Handle inbound federation E2E key queries/claims (#1215)

* Handle inbound /keys/claim and /keys/query requests * Add display names to device key responses * Linting
2025-07-30 04:52:46 +00:00 · 2020-07-22 17:04:57 +01:00 · 2020-07-22 17:04:57 +01:00 · 541a23f712
commit 541a23f712
parent 1e71fd645e
25 changed files with 321 additions and 35 deletions
--- a/federationapi/federationapi.go
+++ b/federationapi/federationapi.go
@ -20,6 +20,7 @@ import (
 	eduserverAPI "github.com/matrix-org/dendrite/eduserver/api"
 	federationSenderAPI "github.com/matrix-org/dendrite/federationsender/api"
 	"github.com/matrix-org/dendrite/internal/config"
+	keyserverAPI "github.com/matrix-org/dendrite/keyserver/api"
 	roomserverAPI "github.com/matrix-org/dendrite/roomserver/api"
 	userapi "github.com/matrix-org/dendrite/userapi/api"

@ -38,11 +39,12 @@ func AddPublicRoutes(
 	federationSenderAPI federationSenderAPI.FederationSenderInternalAPI,
 	eduAPI eduserverAPI.EDUServerInputAPI,
 	stateAPI currentstateAPI.CurrentStateInternalAPI,
+	keyAPI keyserverAPI.KeyInternalAPI,
 ) {

 	routing.Setup(
 		router, cfg, rsAPI,
 		eduAPI, federationSenderAPI, keyRing,
-		federation, userAPI, stateAPI,
+		federation, userAPI, stateAPI, keyAPI,
 	)
 }
--- a/federationapi/federationapi_test.go
+++ b/federationapi/federationapi_test.go
@ -31,7 +31,7 @@ func TestRoomsV3URLEscapeDoNot404(t *testing.T) {
 	fsAPI := base.FederationSenderHTTPClient()
 	// TODO: This is pretty fragile, as if anything calls anything on these nils this test will break.
 	// Unfortunately, it makes little sense to instantiate these dependencies when we just want to test routing.
-	federationapi.AddPublicRoutes(base.PublicAPIMux, cfg, nil, nil, keyRing, nil, fsAPI, nil, nil)
+	federationapi.AddPublicRoutes(base.PublicAPIMux, cfg, nil, nil, keyRing, nil, fsAPI, nil, nil, nil)
 	httputil.SetupHTTPAPI(
 		base.BaseMux,
 		base.PublicAPIMux,
--- a/federationapi/routing/keys.go
+++ b/federationapi/routing/keys.go
@ -19,12 +19,106 @@ import (
 	"net/http"
 	"time"

+	"github.com/matrix-org/dendrite/clientapi/jsonerror"
 	"github.com/matrix-org/dendrite/internal/config"
+	"github.com/matrix-org/dendrite/keyserver/api"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
 	"golang.org/x/crypto/ed25519"
 )

