517197.tar.xz