Consider old keys in handleLocalKeys (#1454)
parent
05e5386fb0
commit
0caad67abc
|
@ -6,6 +6,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/matrix-org/dendrite/internal/config"
|
||||||
"github.com/matrix-org/dendrite/serverkeyapi/api"
|
"github.com/matrix-org/dendrite/serverkeyapi/api"
|
||||||
"github.com/matrix-org/gomatrixserverlib"
|
"github.com/matrix-org/gomatrixserverlib"
|
||||||
"github.com/sirupsen/logrus"
|
"github.com/sirupsen/logrus"
|
||||||
|
@ -18,6 +19,7 @@ type ServerKeyAPI struct {
|
||||||
ServerPublicKey ed25519.PublicKey
|
ServerPublicKey ed25519.PublicKey
|
||||||
ServerKeyID gomatrixserverlib.KeyID
|
ServerKeyID gomatrixserverlib.KeyID
|
||||||
ServerKeyValidity time.Duration
|
ServerKeyValidity time.Duration
|
||||||
|
OldServerKeys []config.OldVerifyKeys
|
||||||
|
|
||||||
OurKeyRing gomatrixserverlib.KeyRing
|
OurKeyRing gomatrixserverlib.KeyRing
|
||||||
FedClient gomatrixserverlib.KeyClient
|
FedClient gomatrixserverlib.KeyClient
|
||||||
|
@ -112,14 +114,17 @@ func (s *ServerKeyAPI) FetcherName() string {
|
||||||
}
|
}
|
||||||
|
|
||||||
// handleLocalKeys handles cases where the key request contains
|
// handleLocalKeys handles cases where the key request contains
|
||||||
// a request for our own server keys.
|
// a request for our own server keys, either current or old.
|
||||||
func (s *ServerKeyAPI) handleLocalKeys(
|
func (s *ServerKeyAPI) handleLocalKeys(
|
||||||
_ context.Context,
|
_ context.Context,
|
||||||
requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
|
requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
|
||||||
results map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult,
|
results map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult,
|
||||||
) {
|
) {
|
||||||
for req := range requests {
|
for req := range requests {
|
||||||
if req.ServerName == s.ServerName {
|
if req.ServerName != s.ServerName {
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
if req.KeyID == s.ServerKeyID {
|
||||||
// We found a key request that is supposed to be for our own
|
// We found a key request that is supposed to be for our own
|
||||||
// keys. Remove it from the request list so we don't hit the
|
// keys. Remove it from the request list so we don't hit the
|
||||||
// database or the fetchers for it.
|
// database or the fetchers for it.
|
||||||
|
@ -133,6 +138,28 @@ func (s *ServerKeyAPI) handleLocalKeys(
|
||||||
ExpiredTS: gomatrixserverlib.PublicKeyNotExpired,
|
ExpiredTS: gomatrixserverlib.PublicKeyNotExpired,
|
||||||
ValidUntilTS: gomatrixserverlib.AsTimestamp(time.Now().Add(s.ServerKeyValidity)),
|
ValidUntilTS: gomatrixserverlib.AsTimestamp(time.Now().Add(s.ServerKeyValidity)),
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
// The key request doesn't match our current key. Let's see
|
||||||
|
// if it matches any of our old verify keys.
|
||||||
|
for _, oldVerifyKey := range s.OldServerKeys {
|
||||||
|
if req.KeyID == oldVerifyKey.KeyID {
|
||||||
|
// We found a key request that is supposed to be an expired
|
||||||
|
// key.
|
||||||
|
delete(requests, req)
|
||||||
|
|
||||||
|
// Insert our own key into the response.
|
||||||
|
results[req] = gomatrixserverlib.PublicKeyLookupResult{
|
||||||
|
VerifyKey: gomatrixserverlib.VerifyKey{
|
||||||
|
Key: gomatrixserverlib.Base64Bytes(oldVerifyKey.PrivateKey.Public().(ed25519.PublicKey)),
|
||||||
|
},
|
||||||
|
ExpiredTS: oldVerifyKey.ExpiredAt,
|
||||||
|
ValidUntilTS: gomatrixserverlib.PublicKeyNotValid,
|
||||||
|
}
|
||||||
|
|
||||||
|
// No need to look at the other keys.
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -175,7 +202,7 @@ func (s *ServerKeyAPI) handleDatabaseKeys(
|
||||||
// the remaining requests.
|
// the remaining requests.
|
||||||
func (s *ServerKeyAPI) handleFetcherKeys(
|
func (s *ServerKeyAPI) handleFetcherKeys(
|
||||||
ctx context.Context,
|
ctx context.Context,
|
||||||
now gomatrixserverlib.Timestamp,
|
_ gomatrixserverlib.Timestamp,
|
||||||
fetcher gomatrixserverlib.KeyFetcher,
|
fetcher gomatrixserverlib.KeyFetcher,
|
||||||
requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
|
requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
|
||||||
results map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult,
|
results map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult,
|
||||||
|
|
|
@ -49,6 +49,7 @@ func NewInternalAPI(
|
||||||
ServerPublicKey: cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey),
|
ServerPublicKey: cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey),
|
||||||
ServerKeyID: cfg.Matrix.KeyID,
|
ServerKeyID: cfg.Matrix.KeyID,
|
||||||
ServerKeyValidity: cfg.Matrix.KeyValidityPeriod,
|
ServerKeyValidity: cfg.Matrix.KeyValidityPeriod,
|
||||||
|
OldServerKeys: cfg.Matrix.OldVerifyKeys,
|
||||||
FedClient: fedClient,
|
FedClient: fedClient,
|
||||||
OurKeyRing: gomatrixserverlib.KeyRing{
|
OurKeyRing: gomatrixserverlib.KeyRing{
|
||||||
KeyFetchers: []gomatrixserverlib.KeyFetcher{},
|
KeyFetchers: []gomatrixserverlib.KeyFetcher{},
|
||||||
|
|
Loading…
Reference in New Issue