2020-01-03 14:07:05 +00:00
|
|
|
// Copyright 2017-2018 New Vector Ltd
|
|
|
|
// Copyright 2019-2020 The Matrix.org Foundation C.I.C.
|
2017-06-09 18:07:34 +01:00
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
2020-01-03 14:07:05 +00:00
|
|
|
package postgres
|
2017-06-09 18:07:34 +01:00
|
|
|
|
|
|
|
import (
|
2017-09-21 16:16:02 +01:00
|
|
|
"context"
|
2017-06-09 18:07:34 +01:00
|
|
|
"database/sql"
|
2017-08-07 11:51:46 +01:00
|
|
|
|
2017-06-09 18:07:34 +01:00
|
|
|
"github.com/lib/pq"
|
2020-06-12 14:55:57 +01:00
|
|
|
"github.com/matrix-org/dendrite/internal"
|
2021-11-24 10:45:23 +00:00
|
|
|
"github.com/matrix-org/dendrite/internal/sqlutil"
|
2017-06-09 18:07:34 +01:00
|
|
|
"github.com/matrix-org/gomatrixserverlib"
|
2023-04-19 15:50:33 +01:00
|
|
|
"github.com/matrix-org/gomatrixserverlib/spec"
|
2017-06-09 18:07:34 +01:00
|
|
|
)
|
|
|
|
|
2021-11-24 10:45:23 +00:00
|
|
|
const serverSigningKeysSchema = `
|
2017-11-15 17:46:16 +00:00
|
|
|
-- A cache of signing keys downloaded from remote servers.
|
2017-08-07 11:51:46 +01:00
|
|
|
CREATE TABLE IF NOT EXISTS keydb_server_keys (
|
2017-06-09 18:07:34 +01:00
|
|
|
-- The name of the matrix server the key is for.
|
|
|
|
server_name TEXT NOT NULL,
|
|
|
|
-- The ID of the server key.
|
|
|
|
server_key_id TEXT NOT NULL,
|
|
|
|
-- Combined server name and key ID separated by the ASCII unit separator
|
|
|
|
-- to make it easier to run bulk queries.
|
|
|
|
server_name_and_key_id TEXT NOT NULL,
|
2017-11-15 17:46:16 +00:00
|
|
|
-- When the key is valid until as a millisecond timestamp.
|
|
|
|
-- 0 if this is an expired key (in which case expired_ts will be non-zero)
|
2017-06-09 18:07:34 +01:00
|
|
|
valid_until_ts BIGINT NOT NULL,
|
2017-11-15 17:46:16 +00:00
|
|
|
-- When the key expired as a millisecond timestamp.
|
|
|
|
-- 0 if this is an active key (in which case valid_until_ts will be non-zero)
|
|
|
|
expired_ts BIGINT NOT NULL,
|
|
|
|
-- The base64-encoded public key.
|
|
|
|
server_key TEXT NOT NULL,
|
2017-08-07 11:51:46 +01:00
|
|
|
CONSTRAINT keydb_server_keys_unique UNIQUE (server_name, server_key_id)
|
2017-06-09 18:07:34 +01:00
|
|
|
);
|
|
|
|
|
2017-08-07 11:51:46 +01:00
|
|
|
CREATE INDEX IF NOT EXISTS keydb_server_name_and_key_id ON keydb_server_keys (server_name_and_key_id);
|
2017-06-09 18:07:34 +01:00
|
|
|
`
|
|
|
|
|
2021-11-24 10:45:23 +00:00
|
|
|
const bulkSelectServerSigningKeysSQL = "" +
|
2017-11-15 17:46:16 +00:00
|
|
|
"SELECT server_name, server_key_id, valid_until_ts, expired_ts, " +
|
|
|
|
" server_key FROM keydb_server_keys" +
|
2017-06-09 18:07:34 +01:00
|
|
|
" WHERE server_name_and_key_id = ANY($1)"
|
|
|
|
|
2021-11-24 10:45:23 +00:00
|
|
|
const upsertServerSigningKeysSQL = "" +
|
2017-08-07 11:51:46 +01:00
|
|
|
"INSERT INTO keydb_server_keys (server_name, server_key_id," +
|
2017-11-15 17:46:16 +00:00
|
|
|
" server_name_and_key_id, valid_until_ts, expired_ts, server_key)" +
|
|
|
|
" VALUES ($1, $2, $3, $4, $5, $6)" +
|
2017-08-07 11:51:46 +01:00
|
|
|
" ON CONFLICT ON CONSTRAINT keydb_server_keys_unique" +
|
2017-11-15 17:46:16 +00:00
|
|
|
" DO UPDATE SET valid_until_ts = $4, expired_ts = $5, server_key = $6"
|
2017-06-09 18:07:34 +01:00
|
|
|
|
2021-11-24 10:45:23 +00:00
|
|
|
type serverSigningKeyStatements struct {
|
2017-06-09 18:07:34 +01:00
|
|
|
bulkSelectServerKeysStmt *sql.Stmt
|
|
|
|
upsertServerKeysStmt *sql.Stmt
|
|
|
|
}
|
|
|
|
|
2021-11-24 10:45:23 +00:00
|
|
|
func NewPostgresServerSigningKeysTable(db *sql.DB) (s *serverSigningKeyStatements, err error) {
|
|
|
|
s = &serverSigningKeyStatements{}
|
|
|
|
