mirror of
https://github.com/matrix-org/dendrite.git
synced 2025-12-23 14:53:10 -06:00
b1d48cea3a
We use "api" for public facing stuff and "server" for internal stuff. As the server key API is internal only, we call it 'signing key server', which also clarifies the type of key (as opposed to TLS keys, E2E keys, etc)
108 lines
3.2 KiB
Go
108 lines
3.2 KiB
Go
package signingkeyserver
|
|
|
|
import (
|
|
"crypto/ed25519"
|
|
"encoding/base64"
|
|
|
|
"github.com/gorilla/mux"
|
|
"github.com/matrix-org/dendrite/internal/caching"
|
|
"github.com/matrix-org/dendrite/internal/config"
|
|
"github.com/matrix-org/dendrite/signingkeyserver/api"
|
|
"github.com/matrix-org/dendrite/signingkeyserver/internal"
|
|
"github.com/matrix-org/dendrite/signingkeyserver/inthttp"
|
|
"github.com/matrix-org/dendrite/signingkeyserver/storage"
|
|
"github.com/matrix-org/dendrite/signingkeyserver/storage/cache"
|
|
"github.com/matrix-org/gomatrixserverlib"
|
|
"github.com/sirupsen/logrus"
|
|
)
|
|
|
|
// AddInternalRoutes registers HTTP handlers for the internal API. Invokes functions
|
|
// on the given input API.
|
|
func AddInternalRoutes(router *mux.Router, intAPI api.SigningKeyServerAPI, caches *caching.Caches) {
|
|
inthttp.AddRoutes(intAPI, router, caches)
|
|
}
|
|
|
|
// NewInternalAPI returns a concerete implementation of the internal API. Callers
|
|
// can call functions directly on the returned API or via an HTTP interface using AddInternalRoutes.
|
|
func NewInternalAPI(
|
|
cfg *config.SigningKeyServer,
|
|
fedClient gomatrixserverlib.KeyClient,
|
|
caches *caching.Caches,
|
|
) api.SigningKeyServerAPI {
|
|
innerDB, err := storage.NewDatabase(
|
|
&cfg.Database,
|
|
cfg.Matrix.ServerName,
|
|
cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey),
|
|
cfg.Matrix.KeyID,
|
|
)
|
|
if err != nil {
|
|
logrus.WithError(err).Panicf("failed to connect to server key database")
|
|
}
|
|
|
|
serverKeyDB, err := cache.NewKeyDatabase(innerDB, caches)
|
|
if err != nil {
|
|
logrus.WithError(err).Panicf("failed to set up caching wrapper for server key database")
|
|
}
|
|
|
|
internalAPI := internal.ServerKeyAPI{
|
|
ServerName: cfg.Matrix.ServerName,
|
|
ServerPublicKey: cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey),
|
|
ServerKeyID: cfg.Matrix.KeyID,
|
|
ServerKeyValidity: cfg.Matrix.KeyValidityPeriod,
|
|
OldServerKeys: cfg.Matrix.OldVerifyKeys,
|
|
FedClient: fedClient,
|
|
OurKeyRing: gomatrixserverlib.KeyRing{
|
|
KeyFetchers: []gomatrixserverlib.KeyFetcher{},
|
|
KeyDatabase: serverKeyDB,
|
|
},
|
|
}
|
|
|
|
addDirectFetcher := func() {
|
|
internalAPI.OurKeyRing.KeyFetchers = append(
|
|
internalAPI.OurKeyRing.KeyFetchers,
|
|
&gomatrixserverlib.DirectKeyFetcher{
|
|
Client: fedClient,
|
|
},
|
|
)
|
|
}
|
|
|
|
if cfg.PreferDirectFetch {
|
|
addDirectFetcher()
|
|
} else {
|
|
defer addDirectFetcher()
|
|
}
|
|
|
|
var b64e = base64.StdEncoding.WithPadding(base64.NoPadding)
|
|
for _, ps := range cfg.KeyPerspectives {
|
|
perspective := &gomatrixserverlib.PerspectiveKeyFetcher{
|
|
PerspectiveServerName: ps.ServerName,
|
|
PerspectiveServerKeys: map[gomatrixserverlib.KeyID]ed25519.PublicKey{},
|
|
Client: fedClient,
|
|
}
|
|
|
|
for _, key := range ps.Keys {
|
|
rawkey, err := b64e.DecodeString(key.PublicKey)
|
|
if err != nil {
|
|
logrus.WithError(err).WithFields(logrus.Fields{
|
|
"server_name": ps.ServerName,
|
|
"public_key": key.PublicKey,
|
|
}).Warn("Couldn't parse perspective key")
|
|
continue
|
|
}
|
|
perspective.PerspectiveServerKeys[key.KeyID] = rawkey
|
|
}
|
|
|
|
internalAPI.OurKeyRing.KeyFetchers = append(
|
|
internalAPI.OurKeyRing.KeyFetchers,
|
|
perspective,
|
|
)
|
|
|
|
logrus.WithFields(logrus.Fields{
|
|
"server_name": ps.ServerName,
|
|
"num_public_keys": len(ps.Keys),
|
|
}).Info("Enabled perspective key fetcher")
|
|
}
|
|
|
|
return &internalAPI
|
|
}
|