Fix PDU and event signatures

This commit is contained in:
Mark Haines 2014-11-14 19:10:52 +00:00
parent de1ec90133
commit 8c2b5ea7c4
4 changed files with 16 additions and 6 deletions

View file

@ -16,6 +16,7 @@
from synapse.api.events.utils import prune_event from synapse.api.events.utils import prune_event
from synapse.federation.units import Pdu
from syutil.jsonutil import encode_canonical_json from syutil.jsonutil import encode_canonical_json
from syutil.base64util import encode_base64, decode_base64 from syutil.base64util import encode_base64, decode_base64
from syutil.crypto.jsonsign import sign_json from syutil.crypto.jsonsign import sign_json
@ -58,6 +59,8 @@ def _compute_content_hash(event, hash_algorithm):
event_json.pop("unsigned", None) event_json.pop("unsigned", None)
event_json.pop("signatures", None) event_json.pop("signatures", None)
event_json.pop("hashes", None) event_json.pop("hashes", None)
event_json.pop("outlier", None)
event_json.pop("destinations", None)
event_json_bytes = encode_canonical_json(event_json) event_json_bytes = encode_canonical_json(event_json)
return hash_algorithm(event_json_bytes) return hash_algorithm(event_json_bytes)
@ -75,7 +78,13 @@ def compute_event_reference_hash(event, hash_algorithm=hashlib.sha256):
def compute_event_signature(event, signature_name, signing_key): def compute_event_signature(event, signature_name, signing_key):
tmp_event = prune_event(event) tmp_event = prune_event(event)
redact_json = tmp_event.get_full_dict() tmp_event.origin = event.origin
tmp_event.origin_server_ts = event.origin_server_ts
d = tmp_event.get_full_dict()
kwargs = dict(event.unrecognized_keys)
kwargs.update({k: v for k, v in d.items()})
tmp_pdu = Pdu(**kwargs)
redact_json = tmp_pdu.get_dict()
redact_json.pop("signatures", None) redact_json.pop("signatures", None)
redact_json.pop("age_ts", None) redact_json.pop("age_ts", None)
redact_json.pop("unsigned", None) redact_json.pop("unsigned", None)

View file

@ -139,9 +139,10 @@ class FederationHandler(BaseHandler):
affected=event.event_id, affected=event.event_id,
) )
if not check_event_content_hash(pdu): if not check_event_content_hash(event):
logger.warn( logger.warn(
"Event content has been tampered, redacting %s", event.event_id "Event content has been tampered, redacting %s, %s",
event.event_id, encode_canonical_json(event.get_full_dict())
) )
event = redacted_event event = redacted_event

View file

@ -132,8 +132,8 @@ class DataStore(RoomMemberStore, RoomStore,
if not events_dict: if not events_dict:
defer.returnValue(None) defer.returnValue(None)
event = self._parse_event_from_row(events_dict) event = yield self._parse_events([events_dict])
defer.returnValue(event) defer.returnValue(event[0])
@log_function @log_function
def _persist_event_txn(self, txn, event, backfilled, stream_ordering=None, def _persist_event_txn(self, txn, event, backfilled, stream_ordering=None,

View file

@ -41,7 +41,7 @@ class FeedbackStore(SQLBaseStore):
defer.returnValue( defer.returnValue(
[ [
self._parse_event_from_row(r) (yield self._parse_events(r))
for r in rows for r in rows
] ]
) )