Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Simplify process_v2_response (#5236) | Richard van der Hoff | 2019-05-23 | 1 | -21/+29 |
| | | | | | | | | | * Pass time_added_ms into process_v2_response * Simplify process_v2_response We can merge old_verify_keys into verify_keys, and reduce the number of dicts flying around. | ||||
* | Remove unused VerifyKey.expired and .time_added fields (#5235) | Richard van der Hoff | 2019-05-23 | 1 | -3/+0 |
| | | | | | These were never used, and poking arbitary data into objects from other packages seems confusing at best. | ||||
* | Rewrite store_server_verify_key to store several keys at once (#5234) | Richard van der Hoff | 2019-05-23 | 1 | -45/+14 |
| | | | | | Storing server keys hammered the database a bit. This replaces the implementation which stored a single key, with one which can do many updates at once. | ||||
* | Run black on synapse.crypto.keyring (#5232) | Richard van der Hoff | 2019-05-22 | 1 | -149/+137 |
| | |||||
* | remove extraneous exception logging | Richard van der Hoff | 2019-04-25 | 1 | -16/+32 |
| | |||||
* | Clarify logging when PDU signature checking fails | Richard van der Hoff | 2019-04-25 | 1 | -3/+1 |
| | |||||
* | Remove periods from copyright headers (#5046) | Andrew Morgan | 2019-04-11 | 1 | -1/+1 |
| | |||||
* | Rewrite Datastore.get_server_verify_keys | Richard van der Hoff | 2019-04-09 | 1 | -21/+17 |
| | | | | Rewrite this so that it doesn't hammer the database. | ||||
* | Remove redundant merged_keys dict | Richard van der Hoff | 2019-04-08 | 1 | -8/+5 |
| | | | | | | There's no point in collecting a merged dict of keys: it is sufficient to consider just the new keys which have been fetched by the most recent key_fetch_fns. | ||||
* | Fix from_server buglet in get_keys_from_perspectives | Richard van der Hoff | 2019-04-08 | 1 | -1/+1 |
| | | | | | make sure we store the name of the server the keys came from, rather than the origin server, after doing a fetch-from-perspectives. | ||||
* | Hoist server_name check out of process_v2_response | Richard van der Hoff | 2019-04-04 | 1 | -13/+7 |
| | | | | | It's easier to check it in the caller than to complicate the interface with an extra param. | ||||
* | Clean up Keyring.process_v2_response | Richard van der Hoff | 2019-04-04 | 1 | -23/+46 |
| | | | | | | Make this just return the key dict, rather than a single-entry dict mapping the server name to the key dict. It's easy for the caller to get the server name from from the response object anyway. | ||||
* | Correctly log expected errors when fetching server keys | Erik Johnston | 2019-03-11 | 1 | -2/+2 |
| | |||||
* | raise_from already raises | Erik Johnston | 2019-02-25 | 1 | -4/+4 |
| | |||||
* | Handle errors when fetching remote server keys | Erik Johnston | 2019-02-23 | 1 | -21/+51 |
| | |||||
* | Correctly handle RequestSendFailed exceptions | Erik Johnston | 2019-02-14 | 1 | -2/+2 |
| | | | | This mainly reduces the number of exceptions we log. | ||||
* | Make key fetches use regular federation client (#4426) | Richard van der Hoff | 2019-01-22 | 1 | -23/+7 |
| | | | | | All this magic is redundant. | ||||
* | Remove fetching keys via the deprecated v1 kex method (#4120) | Amber Brown | 2018-10-31 | 1 | -103/+7 |
| | |||||
* | Merge pull request #3826 from matrix-org/rav/logging_for_keyring | Amber Brown | 2018-09-12 | 1 | -6/+18 |
|\ | | | | | add some logging for the keyring queue | ||||
| * | add some logging for the keyring queue | Richard van der Hoff | 2018-09-06 | 1 | -6/+18 |
| | | | | | | | | why is it so damn slow? | ||||
* | | Port crypto/ to Python 3 (#3822) | Amber Brown | 2018-09-12 | 1 | -4/+5 |
|/ | |||||
* | fix accidental removal of hs | Jeroen | 2018-07-27 | 1 | -1/+1 |
| | |||||
* | Merge remote-tracking branch 'upstream/develop' into ↵ | Jeroen | 2018-07-14 | 1 | -21/+23 |
|\ | | | | | | | | | | | | | send_sni_for_federation_requests # Conflicts: # synapse/crypto/context_factory.py | ||||
| * | run isort | Amber Brown | 2018-07-09 | 1 | -21/+23 |
| | | |||||
* | | send SNI for federation requests | Jeroen | 2018-06-24 | 1 | -2/+2 |
|/ | |||||
* | Try to log more helpful info when a sig verification fails | Richard van der Hoff | 2018-06-08 | 1 | -6/+25 |
