diff --git a/synapse/storage/__init__.py b/synapse/storage/__init__.py
index 32d9c1392b..c8e0efb18f 100644
--- a/synapse/storage/__init__.py
+++ b/synapse/storage/__init__.py
@@ -57,6 +57,7 @@ SCHEMAS = [
"presence",
"im",
"room_aliases",
+ "keys",
"redactions",
]
@@ -154,6 +155,8 @@ class DataStore(RoomMemberStore, RoomStore,
cols["unrecognized_keys"] = json.dumps(unrec_keys)
+ cols["ts"] = cols.pop("origin_server_ts")
+
logger.debug("Persisting: %s", repr(cols))
if pdu.is_state:
diff --git a/synapse/storage/_base.py b/synapse/storage/_base.py
index 889de2bedc..65a86e9056 100644
--- a/synapse/storage/_base.py
+++ b/synapse/storage/_base.py
@@ -121,7 +121,7 @@ class SQLBaseStore(object):
# "Simple" SQL API methods that operate on a single table with no JOINs,
# no complex WHERE clauses, just a dict of values for columns.
- def _simple_insert(self, table, values, or_replace=False):
+ def _simple_insert(self, table, values, or_replace=False, or_ignore=False):
"""Executes an INSERT query on the named table.
Args:
@@ -130,13 +130,16 @@ class SQLBaseStore(object):
or_replace : bool; if True performs an INSERT OR REPLACE
"""
return self.runInteraction(
- self._simple_insert_txn, table, values, or_replace=or_replace
+ self._simple_insert_txn, table, values, or_replace=or_replace,
+ or_ignore=or_ignore,
)
@log_function
- def _simple_insert_txn(self, txn, table, values, or_replace=False):
+ def _simple_insert_txn(self, txn, table, values, or_replace=False,
+ or_ignore=False):
sql = "%s INTO %s (%s) VALUES(%s)" % (
- ("INSERT OR REPLACE" if or_replace else "INSERT"),
+ ("INSERT OR REPLACE" if or_replace else
+ "INSERT OR IGNORE" if or_ignore else "INSERT"),
table,
", ".join(k for k in values),
", ".join("?" for k in values)
@@ -351,6 +354,7 @@ class SQLBaseStore(object):
d.pop("stream_ordering", None)
d.pop("topological_ordering", None)
d.pop("processed", None)
+ d["origin_server_ts"] = d.pop("ts", 0)
d.update(json.loads(row_dict["unrecognized_keys"]))
d["content"] = json.loads(d["content"])
@@ -358,7 +362,7 @@ class SQLBaseStore(object):
if "age_ts" not in d:
# For compatibility
- d["age_ts"] = d["ts"] if "ts" in d else 0
+ d["age_ts"] = d.get("origin_server_ts", 0)
return self.event_factory.create_event(
etype=d["type"],
diff --git a/synapse/storage/keys.py b/synapse/storage/keys.py
index 5a38c3e8f2..8189e071a3 100644
--- a/synapse/storage/keys.py
+++ b/synapse/storage/keys.py
@@ -18,7 +18,8 @@ from _base import SQLBaseStore
from twisted.internet import defer
import OpenSSL
-import nacl.signing
+from syutil.crypto.signing_key import decode_verify_key_bytes
+import hashlib
class KeyStore(SQLBaseStore):
"""Persistence for signature verification keys and tls X.509 certificates
@@ -42,62 +43,76 @@ class KeyStore(SQLBaseStore):
)
defer.returnValue(tls_certificate)
- def store_server_certificate(self, server_name, key_server, ts_now_ms,
+ def store_server_certificate(self, server_name, from_server, time_now_ms,
tls_certificate):
"""Stores the TLS X.509 certificate for the given server
Args:
- server_name (bytes): The name of the server.
- key_server (bytes): Where the certificate was looked up
- ts_now_ms (int): The time now in milliseconds
+ server_name (str): The name of the server.
+ from_server (str): Where the certificate was looked up
+ time_now_ms (int): The time now in milliseconds
tls_certificate (OpenSSL.crypto.X509): The X.509 certificate.
"""
tls_certificate_bytes = OpenSSL.crypto.dump_certificate(
OpenSSL.crypto.FILETYPE_ASN1, tls_certificate
)
+ fingerprint = hashlib.sha256(tls_certificate_bytes).hexdigest()
return self._simple_insert(
table="server_tls_certificates",
- keyvalues={
+ values={
"server_name": server_name,
- "key_server": key_server,
- "ts_added_ms": ts_now_ms,
- "tls_certificate": tls_certificate_bytes,
+ "fingerprint": fingerprint,
+ "from_server": from_server,
+ "ts_added_ms": time_now_ms,
+ "tls_certificate": buffer(tls_certificate_bytes),
},
+ or_ignore=True,
)
@defer.inlineCallbacks
- def get_server_verification_key(self, server_name):
- """Retrieve the NACL verification key for a given server
+ def get_server_verify_keys(self, server_name, key_ids):
+ """Retrieve the NACL verification key for a given server for the given
+ key_ids
Args:
- server_name (bytes): The name of the server.
+ server_name (str): The name of the server.
+ key_ids (list of str): List of key_ids to try and look up.
Returns:
- (nacl.signing.VerifyKey): The verification key.
+ (list of VerifyKey): The verification keys.
