Don't store our own keys in the database

2025-12-20 21:33:19 -06:00 · 2020-06-15 14:20:09 +01:00 · 2020-06-15 14:20:09 +01:00 · 5e01375637
parent d7eb54c5b3
commit 5e01375637
3 changed files with 40 additions and 48 deletions
--- a/serverkeyapi/internal/api.go
+++ b/serverkeyapi/internal/api.go
@ -21,15 +21,18 @@ type ServerKeyAPI struct {
 }
 func (s *ServerKeyAPI) QueryLocalKeys(ctx context.Context, request *api.QueryLocalKeysRequest, response *api.QueryLocalKeysResponse) error {
 	response.ServerKeys.ServerName = s.Cfg.Matrix.ServerName
 	publicKey := s.Cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey)
 	response.ServerKeys.ServerName = s.Cfg.Matrix.ServerName
 	response.ServerKeys.VerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.VerifyKey{
 		s.Cfg.Matrix.KeyID: {
 			Key: gomatrixserverlib.Base64Bytes(publicKey),
 		},
 	}
 	response.ServerKeys.TLSFingerprints = s.Cfg.Matrix.TLSFingerPrints
 	// TODO: Handle old expired keys. We should probably have a configuration section
 	// for these, as it's really counter-intuitive for people to have to rake through
 	// the database to find their own past keys.
 	response.ServerKeys.OldVerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.OldVerifyKey{}
 	response.ServerKeys.ValidUntilTS = gomatrixserverlib.AsTimestamp(time.Now().Add(s.Cfg.Matrix.KeyValidityPeriod))
@ -65,6 +68,7 @@ func (s *ServerKeyAPI) StoreKeys(
 	return s.OurKeyRing.KeyDatabase.StoreKeys(ctx, results)
 }
 // nolint:gocyclo
 func (s *ServerKeyAPI) FetchKeys(
 	_ context.Context,
 	requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
@ -74,7 +78,40 @@ func (s *ServerKeyAPI) FetchKeys(
 	ctx := context.Background()
 	results := map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult{}
 	now := gomatrixserverlib.AsTimestamp(time.Now())
-	// First consult our local database and see if we have the requested
+	// First, check if any of these key checks are for our own keys. If
 	// they are then we will satisfy them directly.
 	for req := range requests {
 		if req.ServerName == s.Cfg.Matrix.ServerName {
 			// We found a key request that is supposed to be for our own
 			// keys. Remove it from the request list so we don't hit the
 			// database or the fetchers for it.
 			delete(requests, req)
 			// Look up our own keys.
 			request := &api.QueryLocalKeysRequest{}
 			response := &api.QueryLocalKeysResponse{}
 			if err := s.QueryLocalKeys(ctx, request, response); err != nil {
 				return nil, err
 			}
 			// Depending on whether the key is expired or not, we'll need
 			// to write slightly different
 			if verifyKeys, ok := response.ServerKeys.VerifyKeys[req.KeyID]; ok {
 				// The key is current.
 				results[req] = gomatrixserverlib.PublicKeyLookupResult{
 					VerifyKey:    verifyKeys,
 					ExpiredTS:    gomatrixserverlib.PublicKeyNotExpired,
 					ValidUntilTS: response.ServerKeys.ValidUntilTS,
 				}
 			} else if verifyKeys, ok := response.ServerKeys.OldVerifyKeys[req.KeyID]; ok {
 				// The key is expired.
 				results[req] = gomatrixserverlib.PublicKeyLookupResult{
 					VerifyKey:    verifyKeys.VerifyKey,
 					ExpiredTS:    verifyKeys.ExpiredTS,
 					ValidUntilTS: gomatrixserverlib.PublicKeyNotValid,
 				}
 			}
 		}
 	}
 	// Then consult our local database and see if we have the requested
 	// keys. These might come from a cache, depending on the database
 	// implementation used.
 	if dbResults, err := s.OurKeyRing.KeyDatabase.FetchKeys(ctx, requests); err == nil {
--- a/serverkeyapi/storage/postgres/keydb.go
+++ b/serverkeyapi/storage/postgres/keydb.go
@ -51,30 +51,6 @@ func NewDatabase(
 	if err != nil {
 		return nil, err
 	}
 	// Store our own keys so that we don't end up making HTTP requests to find our
 	// own keys
 	/*
 		index := gomatrixserverlib.PublicKeyLookupRequest{
 			ServerName: serverName,
 			KeyID:      serverKeyID,
 		}
 		value := gomatrixserverlib.PublicKeyLookupResult{
 			VerifyKey: gomatrixserverlib.VerifyKey{
 				Key: gomatrixserverlib.Base64Bytes(serverKey),
 			},
 			ValidUntilTS: gomatrixserverlib.AsTimestamp(time.Now().Add(100 * 365 * 24 * time.Hour)),
 			ExpiredTS:    gomatrixserverlib.PublicKeyNotExpired,
 		}
 		err = d.StoreKeys(
 			context.Background(),
 			map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult{
 				index: value,
 			},
 		)
 		if err != nil {
 			return nil, err
 		}
 	*/
 	return d, nil
 }
--- a/serverkeyapi/storage/sqlite3/keydb.go
+++ b/serverkeyapi/storage/sqlite3/keydb.go
@ -56,27 +56,6 @@ func NewDatabase(
 	if err != nil {
 		return nil, err
 	}
 	// Store our own keys so that we don't end up making HTTP requests to find our
 	// own keys
 	/*
 		index := gomatrixserverlib.PublicKeyLookupRequest{
 			ServerName: serverName,
 			KeyID:      serverKeyID,
 		}
 		value := gomatrixserverlib.PublicKeyLookupResult{
 			VerifyKey: gomatrixserverlib.VerifyKey{
 				Key: gomatrixserverlib.Base64Bytes(serverKey),
 			},
 			ValidUntilTS: gomatrixserverlib.AsTimestamp(time.Now().Add(100 * 365 * 24 * time.Hour)),
 			ExpiredTS:    gomatrixserverlib.PublicKeyNotExpired,
 		}
 		err = d.StoreKeys(
 			context.Background(),
 			map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult{
 				index: value,
 			},
 		)
 	*/
 	if err != nil {
 		return nil, err
 	}