diff --git a/scripts/check_event_hash.py b/scripts/check_event_hash.py
new file mode 100644
index 0000000000..7c32f8102a
--- /dev/null
+++ b/scripts/check_event_hash.py
@@ -0,0 +1,47 @@
+from synapse.crypto.event_signing import *
+from syutil.base64util import encode_base64
+
+import argparse
+import hashlib
+import sys
+import json
+
+
+class dictobj(dict):
+ def __init__(self, *args, **kargs):
+ dict.__init__(self, *args, **kargs)
+ self.__dict__ = self
+
+ def get_dict(self):
+ return dict(self)
+
+ def get_full_dict(self):
+ return dict(self)
+
+
+def main():
+ parser = argparse.ArgumentParser()
+ parser.add_argument("input_json", nargs="?", type=argparse.FileType('r'),
+ default=sys.stdin)
+ args = parser.parse_args()
+ logging.basicConfig()
+
+ event_json = dictobj(json.load(args.input_json))
+
+ algorithms = {
+ "sha256": hashlib.sha256,
+ }
+
+ for alg_name in event_json.hashes:
+ if check_event_content_hash(event_json, algorithms[alg_name]):
+ print "PASS content hash %s" % (alg_name,)
+ else:
+ print "FAIL content hash %s" % (alg_name,)
+
+ for algorithm in algorithms.values():
+ name, h_bytes = compute_event_reference_hash(event_json, algorithm)
+ print "Reference hash %s: %s" % (name, encode_base64(h_bytes))
+
+if __name__=="__main__":
+ main()
+
diff --git a/scripts/check_signature.py b/scripts/check_signature.py
new file mode 100644
index 0000000000..e146e18e24
--- /dev/null
+++ b/scripts/check_signature.py
@@ -0,0 +1,73 @@
+
+from syutil.crypto.jsonsign import verify_signed_json
+from syutil.crypto.signing_key import (
+ decode_verify_key_bytes, write_signing_keys
+)
+from syutil.base64util import decode_base64
+
+import urllib2
+import json
+import sys
+import dns.resolver
+import pprint
+import argparse
+import logging
+
+def get_targets(server_name):
+ if ":" in server_name:
+ target, port = server_name.split(":")
+ yield (target, int(port))
+ return
+ try:
+ answers = dns.resolver.query("_matrix._tcp." + server_name, "SRV")
+ for srv in answers:
+ yield (srv.target, srv.port)
+ except dns.resolver.NXDOMAIN:
+ yield (server_name, 8480)
+
+def get_server_keys(server_name, target, port):
+ url = "https://%s:%i/_matrix/key/v1" % (target, port)
+ keys = json.load(urllib2.urlopen(url))
+ verify_keys = {}
+ for key_id, key_base64 in keys["verify_keys"].items():
+ verify_key = decode_verify_key_bytes(key_id, decode_base64(key_base64))
+ verify_signed_json(keys, server_name, verify_key)
+ verify_keys[key_id] = verify_key
+ return verify_keys
+
+def main():
+
+ parser = argparse.ArgumentParser()
+ parser.add_argument("signature_name")
+ parser.add_argument("input_json", nargs="?", type=argparse.FileType('r'),
+ default=sys.stdin)
+
+ args = parser.parse_args()
+ logging.basicConfig()
+
+ server_name = args.signature_name
+ keys = {}
+ for target, port in get_targets(server_name):
+ try:
+ keys = get_server_keys(server_name, target, port)
+ print "Using keys from https://%s:%s/_matrix/key/v1" % (target, port)
+ write_signing_keys(sys.stdout, keys.values())
+ break
+ except:
+ logging.exception("Error talking to %s:%s", target, port)
