make changes from PR review
This commit is contained in:
parent
336c546d6a
commit
fac1cdc562
|
@ -510,9 +510,18 @@ class E2eKeysHandler(object):
|
|||
if not master_key:
|
||||
raise SynapseError(400, "No master key available", Codes.MISSING_PARAM)
|
||||
|
||||
master_key_id, master_verify_key = get_verify_key_from_cross_signing_key(
|
||||
master_key
|
||||
)
|
||||
try:
|
||||
master_key_id, master_verify_key = get_verify_key_from_cross_signing_key(
|
||||
master_key
|
||||
)
|
||||
except ValueError:
|
||||
if "master_key" in keys:
|
||||
# the invalid key came from the request
|
||||
raise SynapseError(400, "Invalid master key", Codes.INVALID_PARAM)
|
||||
else:
|
||||
# the invalid key came from the database
|
||||
logger.error("Invalid master key found for user %s", user_id)
|
||||
raise SynapseError(500, "Invalid master key")
|
||||
|
||||
# for the other cross-signing keys, make sure that they have valid
|
||||
# signatures from the master key
|
||||
|
@ -539,9 +548,12 @@ class E2eKeysHandler(object):
|
|||
yield self.store.set_e2e_cross_signing_key(
|
||||
user_id, "self_signing", self_signing_key
|
||||
)
|
||||
deviceids.append(
|
||||
get_verify_key_from_cross_signing_key(self_signing_key)[1].version
|
||||
)
|
||||
try:
|
||||
deviceids.append(
|
||||
get_verify_key_from_cross_signing_key(self_signing_key)[1].version
|
||||
)
|
||||
except ValueError:
|
||||
raise SynapseError(400, "Invalid self-signing key", Codes.INVALID_PARAM)
|
||||
if "user_signing_key" in keys:
|
||||
yield self.store.set_e2e_cross_signing_key(
|
||||
user_id, "user_signing", user_signing_key
|
||||
|
|
|
@ -13,47 +13,6 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
-- cross-signing keys
|
||||
CREATE TABLE IF NOT EXISTS e2e_cross_signing_keys (
|
||||
user_id TEXT NOT NULL,
|
||||
-- the type of cross-signing key (master, user_signing, or self_signing)
|
||||
keytype TEXT NOT NULL,
|
||||
-- the full key information, as a json-encoded dict
|
||||
keydata TEXT NOT NULL,
|
||||
-- time that the key was added
|
||||
added_ts BIGINT NOT NULL
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX e2e_cross_signing_keys_idx ON e2e_cross_signing_keys(user_id, keytype, added_ts);
|
||||
|
||||
-- cross-signing signatures
|
||||
CREATE TABLE IF NOT EXISTS e2e_cross_signing_signatures (
|
||||
-- user who did the signing
|
||||
user_id TEXT NOT NULL,
|
||||
-- key used to sign
|
||||
key_id TEXT NOT NULL,
|
||||
-- user who was signed
|
||||
target_user_id TEXT NOT NULL,
|
||||
-- device/key that was signed
|
||||
target_device_id TEXT NOT NULL,
|
||||
-- the actual signature
|
||||
signature TEXT NOT NULL
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX e2e_cross_signing_signatures_idx ON e2e_cross_signing_signatures(user_id, target_user_id, target_device_id);
|
||||
|
||||
-- stream of user signature updates
|
||||
CREATE TABLE IF NOT EXISTS user_signature_stream (
|
||||
-- uses the same stream ID as device list stream
|
||||
stream_id BIGINT NOT NULL,
|
||||
-- user who did the signing
|
||||
from_user_id TEXT NOT NULL,
|
||||
-- list of users who were signed, as a JSON array
|
||||
user_ids TEXT NOT NULL
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX user_signature_stream_idx ON user_signature_stream(stream_id);
|
||||
|
||||
-- device list needs to know which ones are "real" devices, and which ones are
|
||||
-- just used to avoid collisions
|
||||
ALTER TABLE devices ADD COLUMN hidden BOOLEAN DEFAULT FALSE;
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
/* Copyright 2019 New Vector Ltd
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
-- cross-signing keys
|
||||
CREATE TABLE IF NOT EXISTS e2e_cross_signing_keys (
|
||||
user_id TEXT NOT NULL,
|
||||
-- the type of cross-signing key (master, user_signing, or self_signing)
|
||||
keytype TEXT NOT NULL,
|
||||
-- the full key information, as a json-encoded dict
|
||||
keydata TEXT NOT NULL,
|
||||
-- time that the key was added
|
||||
added_ts BIGINT NOT NULL
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX e2e_cross_signing_keys_idx ON e2e_cross_signing_keys(user_id, keytype, added_ts);
|
||||
|
||||
-- cross-signing signatures
|
||||
CREATE TABLE IF NOT EXISTS e2e_cross_signing_signatures (
|
||||
-- user who did the signing
|
||||
user_id TEXT NOT NULL,
|
||||
-- key used to sign
|
||||
key_id TEXT NOT NULL,
|
||||
-- user who was signed
|
||||
target_user_id TEXT NOT NULL,
|
||||
-- device/key that was signed
|
||||
target_device_id TEXT NOT NULL,
|
||||
-- the actual signature
|
||||
signature TEXT NOT NULL
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX e2e_cross_signing_signatures_idx ON e2e_cross_signing_signatures(user_id, target_user_id, target_device_id);
|
||||
|
||||
-- stream of user signature updates
|
||||
CREATE TABLE IF NOT EXISTS user_signature_stream (
|
||||
-- uses the same stream ID as device list stream
|
||||
stream_id BIGINT NOT NULL,
|
||||
-- user who did the signing
|
||||
from_user_id TEXT NOT NULL,
|
||||
-- list of users who were signed, as a JSON array
|
||||
user_ids TEXT NOT NULL
|
||||
);
|
||||
|
||||
CREATE UNIQUE INDEX user_signature_stream_idx ON user_signature_stream(stream_id);
|
|
@ -492,10 +492,10 @@ def get_verify_key_from_cross_signing_key(key_info):
|
|||
"""
|
||||
# make sure that exactly one key is provided
|
||||
if "keys" not in key_info:
|
||||
raise SynapseError(400, "Invalid key")
|
||||
raise ValueError("Invalid key")
|
||||
keys = key_info["keys"]
|
||||
if len(keys) != 1:
|
||||
raise SynapseError(400, "Invalid key")
|
||||
raise ValueError("Invalid key")
|
||||
# and return that one key
|
||||
for key_id, key_data in keys.items():
|
||||
return (key_id, decode_verify_key_bytes(key_id, decode_base64(key_data)))
|
||||
|
|
Loading…
Reference in New Issue