forked from MirrorHub/synapse
Rename 'meta' to 'unsigned'
This commit is contained in:
parent
4d1a7624f4
commit
c5cec1cc77
4 changed files with 18 additions and 17 deletions
|
@ -1,13 +1,13 @@
|
|||
Signing JSON
|
||||
============
|
||||
|
||||
JSON is signed by encoding the JSON object without ``signatures`` or ``meta``
|
||||
JSON is signed by encoding the JSON object without ``signatures`` or ``unsigned``
|
||||
keys using a canonical encoding. The JSON bytes are then signed using the
|
||||
signature algorithm and the signature encoded using base64 with the padding
|
||||
stripped. The resulting base64 signature is added to an object under the
|
||||
*signing key identifier* which is added to the ``signatures`` object under the
|
||||
name of the server signing it which is added back to the original JSON object
|
||||
along with the ``meta`` object.
|
||||
along with the ``unsigned`` object.
|
||||
|
||||
The *signing key identifier* is the concatenation of the *signing algorithm*
|
||||
and a *key version*. The *signing algorithm* identifies the algorithm used to
|
||||
|
@ -15,8 +15,8 @@ sign the JSON. The currently support value for *signing algorithm* is
|
|||
``ed25519`` as implemented by NACL (http://nacl.cr.yp.to/). The *key version*
|
||||
is used to distinguish between different signing keys used by the same entity.
|
||||
|
||||
The ``meta`` object and the ``signatures`` object are not covered by the
|
||||
signature. Therefore intermediate servers can add metadata such as time stamps
|
||||
The ``unsigned`` object and the ``signatures`` object are not covered by the
|
||||
signature. Therefore intermediate servers can add unsigneddata such as time stamps
|
||||
and additional signatures.
|
||||
|
||||
|
||||
|
@ -27,7 +27,7 @@ and additional signatures.
|
|||
"signing_keys": {
|
||||
"ed25519:1": "XSl0kuyvrXNj6A+7/tkrB9sxSbRi08Of5uRhxOqZtEQ"
|
||||
},
|
||||
"meta": {
|
||||
"unsigned": {
|
||||
"retrieved_ts_ms": 922834800000
|
||||
},
|
||||
"signatures": {
|
||||
|
@ -41,7 +41,7 @@ and additional signatures.
|
|||
|
||||
def sign_json(json_object, signing_key, signing_name):
|
||||
signatures = json_object.pop("signatures", {})
|
||||
meta = json_object.pop("meta", None)
|
||||
unsigned = json_object.pop("unsigned", None)
|
||||
|
||||
signed = signing_key.sign(encode_canonical_json(json_object))
|
||||
signature_base64 = encode_base64(signed.signature)
|
||||
|
@ -50,8 +50,8 @@ and additional signatures.
|
|||
signatures.setdefault(sigature_name, {})[key_id] = signature_base64
|
||||
|
||||
json_object["signatures"] = signatures
|
||||
if meta is not None:
|
||||
json_object["meta"] = meta
|
||||
if unsigned is not None:
|
||||
json_object["unsigned"] = unsigned
|
||||
|
||||
return json_object
|
||||
|
||||
|
|
|
@ -47,7 +47,9 @@ def check_event_pdu_content_hash(pdu, hash_algorithm=hashlib.sha256):
|
|||
|
||||
def _compute_content_hash(pdu, hash_algorithm):
|
||||
pdu_json = pdu.get_dict()
|
||||
pdu_json.pop("meta", None)
|
||||
#TODO: Make "age_ts" key internal
|
||||
pdu_json.pop("age_ts")
|
||||
pdu_json.pop("unsigned", None)
|
||||
pdu_json.pop("signatures", None)
|
||||
hashes = pdu_json.pop("hashes", {})
|
||||
pdu_json_bytes = encode_canonical_json(pdu_json)
|
||||
|
|
|
@ -295,10 +295,10 @@ class ReplicationLayer(object):
|
|||
transaction = Transaction(**transaction_data)
|
||||
|
||||
for p in transaction.pdus:
|
||||
if "meta" in p:
|
||||
meta = p["meta"]
|
||||
if "age" in meta:
|
||||
p["age"] = meta["age"]
|
||||
if "unsigned" in p:
|
||||
unsigned = p["unsigned"]
|
||||
if "age" in unsigned:
|
||||
p["age"] = unsigned["age"]
|
||||
if "age" in p:
|
||||
p["age_ts"] = int(self._clock.time_msec()) - int(p["age"])
|
||||
del p["age"]
|
||||
|
@ -422,7 +422,7 @@ class ReplicationLayer(object):
|
|||
for p in pdus:
|
||||
if "age_ts" in p:
|
||||
age = time_now - p["age_ts"]
|
||||
p.setdefault("meta", {})["age"] = int(age)
|
||||
p.setdefault("unsigned", {})["age"] = int(age)
|
||||
del p["age_ts"]
|
||||
return Transaction(
|
||||
origin=self.server_name,
|
||||
|
@ -620,8 +620,8 @@ class _TransactionQueue(object):
|
|||
if "pdus" in data:
|
||||
for p in data["pdus"]:
|
||||
if "age_ts" in p:
|
||||
meta = p.setdefault("meta", {})
|
||||
meta["age"] = now - int(p["age_ts"])
|
||||
unsigned = p.setdefault("unsigned", {})
|
||||
unsigned["age"] = now - int(p["age_ts"])
|
||||
del p["age_ts"]
|
||||
return data
|
||||
|
||||
|
|
|
@ -72,7 +72,6 @@ class Pdu(JsonEncodedObject):
|
|||
"prev_state_origin",
|
||||
"required_power_level",
|
||||
"user_id",
|
||||
"meta"
|
||||
]
|
||||
|
||||
internal_keys = [
|
||||
|
|
Loading…
Reference in a new issue