mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-17 03:43:11 -06:00
Code Issues Packages Projects Releases Wiki Activity

Configurable perspective key fetchers

Browse source
This commit is contained in:
Neil Alexander 2020-04-20 15:00:49 +01:00
parent 523ea88e22
commit 08429b89f0
8 changed files with 55 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
cmd/dendrite-client-api-server/main.go
View file

@ -33,7 +33,7 @@ func main() {
deviceDB := base.CreateDeviceDB() deviceDB := base.CreateDeviceDB()
keyDB := base.CreateKeyDB() keyDB := base.CreateKeyDB()
federation := base.CreateFederationClient() federation := base.CreateFederationClient()
keyRing := keydb.CreateKeyRing(federation.Client, keyDB) keyRing := keydb.CreateKeyRing(federation.Client, keyDB, cfg)
asQuery := base.CreateHTTPAppServiceAPIs() asQuery := base.CreateHTTPAppServiceAPIs()
alias, input, query := base.CreateHTTPRoomserverAPIs() alias, input, query := base.CreateHTTPRoomserverAPIs()

2
cmd/dendrite-demo-libp2p/main.go
View file

@ -146,7 +146,7 @@ func main() {
deviceDB := base.Base.CreateDeviceDB() deviceDB := base.Base.CreateDeviceDB()
keyDB := createKeyDB(base) keyDB := createKeyDB(base)
federation := createFederationClient(base) federation := createFederationClient(base)
keyRing := keydb.CreateKeyRing(federation.Client, keyDB) keyRing := keydb.CreateKeyRing(federation.Client, keyDB, &cfg)
alias, input, query := roomserver.SetupRoomServerComponent(&base.Base) alias, input, query := roomserver.SetupRoomServerComponent(&base.Base)
eduInputAPI := eduserver.SetupEDUServerComponent(&base.Base, cache.New()) eduInputAPI := eduserver.SetupEDUServerComponent(&base.Base, cache.New())

2
cmd/dendrite-federation-api-server/main.go
View file

@ -33,7 +33,7 @@ func main() {
keyDB := base.CreateKeyDB() keyDB := base.CreateKeyDB()
federation := base.CreateFederationClient() federation := base.CreateFederationClient()
federationSender := base.CreateHTTPFederationSenderAPIs() federationSender := base.CreateHTTPFederationSenderAPIs()
keyRing := keydb.CreateKeyRing(federation.Client, keyDB) keyRing := keydb.CreateKeyRing(federation.Client, keyDB, cfg)
alias, input, query := base.CreateHTTPRoomserverAPIs() alias, input, query := base.CreateHTTPRoomserverAPIs()
asQuery := base.CreateHTTPAppServiceAPIs() asQuery := base.CreateHTTPAppServiceAPIs()

2
cmd/dendrite-monolith-server/main.go
View file

@ -56,7 +56,7 @@ func main() {
deviceDB := base.CreateDeviceDB() deviceDB := base.CreateDeviceDB()
keyDB := base.CreateKeyDB() keyDB := base.CreateKeyDB()
federation := base.CreateFederationClient() federation := base.CreateFederationClient()
keyRing := keydb.CreateKeyRing(federation.Client, keyDB) keyRing := keydb.CreateKeyRing(federation.Client, keyDB, cfg)
alias, input, query := roomserver.SetupRoomServerComponent(base) alias, input, query := roomserver.SetupRoomServerComponent(base)
eduInputAPI := eduserver.SetupEDUServerComponent(base, cache.New()) eduInputAPI := eduserver.SetupEDUServerComponent(base, cache.New())

14
common/config/config.go
View file

@ -99,6 +99,20 @@ type Dendrite struct {
// If set disables new users from registering (except via shared // If set disables new users from registering (except via shared
// secrets) // secrets)
RegistrationDisabled bool `yaml:"registration_disabled"` RegistrationDisabled bool `yaml:"registration_disabled"`
// Perspective keyservers, to use as a backup when direct key fetch
// requests don't succeed
KeyPerspectives []struct {
// The server name of the perspective key server
ServerName gomatrixserverlib.ServerName `yaml:"server_name"`
// Server keys for the perspective user, used to verify the
// keys have been signed by the perspective server
Keys []struct {
// The key ID, e.g. ed25519:auto
KeyID gomatrixserverlib.KeyID `yaml:"key_id"`
// The public key in base64 unpadded format
PublicKey string `yaml:"public_key"`
} `yaml:"keys"`
} `yaml:"key_perspectives"`
} `yaml:"matrix"` } `yaml:"matrix"`
// The configuration specific to the media repostitory. // The configuration specific to the media repostitory.

