Add key validity checks

2025-03-01 06:14:28 -06:00 · 2020-06-04 13:44:49 +01:00 · 2020-06-04 13:44:49 +01:00 · 5408af1baf
parent f7025d3499
commit 5408af1baf
2 changed files with 10 additions and 0 deletions
--- a/serverkeyapi/api/api.go
+++ b/serverkeyapi/api/api.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"net/http"
+	"time"

 	"github.com/matrix-org/dendrite/internal/caching"
 	"github.com/matrix-org/gomatrixserverlib"
@ -94,8 +95,12 @@ func (s *httpServerKeyInternalAPI) FetchKeys(
 	response := QueryPublicKeysResponse{
 		Results: make(map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult),
 	}
+	now := gomatrixserverlib.AsTimestamp(time.Now())
 	for req, ts := range requests {
 		if res, ok := s.immutableCache.GetServerKey(req); ok {
+			if now > res.ValidUntilTS && res.ExpiredTS == gomatrixserverlib.PublicKeyNotExpired {
+				continue
+			}
 			result[req] = res
 			continue
 		}
--- a/serverkeyapi/internal/api.go
+++ b/serverkeyapi/internal/api.go
@ -3,6 +3,7 @@ package internal
 import (
 	"context"
 	"fmt"
+	"time"

 	"github.com/matrix-org/dendrite/internal/caching"
 	"github.com/matrix-org/dendrite/serverkeyapi/api"
@ -39,10 +40,14 @@ func (s *ServerKeyAPI) FetchKeys(
 	// First consult our local database and see if we have the requested
 	// keys. These might come from a cache, depending on the database
 	// implementation used.
+	now := gomatrixserverlib.AsTimestamp(time.Now())
 	if dbResults, err := s.OurKeyRing.KeyDatabase.FetchKeys(ctx, requests); err == nil {
 		// We successfully got some keys. Add them to the results and
 		// remove them from the request list.
 		for req, res := range dbResults {
+			if now > res.ValidUntilTS && res.ExpiredTS == gomatrixserverlib.PublicKeyNotExpired {
+				continue
+			}
 			results[req] = res
 			delete(requests, req)
 		}