diff options
author | Mark Haines <mark.haines@matrix.org> | 2015-04-14 19:10:09 +0100 |
---|---|---|
committer | Mark Haines <mark.haines@matrix.org> | 2015-04-14 19:10:09 +0100 |
commit | 32e14d81813f0d486445cbd4ceb4880d432ef5db (patch) | |
tree | 0cfb9e6ee4cab4ef8a5cb151beac0c893304535e /synapse/rest/key/v2 | |
parent | Add a version 2 of the key server api (diff) | |
download | synapse-32e14d81813f0d486445cbd4ceb4880d432ef5db.tar.xz |
Return a sha256 fingerprint rather than the entire tls certificate
Diffstat (limited to 'synapse/rest/key/v2')
-rw-r--r-- | synapse/rest/key/v2/local_key_resource.py | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/synapse/rest/key/v2/local_key_resource.py b/synapse/rest/key/v2/local_key_resource.py index 5c77f308df..f1ac1c8fb3 100644 --- a/synapse/rest/key/v2/local_key_resource.py +++ b/synapse/rest/key/v2/local_key_resource.py @@ -19,6 +19,7 @@ from synapse.http.server import respond_with_json_bytes from syutil.crypto.jsonsign import sign_json from syutil.base64util import encode_base64 from syutil.jsonutil import encode_canonical_json +from hashlib import sha256 from OpenSSL import crypto import logging @@ -88,12 +89,17 @@ class LocalKey(Resource): crypto.FILETYPE_ASN1, self.config.tls_certificate ) + + sha256_fingerprint = sha256(x509_certificate_bytes).digest() + json_object = { - u"expires": self.expires, + u"valid_until": self.expires, u"server_name": self.config.server_name, u"verify_keys": verify_keys, u"old_verify_keys": old_verify_keys, - u"tls_certificate": encode_base64(x509_certificate_bytes) + u"tls_fingerprints": [{ + u"sha256": encode_base64(sha256_fingerprint), + }] } for key in self.config.signing_key: json_object = sign_json( |