2017-05-19 15:06:41 +00:00
|
|
|
// Copyright 2017 Vector Creations Ltd
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
2017-10-25 10:27:44 +00:00
|
|
|
package routing
|
2017-05-19 15:06:41 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"encoding/json"
|
2018-03-13 15:55:45 +00:00
|
|
|
"net/http"
|
2017-09-07 11:50:39 +00:00
|
|
|
"time"
|
|
|
|
|
2020-09-22 13:40:54 +00:00
|
|
|
"github.com/matrix-org/dendrite/clientapi/httputil"
|
2020-07-22 16:04:57 +00:00
|
|
|
"github.com/matrix-org/dendrite/clientapi/jsonerror"
|
2020-09-22 13:40:54 +00:00
|
|
|
federationSenderAPI "github.com/matrix-org/dendrite/federationsender/api"
|
2020-05-21 13:40:13 +00:00
|
|
|
"github.com/matrix-org/dendrite/internal/config"
|
2020-07-22 16:04:57 +00:00
|
|
|
"github.com/matrix-org/dendrite/keyserver/api"
|
2017-05-19 15:06:41 +00:00
|
|
|
"github.com/matrix-org/gomatrixserverlib"
|
|
|
|
"github.com/matrix-org/util"
|
2020-09-22 13:40:54 +00:00
|
|
|
"github.com/sirupsen/logrus"
|
2017-05-19 15:06:41 +00:00
|
|
|
"golang.org/x/crypto/ed25519"
|
|
|
|
)
|
|
|
|
|
2020-07-22 16:04:57 +00:00
|
|
|
type queryKeysRequest struct {
|
|
|
|
DeviceKeys map[string][]string `json:"device_keys"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// QueryDeviceKeys returns device keys for users on this server.
|
|
|
|
// https://matrix.org/docs/spec/server_server/latest#post-matrix-federation-v1-user-keys-query
|
|
|
|
func QueryDeviceKeys(
|
|
|
|
httpReq *http.Request, request *gomatrixserverlib.FederationRequest, keyAPI api.KeyInternalAPI, thisServer gomatrixserverlib.ServerName,
|
|
|
|
) util.JSONResponse {
|
|
|
|
var qkr queryKeysRequest
|
|
|
|
err := json.Unmarshal(request.Content(), &qkr)
|
|
|
|
if err != nil {
|
|
|
|
return util.JSONResponse{
|
|
|
|
Code: http.StatusBadRequest,
|
|
|
|
JSON: jsonerror.BadJSON("The request body could not be decoded into valid JSON. " + err.Error()),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// make sure we only query users on our domain
|
|
|
|
for userID := range qkr.DeviceKeys {
|
|
|
|
_, serverName, err := gomatrixserverlib.SplitID('@', userID)
|
|
|
|
if err != nil {
|
|
|
|
delete(qkr.DeviceKeys, userID)
|
|
|
|
continue // ignore invalid users
|
|
|
|
}
|
|
|
|
if serverName != thisServer {
|
|
|
|
delete(qkr.DeviceKeys, userID)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var queryRes api.QueryKeysResponse
|
|
|
|
keyAPI.QueryKeys(httpReq.Context(), &api.QueryKeysRequest{
|
|
|
|
UserToDevices: qkr.DeviceKeys,
|
|
|
|
}, &queryRes)
|
|
|
|
if queryRes.Error != nil {
|
|
|
|
util.GetLogger(httpReq.Context()).WithError(queryRes.Error).Error("Failed to QueryKeys")
|
|
|
|
return jsonerror.InternalServerError()
|
|
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
|
|
Code: 200,
|
|
|
|
JSON: struct {
|
|
|
|
DeviceKeys interface{} `json:"device_keys"`
|
|
|
|
}{queryRes.DeviceKeys},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
type claimOTKsRequest struct {
|
|
|
|
OneTimeKeys map[string]map[string]string `json:"one_time_keys"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// ClaimOneTimeKeys claims OTKs for users on this server.
