mirror of
https://mau.dev/maunium/synapse.git
synced 2024-12-15 06:43:50 +01:00
Remove unused server_tls_certificates functions (#5028)
These have been unused since #4120, and with the demise of perspectives, it is unlikely that they will ever be used again.
This commit is contained in:
parent
b25e387c0d
commit
3352baac4b
6 changed files with 7 additions and 63 deletions
|
@ -1 +1 @@
|
||||||
Remove legacy tables detailed in #1830.
|
Remove a number of unused tables from the database schema.
|
||||||
|
|
1
changelog.d/5028.misc
Normal file
1
changelog.d/5028.misc
Normal file
|
@ -0,0 +1 @@
|
||||||
|
Remove a number of unused tables from the database schema.
|
|
@ -27,8 +27,5 @@ class SlavedKeyStore(BaseSlavedStore):
|
||||||
get_server_verify_keys = __func__(DataStore.get_server_verify_keys)
|
get_server_verify_keys = __func__(DataStore.get_server_verify_keys)
|
||||||
store_server_verify_key = __func__(DataStore.store_server_verify_key)
|
store_server_verify_key = __func__(DataStore.store_server_verify_key)
|
||||||
|
|
||||||
get_server_certificate = __func__(DataStore.get_server_certificate)
|
|
||||||
store_server_certificate = __func__(DataStore.store_server_certificate)
|
|
||||||
|
|
||||||
get_server_keys_json = __func__(DataStore.get_server_keys_json)
|
get_server_keys_json = __func__(DataStore.get_server_keys_json)
|
||||||
store_server_keys_json = __func__(DataStore.store_server_keys_json)
|
store_server_keys_json = __func__(DataStore.store_server_keys_json)
|
||||||
|
|
|
@ -13,14 +13,12 @@
|
||||||
# See the License for the specific language governing permissions and
|
# See the License for the specific language governing permissions and
|
||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
import hashlib
|
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
import six
|
import six
|
||||||
|
|
||||||
from signedjson.key import decode_verify_key_bytes
|
from signedjson.key import decode_verify_key_bytes
|
||||||
|
|
||||||
import OpenSSL
|
|
||||||
from twisted.internet import defer
|
from twisted.internet import defer
|
||||||
|
|
||||||
from synapse.util.caches.descriptors import cachedInlineCallbacks
|
from synapse.util.caches.descriptors import cachedInlineCallbacks
|
||||||
|
@ -38,53 +36,8 @@ else:
|
||||||
|
|
||||||
|
|
||||||
class KeyStore(SQLBaseStore):
|
class KeyStore(SQLBaseStore):
|
||||||
"""Persistence for signature verification keys and tls X.509 certificates
|
"""Persistence for signature verification keys
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@defer.inlineCallbacks
|
|
||||||
def get_server_certificate(self, server_name):
|
|
||||||
"""Retrieve the TLS X.509 certificate for the given server
|
|
||||||
Args:
|
|
||||||
server_name (bytes): The name of the server.
|
|
||||||
Returns:
|
|
||||||
(OpenSSL.crypto.X509): The tls certificate.
|
|
||||||
"""
|
|
||||||
tls_certificate_bytes, = yield self._simple_select_one(
|
|
||||||
table="server_tls_certificates",
|
|
||||||
keyvalues={"server_name": server_name},
|
|
||||||
retcols=("tls_certificate",),
|
|
||||||
desc="get_server_certificate",
|
|
||||||
)
|
|
||||||
tls_certificate = OpenSSL.crypto.load_certificate(
|
|
||||||
OpenSSL.crypto.FILETYPE_ASN1, tls_certificate_bytes
|
|
||||||
)
|
|
||||||
defer.returnValue(tls_certificate)
|
|
||||||
|
|
||||||
def store_server_certificate(
|
|
||||||
self, server_name, from_server, time_now_ms, tls_certificate
|
|
||||||
):
|
|
||||||
"""Stores the TLS X.509 certificate for the given server
|
|
||||||
Args:
|
|
||||||
server_name (str): The name of the server.
|
|
||||||
from_server (str): Where the certificate was looked up
|
|
||||||
time_now_ms (int): The time now in milliseconds
|
|
||||||
tls_certificate (OpenSSL.crypto.X509): The X.509 certificate.
|
|
||||||
"""
|
|
||||||
tls_certificate_bytes = OpenSSL.crypto.dump_certificate(
|
|
||||||
OpenSSL.crypto.FILETYPE_ASN1, tls_certificate
|
|
||||||
)
|
|
||||||
fingerprint = hashlib.sha256(tls_certificate_bytes).hexdigest()
|
|
||||||
return self._simple_upsert(
|
|
||||||
table="server_tls_certificates",
|
|
||||||
keyvalues={"server_name": server_name, "fingerprint": fingerprint},
|
|
||||||
values={
|
|
||||||
"from_server": from_server,
|
|
||||||
"ts_added_ms": time_now_ms,
|
|
||||||
"tls_certificate": db_binary_type(tls_certificate_bytes),
|
|
||||||
},
|
|
||||||
desc="store_server_certificate",
|
|
||||||
)
|
|
||||||
|
|
||||||
@cachedInlineCallbacks()
|
@cachedInlineCallbacks()
|
||||||
def _get_server_verify_key(self, server_name, key_id):
|
def _get_server_verify_key(self, server_name, key_id):
|
||||||
verify_key_bytes = yield self._simple_select_one_onecol(
|
verify_key_bytes = yield self._simple_select_one_onecol(
|
||||||
|
|
|
@ -24,7 +24,5 @@ DROP TABLE IF EXISTS event_edge_hashes;
|
||||||
DROP TABLE IF EXISTS event_signatures;
|
DROP TABLE IF EXISTS event_signatures;
|
||||||
DROP TABLE IF EXISTS feedback;
|
DROP TABLE IF EXISTS feedback;
|
||||||
DROP TABLE IF EXISTS room_hosts;
|
DROP TABLE IF EXISTS room_hosts;
|
||||||
|
DROP TABLE IF EXISTS server_tls_certificates;
|
||||||
DROP TABLE IF EXISTS state_forward_extremities;
|
DROP TABLE IF EXISTS state_forward_extremities;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -12,14 +12,9 @@
|
||||||
* See the License for the specific language governing permissions and
|
* See the License for the specific language governing permissions and
|
||||||
* limitations under the License.
|
* limitations under the License.
|
||||||
*/
|
*/
|
||||||
CREATE TABLE IF NOT EXISTS server_tls_certificates(
|
|
||||||
server_name TEXT, -- Server name.
|
-- we used to create a table called server_tls_certificates, but this is no
|
||||||
fingerprint TEXT, -- Certificate fingerprint.
|
-- longer used, and is removed in delta 54.
|
||||||
from_server TEXT, -- Which key server the certificate was fetched from.
|
|
||||||
ts_added_ms BIGINT, -- When the certifcate was added.
|
|
||||||
tls_certificate bytea, -- DER encoded x509 certificate.
|
|
||||||
UNIQUE (server_name, fingerprint)
|
|
||||||
);
|
|
||||||
|
|
||||||
CREATE TABLE IF NOT EXISTS server_signature_keys(
|
CREATE TABLE IF NOT EXISTS server_signature_keys(
|
||||||
server_name TEXT, -- Server name.
|
server_name TEXT, -- Server name.
|
||||||
|
|
Loading…
Reference in a new issue