mirrors/dendrite
1
0
Fork 0
mirror of https://github.com/matrix-org/dendrite.git synced 2025-12-12 09:23:09 -06:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Move the ID server's signatures verification to common"

Browse source 
This reverts commit 9344201031.
This commit is contained in:
Brendan Abolivier 2017-09-07 11:17:56 +01:00
parent 66733d3b66
commit 4d387c02d7
1 changed files with 58 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

64
src/github.com/matrix-org/dendrite/clientapi/threepid/invites.go
View file

@ -31,7 +31,6 @@ import (
"github.com/matrix-org/dendrite/clientapi/producers" "github.com/matrix-org/dendrite/clientapi/producers"
"github.com/matrix-org/dendrite/common" "github.com/matrix-org/dendrite/common"
"github.com/matrix-org/dendrite/common/config" "github.com/matrix-org/dendrite/common/config"
"github.com/matrix-org/dendrite/common/threepid"
"github.com/matrix-org/dendrite/roomserver/api" "github.com/matrix-org/dendrite/roomserver/api"
"github.com/matrix-org/gomatrixserverlib" "github.com/matrix-org/gomatrixserverlib"
@ -170,11 +169,7 @@ func queryIDServer(
} }
// Check the request signatures and send an error if one isn't valid // Check the request signatures and send an error if one isn't valid
marshalledBody, err := json.Marshal(*lookupRes) if err = checkIDServerSignatures(body, lookupRes); err != nil {
if err != nil {
return
}
if err = threepid.CheckIDServerSignatures(body.IDServer, lookupRes.Signatures, marshalledBody); err != nil {
return return
} }
@ -264,6 +259,63 @@ func queryIDServerStoreInvite(
return &idResp, err return &idResp, err
} }
// queryIDServerPubKey requests a public key identified with a given ID to the
// a given identity server and returns the matching base64-decoded public key.
// Returns an error if the request couldn't be sent, if its body couldn't be parsed
// or if the key couldn't be decoded from base64.
func queryIDServerPubKey(idServerName string, keyID string) ([]byte, error) {
url := fmt.Sprintf("https://%s/_matrix/identity/api/v1/pubkey/%s", idServerName, keyID)
resp, err := http.Get(url)
if err != nil {
return nil, err
}
var pubKeyRes struct {
PublicKey gomatrixserverlib.Base64String `json:"public_key"`
}
if resp.StatusCode != http.StatusOK {
// TODO: Log the error supplied with the identity server?
errMsg := fmt.Sprintf("Couldn't retrieve key %s from server %s", keyID, idServerName)
return nil, errors.New(errMsg)
}
err = json.NewDecoder(resp.Body).Decode(&pubKeyRes)
return pubKeyRes.PublicKey, err
}
// checkIDServerSignatures iterates over the signatures of a requests.
// If no signature can be found for the ID server's domain, returns an error, else
// iterates over the signature for the said domain, retrieves the matching public
// key, and verify it.
// Returns nil if all the verifications succeeded.
// Returns an error if something failed in the process.
func checkIDServerSignatures(body *MembershipRequest, res *idServerLookupResponse) error {
// Mashall the body so we can give it to VerifyJSON
marshalledBody, err := json.Marshal(*res)
if err != nil {
return err
}
// TODO: Check if the domain is part of a list of trusted ID servers
signatures, ok := res.Signatures[body.IDServer]
if !ok {
return errors.New("No signature for domain " + body.IDServer)
}
for keyID := range signatures {
pubKey, err := queryIDServerPubKey(body.IDServer, keyID)
if err != nil {
return err
}
if err = gomatrixserverlib.VerifyJSON(body.IDServer, gomatrixserverlib.KeyID(keyID), pubKey, marshalledBody); err != nil {
return err
}
}
return nil
}
// emit3PIDInviteEvent builds and sends a "m.room.third_party_invite" event. // emit3PIDInviteEvent builds and sends a "m.room.third_party_invite" event.
// Returns an error if something failed in the process. // Returns an error if something failed in the process.
func emit3PIDInviteEvent( func emit3PIDInviteEvent(