|
|
|
|
// https://matrix.org/docs/spec/server_server/latest#post-matrix-federation-v1-user-keys-claim
|
|
|
|
func ClaimOneTimeKeys(
|
|
|
|
httpReq *http.Request, request *gomatrixserverlib.FederationRequest, keyAPI api.KeyInternalAPI, thisServer gomatrixserverlib.ServerName,
|
|
|
|
) util.JSONResponse {
|
|
|
|
var cor claimOTKsRequest
|
|
|
|
err := json.Unmarshal(request.Content(), &cor)
|
|
|
|
if err != nil {
|
|
|
|
return util.JSONResponse{
|
|
|
|
Code: http.StatusBadRequest,
|
|
|
|
JSON: jsonerror.BadJSON("The request body could not be decoded into valid JSON. " + err.Error()),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// make sure we only claim users on our domain
|
|
|
|
for userID := range cor.OneTimeKeys {
|
|
|
|
_, serverName, err := gomatrixserverlib.SplitID('@', userID)
|
|
|
|
if err != nil {
|
|
|
|
delete(cor.OneTimeKeys, userID)
|
|
|
|
continue // ignore invalid users
|
|
|
|
}
|
|
|
|
if serverName != thisServer {
|
|
|
|
delete(cor.OneTimeKeys, userID)
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var claimRes api.PerformClaimKeysResponse
|
|
|
|
keyAPI.PerformClaimKeys(httpReq.Context(), &api.PerformClaimKeysRequest{
|
|
|
|
OneTimeKeys: cor.OneTimeKeys,
|
|
|
|
}, &claimRes)
|
|
|
|
if claimRes.Error != nil {
|
|
|
|
util.GetLogger(httpReq.Context()).WithError(claimRes.Error).Error("Failed to PerformClaimKeys")
|
|
|
|
return jsonerror.InternalServerError()
|
|
|
|
}
|
|
|
|
return util.JSONResponse{
|
|
|
|
Code: 200,
|
|
|
|
JSON: struct {
|
|
|
|
OneTimeKeys interface{} `json:"one_time_keys"`
|
|
|
|
}{claimRes.OneTimeKeys},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-05-19 15:06:41 +00:00
|
|
|
// LocalKeys returns the local keys for the server.
|
|
|
|
// See https://matrix.org/docs/spec/server_server/unstable.html#publishing-keys
|
2020-08-10 13:18:04 +00:00
|
|
|
func LocalKeys(cfg *config.FederationAPI) util.JSONResponse {
|
2017-06-19 14:21:04 +00:00
|
|
|
keys, err := localKeys(cfg, time.Now().Add(cfg.Matrix.KeyValidityPeriod))
|
2017-05-19 15:06:41 +00:00
|
|
|
if err != nil {
|
|
|
|
return util.ErrorResponse(err)
|
|
|
|
}
|
2018-03-13 15:55:45 +00:00
|
|
|
return util.JSONResponse{Code: http.StatusOK, JSON: keys}
|
2017-05-19 15:06:41 +00:00
|
|
|
}
|
|
|
|
|
2020-08-10 13:18:04 +00:00
|
|
|
func localKeys(cfg *config.FederationAPI, validUntil time.Time) (*gomatrixserverlib.ServerKeys, error) {
|
2017-05-19 15:06:41 +00:00
|
|
|
var keys gomatrixserverlib.ServerKeys
|
|
|
|
|
2017-06-19 14:21:04 +00:00
|
|
|
keys.ServerName = cfg.Matrix.ServerName
|
2020-09-25 09:58:53 +00:00
|
|
|
keys.TLSFingerprints = cfg.TLSFingerPrints
|
|
|
|
keys.ValidUntilTS = gomatrixserverlib.AsTimestamp(validUntil)
|
2017-05-19 15:06:41 +00:00
|
|
|
|
2017-06-19 14:21:04 +00:00
|
|
|
publicKey := cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey)
|
2017-05-19 15:06:41 +00:00
|
|
|
|
|
|
|
keys.VerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.VerifyKey{
|
2017-06-19 14:21:04 +00:00
|
|
|
cfg.Matrix.KeyID: {
|
2020-06-04 10:50:57 +00:00
|
|
|
