Fix PDU and event signatures
This commit is contained in:
parent
de1ec90133
commit
8c2b5ea7c4
|
@ -16,6 +16,7 @@
|
|||
|
||||
|
||||
from synapse.api.events.utils import prune_event
|
||||
from synapse.federation.units import Pdu
|
||||
from syutil.jsonutil import encode_canonical_json
|
||||
from syutil.base64util import encode_base64, decode_base64
|
||||
from syutil.crypto.jsonsign import sign_json
|
||||
|
@ -58,6 +59,8 @@ def _compute_content_hash(event, hash_algorithm):
|
|||
event_json.pop("unsigned", None)
|
||||
event_json.pop("signatures", None)
|
||||
event_json.pop("hashes", None)
|
||||
event_json.pop("outlier", None)
|
||||
event_json.pop("destinations", None)
|
||||
event_json_bytes = encode_canonical_json(event_json)
|
||||
return hash_algorithm(event_json_bytes)
|
||||
|
||||
|
@ -75,7 +78,13 @@ def compute_event_reference_hash(event, hash_algorithm=hashlib.sha256):
|
|||
|
||||
def compute_event_signature(event, signature_name, signing_key):
|
||||
tmp_event = prune_event(event)
|
||||
redact_json = tmp_event.get_full_dict()
|
||||
tmp_event.origin = event.origin
|
||||
tmp_event.origin_server_ts = event.origin_server_ts
|
||||
d = tmp_event.get_full_dict()
|
||||
kwargs = dict(event.unrecognized_keys)
|
||||
kwargs.update({k: v for k, v in d.items()})
|
||||
tmp_pdu = Pdu(**kwargs)
|
||||
redact_json = tmp_pdu.get_dict()
|
||||
redact_json.pop("signatures", None)
|
||||
redact_json.pop("age_ts", None)
|
||||
redact_json.pop("unsigned", None)
|
||||
|
|
|
@ -139,9 +139,10 @@ class FederationHandler(BaseHandler):
|
|||
affected=event.event_id,
|
||||
)
|
||||
|
||||
if not check_event_content_hash(pdu):
|
||||
if not check_event_content_hash(event):
|
||||
logger.warn(
|
||||
"Event content has been tampered, redacting %s", event.event_id
|
||||
"Event content has been tampered, redacting %s, %s",
|
||||
event.event_id, encode_canonical_json(event.get_full_dict())
|
||||
)
|
||||
event = redacted_event
|
||||
|
||||
|
|
|
@ -132,8 +132,8 @@ class DataStore(RoomMemberStore, RoomStore,
|
|||
if not events_dict:
|
||||
defer.returnValue(None)
|
||||
|
||||
event = self._parse_event_from_row(events_dict)
|
||||
defer.returnValue(event)
|
||||
event = yield self._parse_events([events_dict])
|
||||
defer.returnValue(event[0])
|
||||
|
||||
@log_function
|
||||
def _persist_event_txn(self, txn, event, backfilled, stream_ordering=None,
|
||||
|
|
|
@ -41,7 +41,7 @@ class FeedbackStore(SQLBaseStore):
|
|||
|
||||
defer.returnValue(
|
||||
[
|
||||
self._parse_event_from_row(r)
|
||||
(yield self._parse_events(r))
|
||||
for r in rows
|
||||
]
|
||||
)
|
||||
|
|
Loading…
Reference in New Issue