+
+ json_to_check = json.load(args.input_json)
+ print "Checking JSON:"
+ for key_id in json_to_check["signatures"][args.signature_name]:
+ try:
+ key = keys[key_id]
+ verify_signed_json(json_to_check, args.signature_name, key)
+ print "PASS %s" % (key_id,)
+ except:
+ logging.exception("Check for key %s failed" % (key_id,))
+ print "FAIL %s" % (key_id,)
+
+
+if __name__ == '__main__':
+ main()
+
diff --git a/scripts/hash_history.py b/scripts/hash_history.py
new file mode 100644
index 0000000000..bdad530af8
--- /dev/null
+++ b/scripts/hash_history.py
@@ -0,0 +1,69 @@
+from synapse.storage.pdu import PduStore
+from synapse.storage.signatures import SignatureStore
+from synapse.storage._base import SQLBaseStore
+from synapse.federation.units import Pdu
+from synapse.crypto.event_signing import (
+ add_event_pdu_content_hash, compute_pdu_event_reference_hash
+)
+from synapse.api.events.utils import prune_pdu
+from syutil.base64util import encode_base64, decode_base64
+from syutil.jsonutil import encode_canonical_json
+import sqlite3
+import sys
+
+class Store(object):
+ _get_pdu_tuples = PduStore.__dict__["_get_pdu_tuples"]
+ _get_pdu_content_hashes_txn = SignatureStore.__dict__["_get_pdu_content_hashes_txn"]
+ _get_prev_pdu_hashes_txn = SignatureStore.__dict__["_get_prev_pdu_hashes_txn"]
+ _get_pdu_origin_signatures_txn = SignatureStore.__dict__["_get_pdu_origin_signatures_txn"]
+ _store_pdu_content_hash_txn = SignatureStore.__dict__["_store_pdu_content_hash_txn"]
+ _store_pdu_reference_hash_txn = SignatureStore.__dict__["_store_pdu_reference_hash_txn"]
+ _store_prev_pdu_hash_txn = SignatureStore.__dict__["_store_prev_pdu_hash_txn"]
+ _simple_insert_txn = SQLBaseStore.__dict__["_simple_insert_txn"]
+
+
+store = Store()
+
+
+def select_pdus(cursor):
+ cursor.execute(
+ "SELECT pdu_id, origin FROM pdus ORDER BY depth ASC"
+ )
+
+ ids = cursor.fetchall()
+
+ pdu_tuples = store._get_pdu_tuples(cursor, ids)
+
+ pdus = [Pdu.from_pdu_tuple(p) for p in pdu_tuples]
+
+ reference_hashes = {}
+
+ for pdu in pdus:
+ try:
+ if pdu.prev_pdus:
+ print "PROCESS", pdu.pdu_id, pdu.origin, pdu.prev_pdus
+ for pdu_id, origin, hashes in pdu.prev_pdus:
+ ref_alg, ref_hsh = reference_hashes[(pdu_id, origin)]
+ hashes[ref_alg] = encode_base64(ref_hsh)
+ store._store_prev_pdu_hash_txn(cursor, pdu.pdu_id, pdu.origin, pdu_id, origin, ref_alg, ref_hsh)
+ print "SUCCESS", pdu.pdu_id, pdu.origin, pdu.prev_pdus
+ pdu = add_event_pdu_content_hash(pdu)
+ ref_alg, ref_hsh = compute_pdu_event_reference_hash(pdu)
+ reference_hashes[(pdu.pdu_id, pdu.origin)] = (ref_alg, ref_hsh)
+ store._store_pdu_reference_hash_txn(cursor, pdu.pdu_id, pdu.origin, ref_alg, ref_hsh)
+
+ for alg, hsh_base64 in pdu.hashes.items():
+ print alg, hsh_base64
+ store._store_pdu_content_hash_txn(cursor, pdu.pdu_id, pdu.origin, alg, decode_base64(hsh_base64))
+
+ except:
+ print "FAILED_", pdu.pdu_id, pdu.origin, pdu.prev_pdus
+
+def main():
+ conn = sqlite3.connect(sys.argv[1])
+ cursor = conn.cursor()
+ select_pdus(cursor)
+ conn.commit()
+
+if __name__=='__main__':
+ main()
|