Key: gomatrixserverlib.Base64Bytes(publicKey),
|
2017-05-19 15:06:41 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
keys.OldVerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.OldVerifyKey{}
|
2020-09-25 09:58:53 +00:00
|
|
|
for _, oldVerifyKey := range cfg.Matrix.OldVerifyKeys {
|
|
|
|
keys.OldVerifyKeys[oldVerifyKey.KeyID] = gomatrixserverlib.OldVerifyKey{
|
|
|
|
VerifyKey: gomatrixserverlib.VerifyKey{
|
2020-09-29 13:00:12 +00:00
|
|
|
Key: gomatrixserverlib.Base64Bytes(oldVerifyKey.PrivateKey.Public().(ed25519.PublicKey)),
|
2020-09-25 09:58:53 +00:00
|
|
|
},
|
|
|
|
ExpiredTS: oldVerifyKey.ExpiredAt,
|
|
|
|
}
|
|
|
|
}
|
2017-05-19 15:06:41 +00:00
|
|
|
|
|
|
|
toSign, err := json.Marshal(keys.ServerKeyFields)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2017-06-19 14:21:04 +00:00
|
|
|
keys.Raw, err = gomatrixserverlib.SignJSON(
|
|
|
|
string(cfg.Matrix.ServerName), cfg.Matrix.KeyID, cfg.Matrix.PrivateKey, toSign,
|
|
|
|
)
|
2017-05-19 15:06:41 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return &keys, nil
|
|
|
|
}
|
2020-09-22 13:40:54 +00:00
|
|
|
|
|
|
|
func NotaryKeys(
|
|
|
|
httpReq *http.Request, cfg *config.FederationAPI,
|
|
|
|
fsAPI federationSenderAPI.FederationSenderInternalAPI,
|
|
|
|
req *gomatrixserverlib.PublicKeyNotaryLookupRequest,
|
|
|
|
) util.JSONResponse {
|
|
|
|
if req == nil {
|
|
|
|
req = &gomatrixserverlib.PublicKeyNotaryLookupRequest{}
|
|
|
|
if reqErr := httputil.UnmarshalJSONRequest(httpReq, &req); reqErr != nil {
|
|
|
|
return *reqErr
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
var response struct {
|
|
|
|
ServerKeys []json.RawMessage `json:"server_keys"`
|
|
|
|
}
|
|
|
|
response.ServerKeys = []json.RawMessage{}
|
|
|
|
|
|
|
|
for serverName := range req.ServerKeys {
|
|
|
|
var keys *gomatrixserverlib.ServerKeys
|
|
|
|
if serverName == cfg.Matrix.ServerName {
|
|
|
|
if k, err := localKeys(cfg, time.Now().Add(cfg.Matrix.KeyValidityPeriod)); err == nil {
|
|
|
|
keys = k
|
|
|
|
} else {
|
|
|
|
return util.ErrorResponse(err)
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if k, err := fsAPI.GetServerKeys(httpReq.Context(), serverName); err == nil {
|
|
|
|
keys = &k
|
|
|
|
} else {
|
|
|
|
return util.ErrorResponse(err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if keys == nil {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
j, err := json.Marshal(keys)
|
|
|
|
if err != nil {
|
|
|
|
logrus.WithError(err).Errorf("Failed to marshal %q response", serverName)
|
|
|
|
return jsonerror.InternalServerError()
|
|
|
|
}
|
|
|
|
|
|
|
|
js, err := gomatrixserverlib.SignJSON(
|
|
|
|
string(cfg.Matrix.ServerName), cfg.Matrix.KeyID, cfg.Matrix.PrivateKey, j,
|
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
logrus.WithError(err).Errorf("Failed to sign %q response", serverName)
|
|
|
|
return jsonerror.InternalServerError()
|
|
|
|
}
|
|
|
|
|
|
|
|
response.ServerKeys = append(response.ServerKeys, js)
|
|
|
|
}
|
|
|
|
|
|
|
|
return util.JSONResponse{
|
|
|
|
Code: http.StatusOK,
|
|
|
|
JSON: response,
|
|
|
|
}
|
|
|
|
}
|