Burn `check_signature` dev script. (#12351)
This commit is contained in:
parent
993d90f82b
commit
336bff1104
|
@ -1 +1 @@
|
||||||
Remove unused and broken dev script `list_url_patterns.py`.
|
Remove broken and unused development scripts.
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Remove broken and unused development scripts.
|
1
mypy.ini
1
mypy.ini
|
@ -24,7 +24,6 @@ files =
|
||||||
exclude = (?x)
|
exclude = (?x)
|
||||||
^(
|
^(
|
||||||
|scripts-dev/build_debian_packages.py
|
|scripts-dev/build_debian_packages.py
|
||||||
|scripts-dev/check_signature.py
|
|
||||||
|scripts-dev/definitions.py
|
|scripts-dev/definitions.py
|
||||||
|scripts-dev/federation_client.py
|
|scripts-dev/federation_client.py
|
||||||
|scripts-dev/hash_history.py
|
|scripts-dev/hash_history.py
|
||||||
|
|
|
@ -1,72 +0,0 @@
|
||||||
import argparse
|
|
||||||
import json
|
|
||||||
import logging
|
|
||||||
import sys
|
|
||||||
|
|
||||||
import dns.resolver
|
|
||||||
import urllib2
|
|
||||||
from signedjson.key import decode_verify_key_bytes, write_signing_keys
|
|
||||||
from signedjson.sign import verify_signed_json
|
|
||||||
from unpaddedbase64 import decode_base64
|
|
||||||
|
|
||||||
|
|
||||||
def get_targets(server_name):
|
|
||||||
if ":" in server_name:
|
|
||||||
target, port = server_name.split(":")
|
|
||||||
yield (target, int(port))
|
|
||||||
return
|
|
||||||
try:
|
|
||||||
answers = dns.resolver.query("_matrix._tcp." + server_name, "SRV")
|
|
||||||
for srv in answers:
|
|
||||||
yield (srv.target, srv.port)
|
|
||||||
except dns.resolver.NXDOMAIN:
|
|
||||||
yield (server_name, 8448)
|
|
||||||
|
|
||||||
|
|
||||||
def get_server_keys(server_name, target, port):
|
|
||||||
url = "https://%s:%i/_matrix/key/v1" % (target, port)
|
|
||||||
keys = json.load(urllib2.urlopen(url))
|
|
||||||
verify_keys = {}
|
|
||||||
for key_id, key_base64 in keys["verify_keys"].items():
|
|
||||||
verify_key = decode_verify_key_bytes(key_id, decode_base64(key_base64))
|
|
||||||
verify_signed_json(keys, server_name, verify_key)
|
|
||||||
verify_keys[key_id] = verify_key
|
|
||||||
return verify_keys
|
|
||||||
|
|
||||||
|
|
||||||
def main():
|
|
||||||
|
|
||||||
parser = argparse.ArgumentParser()
|
|
||||||
parser.add_argument("signature_name")
|
|
||||||
parser.add_argument(
|
|
||||||
"input_json", nargs="?", type=argparse.FileType("r"), default=sys.stdin
|
|
||||||
)
|
|
||||||
|
|
||||||
args = parser.parse_args()
|
|
||||||
logging.basicConfig()
|
|
||||||
|
|
||||||
server_name = args.signature_name
|
|
||||||
keys = {}
|
|
||||||
for target, port in get_targets(server_name):
|
|
||||||
try:
|
|
||||||
keys = get_server_keys(server_name, target, port)
|
|
||||||
print("Using keys from https://%s:%s/_matrix/key/v1" % (target, port))
|
|
||||||
write_signing_keys(sys.stdout, keys.values())
|
|
||||||
break
|
|
||||||
except Exception:
|
|
||||||
logging.exception("Error talking to %s:%s", target, port)
|
|
||||||
|
|
||||||
json_to_check = json.load(args.input_json)
|
|
||||||
print("Checking JSON:")
|
|
||||||
for key_id in json_to_check["signatures"][args.signature_name]:
|
|
||||||
try:
|
|
||||||
key = keys[key_id]
|
|
||||||
verify_signed_json(json_to_check, args.signature_name, key)
|
|
||||||
print("PASS %s" % (key_id,))
|
|
||||||
except Exception:
|
|
||||||
logging.exception("Check for key %s failed" % (key_id,))
|
|
||||||
print("FAIL %s" % (key_id,))
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
main()
|
|
Loading…
Reference in New Issue