Relax validation of signature upload for master keys, and allow updates#19915
Relax validation of signature upload for master keys, and allow updates#19915uhoreg wants to merge 5 commits into
Conversation
| def test_update_signature_master_key(self) -> None: | ||
| """should be able to update a signature on the Master signing key with an unknown algorithm""" | ||
| local_user = "@boris:" + self.hs.hostname | ||
| master_key: dict[str, Any] = { |
There was a problem hiding this comment.
This type annotation seems overly broad to me, so suggestions welcome. Without it, mypy complains when I try to assign to master_key["signatures"][local_user]["unknown:abcdefg"] below. (On the other hand, this is just a test, so I'm not overly concerned about getting the types just right.)
| index_name="e2e_cross_signing_signatures3_idx", | ||
| table="e2e_cross_signing_signatures", | ||
| columns=("user_id", "target_user_id", "target_device_id", "key_id"), | ||
| unique=True, |
There was a problem hiding this comment.
I'm not sure what's the proper way to handle the case where we end up with duplicate values on those columns. I think that we shouldn't have any, but we should probably try to be safe.
|
Complement tests seem to be unrelated to my changes. |
|
I'm not sure if I should also relax some of the validation for signatures on other keys as well (e.g. device keys) while I'm in the area, or if I should keep the change limited to what I need right away. It will probably need to be done eventually, when we switch to different signature algorithms. |
Don't validate signature with unknown algorithms for master signing keys, and allow updates to signatures, for example to support algorithms that embed an expiry date in signatures.
Pull Request Checklist
EventStoretoEventWorkerStore.".code blocks.