forked from MirrorHub/synapse
Rename 'meta' to 'unsigned'
This commit is contained in:
parent
4d1a7624f4
commit
c5cec1cc77
4 changed files with 18 additions and 17 deletions
|
@ -1,13 +1,13 @@
|
||||||
Signing JSON
|
Signing JSON
|
||||||
============
|
============
|
||||||
|
|
||||||
JSON is signed by encoding the JSON object without ``signatures`` or ``meta``
|
JSON is signed by encoding the JSON object without ``signatures`` or ``unsigned``
|
||||||
keys using a canonical encoding. The JSON bytes are then signed using the
|
keys using a canonical encoding. The JSON bytes are then signed using the
|
||||||
signature algorithm and the signature encoded using base64 with the padding
|
signature algorithm and the signature encoded using base64 with the padding
|
||||||
stripped. The resulting base64 signature is added to an object under the
|
stripped. The resulting base64 signature is added to an object under the
|
||||||
*signing key identifier* which is added to the ``signatures`` object under the
|
*signing key identifier* which is added to the ``signatures`` object under the
|
||||||
name of the server signing it which is added back to the original JSON object
|
name of the server signing it which is added back to the original JSON object
|
||||||
along with the ``meta`` object.
|
along with the ``unsigned`` object.
|
||||||
|
|
||||||
The *signing key identifier* is the concatenation of the *signing algorithm*
|
The *signing key identifier* is the concatenation of the *signing algorithm*
|
||||||
and a *key version*. The *signing algorithm* identifies the algorithm used to
|
and a *key version*. The *signing algorithm* identifies the algorithm used to
|
||||||
|
@ -15,8 +15,8 @@ sign the JSON. The currently support value for *signing algorithm* is
|
||||||
``ed25519`` as implemented by NACL (http://nacl.cr.yp.to/). The *key version*
|
``ed25519`` as implemented by NACL (http://nacl.cr.yp.to/). The *key version*
|
||||||
is used to distinguish between different signing keys used by the same entity.
|
is used to distinguish between different signing keys used by the same entity.
|
||||||
|
|
||||||
The ``meta`` object and the ``signatures`` object are not covered by the
|
The ``unsigned`` object and the ``signatures`` object are not covered by the
|
||||||
signature. Therefore intermediate servers can add metadata such as time stamps
|
signature. Therefore intermediate servers can add unsigneddata such as time stamps
|
||||||
and additional signatures.
|
and additional signatures.
|
||||||
|
|
||||||
|
|
||||||
|
@ -27,7 +27,7 @@ and additional signatures.
|
||||||
"signing_keys": {
|
"signing_keys": {
|
||||||
"ed25519:1": "XSl0kuyvrXNj6A+7/tkrB9sxSbRi08Of5uRhxOqZtEQ"
|
"ed25519:1": "XSl0kuyvrXNj6A+7/tkrB9sxSbRi08Of5uRhxOqZtEQ"
|
||||||
},
|
},
|
||||||
"meta": {
|
"unsigned": {
|
||||||
"retrieved_ts_ms": 922834800000
|
"retrieved_ts_ms": 922834800000
|
||||||
},
|
},
|
||||||
"signatures": {
|
"signatures": {
|
||||||
|
@ -41,7 +41,7 @@ and additional signatures.
|
||||||
|
|
||||||
def sign_json(json_object, signing_key, signing_name):
|
def sign_json(json_object, signing_key, signing_name):
|
||||||
signatures = json_object.pop("signatures", {})
|
signatures = json_object.pop("signatures", {})
|
||||||
meta = json_object.pop("meta", None)
|
unsigned = json_object.pop("unsigned", None)
|
||||||
|
|
||||||
signed = signing_key.sign(encode_canonical_json(json_object))
|
signed = signing_key.sign(encode_canonical_json(json_object))
|
||||||
signature_base64 = encode_base64(signed.signature)
|
signature_base64 = encode_base64(signed.signature)
|
||||||
|
@ -50,8 +50,8 @@ and additional signatures.
