hoernschen/dendrite
1
0
Fork 0
mirror of https://github.com/hoernschen/dendrite.git synced 2025-07-31 13:22:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

More server key updates, tests (#1129)

Browse source 
* More key tweaks

* Start testing stuff

* Move responsibility for generating local keys into server key API, don't register prom in caches unless needed, start tests

* Don't store our own keys in the database

* Don't store our own keys in the database

* Don't run tests for now

* Tweak caching behaviour, update tests

* Update comments, add fixes from forward-merge

* Debug logging

* Debug logging

* Perform final comparison against original set of requests

* oops

* Fetcher timeouts

* Fetcher timeouts

* missing func

* Tweaks

* Update gomatrixserverlib

* Fix Federation API test

* Break up FetchKeys

* Add comments to caching

* Add URL check in test

* Partially revert "Move responsibility for generating local keys into server key API, don't register prom in caches unless needed, start tests"

This reverts commit d7eb54c5b30b2f6a9d6514b643e32e6ad2b602f3.

* Fix federation API test

* Fix internal cache stuff again

* Fix server key API test

* Update comments

* Update comments from review

* Fix lint
This commit is contained in:
Neil Alexander 2020-06-16 13:11:20 +01:00 committed by GitHub
parent 67ad661813
commit 57b7fa3db8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 538 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

