From 6aae741e86fed69a2bd0f6ea402a0e889b4bd5c7 Mon Sep 17 00:00:00 2001
From: David Robertson <davidr@element.io>
Date: Fri, 18 Nov 2022 18:30:33 +0000
Subject: [PATCH 1/3] Fix /key/v2/server calls with URL-unsafe key IDs

Fixes #14488.
---
 synapse/crypto/keyring.py    |  2 +-
 tests/crypto/test_keyring.py | 12 ++++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/synapse/crypto/keyring.py b/synapse/crypto/keyring.py
index dd9b8089ec74..ed15f88350a6 100644
--- a/synapse/crypto/keyring.py
+++ b/synapse/crypto/keyring.py
@@ -857,7 +857,7 @@ async def get_server_verify_key_v2_direct(
                 response = await self.client.get_json(
                     destination=server_name,
                     path="/_matrix/key/v2/server/"
-                    + urllib.parse.quote(requested_key_id),
+                    + urllib.parse.quote(requested_key_id, safe=""),
                     ignore_backoff=True,
                     # we only give the remote server 10s to respond. It should be an
                     # easy request to handle, so if it doesn't reply within 10s, it's
diff --git a/tests/crypto/test_keyring.py b/tests/crypto/test_keyring.py
index 820a1a54e2e0..63628aa6b066 100644
--- a/tests/crypto/test_keyring.py
+++ b/tests/crypto/test_keyring.py
@@ -469,6 +469,18 @@ async def get_json(destination, path, **kwargs):
         keys = self.get_success(fetcher.get_keys(SERVER_NAME, ["key1"], 0))
         self.assertEqual(keys, {})
 
+    def test_keyid_containing_forward_slash(self) -> None:
+        """We should url-encode any url unsafe chars in key ids.
+
+        Detects https://github.com/matrix-org/synapse/issues/14488.
+        """
+        fetcher = ServerKeyFetcher(self.hs)
+        self.get_success(fetcher.get_keys("example.com", ["key/potato"], 0))
+
+        self.http_client.get_json.assert_called_once()
+        args, kwargs = self.http_client.get_json.call_args
+        self.assertEqual(kwargs["path"], "/_matrix/key/v2/server/key%2Fpotato")
+
 
 class PerspectivesKeyFetcherTestCase(unittest.HomeserverTestCase):
     def make_homeserver(self, reactor, clock):

From b8c81cd877f2f442920f41b50e1bee8380c375ab Mon Sep 17 00:00:00 2001
From: David Robertson <davidr@element.io>
Date: Fri, 18 Nov 2022 18:38:53 +0000
Subject: [PATCH 2/3] Changelog

---
 changelog.d/14490.misc | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 changelog.d/14490.misc

diff --git a/changelog.d/14490.misc b/changelog.d/14490.misc
new file mode 100644
index 000000000000..7fd6f3d2164a
--- /dev/null
+++ b/changelog.d/14490.misc
@@ -0,0 +1 @@
+Fix a bug introduced in Synapse 0.9 we would fail to fetch server keys whose IDs contain a forward slash.

From 55c041e30cf24907cfd4b8e95bb9c70f095db72d Mon Sep 17 00:00:00 2001
From: David Robertson <davidr@element.io>
Date: Fri, 18 Nov 2022 19:20:45 +0000
Subject: [PATCH 3/3] Fix changelog

Co-authored-by: Patrick Cloke <clokep@users.noreply.github.com>
---
 changelog.d/14490.misc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/changelog.d/14490.misc b/changelog.d/14490.misc
index 7fd6f3d2164a..c0a4daa885b4 100644
--- a/changelog.d/14490.misc
+++ b/changelog.d/14490.misc
@@ -1 +1 @@
-Fix a bug introduced in Synapse 0.9 we would fail to fetch server keys whose IDs contain a forward slash.
+Fix a bug introduced in Synapse 0.9 where it would fail to fetch server keys whose IDs contain a forward slash.