|
||||||
signatures.setdefault(sigature_name, {})[key_id] = signature_base64
|
signatures.setdefault(sigature_name, {})[key_id] = signature_base64
|
||||||
|
|
||||||
json_object["signatures"] = signatures
|
json_object["signatures"] = signatures
|
||||||
if meta is not None:
|
if unsigned is not None:
|
||||||
json_object["meta"] = meta
|
json_object["unsigned"] = unsigned
|
||||||
|
|
||||||
return json_object
|
return json_object
|
||||||
|
|
||||||
|
|
|
@ -47,7 +47,9 @@ def check_event_pdu_content_hash(pdu, hash_algorithm=hashlib.sha256):
|
||||||
|
|
||||||
def _compute_content_hash(pdu, hash_algorithm):
|
def _compute_content_hash(pdu, hash_algorithm):
|
||||||
pdu_json = pdu.get_dict()
|
pdu_json = pdu.get_dict()
|
||||||
pdu_json.pop("meta", None)
|
#TODO: Make "age_ts" key internal
|
||||||
|
pdu_json.pop("age_ts")
|
||||||
|
pdu_json.pop("unsigned", None)
|
||||||
pdu_json.pop("signatures", None)
|
pdu_json.pop("signatures", None)
|
||||||
hashes = pdu_json.pop("hashes", {})
|
hashes = pdu_json.pop("hashes", {})
|
||||||
pdu_json_bytes = encode_canonical_json(pdu_json)
|
pdu_json_bytes = encode_canonical_json(pdu_json)
|
||||||
|
|
|
@ -295,10 +295,10 @@ class ReplicationLayer(object):
|
||||||
transaction = Transaction(**transaction_data)
|
transaction = Transaction(**transaction_data)
|
||||||
|
|
||||||
for p in transaction.pdus:
|
for p in transaction.pdus:
|
||||||
if "meta" in p:
|
if "unsigned" in p:
|
||||||
meta = p["meta"]
|
unsigned = p["unsigned"]
|
||||||
if "age" in meta:
|
if "age" in unsigned:
|
||||||
p["age"] = meta["age"]
|
p["age"] = unsigned["age"]
|
||||||
if "age" in p:
|
if "age" in p:
|
||||||
p["age_ts"] = int(self._clock.time_msec()) - int(p["age"])
|
p["age_ts"] = int(self._clock.time_msec()) - int(p["age"])
|
||||||
del p["age"]
|
del p["age"]
|
||||||
|
@ -422,7 +422,7 @@ class ReplicationLayer(object):
|
||||||
for p in pdus:
|
for p in pdus:
|
||||||
if "age_ts" in p:
|
if "age_ts" in p:
|
||||||
age = time_now - p["age_ts"]
|
age = time_now - p["age_ts"]
|
||||||
p.setdefault("meta", {})["age"] = int(age)
|
p.setdefault("unsigned", {})["age"] = int(age)
|
||||||
del p["age_ts"]
|
del p["age_ts"]
|
||||||
return Transaction(
|
return Transaction(
|
||||||
origin=self.server_name,
|
origin=self.server_name,
|
||||||
|
@ -620,8 +620,8 @@ class _TransactionQueue(object):
|
||||||
if "pdus" in data:
|
if "pdus" in data:
|
||||||
for p in data["pdus"]:
|
for p in data["pdus"]:
|
||||||
if "age_ts" in p:
|
if "age_ts" in p:
|
||||||
meta = p.setdefault("meta", {})
|
unsigned = p.setdefault("unsigned", {})
|
||||||
meta["age"] = now - int(p["age_ts"])
|
unsigned["age"] = now - int(p["age_ts"])
|
||||||
del p["age_ts"]
|
del p["age_ts"]
|
||||||
return data
|
return data
|
||||||
|
|
||||||
|
|
|
@ -72,7 +72,6 @@ class Pdu(JsonEncodedObject):
|
||||||
"prev_state_origin",
|
"prev_state_origin",
|
||||||
"required_power_level",
|
"required_power_level",
|
||||||
"user_id",
|
"user_id",
|
||||||
"meta"
|
|
||||||
]
|
]
|
||||||
|
|
||||||
internal_keys = [
|
internal_keys = [
|
||||||
|
|
Loading…
Reference in a new issue