217
serverkeyapi/internal/api.go
View file

@ -2,16 +2,23 @@ package internal
import (
"context"
"crypto/ed25519"
"fmt"
"time"
"github.com/matrix-org/dendrite/serverkeyapi/api"
"github.com/matrix-org/gomatrixserverlib"
"github.com/sirupsen/logrus"
)
type ServerKeyAPI struct {
api.ServerKeyInternalAPI
ServerName gomatrixserverlib.ServerName
ServerPublicKey ed25519.PublicKey
ServerKeyID gomatrixserverlib.KeyID
ServerKeyValidity time.Duration
OurKeyRing gomatrixserverlib.KeyRing
FedClient *gomatrixserverlib.FederationClient
}
@ -33,6 +40,7 @@ func (s *ServerKeyAPI) StoreKeys(
// Run in a background context - we don't want to stop this work just
// because the caller gives up waiting.
ctx := context.Background()
// Store any keys that we were given in our database.
return s.OurKeyRing.KeyDatabase.StoreKeys(ctx, results)
}
@ -44,52 +52,57 @@ func (s *ServerKeyAPI) FetchKeys(
// Run in a background context - we don't want to stop this work just
// because the caller gives up waiting.
ctx := context.Background()
results := map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult{}
now := gomatrixserverlib.AsTimestamp(time.Now())
// First consult our local database and see if we have the requested
results := map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult{}
origRequests := map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp{}
for k, v := range requests {
origRequests[k] = v
}
// First, check if any of these key checks are for our own keys. If
// they are then we will satisfy them directly.
s.handleLocalKeys(ctx, requests, results)
// Then consult our local database and see if we have the requested
// keys. These might come from a cache, depending on the database
// implementation used.
if dbResults, err := s.OurKeyRing.KeyDatabase.FetchKeys(ctx, requests); err == nil {
// We successfully got some keys. Add them to the results and
// remove them from the request list.
for req, res := range dbResults {
if !res.WasValidAt(now, true) {
// We appear to be past the key validity. Don't return this
// key with the results.
continue
}
results[req] = res
delete(requests, req)
}
if err := s.handleDatabaseKeys(ctx, now, requests, results); err != nil {
return nil, err
}
// For any key requests that we still have outstanding, next try to
// fetch them directly. We'll go through each of the key fetchers to
// ask for the remaining keys.
// ask for the remaining keys
for _, fetcher := range s.OurKeyRing.KeyFetchers {
// If there are no more keys to look up then stop.
if len(requests) == 0 {
break
}
if fetcherResults, err := fetcher.FetchKeys(ctx, requests); err == nil {
// We successfully got some keys. Add them to the results and
// remove them from the request list.
for req, res := range fetcherResults {
if !res.WasValidAt(now, true) {
// We appear to be past the key validity. Don't return this
// key with the results.
continue
}
results[req] = res
delete(requests, req)
}
if err = s.OurKeyRing.KeyDatabase.StoreKeys(ctx, fetcherResults); err != nil {
return nil, fmt.Errorf("server key API failed to store retrieved keys: %w", err)
}
// Ask the fetcher to look up our keys.
if err := s.handleFetcherKeys(ctx, now, fetcher, requests, results); err != nil {
logrus.WithError(err).WithFields(logrus.Fields{
"fetcher_name": fetcher.FetcherName(),
}).Errorf("Failed to retrieve %d key(s)", len(requests))
continue
}
}
// If we failed to fetch any keys then we should report an error.
if len(requests) > 0 {
return results, fmt.Errorf("server key API failed to fetch %d keys", len(requests))
// Check that we've actually satisfied all of the key requests that we
// were given. We should report an error if we didn't.
for req := range origRequests {
if _, ok := results[req]; !ok {
// The results don't contain anything for this specific request, so
// we've failed to satisfy it from local keys, database keys or from
// all of the fetchers. Report an error.
logrus.Warnf("Failed to retrieve key %q for server %q", req.KeyID, req.ServerName)
return results, fmt.Errorf(
"server key API failed to satisfy key request for server %q key ID %q",
req.ServerName, req.KeyID,
)
}
}
// Return the keys.
return results, nil
}
@ -97,3 +110,141 @@ func (s *ServerKeyAPI) FetchKeys(
func (s *ServerKeyAPI) FetcherName() string {
return fmt.Sprintf("ServerKeyAPI (wrapping %q)", s.OurKeyRing.KeyDatabase.FetcherName())
}
// handleLocalKeys handles cases where the key request contains
// a request for our own server keys.