| | | | | | | | | Firstly, don't swallow the reason for the failure Secondly, don't assume all exceptions are verification failures Thirdly, log a bit of info about the key being used if debug is enabled | ||||
* | Merge remote-tracking branch 'origin/develop' into rav/use_run_in_background | Richard van der Hoff | 2018-04-27 | 1 | -45/+48 |
|\ | |||||
| * | Improve exception handling for background processes | Richard van der Hoff | 2018-04-27 | 1 | -45/+48 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There were a bunch of places where we fire off a process to happen in the background, but don't have any exception handling on it - instead relying on the unhandled error being logged when the relevent deferred gets garbage-collected. This is unsatisfactory for a number of reasons: - logging on garbage collection is best-effort and may happen some time after the error, if at all - it can be hard to figure out where the error actually happened. - it is logged as a scary CRITICAL error which (a) I always forget to grep for and (b) it's not really CRITICAL if a background process we don't care about fails. So this is an attempt to add exception handling to everything we fire off into the background. | ||||
* | | Use run_in_background in preference to preserve_fn | Richard van der Hoff | 2018-04-27 | 1 | -11/+17 |
|/ | | | | | | While I was going through uses of preserve_fn for other PRs, I converted places which only use the wrapped function once to use run_in_background, to avoid creating the function object. | ||||
* | Use str(e) instead of e.message | Adrian Tschira | 2018-04-15 | 1 | -4/+4 |
| | | | | | | | Doing this I learned e.message was pretty shortlived, added in 2.6, they realized it was a bad idea and deprecated it in 2.7 Signed-off-by: Adrian Tschira <nota@notafile.com> | ||||
* | replace 'except:' with 'except Exception:' | Richard van der Hoff | 2017-10-23 | 1 | -1/+1 |
| | | | | what could possibly go wrong | ||||
* | Merge branch 'develop' into develop | Richard van der Hoff | 2017-09-25 | 1 | -124/+161 |
|\ | |||||
| * | Fix logcontext handling in verify_json_objects_for_server | Richard van der Hoff | 2017-09-20 | 1 | -8/+12 |
| | | | | | | | | | | | | | | | | | | | | | | | | preserve_context_over_fn is essentially broken, because (a) it pointlessly drops the current logcontext before calling its wrapped function, which means we don't get any useful logcontexts for _handle_key_deferred; (b) it wraps the resulting deferred in a _PreservingContextDeferred, which is very dangerous because you then can't yield on it without leaking context back into the reactor. Instead, let's specify that the resultant deferreds call their callbacks with no logcontext. | ||||
| * | Turn _start_key_lookups into an inlineCallbacks function | Richard van der Hoff | 2017-09-20 | 1 | -40/+37 |
| | | | | | | | | | | | | | | | | | | | | | | ... which means that logcontexts can be correctly preserved for the stuff it does. get_server_verify_keys is now called with the logcontext, so needs to preserve_fn when it fires off its nested inlineCallbacks function. Also renames get_server_verify_keys to reflect the fact it's meant to be private. | ||||
| * | Fix potential race in _start_key_lookups | Richard van der Hoff | 2017-09-20 | 1 | -5/+8 |
| | | | | | | | | | | | | | | | | | | If the verify_request.deferred has already completed, then `remove_deferreds` will be called immediately. It therefore might resolve the server_to_deferred deferred while there are still other requests for that server in flight. To avoid that, we should build the complete list of requests, and *then* add the callbacks. | ||||
| * | Add some comments to _start_key_lookups | Richard van der Hoff | 2017-09-20 | 1 | -0/+8 |
| | | |||||
| * | Consistency for how verify_request.deferred is called | Richard van der Hoff | 2017-09-20 | 1 | -13/+17 |
| | | | | | | | | | | | | | | | | | | | | Define that it is run with no log context, and make sure that happens. If we aren't careful to reset the logcontext, we can't bung the deferreds into defer.gatherResults etc. We don't actually do that directly, but we *do* resolve other deferreds from affected callbacks (notably the server_to_deferred map in _start_key_lookups), and those *do* get passed into defer.gatherResults. It turns out that this way ends up being least confusing. | ||||
