From f77bfbfa30d5878d6d8001411bba037e034fa1de Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Wed, 14 Aug 2024 16:13:56 +0300
Subject: [PATCH] Fix fetching signing keys when `old_verify_keys` is omitted
 (#17568)

`old_verify_keys` isn't marked as required in
https://spec.matrix.org/v1.11/server-server-api/#get_matrixkeyv2server
and there's no functional difference between an empty object and
omitting the object, so I don't think there's any reason synapse should
explode when the field is omitted.
---
 changelog.d/17568.bugfix  | 1 +
 synapse/crypto/keyring.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/17568.bugfix

diff --git a/changelog.d/17568.bugfix b/changelog.d/17568.bugfix
new file mode 100644
index 000000000..71a1f1291
--- /dev/null
+++ b/changelog.d/17568.bugfix
@@ -0,0 +1 @@
+Fix fetching federation signing keys from servers that omit `old_verify_keys`. Contributed by @tulir @ Beeper.
diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py
index 8c301e077..643d2d4e6 100644
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@@ -589,7 +589,7 @@ class BaseV2KeyFetcher(KeyFetcher):
                 % (server_name,)
             )
 
-        for key_id, key_data in response_json["old_verify_keys"].items():
+        for key_id, key_data in response_json.get("old_verify_keys", {}).items():
             if is_signing_algorithm_supported(key_id):
                 key_base64 = key_data["key"]
                 key_bytes = decode_base64(key_base64)