func (s *ServerKeyAPI) handleLocalKeys(
_ context.Context,
requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
results map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult,
) {
for req := range requests {
if req.ServerName == s.ServerName {
// We found a key request that is supposed to be for our own
// keys. Remove it from the request list so we don't hit the
// database or the fetchers for it.
delete(requests, req)
// Insert our own key into the response.
results[req] = gomatrixserverlib.PublicKeyLookupResult{
VerifyKey: gomatrixserverlib.VerifyKey{
Key: gomatrixserverlib.Base64Bytes(s.ServerPublicKey),
},
ExpiredTS: gomatrixserverlib.PublicKeyNotExpired,
ValidUntilTS: gomatrixserverlib.AsTimestamp(time.Now().Add(s.ServerKeyValidity)),
}
}
}
}
// handleDatabaseKeys handles cases where the key requests can be
// satisfied from our local database/cache.
func (s *ServerKeyAPI) handleDatabaseKeys(
ctx context.Context,
now gomatrixserverlib.Timestamp,
requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
results map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult,
) error {
// Ask the database/cache for the keys.
dbResults, err := s.OurKeyRing.KeyDatabase.FetchKeys(ctx, requests)
if err != nil {
return err
}
// We successfully got some keys. Add them to the results.
for req, res := range dbResults {
// The key we've retrieved from the database/cache might
// have passed its validity period, but right now, it's
// the best thing we've got, and it might be sufficient to
// verify a past event.
results[req] = res
// If the key is valid right now then we can also remove it
// from the request list as we don't need to fetch it again
// in that case. If the key isn't valid right now, then by
// leaving it in the 'requests' map, we'll try to update the
// key using the fetchers in handleFetcherKeys.
if res.WasValidAt(now, true) {
delete(requests, req)
}
}
return nil
}
// handleFetcherKeys handles cases where a fetcher can satisfy
// the remaining requests.
func (s *ServerKeyAPI) handleFetcherKeys(
ctx context.Context,
now gomatrixserverlib.Timestamp,
fetcher gomatrixserverlib.KeyFetcher,
requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
results map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult,
) error {
logrus.WithFields(logrus.Fields{
"fetcher_name": fetcher.FetcherName(),
}).Infof("Fetching %d key(s)", len(requests))
// Create a context that limits our requests to 30 seconds.
fetcherCtx, fetcherCancel := context.WithTimeout(ctx, time.Second*30)
defer fetcherCancel()
// Try to fetch the keys.
fetcherResults, err := fetcher.FetchKeys(fetcherCtx, requests)
if err != nil {
return err
}
// Build a map of the results that we want to commit to the
// database. We do this in a separate map because otherwise we
// might end up trying to rewrite database entries.
storeResults := map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult{}
// Now let's look at the results that we got from this fetcher.
for req, res := range fetcherResults {
if prev, ok := results[req]; ok {
// We've already got a previous entry for this request
// so let's see if the newly retrieved one contains a more
// up-to-date validity period.
if res.ValidUntilTS > prev.ValidUntilTS {
// This key is newer than the one we had so let's store
// it in the database.
if req.ServerName != s.ServerName {
storeResults[req] = res
}
}
} else {
// We didn't already have a previous entry for this request
// so store it in the database anyway for now.
if req.ServerName != s.ServerName {
storeResults[req] = res
}
}
// Update the results map with this new result. If nothing
// else, we can try verifying against this key.
results[req] = res
// If the key is valid right now then we can remove it from the
// request list as we won't need to re-fetch it.
if res.WasValidAt(now, true) {
delete(requests, req)
}
}
// Store the keys from our store map.
if err = s.OurKeyRing.KeyDatabase.StoreKeys(ctx, storeResults); err != nil {
logrus.WithError(err).WithFields(logrus.Fields{
"fetcher_name": fetcher.FetcherName(),
"database_name": s.OurKeyRing.KeyDatabase.FetcherName(),
}).Errorf("Failed to store keys in the database")
return fmt.Errorf("server key API failed to store retrieved keys: %w", err)
}
if len(storeResults) > 0 {
logrus.WithFields(logrus.Fields{
"fetcher_name": fetcher.FetcherName(),
}).Infof("Updated %d of %d key(s) in database", len(storeResults), len(results))
}
return nil
}

