forked from MirrorHub/synapse
Fix PDU and event signatures
This commit is contained in:
parent
de1ec90133
commit
8c2b5ea7c4
4 changed files with 16 additions and 6 deletions
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
|
|
||||||
from synapse.api.events.utils import prune_event
|
from synapse.api.events.utils import prune_event
|
||||||
|
from synapse.federation.units import Pdu
|
||||||
from syutil.jsonutil import encode_canonical_json
|
from syutil.jsonutil import encode_canonical_json
|
||||||
from syutil.base64util import encode_base64, decode_base64
|
from syutil.base64util import encode_base64, decode_base64
|
||||||
from syutil.crypto.jsonsign import sign_json
|
from syutil.crypto.jsonsign import sign_json
|
||||||
|
@ -58,6 +59,8 @@ def _compute_content_hash(event, hash_algorithm):
|
||||||
event_json.pop("unsigned", None)
|
event_json.pop("unsigned", None)
|
||||||
event_json.pop("signatures", None)
|
event_json.pop("signatures", None)
|
||||||
event_json.pop("hashes", None)
|
event_json.pop("hashes", None)
|
||||||
|
event_json.pop("outlier", None)
|
||||||
|
event_json.pop("destinations", None)
|
||||||
event_json_bytes = encode_canonical_json(event_json)
|
event_json_bytes = encode_canonical_json(event_json)
|
||||||
return hash_algorithm(event_json_bytes)
|
return hash_algorithm(event_json_bytes)
|
||||||
|
|
||||||
|
@ -75,7 +78,13 @@ def compute_event_reference_hash(event, hash_algorithm=hashlib.sha256):
|
||||||
|
|
||||||
def compute_event_signature(event, signature_name, signing_key):
|
def compute_event_signature(event, signature_name, signing_key):
|
||||||
tmp_event = prune_event(event)
|
tmp_event = prune_event(event)
|
||||||
redact_json = tmp_event.get_full_dict()
|
tmp_event.origin = event.origin
|
||||||
|
tmp_event.origin_server_ts = event.origin_server_ts
|
||||||
|
d = tmp_event.get_full_dict()
|
||||||
|
kwargs = dict(event.unrecognized_keys)
|
||||||
|
kwargs.update({k: v for k, v in d.items()})
|
||||||
|
tmp_pdu = Pdu(**kwargs)
|
||||||
|
redact_json = tmp_pdu.get_dict()
|
||||||
redact_json.pop("signatures", None)
|
redact_json.pop("signatures", None)
|
||||||
redact_json.pop("age_ts", None)
|
redact_json.pop("age_ts", None)
|
||||||
redact_json.pop("unsigned", None)
|
redact_json.pop("unsigned", None)
|
||||||
|
|
|
@ -139,9 +139,10 @@ class FederationHandler(BaseHandler):
|
||||||
affected=event.event_id,
|
affected=event.event_id,
|
||||||
)
|
)
|
||||||
|
|
||||||
if not check_event_content_hash(pdu):
|
if not check_event_content_hash(event):
|
||||||
logger.warn(
|
logger.warn(
|
||||||
"Event content has been tampered, redacting %s", event.event_id
|
"Event content has been tampered, redacting %s, %s",
|
||||||
|
event.event_id, encode_canonical_json(event.get_full_dict())
|
||||||
)
|
)
|
||||||
event = redacted_event
|
event = redacted_event
|
||||||
|
|
||||||
|
|
|
@ -132,8 +132,8 @@ class DataStore(RoomMemberStore, RoomStore,
|
||||||
if not events_dict:
|
if not events_dict:
|
||||||
defer.returnValue(None)
|
defer.returnValue(None)
|
||||||
|
|
||||||
event = self._parse_event_from_row(events_dict)
|
event = yield self._parse_events([events_dict])
|
||||||
defer.returnValue(event)
|
defer.returnValue(event[0])
|
||||||
|
|
||||||
@log_function
|
@log_function
|
||||||
def _persist_event_txn(self, txn, event, backfilled, stream_ordering=None,
|
def _persist_event_txn(self, txn, event, backfilled, stream_ordering=None,
|
||||||
|
|
|
@ -41,7 +41,7 @@ class FeedbackStore(SQLBaseStore):
|
||||||
|
|
||||||
defer.returnValue(
|
defer.returnValue(
|
||||||
[
|
[
|
||||||
self._parse_event_from_row(r)
|
(yield self._parse_events(r))
|
||||||
for r in rows
|
for r in rows
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
Loading…
Reference in a new issue