Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Commit

Permalink
Merge pull request #4722 from matrix-org/erikj/correctly_handle_keyri…
Browse files Browse the repository at this point in the history 
…ng_exceptions

Handle errors when fetching remote server keys
  • Loading branch information
@erikjohnston
erikjohnston authored Feb 25, 2019
2 parents 5b9786e + 65d1003 commit 16c7afa
Show file tree
Hide file tree
Showing 2 changed files with 52 additions and 21 deletions.
1 change: 1 addition & 0 deletions changelog.d/4722.misc
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Don't log exceptions when failing to fetch remote server keys
72 changes: 51 additions & 21 deletions synapse/crypto/keyring.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
import logging
from collections import namedtuple

from six import raise_from
from six.moves import urllib

from signedjson.key import (
Expand All @@ -35,7 +36,12 @@

from twisted.internet import defer

from synapse.api.errors import Codes, RequestSendFailed, SynapseError
from synapse.api.errors import (
Codes,
HttpResponseException,
RequestSendFailed,
SynapseError,
)
from synapse.util import logcontext, unwrapFirstError
from synapse.util.logcontext import (
LoggingContext,
Expand All @@ -44,6 +50,7 @@
run_in_background,
)
from synapse.util.metrics import Measure
from synapse.util.retryutils import NotRetryingDestination

logger = logging.getLogger(__name__)

Expand Down Expand Up @@ -367,13 +374,18 @@ def get_key(perspective_name, perspective_keys):
server_name_and_key_ids, perspective_name, perspective_keys
)
defer.returnValue(result)
except KeyLookupError as e:
logger.warning(
"Key lookup failed from %r: %s", perspective_name, e,
)
except Exception as e:
logger.exception(
"Unable to get key from %r: %s %s",
perspective_name,
type(e).__name__, str(e),
)
defer.returnValue({})

defer.returnValue({})

results = yield logcontext.make_deferred_yieldable(defer.gatherResults(
[
Expand Down Expand Up @@ -421,21 +433,30 @@ def get_server_verify_key_v2_indirect(self, server_names_and_key_ids,
# TODO(mark): Set the minimum_valid_until_ts to that needed by
# the events being validated or the current time if validating
# an incoming request.
query_response = yield self.client.post_json(
destination=perspective_name,
path="/_matrix/key/v2/query",
data={
u"server_keys": {
server_name: {
key_id: {
u"minimum_valid_until_ts": 0
} for key_id in key_ids
try:
query_response = yield self.client.post_json(
destination=perspective_name,
path="/_matrix/key/v2/query",
data={
u"server_keys": {
server_name: {
key_id: {
u"minimum_valid_until_ts": 0
} for key_id in key_ids
}
for server_name, key_ids in server_names_and_key_ids
}
for server_name, key_ids in server_names_and_key_ids
}
},
long_retries=True,
)
},
long_retries=True,
)
except (NotRetryingDestination, RequestSendFailed) as e:
raise_from(
KeyLookupError("Failed to connect to remote server"), e,
)
except HttpResponseException as e:
raise_from(
KeyLookupError("Remote server returned an error"), e,
)

keys = {}

Expand Down Expand Up @@ -502,11 +523,20 @@ def get_server_verify_key_v2_direct(self, server_name, key_ids):
if requested_key_id in keys:
continue

response = yield self.client.get_json(
destination=server_name,
path="/_matrix/key/v2/server/" + urllib.parse.quote(requested_key_id),
ignore_backoff=True,
)
try:
response = yield self.client.get_json(
destination=server_name,
path="/_matrix/key/v2/server/" + urllib.parse.quote(requested_key_id),
ignore_backoff=True,
)
except (NotRetryingDestination, RequestSendFailed) as e:
raise_from(
KeyLookupError("Failed to connect to remote server"), e,
)
except HttpResponseException as e:
raise_from(
KeyLookupError("Remote server returned an error"), e,
)

if (u"signatures" not in response
or server_name not in response[u"signatures"]):
Expand Down

0 comments on commit 16c7afa

Please sign in to comment.