Stop overwriting server keys with other keys

Fix a bug where we would discard a key result which the origin server is no longer returning. Fixes #5305.
matrix-org · May 31, 2019 · 3600f55 · 3600f55
1 parent fe79b5e
commit 3600f55
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 12 deletions.
diff --git a/changelog.d/5307.bugfix b/changelog.d/5307.bugfix
@@ -0,0 +1 @@
+Fix bug where a notary server would sometimes forget old keys.
diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py
@@ -394,7 +394,7 @@ def __init__(self, hs):
 
     @defer.inlineCallbacks
     def process_v2_response(
-        self, from_server, response_json, time_added_ms, requested_ids=[]
+        self, from_server, response_json, time_added_ms
     ):
         """Parse a 'Server Keys' structure from the result of a /key request
 
@@ -417,10 +417,6 @@ def process_v2_response(
 
             time_added_ms (int): the timestamp to record in server_keys_json
 
-            requested_ids (iterable[str]): a list of the key IDs that were requested.
-                We will store the json for these key ids as well as any that are
-                actually in the response
-
         Returns:
             Deferred[dict[str, FetchKeyResult]]: map from key_id to result object
         """
@@ -476,11 +472,6 @@ def process_v2_response(
 
         signed_key_json_bytes = encode_canonical_json(signed_key_json)
 
-        # for reasons I don't quite understand, we store this json for the key ids we
-        # requested, as well as those we got.
-        updated_key_ids = set(requested_ids)
-        updated_key_ids.update(verify_keys)
-
         yield logcontext.make_deferred_yieldable(
             defer.gatherResults(
                 [
@@ -493,7 +484,7 @@ def process_v2_response(
                         ts_expires_ms=ts_valid_until_ms,
                         key_json_bytes=signed_key_json_bytes,
                     )
-                    for key_id in updated_key_ids
+                    for key_id in verify_keys
                 ],
                 consumeErrors=True,
             ).addErrback(unwrapFirstError)
@@ -749,7 +740,6 @@ def get_server_verify_key_v2_direct(self, server_name, key_ids):
 
             response_keys = yield self.process_v2_response(
                 from_server=server_name,
-                requested_ids=[requested_key_id],
                 response_json=response,
                 time_added_ms=time_now_ms,
             )
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Fix bug where a notary server would sometimes forget old keys.