diff --git a/src/service/rooms/event_handler/policy_server.rs b/src/service/rooms/event_handler/policy_server.rs
index 9b96f67b3..09b21c785 100644
--- a/src/service/rooms/event_handler/policy_server.rs
+++ b/src/service/rooms/event_handler/policy_server.rs
@@ -62,19 +62,7 @@ pub(super) fn verify_policy_signature(
 		debug_warn!("Failed to redact event");
 		return false;
 	};
-	let Some(CanonicalJsonValue::Object(signature_map)) = pdu_json.get("signatures") else {
-		debug_warn!("Signatures map is not present?");
-		return false;
-	};
-	let Some(CanonicalJsonValue::Object(signature_set)) = signature_map.get(via.as_str()) else {
-		debug!("Signature map does not contain via {}", via.as_str());
-		return false;
-	};
-	let Some(signature) = signature_set
-		.get(POLICY_SERVER_KEY_ID_ED25519)
-		.and_then(|s| s.as_str())
-		.and_then(|s| Base64::<Standard>::parse(s).ok())
-	else {
+	let Some(signature) = extract_signature(pdu_json, via, POLICY_SERVER_KEY_ID_ED25519) else {
 		debug!("No (valid) policy server signature present on event");
 		return false;
 	};
@@ -95,6 +83,21 @@ pub(super) fn verify_policy_signature(
 	.is_ok()
 }
 
+pub(super) fn extract_signature(
+	pdu_json: &CanonicalJsonObject,
+	server_name: &ServerName,
+	key_id: &str,
+) -> Option<Base64<Standard, Vec<u8>>> {
+	pdu_json
+		.get("signatures")?
+		.as_object()?
+		.get(server_name.as_str())?
+		.as_object()?
+		.get(key_id)?
+		.as_str()
+		.and_then(|signature| Base64::<Standard>::parse(signature).ok())
+}
+
 /// Verifies the existing policy server signature, and/or fetches a new one
 /// immediately.
 ///
diff --git a/src/service/rooms/event_handler/upgrade_outlier_pdu.rs b/src/service/rooms/event_handler/upgrade_outlier_pdu.rs
index 12627b257..a1360cd72 100644
--- a/src/service/rooms/event_handler/upgrade_outlier_pdu.rs
+++ b/src/service/rooms/event_handler/upgrade_outlier_pdu.rs
@@ -250,10 +250,11 @@ where
 		// no reason to re-calculate that.
 		// 14-pre. ask the policy server to sign the event, if possible
 		debug!(event_id = %incoming_pdu.event_id, "Checking policy server for event");
+		let mut mutable_object = incoming_pdu.to_canonical_object();
 		if let Err(e) = self
 			.policy_server_allows_event(
 				&incoming_pdu,
-				&mut incoming_pdu.to_canonical_object(),
+				&mut mutable_object,
 				room_id,
 				&room_version_rules,
 				true,