|
@@ -13,7 +13,6 @@
|
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
# See the License for the specific language governing permissions and
|
|
|
# limitations under the License.
|
|
|
-import twisted.internet.defer
|
|
|
|
|
|
from sydent.db.threepid_associations import GlobalAssociationStore
|
|
|
from sydent.threepid import threePidAssocFromDict
|
|
@@ -24,7 +23,7 @@ import logging
|
|
|
import json
|
|
|
|
|
|
import twisted.internet.reactor
|
|
|
-import twisted.internet.defer
|
|
|
+from twisted.internet import defer
|
|
|
from twisted.web.client import readBody
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
|
@@ -83,16 +82,25 @@ class RemotePeer(Peer):
|
|
|
if not 'signatures' in jsonMessage:
|
|
|
raise NoSignaturesException()
|
|
|
|
|
|
+ alg = 'ed25519'
|
|
|
+
|
|
|
key_ids = signedjson.sign.signature_ids(jsonMessage, self.servername)
|
|
|
- if not key_ids or len(key_ids) == 0 or not key_ids[0].startswith("ed25519:"):
|
|
|
+ if not key_ids or len(key_ids) == 0 or not key_ids[0].startswith(alg + ":"):
|
|
|
e = NoMatchingSignatureException()
|
|
|
e.foundSigs = jsonMessage['signatures'].keys()
|
|
|
e.requiredServername = self.servername
|
|
|
raise e
|
|
|
- verify_key = yield self.get_server_verify_key(server_name, key_ids)
|
|
|
- verifyKey = nacl.signing.VerifyKey(self.pubkeys['ed25519'], encoder=nacl.encoding.HexEncoder)
|
|
|
- verifyKey.alg = 'ed25519'
|
|
|
- signedjson.sign.verify_signed_json(jsonMessage, self.servername, verifyKey)
|
|
|
+
|
|
|
+ # Get verify key from signing key
|
|
|
+ signing_key = signedjson.key.decode_signing_key_base64(alg, "0", self.pubkeys[alg])
|
|
|
+ verify_key = signing_key.verify_key
|
|
|
+
|
|
|
+ # Attach metadata
|
|
|
+ verify_key.alg = alg
|
|
|
+ verify_key.version = 0
|
|
|
+
|
|
|
+ # Verify the JSON
|
|
|
+ signedjson.sign.verify_signed_json(jsonMessage, self.servername, verify_key)
|
|
|
|
|
|
def pushUpdates(self, sgAssocs):
|
|
|
body = {'sgAssocs': sgAssocs}
|