don't insert into the device table for remote cross-signing keys (#6956)

pull/6315/head
Hubert Chathi 2020-02-20 09:59:00 -05:00 committed by GitHub
parent 4fb5f4d0ce
commit a90d0dc5c2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 15 deletions

1
changelog.d/6956.misc Normal file
View File

@ -0,0 +1 @@
Don't record remote cross-signing keys in the `devices` table.

View File

@ -680,11 +680,6 @@ class EndToEndKeyStore(EndToEndKeyWorkerStore, SQLBaseStore):
'user_signing' for a user-signing key 'user_signing' for a user-signing key
key (dict): the key data key (dict): the key data
""" """
# the cross-signing keys need to occupy the same namespace as devices,
# since signatures are identified by device ID. So add an entry to the
# device table to make sure that we don't have a collision with device
# IDs
# the 'key' dict will look something like: # the 'key' dict will look something like:
# { # {
# "user_id": "@alice:example.com", # "user_id": "@alice:example.com",
@ -701,16 +696,24 @@ class EndToEndKeyStore(EndToEndKeyWorkerStore, SQLBaseStore):
# The "keys" property must only have one entry, which will be the public # The "keys" property must only have one entry, which will be the public
# key, so we just grab the first value in there # key, so we just grab the first value in there
pubkey = next(iter(key["keys"].values())) pubkey = next(iter(key["keys"].values()))
self.db.simple_insert_txn(
txn, # The cross-signing keys need to occupy the same namespace as devices,
"devices", # since signatures are identified by device ID. So add an entry to the
values={ # device table to make sure that we don't have a collision with device
"user_id": user_id, # IDs.
"device_id": pubkey, # We only need to do this for local users, since remote servers should be
"display_name": key_type + " signing key", # responsible for checking this for their own users.
"hidden": True, if self.hs.is_mine_id(user_id):
}, self.db.simple_insert_txn(
) txn,
"devices",
values={
"user_id": user_id,
"device_id": pubkey,
"display_name": key_type + " signing key",
"hidden": True,
},
)
# and finally, store the key itself # and finally, store the key itself
with self._cross_signing_id_gen.get_next() as stream_id: with self._cross_signing_id_gen.get_next() as stream_id: