Rename 'meta' to 'unsigned'
							parent
							
								
									4d1a7624f4
								
							
						
					
					
						commit
						c5cec1cc77
					
				|  | @ -1,13 +1,13 @@ | |||
| Signing JSON | ||||
| ============ | ||||
| 
 | ||||
| JSON is signed by encoding the JSON object without ``signatures`` or ``meta`` | ||||
| JSON is signed by encoding the JSON object without ``signatures`` or ``unsigned`` | ||||
| keys using a canonical encoding. The JSON bytes are then signed using the | ||||
| signature algorithm and the signature encoded using base64 with the padding | ||||
| stripped. The resulting base64 signature is added to an object under the | ||||
| *signing key identifier* which is added to the ``signatures`` object under the | ||||
| name of the server signing it which is added back to the original JSON object | ||||
| along with the ``meta`` object. | ||||
| along with the ``unsigned`` object. | ||||
| 
 | ||||
| The *signing key identifier* is the concatenation of the *signing algorithm* | ||||
| and a *key version*. The *signing algorithm* identifies the algorithm used to | ||||
|  | @ -15,8 +15,8 @@ sign the JSON. The currently support value for *signing algorithm* is | |||
| ``ed25519`` as implemented by NACL (http://nacl.cr.yp.to/). The *key version* | ||||
| is used to distinguish between different signing keys used by the same entity. | ||||
| 
 | ||||
| The ``meta`` object and the ``signatures`` object are not covered by the | ||||
| signature. Therefore intermediate servers can add metadata such as time stamps | ||||
| The ``unsigned`` object and the ``signatures`` object are not covered by the | ||||
| signature. Therefore intermediate servers can add unsigneddata such as time stamps | ||||
| and additional signatures. | ||||
| 
 | ||||
| 
 | ||||
|  | @ -27,7 +27,7 @@ and additional signatures. | |||
|      "signing_keys": { | ||||
|        "ed25519:1": "XSl0kuyvrXNj6A+7/tkrB9sxSbRi08Of5uRhxOqZtEQ" | ||||
|      }, | ||||
|      "meta": { | ||||
|      "unsigned": { | ||||
|         "retrieved_ts_ms": 922834800000 | ||||
|      }, | ||||
|      "signatures": { | ||||
|  | @ -41,7 +41,7 @@ and additional signatures. | |||
| 
 | ||||
|   def sign_json(json_object, signing_key, signing_name): | ||||
|       signatures = json_object.pop("signatures", {}) | ||||
|       meta = json_object.pop("meta", None) | ||||
|       unsigned = json_object.pop("unsigned", None) | ||||
| 
 | ||||
|       signed = signing_key.sign(encode_canonical_json(json_object)) | ||||
|       signature_base64 = encode_base64(signed.signature) | ||||
|  | @ -50,8 +50,8 @@ and additional signatures. | |||
|       signatures.setdefault(sigature_name, {})[key_id] = signature_base64 | ||||
| 
 | ||||
|       json_object["signatures"] = signatures | ||||
|       if meta is not None: | ||||
|           json_object["meta"] = meta | ||||
|       if unsigned is not None: | ||||
|           json_object["unsigned"] = unsigned | ||||
| 
 | ||||
|       return json_object | ||||
| 
 | ||||
|  |  | |||
|  | @ -47,7 +47,9 @@ def check_event_pdu_content_hash(pdu, hash_algorithm=hashlib.sha256): | |||
| 
 | ||||
| def _compute_content_hash(pdu, hash_algorithm): | ||||
|     pdu_json = pdu.get_dict() | ||||
|     pdu_json.pop("meta", None) | ||||
|     #TODO: Make "age_ts" key internal | ||||
|     pdu_json.pop("age_ts") | ||||
|     pdu_json.pop("unsigned", None) | ||||
|     pdu_json.pop("signatures", None) | ||||
|     hashes = pdu_json.pop("hashes", {}) | ||||
|     pdu_json_bytes = encode_canonical_json(pdu_json) | ||||
|  |  | |||
|  | @ -295,10 +295,10 @@ class ReplicationLayer(object): | |||
|         transaction = Transaction(**transaction_data) | ||||
| 
 | ||||
|         for p in transaction.pdus: | ||||
|             if "meta" in p: | ||||
|                 meta = p["meta"] | ||||
|                 if "age" in meta: | ||||
|                     p["age"] = meta["age"] | ||||
|             if "unsigned" in p: | ||||
|                 unsigned = p["unsigned"] | ||||
|                 if "age" in unsigned: | ||||
|                     p["age"] = unsigned["age"] | ||||
|             if "age" in p: | ||||
|                 p["age_ts"] = int(self._clock.time_msec()) - int(p["age"]) | ||||
|                 del p["age"] | ||||
|  | @ -422,7 +422,7 @@ class ReplicationLayer(object): | |||
|         for p in pdus: | ||||
|             if "age_ts" in p: | ||||
|                 age = time_now - p["age_ts"] | ||||
|                 p.setdefault("meta", {})["age"] = int(age) | ||||
|                 p.setdefault("unsigned", {})["age"] = int(age) | ||||
|                 del p["age_ts"] | ||||
|         return Transaction( | ||||
|             origin=self.server_name, | ||||
|  | @ -620,8 +620,8 @@ class _TransactionQueue(object): | |||
|                 if "pdus" in data: | ||||
|                     for p in data["pdus"]: | ||||
|                         if "age_ts" in p: | ||||
|                             meta = p.setdefault("meta", {}) | ||||
|                             meta["age"] = now - int(p["age_ts"]) | ||||
|                             unsigned = p.setdefault("unsigned", {}) | ||||
|                             unsigned["age"] = now - int(p["age_ts"]) | ||||
|                             del p["age_ts"] | ||||
|                 return data | ||||
| 
 | ||||
|  |  | |||
|  | @ -72,7 +72,6 @@ class Pdu(JsonEncodedObject): | |||
|         "prev_state_origin", | ||||
|         "required_power_level", | ||||
|         "user_id", | ||||
|         "meta" | ||||
|     ] | ||||
| 
 | ||||
|     internal_keys = [ | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	 Mark Haines
						Mark Haines