summary refs log tree commit diff
path: root/synapse/federation/replication.py
diff options
context:
space:
mode:
Diffstat (limited to 'synapse/federation/replication.py')
-rw-r--r--synapse/federation/replication.py29
1 files changed, 20 insertions, 9 deletions
diff --git a/synapse/federation/replication.py b/synapse/federation/replication.py
index 5f96f79998..b4235585a3 100644
--- a/synapse/federation/replication.py
+++ b/synapse/federation/replication.py
@@ -25,6 +25,8 @@ from .persistence import PduActions, TransactionActions
 
 from synapse.util.logutils import log_function
 
+from syutil.crypto.jsonsign import sign_json
+
 import logging
 
 
@@ -64,6 +66,8 @@ class ReplicationLayer(object):
             hs, self.transaction_actions, transport_layer
         )
 
+        self.keyring = hs.get_keyring()
+
         self.handler = None
         self.edu_handlers = {}
         self.query_handlers = {}
@@ -292,6 +296,10 @@ class ReplicationLayer(object):
     @defer.inlineCallbacks
     @log_function
     def on_incoming_transaction(self, transaction_data):
+        yield self.keyring.verify_json_for_server(
+            transaction_data["origin"], transaction_data
+        )
+
         transaction = Transaction(**transaction_data)
 
         for p in transaction.pdus:
@@ -492,7 +500,7 @@ class _TransactionQueue(object):
     """
 
     def __init__(self, hs, transaction_actions, transport_layer):
-
+        self.signing_key = hs.config.signing_key[0]
         self.server_name = hs.hostname
         self.transaction_actions = transaction_actions
         self.transport_layer = transport_layer
@@ -591,7 +599,7 @@ class _TransactionQueue(object):
 
             transaction = Transaction.create_new(
                 ts=self._clock.time_msec(),
-                transaction_id=self._next_txn_id,
+                transaction_id=str(self._next_txn_id),
                 origin=self.server_name,
                 destination=destination,
                 pdus=pdus,
@@ -607,20 +615,23 @@ class _TransactionQueue(object):
 
             # Actually send the transaction
 
+            server_name = self.server_name
+            signing_key = self.signing_key
+
             # FIXME (erikj): This is a bit of a hack to make the Pdu age
             # keys work
-            def cb(transaction):
+            def json_data_cb():
+                data = transaction.get_dict()
                 now = int(self._clock.time_msec())
-                if "pdus" in transaction:
-                    for p in transaction["pdus"]:
+                if "pdus" in data:
+                    for p in data["pdus"]:
                         if "age_ts" in p:
                             p["age"] = now - int(p["age_ts"])
-
-                return transaction
+                data = sign_json(data, server_name, signing_key)
+                return data
 
             code, response = yield self.transport_layer.send_transaction(
-                transaction,
-                on_send_callback=cb,
+                transaction, json_data_cb
             )
 
             logger.debug("TX [%s] Sent transaction", destination)
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-11 21:21:09 +0000