dendrite/signingkeyserver/signingkeyserver.go
Kegsay bf7e85848b
Rename serverkeyapi to signingkeyserver (#1492)
* Rename serverkeyapi to signingkeyserver

We use "api" for public facing stuff and "server" for internal stuff.
As the server key API is internal only, we call it 'signing key server',
which also clarifies the type of key (as opposed to TLS keys, E2E keys, etc)

* Convert docker/scripts to use signing-key-server

* Rename missed bits
2020-10-07 16:23:18 +01:00

108 lines
3.2 KiB
Go

package signingkeyserver
import (
"crypto/ed25519"
"encoding/base64"
"github.com/gorilla/mux"
"github.com/matrix-org/dendrite/internal/caching"
"github.com/matrix-org/dendrite/internal/config"
"github.com/matrix-org/dendrite/signingkeyserver/api"
"github.com/matrix-org/dendrite/signingkeyserver/internal"
"github.com/matrix-org/dendrite/signingkeyserver/inthttp"
"github.com/matrix-org/dendrite/signingkeyserver/storage"
"github.com/matrix-org/dendrite/signingkeyserver/storage/cache"
"github.com/matrix-org/gomatrixserverlib"
"github.com/sirupsen/logrus"
)
// AddInternalRoutes registers HTTP handlers for the internal API. Invokes functions
// on the given input API.
func AddInternalRoutes(router *mux.Router, intAPI api.SigningKeyServerAPI, caches *caching.Caches) {
inthttp.AddRoutes(intAPI, router, caches)
}
// NewInternalAPI returns a concerete implementation of the internal API. Callers
// can call functions directly on the returned API or via an HTTP interface using AddInternalRoutes.
func NewInternalAPI(
cfg *config.SigningKeyServer,
fedClient gomatrixserverlib.KeyClient,
caches *caching.Caches,
) api.SigningKeyServerAPI {
innerDB, err := storage.NewDatabase(
&cfg.Database,
cfg.Matrix.ServerName,
cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey),
cfg.Matrix.KeyID,
)
if err != nil {
logrus.WithError(err).Panicf("failed to connect to server key database")
}
serverKeyDB, err := cache.NewKeyDatabase(innerDB, caches)
if err != nil {
logrus.WithError(err).Panicf("failed to set up caching wrapper for server key database")
}
internalAPI := internal.ServerKeyAPI{
ServerName: cfg.Matrix.ServerName,
ServerPublicKey: cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey),
ServerKeyID: cfg.Matrix.KeyID,
ServerKeyValidity: cfg.Matrix.KeyValidityPeriod,
OldServerKeys: cfg.Matrix.OldVerifyKeys,
FedClient: fedClient,
OurKeyRing: gomatrixserverlib.KeyRing{
KeyFetchers: []gomatrixserverlib.KeyFetcher{},
KeyDatabase: serverKeyDB,
},
}
addDirectFetcher := func() {
internalAPI.OurKeyRing.KeyFetchers = append(
internalAPI.OurKeyRing.KeyFetchers,
&gomatrixserverlib.DirectKeyFetcher{
Client: fedClient,
},
)
}
if cfg.PreferDirectFetch {
addDirectFetcher()
} else {
defer addDirectFetcher()
}
var b64e = base64.StdEncoding.WithPadding(base64.NoPadding)
for _, ps := range cfg.KeyPerspectives {
perspective := &gomatrixserverlib.PerspectiveKeyFetcher{
PerspectiveServerName: ps.ServerName,
PerspectiveServerKeys: map[gomatrixserverlib.KeyID]ed25519.PublicKey{},
Client: fedClient,
}
for _, key := range ps.Keys {
rawkey, err := b64e.DecodeString(key.PublicKey)
if err != nil {
logrus.WithError(err).WithFields(logrus.Fields{
"server_name": ps.ServerName,
"public_key": key.PublicKey,
}).Warn("Couldn't parse perspective key")
continue
}
perspective.PerspectiveServerKeys[key.KeyID] = rawkey
}
internalAPI.OurKeyRing.KeyFetchers = append(
internalAPI.OurKeyRing.KeyFetchers,
perspective,
)
logrus.WithFields(logrus.Fields{
"server_name": ps.ServerName,
"num_public_keys": len(ps.Keys),
}).Info("Enabled perspective key fetcher")
}
return &internalAPI
}