don't insert into the device table for remote cross-signing keys (#6956)
parent
4fb5f4d0ce
commit
a90d0dc5c2
|
@ -0,0 +1 @@
|
||||||
|
Don't record remote cross-signing keys in the `devices` table.
|
|
@ -680,11 +680,6 @@ class EndToEndKeyStore(EndToEndKeyWorkerStore, SQLBaseStore):
|
||||||
'user_signing' for a user-signing key
|
'user_signing' for a user-signing key
|
||||||
key (dict): the key data
|
key (dict): the key data
|
||||||
"""
|
"""
|
||||||
# the cross-signing keys need to occupy the same namespace as devices,
|
|
||||||
# since signatures are identified by device ID. So add an entry to the
|
|
||||||
# device table to make sure that we don't have a collision with device
|
|
||||||
# IDs
|
|
||||||
|
|
||||||
# the 'key' dict will look something like:
|
# the 'key' dict will look something like:
|
||||||
# {
|
# {
|
||||||
# "user_id": "@alice:example.com",
|
# "user_id": "@alice:example.com",
|
||||||
|
@ -701,6 +696,14 @@ class EndToEndKeyStore(EndToEndKeyWorkerStore, SQLBaseStore):
|
||||||
# The "keys" property must only have one entry, which will be the public
|
# The "keys" property must only have one entry, which will be the public
|
||||||
# key, so we just grab the first value in there
|
# key, so we just grab the first value in there
|
||||||
pubkey = next(iter(key["keys"].values()))
|
pubkey = next(iter(key["keys"].values()))
|
||||||
|
|
||||||
|
# The cross-signing keys need to occupy the same namespace as devices,
|
||||||
|
# since signatures are identified by device ID. So add an entry to the
|
||||||
|
# device table to make sure that we don't have a collision with device
|
||||||
|
# IDs.
|
||||||
|
# We only need to do this for local users, since remote servers should be
|
||||||
|
# responsible for checking this for their own users.
|
||||||
|
if self.hs.is_mine_id(user_id):
|
||||||
self.db.simple_insert_txn(
|
self.db.simple_insert_txn(
|
||||||
txn,
|
txn,
|
||||||
"devices",
|
"devices",
|
||||||
|
|
Loading…
Reference in New Issue