Remove direct refeferences to PyNaCl (use signedjson instead). (#12902)
parent
79dadf7216
commit
88193f2125
|
@ -0,0 +1 @@
|
|||
Remove PyNaCl occurrences directly used in Synapse code.
|
|
@ -16,6 +16,7 @@
|
|||
|
||||
""" Starts a synapse client console. """
|
||||
import argparse
|
||||
import binascii
|
||||
import cmd
|
||||
import getpass
|
||||
import json
|
||||
|
@ -26,9 +27,8 @@ import urllib
|
|||
from http import TwistedHttpClient
|
||||
from typing import Optional
|
||||
|
||||
import nacl.encoding
|
||||
import nacl.signing
|
||||
import urlparse
|
||||
from signedjson.key import NACL_ED25519, decode_verify_key_bytes
|
||||
from signedjson.sign import SignatureVerifyException, verify_signed_json
|
||||
|
||||
from twisted.internet import defer, reactor, threads
|
||||
|
@ -41,7 +41,6 @@ TRUSTED_ID_SERVERS = ["localhost:8001"]
|
|||
|
||||
|
||||
class SynapseCmd(cmd.Cmd):
|
||||
|
||||
"""Basic synapse command-line processor.
|
||||
|
||||
This processes commands from the user and calls the relevant HTTP methods.
|
||||
|
@ -420,8 +419,8 @@ class SynapseCmd(cmd.Cmd):
|
|||
pubKey = None
|
||||
pubKeyObj = yield self.http_client.do_request("GET", url)
|
||||
if "public_key" in pubKeyObj:
|
||||
pubKey = nacl.signing.VerifyKey(
|
||||
pubKeyObj["public_key"], encoder=nacl.encoding.HexEncoder
|
||||
pubKey = decode_verify_key_bytes(
|
||||
NACL_ED25519, binascii.unhexlify(pubKeyObj["public_key"])
|
||||
)
|
||||
else:
|
||||
print("No public key found in pubkey response!")
|
||||
|
|
|
@ -1563,7 +1563,7 @@ url_preview = ["lxml"]
|
|||
[metadata]
|
||||
lock-version = "1.1"
|
||||
python-versions = "^3.7.1"
|
||||
content-hash = "d39d5ac5d51c014581186b7691999b861058b569084c525523baf70b77f292b1"
|
||||
content-hash = "539e5326f401472d1ffc8325d53d72e544cd70156b3f43f32f1285c4c131f831"
|
||||
|
||||
[metadata.files]
|
||||
attrs = [
|
||||
|
|
|
@ -113,7 +113,6 @@ unpaddedbase64 = ">=2.1.0"
|
|||
canonicaljson = ">=1.4.0"
|
||||
# we use the type definitions added in signedjson 1.1.
|
||||
signedjson = ">=1.1.0"
|
||||
PyNaCl = ">=1.2.1"
|
||||
# validating SSL certs for IP addresses requires service_identity 18.1.
|
||||
service-identity = ">=18.1.0"
|
||||
# Twisted 18.9 introduces some logger improvements that the structured
|
||||
|
|
|
@ -12,10 +12,8 @@
|
|||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
|
||||
import nacl.signing
|
||||
import signedjson.types
|
||||
from unpaddedbase64 import decode_base64
|
||||
from signedjson.key import decode_signing_key_base64
|
||||
from signedjson.types import SigningKey
|
||||
|
||||
from synapse.api.room_versions import RoomVersions
|
||||
from synapse.crypto.event_signing import add_hashes_and_signatures
|
||||
|
@ -25,7 +23,7 @@ from tests import unittest
|
|||
|
||||
# Perform these tests using given secret key so we get entirely deterministic
|
||||
# signatures output that we can test against.
|
||||
SIGNING_KEY_SEED = decode_base64("YJDBA9Xnr2sVqXD9Vj7XVUnmFZcZrlw8Md7kMW+3XA1")
|
||||
SIGNING_KEY_SEED = "YJDBA9Xnr2sVqXD9Vj7XVUnmFZcZrlw8Md7kMW+3XA1"
|
||||
|
||||
KEY_ALG = "ed25519"
|
||||
KEY_VER = "1"
|
||||
|
@ -36,14 +34,9 @@ HOSTNAME = "domain"
|
|||
|
||||
class EventSigningTestCase(unittest.TestCase):
|
||||
def setUp(self):
|
||||
# NB: `signedjson` expects `nacl.signing.SigningKey` instances which have been
|
||||
# monkeypatched to include new `alg` and `version` attributes. This is captured
|
||||
# by the `signedjson.types.SigningKey` protocol.
|
||||
self.signing_key: signedjson.types.SigningKey = nacl.signing.SigningKey( # type: ignore[assignment]
|
||||
SIGNING_KEY_SEED
|
||||
self.signing_key: SigningKey = decode_signing_key_base64(
|
||||
KEY_ALG, KEY_VER, SIGNING_KEY_SEED
|
||||
)
|
||||
self.signing_key.alg = KEY_ALG
|
||||
self.signing_key.version = KEY_VER
|
||||
|
||||
def test_sign_minimal(self):
|
||||
event_dict = {
|
||||
|
|
|
@ -19,8 +19,8 @@ import attr
|
|||
import canonicaljson
|
||||
import signedjson.key
|
||||
import signedjson.sign
|
||||
from nacl.signing import SigningKey
|
||||
from signedjson.key import encode_verify_key_base64, get_verify_key
|
||||
from signedjson.types import SigningKey
|
||||
|
||||
from twisted.internet import defer
|
||||
from twisted.internet.defer import Deferred, ensureDeferred
|
||||
|
|
Loading…
Reference in New Issue