"""
- verification_key_bytes, = yield self._simple_select_one(
- table="server_signature_keys",
- key_values={"server_name": server_name},
- retcols=("tls_certificate",),
+ sql = (
+ "SELECT key_id, verify_key FROM server_signature_keys"
+ " WHERE server_name = ?"
+ " AND key_id in (" + ",".join("?" for key_id in key_ids) + ")"
)
- verification_key = nacl.signing.VerifyKey(verification_key_bytes)
- defer.returnValue(verification_key)
- def store_server_verification_key(self, server_name, key_version,
- key_server, ts_now_ms, verification_key):
+ rows = yield self._execute_and_decode(sql, server_name, *key_ids)
+
+ keys = []
+ for row in rows:
+ key_id = row["key_id"]
+ key_bytes = row["verify_key"]
+ key = decode_verify_key_bytes(key_id, str(key_bytes))
+ keys.append(key)
+ defer.returnValue(keys)
+
+ def store_server_verify_key(self, server_name, from_server, time_now_ms,
+ verify_key):
"""Stores a NACL verification key for the given server.
Args:
- server_name (bytes): The name of the server.
- key_version (bytes): The version of the key for the server.
- key_server (bytes): Where the verification key was looked up
+ server_name (str): The name of the server.
+ key_id (str): The version of the key for the server.
+ from_server (str): Where the verification key was looked up
ts_now_ms (int): The time now in milliseconds
- verification_key (nacl.signing.VerifyKey): The NACL verify key.
+ verification_key (VerifyKey): The NACL verify key.
"""
- verification_key_bytes = verification_key.encode()
+ verify_key_bytes = verify_key.encode()
return self._simple_insert(
table="server_signature_keys",
- key_values={
+ values={
"server_name": server_name,
- "key_version": key_version,
- "key_server": key_server,
- "ts_added_ms": ts_now_ms,
- "verification_key": verification_key_bytes,
+ "key_id": "%s:%s" % (verify_key.alg, verify_key.version),
+ "from_server": from_server,
+ "ts_added_ms": time_now_ms,
+ "verify_key": buffer(verify_key.encode()),
},
+ or_ignore=True,
)
diff --git a/synapse/storage/schema/keys.sql b/synapse/storage/schema/keys.sql
index 706a1a03ff..9bf2068d84 100644
--- a/synapse/storage/schema/keys.sql
+++ b/synapse/storage/schema/keys.sql
@@ -14,17 +14,18 @@
*/
CREATE TABLE IF NOT EXISTS server_tls_certificates(
server_name TEXT, -- Server name.
- key_server TEXT, -- Which key server the certificate was fetched from.
+ fingerprint TEXT, -- Certificate fingerprint.
+ from_server TEXT, -- Which key server the certificate was fetched from.
ts_added_ms INTEGER, -- When the certifcate was added.
tls_certificate BLOB, -- DER encoded x509 certificate.
- CONSTRAINT uniqueness UNIQUE (server_name)
+ CONSTRAINT uniqueness UNIQUE (server_name, fingerprint)
);
CREATE TABLE IF NOT EXISTS server_signature_keys(
server_name TEXT, -- Server name.
- key_version TEXT, -- Key version.
- key_server TEXT, -- Which key server the key was fetched form.
+ key_id TEXT, -- Key version.
+ from_server TEXT, -- Which key server the key was fetched form.
ts_added_ms INTEGER, -- When the key was added.
- verification_key BLOB, -- NACL verification key.
- CONSTRAINT uniqueness UNIQUE (server_name, key_version)
+ verify_key BLOB, -- NACL verification key.
+ CONSTRAINT uniqueness UNIQUE (server_name, key_id)
);
diff --git a/synapse/storage/transactions.py b/synapse/storage/transactions.py
index ab4599b468..2ba8e30efe 100644
--- a/synapse/storage/transactions.py
+++ b/synapse/storage/transactions.py
@@ -87,7 +87,8 @@ class TransactionStore(SQLBaseStore):
txn.execute(query, (code, response_json, transaction_id, origin))
- def prep_send_transaction(self, transaction_id, destination, ts, pdu_list):
+ def prep_send_transaction(self, transaction_id, destination,
+ origin_server_ts, pdu_list):
"""Persists an outgoing transaction and calculates the values for the
previous transaction id list.
@@ -97,7 +98,7 @@ class TransactionStore(SQLBaseStore):
Args:
transaction_id (str)
destination (str)
- ts (int)
+ origin_server_ts (int)
pdu_list (list)
Returns:
@@ -106,11 +107,11 @@ class TransactionStore(SQLBaseStore):
return self.runInteraction(
self._prep_send_transaction,
- transaction_id, destination, ts, pdu_list
+ transaction_id, destination, origin_server_ts, pdu_list
)
- def _prep_send_transaction(self, txn, transaction_id, destination, ts,
- pdu_list):
+ def _prep_send_transaction(self, txn, transaction_id, destination,
+ origin_server_ts, pdu_list):
# First we find out what the prev_txs should be.
# Since we know that we are only sending one transaction at a time,
@@ -131,7 +132,7 @@ class TransactionStore(SQLBaseStore):
None,
transaction_id=transaction_id,
destination=destination,
- ts=ts,
+ ts=origin_server_ts,
response_code=0,
response_json=None
))
|