+type queryKeysRequest struct {
+	DeviceKeys map[string][]string `json:"device_keys"`
+}
+
+// QueryDeviceKeys returns device keys for users on this server.
+// https://matrix.org/docs/spec/server_server/latest#post-matrix-federation-v1-user-keys-query
+func QueryDeviceKeys(
+	httpReq *http.Request, request *gomatrixserverlib.FederationRequest, keyAPI api.KeyInternalAPI, thisServer gomatrixserverlib.ServerName,
+) util.JSONResponse {
+	var qkr queryKeysRequest
+	err := json.Unmarshal(request.Content(), &qkr)
+	if err != nil {
+		return util.JSONResponse{
+			Code: http.StatusBadRequest,
+			JSON: jsonerror.BadJSON("The request body could not be decoded into valid JSON. " + err.Error()),
+		}
+	}
+	// make sure we only query users on our domain
+	for userID := range qkr.DeviceKeys {
+		_, serverName, err := gomatrixserverlib.SplitID('@', userID)
+		if err != nil {
+			delete(qkr.DeviceKeys, userID)
+			continue // ignore invalid users
+		}
+		if serverName != thisServer {
+			delete(qkr.DeviceKeys, userID)
+			continue
+		}
+	}
+
+	var queryRes api.QueryKeysResponse
+	keyAPI.QueryKeys(httpReq.Context(), &api.QueryKeysRequest{
+		UserToDevices: qkr.DeviceKeys,
+	}, &queryRes)
+	if queryRes.Error != nil {
+		util.GetLogger(httpReq.Context()).WithError(queryRes.Error).Error("Failed to QueryKeys")
+		return jsonerror.InternalServerError()
+	}
+	return util.JSONResponse{
+		Code: 200,
+		JSON: struct {
+			DeviceKeys interface{} `json:"device_keys"`
+		}{queryRes.DeviceKeys},
+	}
+}
+
+type claimOTKsRequest struct {
+	OneTimeKeys map[string]map[string]string `json:"one_time_keys"`
+}
+
+// ClaimOneTimeKeys claims OTKs for users on this server.
+// https://matrix.org/docs/spec/server_server/latest#post-matrix-federation-v1-user-keys-claim
+func ClaimOneTimeKeys(
+	httpReq *http.Request, request *gomatrixserverlib.FederationRequest, keyAPI api.KeyInternalAPI, thisServer gomatrixserverlib.ServerName,
+) util.JSONResponse {
+	var cor claimOTKsRequest
+	err := json.Unmarshal(request.Content(), &cor)
+	if err != nil {
+		return util.JSONResponse{
+			Code: http.StatusBadRequest,
+			JSON: jsonerror.BadJSON("The request body could not be decoded into valid JSON. " + err.Error()),
+		}
+	}
+	// make sure we only claim users on our domain
+	for userID := range cor.OneTimeKeys {
+		_, serverName, err := gomatrixserverlib.SplitID('@', userID)
+		if err != nil {
+			delete(cor.OneTimeKeys, userID)
+			continue // ignore invalid users
+		}
+		if serverName != thisServer {
+			delete(cor.OneTimeKeys, userID)
+			continue
+		}
+	}
+
+	var claimRes api.PerformClaimKeysResponse
+	keyAPI.PerformClaimKeys(httpReq.Context(), &api.PerformClaimKeysRequest{
+		OneTimeKeys: cor.OneTimeKeys,
+	}, &claimRes)
+	if claimRes.Error != nil {
+		util.GetLogger(httpReq.Context()).WithError(claimRes.Error).Error("Failed to PerformClaimKeys")
+		return jsonerror.InternalServerError()
+	}
+	return util.JSONResponse{
+		Code: 200,
+		JSON: struct {
+			OneTimeKeys interface{} `json:"one_time_keys"`
+		}{claimRes.OneTimeKeys},
+	}
+}
+
 // LocalKeys returns the local keys for the server.
 // See https://matrix.org/docs/spec/server_server/unstable.html#publishing-keys
 func LocalKeys(cfg *config.Dendrite) util.JSONResponse {
--- a/federationapi/routing/routing.go
+++ b/federationapi/routing/routing.go
@ -24,6 +24,7 @@ import (
 	federationSenderAPI "github.com/matrix-org/dendrite/federationsender/api"
 	"github.com/matrix-org/dendrite/internal/config"
 	"github.com/matrix-org/dendrite/internal/httputil"
+	keyserverAPI "github.com/matrix-org/dendrite/keyserver/api"
 	roomserverAPI "github.com/matrix-org/dendrite/roomserver/api"
 	userapi "github.com/matrix-org/dendrite/userapi/api"
 	"github.com/matrix-org/gomatrixserverlib"
@ -54,6 +55,7 @@ func Setup(
 	federation *gomatrixserverlib.FederationClient,
 	userAPI userapi.UserInternalAPI,
 	stateAPI currentstateAPI.CurrentStateInternalAPI,
+	keyAPI keyserverAPI.KeyInternalAPI,
 ) {
 	v2keysmux := publicAPIMux.PathPrefix(pathPrefixV2Keys).Subrouter()
 	v1fedmux := publicAPIMux.PathPrefix(pathPrefixV1Federation).Subrouter()
@ -299,4 +301,18 @@ func Setup(
 			return GetPostPublicRooms(req, rsAPI, stateAPI)
 		}),
 	).Methods(http.MethodGet)
+
+	v1fedmux.Handle("/user/keys/claim", httputil.MakeFedAPI(
+		"federation_keys_claim", cfg.Matrix.ServerName, keys, wakeup,
+		func(httpReq *http.Request, request *gomatrixserverlib.FederationRequest, vars map[string]string) util.JSONResponse {
+			return ClaimOneTimeKeys(httpReq, request, keyAPI, cfg.Matrix.ServerName)
+		},
+	)).Methods(http.MethodPost)
+
+	v1fedmux.Handle("/user/keys/query", httputil.MakeFedAPI(
+		"federation_keys_query", cfg.Matrix.ServerName, keys, wakeup,
+		func(httpReq *http.Request, request *gomatrixserverlib.FederationRequest, vars map[string]string) util.JSONResponse {
+			return QueryDeviceKeys(httpReq, request, keyAPI, cfg.Matrix.ServerName)
+		},
+	)).Methods(http.MethodPost)
 }