diff --git a/src/github.com/matrix-org/dendrite/common/threepid/checksignature.go b/src/github.com/matrix-org/dendrite/common/threepid/checksignature.go deleted file mode 100644 index 18b5edb21..000000000 --- a/src/github.com/matrix-org/dendrite/common/threepid/checksignature.go +++ /dev/null @@ -1,75 +0,0 @@ -// Copyright 2017 Vector Creations Ltd -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package threepid - -import ( - "encoding/json" - "errors" - "fmt" - "net/http" - - "github.com/matrix-org/gomatrixserverlib" -) - -// CheckIDServerSignatures iterates over the signatures of a requests. -// If no signature can be found for the ID server's domain, returns an error, else -// iterates over the signature for the said domain, retrieves the matching public -// key, and verify it. -// Returns nil if all the verifications succeeded. -// Returns an error if something failed in the process. -func CheckIDServerSignatures(idServer string, signatures map[string]map[string]string, marshalledBody []byte) error { - // TODO: Check if the domain is part of a list of trusted ID servers - idServerSignatures, ok := signatures[idServer] - if !ok { - return errors.New("No signature for domain " + idServer) - } - - for keyID := range idServerSignatures { - pubKey, err := queryIDServerPubKey(idServer, keyID) - if err != nil { - return err - } - if err = gomatrixserverlib.VerifyJSON(idServer, gomatrixserverlib.KeyID(keyID), pubKey, marshalledBody); err != nil { - return err - } - } - - return nil -} - -// queryIDServerPubKey requests a public key identified with a given ID to the -// a given identity server and returns the matching base64-decoded public key. -// Returns an error if the request couldn't be sent, if its body couldn't be parsed -// or if the key couldn't be decoded from base64. -func queryIDServerPubKey(idServerName string, keyID string) ([]byte, error) { - url := fmt.Sprintf("https://%s/_matrix/identity/api/v1/pubkey/%s", idServerName, keyID) - resp, err := http.Get(url) - if err != nil { - return nil, err - } - - var pubKeyRes struct { - PublicKey gomatrixserverlib.Base64String `json:"public_key"` - } - - if resp.StatusCode != http.StatusOK { - // TODO: Log the error supplied with the identity server? - errMsg := fmt.Sprintf("Couldn't retrieve key %s from server %s", keyID, idServerName) - return nil, errors.New(errMsg) - } - - err = json.NewDecoder(resp.Body).Decode(&pubKeyRes) - return pubKeyRes.PublicKey, err -} diff --git a/src/github.com/matrix-org/dendrite/federationapi/writers/threepid.go b/src/github.com/matrix-org/dendrite/federationapi/writers/threepid.go index 332adbe5e..b3569dd59 100644 --- a/src/github.com/matrix-org/dendrite/federationapi/writers/threepid.go +++ b/src/github.com/matrix-org/dendrite/federationapi/writers/threepid.go @@ -21,11 +21,9 @@ import ( "time" "github.com/matrix-org/dendrite/clientapi/httputil" - "github.com/matrix-org/dendrite/clientapi/jsonerror" "github.com/matrix-org/dendrite/clientapi/producers" "github.com/matrix-org/dendrite/common" "github.com/matrix-org/dendrite/common/config" - "github.com/matrix-org/dendrite/common/threepid" "github.com/matrix-org/dendrite/roomserver/api" "github.com/matrix-org/gomatrixserverlib" @@ -79,29 +77,12 @@ func CreateInvitesFrom3PIDInvites( } } +// createInviteFrom3PIDInvite processes an invite provided by the identity server +// and creates a m.room.member event (with "invite" membership) from it func createInviteFrom3PIDInvite( req *http.Request, queryAPI api.RoomserverQueryAPI, cfg config.Dendrite, inv invite, ) (*gomatrixserverlib.Event, *util.JSONResponse) { - // Check if the token was provided - if inv.Signed.Token == "" { - return nil, &util.JSONResponse{ - Code: 400, - JSON: jsonerror.Unknown("Rejecting received notification of third-party invite without signed"), - } - } - - // Check the signatures - marshalledSigned, err := json.Marshal(inv.Signed) - if err != nil { - resErr := httputil.LogThenError(req, err) - return nil, &resErr - } - if err := threepid.CheckIDServerSignatures("", inv.Signed.Signatures, marshalledSigned); err != nil { - resErr := httputil.LogThenError(req, err) - return nil, &resErr - } - // Build the event builder := &gomatrixserverlib.EventBuilder{ Type: "m.room.member",