51
common/keydb/keyring.go
View file

@ -15,9 +15,13 @@
package keydb package keydb
import ( import (
"context"
"encoding/base64" "encoding/base64"
"github.com/matrix-org/dendrite/common/config"
"github.com/matrix-org/gomatrixserverlib" "github.com/matrix-org/gomatrixserverlib"
"github.com/matrix-org/util"
"github.com/sirupsen/logrus"
"golang.org/x/crypto/ed25519" "golang.org/x/crypto/ed25519"
) )
@ -26,27 +30,42 @@ import (
// It creates the necessary key fetchers and collects them into a KeyRing // It creates the necessary key fetchers and collects them into a KeyRing
// backed by the given KeyDatabase. // backed by the given KeyDatabase.
func CreateKeyRing(client gomatrixserverlib.Client, func CreateKeyRing(client gomatrixserverlib.Client,
keyDB gomatrixserverlib.KeyDatabase) gomatrixserverlib.KeyRing { keyDB gomatrixserverlib.KeyDatabase,
cfg *config.Dendrite) gomatrixserverlib.KeyRing {
var b64e = base64.StdEncoding.WithPadding(base64.NoPadding) fetchers := gomatrixserverlib.KeyRing{
matrixOrgKey1, _ := b64e.DecodeString("Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw")
matrixOrgKey2, _ := b64e.DecodeString("l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ")
return gomatrixserverlib.KeyRing{
KeyFetchers: []gomatrixserverlib.KeyFetcher{ KeyFetchers: []gomatrixserverlib.KeyFetcher{
// TODO: Use perspective key fetchers for production. &gomatrixserverlib.DirectKeyFetcher{
//&gomatrixserverlib.DirectKeyFetcher{
// Client: client,
//},
&gomatrixserverlib.PerspectiveKeyFetcher{
PerspectiveServerName: "matrix.org",
PerspectiveServerKeys: map[gomatrixserverlib.KeyID]ed25519.PublicKey{
"ed25519:auto": matrixOrgKey1,
"ed25519:a_RXGa": matrixOrgKey2,
},
Client: client, Client: client,
}, },
}, },
KeyDatabase: keyDB, KeyDatabase: keyDB,
} }
util.GetLogger(context.TODO()).Info("Enabled direct key fetcher")
var b64e = base64.StdEncoding.WithPadding(base64.NoPadding)
for _, ps := range cfg.Matrix.KeyPerspectives {
perspective := &gomatrixserverlib.PerspectiveKeyFetcher{
PerspectiveServerName: ps.ServerName,
PerspectiveServerKeys: map[gomatrixserverlib.KeyID]ed25519.PublicKey{},
Client: client,
}
for _, key := range ps.Keys {
rawkey, err := b64e.DecodeString(key.PublicKey)
if err != nil {
util.GetLogger(context.TODO()).WithError(err).WithFields(logrus.Fields{
"server_name": ps.ServerName,
"public_key": key.PublicKey,
}).Warn("Couldn't parse perspective key")
continue
}
perspective.PerspectiveServerKeys[key.KeyID] = rawkey
}
util.GetLogger(context.TODO()).WithField("server_name", ps.ServerName).Info("Enabled perspective key fetcher")
}
return fetchers
} }

1
go.mod
View file

@ -39,6 +39,7 @@ require (
gopkg.in/Shopify/sarama.v1 v1.20.1 gopkg.in/Shopify/sarama.v1 v1.20.1
gopkg.in/h2non/bimg.v1 v1.0.18 gopkg.in/h2non/bimg.v1 v1.0.18
gopkg.in/yaml.v2 v2.2.8 gopkg.in/yaml.v2 v2.2.8
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099
) )
go 1.13 go 1.13

1
go.sum
View file

@ -721,4 +721,5 @@ gopkg.in/yaml.v2 v2.2.5 h1:ymVxjfMaHvXD8RqPRmzHHsB3VvucivSkIAvJFDI5O3c=
gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099 h1:XJP7lxbSxWLOMNdBE4B/STaqVy6L73o0knwj2vIlxnw=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=