| * | Factor out _start_key_lookups | Richard van der Hoff | 2017-09-20 | 1 | -7/+17 |
| | | | | | | | | ... to make it easier to see what's going on. | ||||
| * | Replace `server_and_json` with `verify_requests` | Richard van der Hoff | 2017-09-20 | 1 | -3/+3 |
| | | | | | | | | This is a precursor to factoring some of this code out. | ||||
| * | pull out handle_key_deferred to top level | Richard van der Hoff | 2017-09-20 | 1 | -43/+44 |
| | | | | | | | | | | | | There's no need for this to be a nested definition; pulling it out not only makes it more efficient, but makes it easier to check that it's not accessing any local variables it shouldn't be. | ||||
| * | Fix incorrect key_ids in error message | Richard van der Hoff | 2017-09-20 | 1 | -1/+1 |
| | | |||||
| * | Fix concurrent server_key requests (#2458) | Richard van der Hoff | 2017-09-19 | 1 | -1/+3 |
| | | | | | | | | Fix a bug where we could end up firing off multiple requests for server_keys for the same server at the same time. | ||||
| * | Clean up and document handling of logcontexts in Keyring (#2452) | Richard van der Hoff | 2017-09-18 | 1 | -28/+36 |
| | | | | | | | | | | | | I'm still unclear on what the intended behaviour for `verify_json_objects_for_server` is, but at least I now understand the behaviour of most of the things it calls... | ||||
* | | Fix iteration of requests_missing_keys; list doesn't have .values() | Kenny Keslar | 2017-07-26 | 1 | -1/+1 |
|/ | | | | Signed-off-by: Kenny Keslar <r3dey3@r3dey3.com> | ||||
* | Merge pull request #2050 from matrix-org/rav/federation_backoff | Richard van der Hoff | 2017-03-23 | 1 | -23/+16 |
|\ | | | | | push federation retry limiter down to matrixfederationclient | ||||
| * | push federation retry limiter down to matrixfederationclient | Richard van der Hoff | 2017-03-23 | 1 | -23/+16 |
| | | | | | | | | | | rather than having to instrument everywhere we make a federation call, make the MatrixFederationHttpClient manage the retry limiter. | ||||
* | | fix up some key verif docstrings | Richard van der Hoff | 2017-03-21 | 1 | -2/+21 |
|/ | |||||
* | Add some debug to help diagnose weird federation issue | Richard van der Hoff | 2017-03-20 | 1 | -1/+8 |
| | |||||
* | Preserve some logcontexts | Erik Johnston | 2016-08-24 | 1 | -18/+18 |
| | |||||
* | Update keyring Measure | Erik Johnston | 2016-08-19 | 1 | -85/+85 |
| | |||||
* | Measure keyrings | Erik Johnston | 2016-08-19 | 1 | -34/+36 |
| | |||||
* | Don't print stack traces when failing to get remote keys | Erik Johnston | 2016-08-10 | 1 | -12/+16 |
| | |||||
* | Merge branch 'develop' into markjh/verify | Mark Haines | 2016-07-27 | 1 | -2/+9 |
|\ | | | | | | | | | Conflicts: synapse/crypto/keyring.py | ||||
| * | Merge pull request #955 from matrix-org/markjh/only_from2 | Mark Haines | 2016-07-27 | 1 | -2/+9 |
| |\ | | | | | | | Add a couple more checks to the keyring | ||||
| | * | Add a couple more checks to the keyring | Mark Haines | 2016-07-26 | 1 | -2/+9 |
| | | | |||||
| * | | Fix a couple of bugs in the transaction and keyring code | Mark Haines | 2016-07-26 | 1 | -8/+9 |
| |/ | |||||
* / | Clean up verify_json_objects_for_server | Mark Haines | 2016-07-27 | 1 | -68/+75 |
|/ | |||||
* | Fix up logcontexts | Erik Johnston | 2016-02-08 | 1 | -37/+46 |
| | |||||
* | copyrights | Matthew Hodgson | 2016-01-07 | 1 | -1/+1 |
| | |||||
* | Actually look up required remote server key IDs | Paul "LeoNerd" Evans | 2015-12-18 | 1 | -1/+3 |
| | | | | | | set.union() is a side-effect-free function that returns the union of two sets. This clearly wanted .update(), which is the side-effecting mutator version. | ||||
* | Fix typo | Erik Johnston | 2015-11-20 | 1 | -1/+1 |
| | |||||
* | Don't limit connections to perspective servers | Erik Johnston | 2015-11-20 | 1 | -21/+17 |
| | |||||
* | Fix bug where we sometimes didn't fetch all the keys requested for a | Erik Johnston | 2015-09-17 | 1 | -4/+3 |
| | | | | server. | ||||
* | Merge pull request #272 from matrix-org/daniel/insecureclient | Daniel Wagner-Hall | 2015-09-15 | 1 | -2/+2 |
|\ | | | | | Allow configuration to ignore invalid SSL certs | ||||