_, err = db.Exec(serverSigningKeysSchema)
|
2017-06-09 18:07:34 +01:00
|
|
|
if err != nil {
|
|
|
|
return
|
|
|
|
}
|
2023-03-23 12:52:53 +00:00
|
|
|
return s, sqlutil.StatementList{
|
|
|
|
{&s.bulkSelectServerKeysStmt, bulkSelectServerSigningKeysSQL},
|
|
|
|
{&s.upsertServerKeysStmt, upsertServerSigningKeysSQL},
|
|
|
|
}.Prepare(db)
|
2017-06-09 18:07:34 +01:00
|
|
|
}
|
|
|
|
|
2021-11-24 10:45:23 +00:00
|
|
|
func (s *serverSigningKeyStatements) BulkSelectServerKeys(
|
|
|
|
ctx context.Context, txn *sql.Tx,
|
2023-04-19 15:50:33 +01:00
|
|
|
requests map[gomatrixserverlib.PublicKeyLookupRequest]spec.Timestamp,
|
2018-06-01 17:42:55 +01:00
|
|
|
) (map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult, error) {
|
2017-06-09 18:07:34 +01:00
|
|
|
var nameAndKeyIDs []string
|
|
|
|
for request := range requests {
|
|
|
|
nameAndKeyIDs = append(nameAndKeyIDs, nameAndKeyID(request))
|
|
|
|
}
|
2017-09-21 16:16:02 +01:00
|
|
|
stmt := s.bulkSelectServerKeysStmt
|
|
|
|
rows, err := stmt.QueryContext(ctx, pq.StringArray(nameAndKeyIDs))
|
2017-06-09 18:07:34 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2020-05-21 14:40:13 +01:00
|
|
|
defer internal.CloseAndLogIfError(ctx, rows, "bulkSelectServerKeys: rows.close() failed")
|
2018-06-01 17:42:55 +01:00
|
|
|
results := map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult{}
|
2023-11-22 12:05:24 +00:00
|
|
|
|
|
|
|
var serverName string
|
|
|
|
var keyID string
|
|
|
|
var key string
|
|
|
|
var validUntilTS int64
|
|
|
|
var expiredTS int64
|
|
|
|
var vk gomatrixserverlib.VerifyKey
|
2017-06-09 18:07:34 +01:00
|
|
|
for rows.Next() {
|
2017-11-15 17:46:16 +00:00
|
|
|
if err = rows.Scan(&serverName, &keyID, &validUntilTS, &expiredTS, &key); err != nil {
|
2017-06-09 18:07:34 +01:00
|
|
|
return nil, err
|
|
|
|
}
|
2018-06-01 17:42:55 +01:00
|
|
|
r := gomatrixserverlib.PublicKeyLookupRequest{
|
2023-04-19 15:50:33 +01:00
|
|
|
ServerName: spec.ServerName(serverName),
|
2017-09-20 13:40:22 +01:00
|
|
|
KeyID: gomatrixserverlib.KeyID(keyID),
|
2017-06-09 18:07:34 +01:00
|
|
|
}
|
2017-11-15 17:46:16 +00:00
|
|
|
err = vk.Key.Decode(key)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
results[r] = gomatrixserverlib.PublicKeyLookupResult{
|
|
|
|
VerifyKey: vk,
|
2023-04-19 15:50:33 +01:00
|
|
|
ValidUntilTS: spec.Timestamp(validUntilTS),
|
|
|
|
ExpiredTS: spec.Timestamp(expiredTS),
|
2017-11-15 17:46:16 +00:00
|
|
|
}
|
2017-06-09 18:07:34 +01:00
|
|
|
}
|
2020-02-11 14:12:21 +00:00
|
|
|
return results, rows.Err()
|
2017-06-09 18:07:34 +01:00
|
|
|
}
|
|
|
|
|
2021-11-24 10:45:23 +00:00
|
|
|
func (s *serverSigningKeyStatements) UpsertServerKeys(
|
|
|
|
ctx context.Context, txn *sql.Tx,
|
2018-06-01 17:42:55 +01:00
|
|
|
request gomatrixserverlib.PublicKeyLookupRequest,
|
2017-11-15 17:46:16 +00:00
|
|
|
key gomatrixserverlib.PublicKeyLookupResult,
|
2017-06-09 18:07:34 +01:00
|
|
|
) error {
|
2021-11-24 10:45:23 +00:00
|
|
|
stmt := sqlutil.TxStmt(txn, s.upsertServerKeysStmt)
|
|
|
|
_, err := stmt.ExecContext(
|
2017-09-21 16:16:02 +01:00
|
|
|
ctx,
|
|
|
|
string(request.ServerName),
|
|
|
|
string(request.KeyID),
|
|
|
|
nameAndKeyID(request),
|
2017-11-15 17:46:16 +00:00
|
|
|
key.ValidUntilTS,
|
|
|
|
key.ExpiredTS,
|
|
|
|
key.Key.Encode(),
|
2017-06-09 18:07:34 +01:00
|
|
|
)
|
2017-09-20 14:15:38 +01:00
|
|
|
return err
|
2017-06-09 18:07:34 +01:00
|
|
|
}
|
|
|
|
|
2018-06-01 17:42:55 +01:00
|
|
|
func nameAndKeyID(request gomatrixserverlib.PublicKeyLookupRequest) string {
|
2017-06-09 18:07:34 +01:00
|
|
|
return string(request.ServerName) + "\x1F" + string(request.KeyID)
|
|
|
|
}
|