tezlm/grapevine-fork
1
0
Fork 0
forked from mirror/grapevine
Code Pull requests Activity

allow adding extra signing keys

Browse source
This commit is contained in:
tezlm 2024-09-13 02:23:40 -07:00
parent 64e12f2b22
commit a070124125
Signed by: tezlm
GPG key ID: 649733FCD94AFBBA
2 changed files with 42 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
src/api/server_server.rs
View file

@ -577,18 +577,22 @@ pub(crate) async fn get_server_version_route(
// Response type for this endpoint is Json because we need to calculate a // Response type for this endpoint is Json because we need to calculate a
// signature for the response // signature for the response
pub(crate) async fn get_server_keys_route() -> Result<impl IntoResponse> { pub(crate) async fn get_server_keys_route() -> Result<impl IntoResponse> {
let keys: Vec<_> = [services().globals.keypair()]
.into_iter()
.chain(&services().globals.config.extra_key)
.collect();
let mut verify_keys: BTreeMap<OwnedServerSigningKeyId, VerifyKey> = let mut verify_keys: BTreeMap<OwnedServerSigningKeyId, VerifyKey> =
BTreeMap::new(); BTreeMap::new();
verify_keys.insert( for key in &keys {
format!("ed25519:{}", services().globals.keypair().version()) verify_keys.insert(
.try_into() format!("ed25519:{}", key.version())
.expect("found invalid server signing keys in DB"), .try_into()
VerifyKey { .expect("found invalid server signing keys in DB"),
key: Base64::new( VerifyKey {
services().globals.keypair().public_key().to_vec(), key: Base64::new(key.public_key().to_vec()),
), },
}, );
); }
let mut response = serde_json::from_slice( let mut response = serde_json::from_slice(
get_server_keys::v2::Response { get_server_keys::v2::Response {
server_key: Raw::new(&ServerSigningKeys { server_key: Raw::new(&ServerSigningKeys {
@ -609,12 +613,14 @@ pub(crate) async fn get_server_keys_route() -> Result<impl IntoResponse> {
) )
.unwrap(); .unwrap();
ruma::signatures::sign_json( for key in &keys {
services().globals.server_name().as_str(), ruma::signatures::sign_json(
services().globals.keypair(), services().globals.server_name().as_str(),
&mut response, *key,
) &mut response,
.unwrap(); )
.unwrap();
}
Ok(Json(response)) Ok(Json(response))
} }

22
src/config.rs
View file

@ -6,8 +6,8 @@ use std::{
}; };
use once_cell::sync::Lazy; use once_cell::sync::Lazy;
use ruma::{OwnedServerName, RoomVersionId}; use ruma::{serde::Base64, signatures::Ed25519KeyPair, OwnedServerName, RoomVersionId};
use serde::Deserialize; use serde::{Deserialize, Deserializer};
use crate::error; use crate::error;
@ -29,6 +29,8 @@ pub(crate) struct Config {
#[serde(default = "default_listen")] #[serde(default = "default_listen")]
pub(crate) listen: Vec<ListenConfig>, pub(crate) listen: Vec<ListenConfig>,
pub(crate) tls: Option<TlsConfig>, pub(crate) tls: Option<TlsConfig>,
#[serde(default, deserialize_with = "deserialize_keys_config")]
pub(crate) extra_key: Vec<Ed25519KeyPair>,
/// The name of this homeserver /// The name of this homeserver
/// ///
@ -69,6 +71,22 @@ pub(crate) struct Config {
pub(crate) emergency_password: Option<String>, pub(crate) emergency_password: Option<String>,
} }
fn deserialize_keys_config<'de, D>(de: D) -> Result<Vec<Ed25519KeyPair>, D::Error> where D: Deserializer<'de> {
use serde::de::Error;
#[derive(Debug, Deserialize)]
struct RawConfig {
key: Base64,
version: String,
}
let raw: Vec<RawConfig> = Deserialize::deserialize(de)?;
raw
.into_iter()
.map(|r| Ed25519KeyPair::from_der(&r.key.into_inner(), r.version).map_err(D::Error::custom))
.collect()
}
#[derive(Debug, Default, Deserialize)] #[derive(Debug, Default, Deserialize)]
pub(crate) struct ServerDiscovery { pub(crate) struct ServerDiscovery {
/// Server-server discovery configuration /// Server-server discovery configuration