| * | Allow configuration to ignore invalid SSL certs | Daniel Wagner-Hall | 2015-09-09 | 1 | -2/+2 |
| | | | | | | | | | | This will be useful for sytest, and sytest only, hence the aggressive config key name. | ||||
* | | Various bug fixes to crypto.keyring | Erik Johnston | 2015-09-09 | 1 | -10/+17 |
|/ | |||||
* | Remove syutil dependency in favour of smaller single-purpose libraries | Mark Haines | 2015-08-24 | 1 | -9/+9 |
| | |||||
* | Wait for previous attempts at fetching keys for a given server before trying ↵ | Erik Johnston | 2015-06-26 | 1 | -15/+68 |
| | | | | to fetch more | ||||
* | Implement bulk verify_signed_json API | Erik Johnston | 2015-06-26 | 1 | -134/+292 |
| | |||||
* | Handle the case when things return empty but non none things | Erik Johnston | 2015-05-19 | 1 | -2/+2 |
| | |||||
* | Don't always hit get_server_verify_key_v1_direct | Erik Johnston | 2015-05-19 | 1 | -5/+10 |
| | |||||
* | SYN-383: Actually, we expect this value to be a dict | Erik Johnston | 2015-05-19 | 1 | -1/+2 |
| | |||||
* | SYN-383: Handle the fact the server might not have signed things | Erik Johnston | 2015-05-19 | 1 | -1/+1 |
| | |||||
* | Don't reuse var names | Erik Johnston | 2015-05-19 | 1 | -2/+2 |
| | |||||
* | SYN-383: Fix parsing of verify_keys and catching of _DefGen_Return | Erik Johnston | 2015-05-19 | 1 | -18/+18 |
| | |||||
* | SYN-383: Extract the response list from 'server_keys' in the response JSON ↵ | Mark Haines | 2015-05-19 | 1 | -1/+3 |
| | | | | as it might work better than iterating over the top level dict | ||||
* | Change the way we create observers to deferreds so that we don't get spammed ↵ | Erik Johnston | 2015-05-08 | 1 | -2/+6 |
| | | | | by 'unhandled errors' | ||||
* | Use a defer.gatherResults to collect results from the perspective servers | Mark Haines | 2015-04-29 | 1 | -11/+21 |
| | |||||
* | Update the query format used by keyring to match current key v2 spec | Mark Haines | 2015-04-29 | 1 | -1/+12 |
| | |||||
* | Implement minimum_valid_until_ts in the remote key resource | Mark Haines | 2015-04-29 | 1 | -0/+1 |
| | |||||
* | Merge branch 'develop' into key_distribution | Mark Haines | 2015-04-27 | 1 | -0/+20 |
|\ | | | | | | | | | Conflicts: synapse/crypto/keyring.py | ||||
| * | Fix newlines | Erik Johnston | 2015-04-27 | 1 | -2/+1 |
| | | |||||
| * | Pull inner function out. | Erik Johnston | 2015-04-27 | 1 | -76/+77 |
| | | |||||
| * | Implement locks using create_observer for fetching media and server keys | Erik Johnston | 2015-04-27 | 1 | -59/+79 |
| | | |||||
* | | Add config for setting the perspective servers | Mark Haines | 2015-04-24 | 1 | -1/+5 |
| | | |||||
* | | Update to match the specification for key/v2 | Mark Haines | 2015-04-23 | 1 | -2/+2 |
| | | |||||
* | | Implement remote key lookup api | Mark Haines | 2015-04-22 | 1 | -35/+40 |
| | | |||||
* | | Implement v2 key lookup | Mark Haines | 2015-04-20 | 1 | -17/+251 |
|/ | |||||
* | Log error message when we fail to fetch remote server keys | Erik Johnston | 2015-03-05 | 1 | -2/+11 |
| | |||||
* | Try to only back off if we think we failed to connect to the remote | Erik Johnston | 2015-02-17 | 1 | -54/+54 |
| | |||||
* | Add per server retry limiting. | Erik Johnston | 2015-02-17 | 1 | -15/+7 |
| | | | | | Factor out the pre destination retry logic from TransactionQueue so it can be reused in both get_pdu and crypto.keyring | ||||
* | Rate limit retries when fetching server keys. | Erik Johnston | 2015-02-17 | 1 | -55/+71 |
| | |||||
* | Update copyright notices | Mark Haines | 2015-01-06 | 1 | -1/+1 |
| | |||||
* | Add a few missing yields, Move deferred lists inside PreserveLoggingContext ↵ | Mark Haines | 2014-11-20 | 1 | -2/+2 |
| | | | | because they don't interact well with the logging contexts | ||||
* | Fix pep8 warnings | Mark Haines | 2014-10-30 | 1 | -2/+2 |
| | |||||
* | add log line for checking verifying signatures | Mark Haines | 2014-10-17 | 1 | -0/+1 |
| | |||||
* | Better response message when signature is missing or unsupported | Mark Haines | 2014-10-13 | 1 | -1/+1 |
| | |||||
* | Respond with more helpful error messages for unsigned requests | Mark Haines | 2014-10-13 | 1 | -2/+31 |
| | |||||
* | SYN-75 Verify signatures on server to server transactions | Mark Haines | 2014-09-30 | 1 | -0/+125 |