forked from mirror/grapevine
allow adding extra signing keys
This commit is contained in:
parent
64e12f2b22
commit
a070124125
GPG key ID:
649733FCD94AFBBA
2 changed files with 42 additions and 18 deletions
|
|
@ -577,18 +577,22 @@ pub(crate) async fn get_server_version_route(
|
|||
// Response type for this endpoint is Json because we need to calculate a
|
||||
// signature for the response
|
||||
pub(crate) async fn get_server_keys_route() -> Result<impl IntoResponse> {
|
||||
let keys: Vec<_> = [services().globals.keypair()]
|
||||
.into_iter()
|
||||
.chain(&services().globals.config.extra_key)
|
||||
.collect();
|
||||
let mut verify_keys: BTreeMap<OwnedServerSigningKeyId, VerifyKey> =
|
||||
BTreeMap::new();
|
||||
for key in &keys {
|
||||
verify_keys.insert(
|
||||
format!("ed25519:{}", services().globals.keypair().version())
|
||||
format!("ed25519:{}", key.version())
|
||||
.try_into()
|
||||
.expect("found invalid server signing keys in DB"),
|
||||
VerifyKey {
|
||||
key: Base64::new(
|
||||
services().globals.keypair().public_key().to_vec(),
|
||||
),
|
||||
key: Base64::new(key.public_key().to_vec()),
|
||||
},
|
||||
);
|
||||
}
|
||||
let mut response = serde_json::from_slice(
|
||||
get_server_keys::v2::Response {
|
||||
server_key: Raw::new(&ServerSigningKeys {
|
||||
|
|
@ -609,12 +613,14 @@ pub(crate) async fn get_server_keys_route() -> Result<impl IntoResponse> {
|
|||
)
|
||||
.unwrap();
|
||||
|
||||
for key in &keys {
|
||||
ruma::signatures::sign_json(
|
||||
services().globals.server_name().as_str(),
|
||||
services().globals.keypair(),
|
||||
*key,
|
||||
&mut response,
|
||||
)
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
Ok(Json(response))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ use std::{
|
|||
};
|
||||
|
||||
use once_cell::sync::Lazy;
|
||||
use ruma::{OwnedServerName, RoomVersionId};
|
||||
use serde::Deserialize;
|
||||
use ruma::{serde::Base64, signatures::Ed25519KeyPair, OwnedServerName, RoomVersionId};
|
||||
use serde::{Deserialize, Deserializer};
|
||||
|
||||
use crate::error;
|
||||
|
||||
|
|
@ -29,6 +29,8 @@ pub(crate) struct Config {
|
|||
#[serde(default = "default_listen")]
|
||||
pub(crate) listen: Vec<ListenConfig>,
|
||||
pub(crate) tls: Option<TlsConfig>,
|
||||
#[serde(default, deserialize_with = "deserialize_keys_config")]
|
||||
pub(crate) extra_key: Vec<Ed25519KeyPair>,
|
||||
|
||||
/// The name of this homeserver
|
||||
///
|
||||
|
|
@ -69,6 +71,22 @@ pub(crate) struct Config {
|
|||
pub(crate) emergency_password: Option<String>,
|
||||
}
|
||||
|
||||
fn deserialize_keys_config<'de, D>(de: D) -> Result<Vec<Ed25519KeyPair>, D::Error> where D: Deserializer<'de> {
|
||||
use serde::de::Error;
|
||||
|
||||
#[derive(Debug, Deserialize)]
|
||||
struct RawConfig {
|
||||
key: Base64,
|
||||
version: String,
|
||||
}
|
||||
|
||||
let raw: Vec<RawConfig> = Deserialize::deserialize(de)?;
|
||||
raw
|
||||
.into_iter()
|
||||
.map(|r| Ed25519KeyPair::from_der(&r.key.into_inner(), r.version).map_err(D::Error::custom))
|
||||
.collect()
|
||||
}
|
||||
|
||||
#[derive(Debug, Default, Deserialize)]
|
||||
pub(crate) struct ServerDiscovery {
|
||||
/// Server-server discovery configuration
|
||||
|
|
|
|||
Loading…
Reference in a new issue