diff --git a/synapse/config/_base.py b/synapse/config/_base.py
index f07ea4cc46..6fd086a471 100644
--- a/synapse/config/_base.py
+++ b/synapse/config/_base.py
@@ -83,9 +83,9 @@ class Config(object):
with open(file_path) as file_stream:
try:
return yaml.load(file_stream)
- except Exception as e:
+ except:
raise ConfigError(
- "Error parsing yaml in file %r: " % (file_path,), e
+ "Error parsing yaml in file %r" % (file_path,)
)
@staticmethod
diff --git a/synapse/config/key.py b/synapse/config/key.py
index de4e33a7f3..a2de6d5c17 100644
--- a/synapse/config/key.py
+++ b/synapse/config/key.py
@@ -16,6 +16,10 @@
import os
from ._base import Config, ConfigError
import syutil.crypto.signing_key
+from syutil.crypto.signing_key import (
+ is_signing_algorithm_supported, decode_verify_key_bytes
+)
+from syutil.base64util import decode_base64
class KeyConfig(Config):
@@ -53,9 +57,17 @@ class KeyConfig(Config):
" keys from")
def read_perspectives(self, perspectives_config_path):
- servers = self.read_yaml_file(
+ config = self.read_yaml_file(
perspectives_config_path, "perspectives_config_path"
)
+ servers = {}
+ for server_name, server_config in config["servers"].items():
+ for key_id, key_data in server_config["verify_keys"].items():
+ if is_signing_algorithm_supported(key_id):
+ key_base64 = key_data["key"]
+ key_bytes = decode_base64(key_base64)
+ verify_key = decode_verify_key_bytes(key_id, key_bytes)
+ servers.setdefault(server_name, {})[key_id] = verify_key
return servers
def read_signing_key(self, signing_key_path):
@@ -126,4 +138,10 @@ class KeyConfig(Config):
if not os.path.exists(args.perspectives_config_path):
with open(args.perspectives_config_path, "w") as perspectives_file:
- perspectives_file.write("@@@")
+ perspectives_file.write(
+ 'servers:\n'
+ ' matrix.org:\n'
+ ' verify_keys:\n'
+ ' "ed25519:auto":\n'
+ ' key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"\n'
+ )
diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py
index d248776bc1..f7ae227916 100644
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@@ -42,7 +42,7 @@ class Keyring(object):
self.clock = hs.get_clock()
self.client = hs.get_http_client()
self.config = hs.get_config()
- self.perspective_servers = {}
+ self.perspective_servers = self.config.perspectives
self.hs = hs
@defer.inlineCallbacks
@@ -111,6 +111,10 @@ class Keyring(object):
)
break
except:
+ logging.info(
+ "Unable to getting key %r for %r from %r",
+ key_ids, server_name, perspective_name,
+ )
pass
limiter = yield get_retry_limiter(
|
