summary refs log tree commit diff
path: root/synapse
diff options
context:
space:
mode:
Diffstat (limited to 'synapse')
-rw-r--r--synapse/config/_base.py4
-rw-r--r--synapse/config/key.py22
-rw-r--r--synapse/crypto/keyring.py6
3 files changed, 27 insertions, 5 deletions
diff --git a/synapse/config/_base.py b/synapse/config/_base.py
index f07ea4cc46..6fd086a471 100644
--- a/synapse/config/_base.py
+++ b/synapse/config/_base.py
@@ -83,9 +83,9 @@ class Config(object):
         with open(file_path) as file_stream:
             try:
                 return yaml.load(file_stream)
-            except Exception as e:
+            except:
                 raise ConfigError(
-                    "Error parsing yaml in file %r: " % (file_path,), e
+                    "Error parsing yaml in file %r" % (file_path,)
                 )
 
     @staticmethod
diff --git a/synapse/config/key.py b/synapse/config/key.py
index de4e33a7f3..a2de6d5c17 100644
--- a/synapse/config/key.py
+++ b/synapse/config/key.py
@@ -16,6 +16,10 @@
 import os
 from ._base import Config, ConfigError
 import syutil.crypto.signing_key
+from syutil.crypto.signing_key import (
+    is_signing_algorithm_supported, decode_verify_key_bytes
+)
+from syutil.base64util import decode_base64
 
 
 class KeyConfig(Config):
@@ -53,9 +57,17 @@ class KeyConfig(Config):
                                     " keys from")
 
     def read_perspectives(self, perspectives_config_path):
-        servers = self.read_yaml_file(
+        config = self.read_yaml_file(
             perspectives_config_path, "perspectives_config_path"
         )
+        servers = {}
+        for server_name, server_config in config["servers"].items():
+            for key_id, key_data in server_config["verify_keys"].items():
+                if is_signing_algorithm_supported(key_id):
+                    key_base64 = key_data["key"]
+                    key_bytes = decode_base64(key_base64)
+                    verify_key = decode_verify_key_bytes(key_id, key_bytes)
+                    servers.setdefault(server_name, {})[key_id] = verify_key
         return servers
 
     def read_signing_key(self, signing_key_path):
@@ -126,4 +138,10 @@ class KeyConfig(Config):
 
         if not os.path.exists(args.perspectives_config_path):
             with open(args.perspectives_config_path, "w") as perspectives_file:
-                perspectives_file.write("@@@")
+                perspectives_file.write(
+                    'servers:\n'
+                    '  matrix.org:\n'
+                    '    verify_keys:\n'
+                    '      "ed25519:auto":\n'
+                    '         key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"\n'
+                )
diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py
index d248776bc1..f7ae227916 100644
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@@ -42,7 +42,7 @@ class Keyring(object):
         self.clock = hs.get_clock()
         self.client = hs.get_http_client()
         self.config = hs.get_config()
-        self.perspective_servers = {}
+        self.perspective_servers = self.config.perspectives
         self.hs = hs
 
     @defer.inlineCallbacks
@@ -111,6 +111,10 @@ class Keyring(object):
                 )
                 break
             except:
+                logging.info(
+                    "Unable to getting key %r for %r from %r",
+                    key_ids, server_name, perspective_name,
+                )
                 pass
 
         limiter = yield get_retry_limiter(