2
serverkeyapi/inthttp/client.go
View file

@ -90,7 +90,7 @@ func (s *httpServerKeyInternalAPI) FetchKeys(
Results: make(map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult),
}
for req, ts := range requests {
if res, ok := s.cache.GetServerKey(req); ok {
if res, ok := s.cache.GetServerKey(req, ts); ok {
result[req] = res
continue
}

6
serverkeyapi/serverkeyapi.go
View file

@ -46,7 +46,11 @@ func NewInternalAPI(
}
internalAPI := internal.ServerKeyAPI{
FedClient: fedClient,
ServerName: cfg.Matrix.ServerName,
ServerPublicKey: cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey),
ServerKeyID: cfg.Matrix.KeyID,
ServerKeyValidity: cfg.Matrix.KeyValidityPeriod,
FedClient: fedClient,
OurKeyRing: gomatrixserverlib.KeyRing{
KeyFetchers: []gomatrixserverlib.KeyFetcher{
&gomatrixserverlib.DirectKeyFetcher{

315
serverkeyapi/serverkeyapi_test.go Normal file
View file

@ -0,0 +1,315 @@
package serverkeyapi
import (
"bytes"
"context"
"crypto/ed25519"
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
"os"
"reflect"
"testing"
"time"
"github.com/matrix-org/dendrite/federationapi/routing"
"github.com/matrix-org/dendrite/internal/caching"
"github.com/matrix-org/dendrite/internal/config"
"github.com/matrix-org/dendrite/serverkeyapi/api"
"github.com/matrix-org/gomatrixserverlib"
)
type server struct {
name gomatrixserverlib.ServerName // server name
validity time.Duration // key validity duration from now
config *config.Dendrite // skeleton config, from TestMain
fedclient *gomatrixserverlib.FederationClient // uses MockRoundTripper
cache *caching.Caches // server-specific cache
api api.ServerKeyInternalAPI // server-specific server key API
}
func (s *server) renew() {
// This updates the validity period to be an hour in the
// future, which is particularly useful in server A and
// server C's cases which have validity either as now or
// in the past.
s.validity = time.Hour
s.config.Matrix.KeyValidityPeriod = s.validity
}
var (
serverKeyID = gomatrixserverlib.KeyID("ed25519:auto")
serverA = &server{name: "a.com", validity: time.Duration(0)} // expires now
serverB = &server{name: "b.com", validity: time.Hour} // expires in an hour
serverC = &server{name: "c.com", validity: -time.Hour} // expired an hour ago
)
var servers = map[string]*server{
"a.com": serverA,
"b.com": serverB,
"c.com": serverC,
}
func TestMain(m *testing.M) {
// Set up the server key API for each "server" that we
// will use in our tests.
for _, s := range servers {
// Generate a new key.
_, testPriv, err := ed25519.GenerateKey(nil)
if err != nil {
panic("can't generate identity key: " + err.Error())
}
// Create a new cache but don't enable prometheus!
s.cache, err = caching.NewInMemoryLRUCache(false)
if err != nil {
panic("can't create cache: " + err.Error())
}
// Draw up just enough Dendrite config for the server key
// API to work.
s.config = &config.Dendrite{}
s.config.SetDefaults()
s.config.Matrix.ServerName = gomatrixserverlib.ServerName(s.name)
s.config.Matrix.PrivateKey = testPriv
s.config.Matrix.KeyID = serverKeyID
s.config.Matrix.KeyValidityPeriod = s.validity
s.config.Database.ServerKey = config.DataSource("file::memory:")
// Create a transport which redirects federation requests to
// the mock round tripper. Since we're not *really* listening for
// federation requests then this will return the key instead.
transport := &http.Transport{}
transport.RegisterProtocol("matrix", &MockRoundTripper{})
// Create the federation client.
s.fedclient = gomatrixserverlib.NewFederationClientWithTransport(
s.config.Matrix.ServerName, serverKeyID, testPriv, transport,
)
// Finally, build the server key APIs.
s.api = NewInternalAPI(s.config, s.fedclient, s.cache)
}
// Now that we have built our server key APIs, start the
// rest of the tests.
os.Exit(m.Run())
}
type MockRoundTripper struct{}
func (m *MockRoundTripper) RoundTrip(req *http.Request) (res *http.Response, err error) {
// Check if the request is looking for keys from a server that
// we know about in the test. The only reason this should go wrong
// is if the test is broken.
s, ok := servers[req.Host]
if !ok {
return nil, fmt.Errorf("server not known: %s", req.Host)
}
// We're intercepting /matrix/key/v2/server requests here, so check
// that the URL supplied in the request is for that.
if req.URL.Path != "/_matrix/key/v2/server" {
return nil, fmt.Errorf("unexpected request path: %s", req.URL.Path)
}
// Get the keys and JSON-ify them.
keys := routing.LocalKeys(s.config)
body, err := json.MarshalIndent(keys.JSON, "", " ")
if err != nil {
return nil, err
}
// And respond.
res = &http.Response{
StatusCode: 200,
Body: ioutil.NopCloser(bytes.NewReader(body)),
}
return
}
func TestServersRequestOwnKeys(t *testing.T) {
// Each server will request its own keys. There's no reason
// for this to fail as each server should know its own keys.
for name, s := range servers {
req := gomatrixserverlib.PublicKeyLookupRequest{
ServerName: s.name,
KeyID: serverKeyID,
}
res, err := s.api.FetchKeys(
context.Background(),
map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp{
req: gomatrixserverlib.AsTimestamp(time.Now()),
},
)
if err != nil {
t.Fatalf("server could not fetch own key: %s", err)
}
if _, ok := res[req]; !ok {
t.Fatalf("server didn't return its own key in the results")
}
t.Logf("%s's key expires at %s\n", name, res[req].ValidUntilTS.Time())
}
}
func TestCachingBehaviour(t *testing.T) {
// Server A will request Server B's key, which has a validity
// period of an hour from now. We should retrieve the key and
// it should make it into the cache automatically.
req := gomatrixserverlib.PublicKeyLookupRequest{
ServerName: serverB.name,
KeyID: serverKeyID,
}
ts := gomatrixserverlib.AsTimestamp(time.Now())
res, err := serverA.api.FetchKeys(
context.Background(),
map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp{
req: ts,
},
)
if err != nil {
t.Fatalf("server A failed to retrieve server B key: %s", err)
}
if len(res) != 1 {
t.Fatalf("server B should have returned one key but instead returned %d keys", len(res))
}
if _, ok := res[req]; !ok {
t.Fatalf("server B isn't included in the key fetch response")
}
// At this point, if the previous key request was a success,
// then the cache should now contain the key. Check if that's
// the case - if it isn't then there's something wrong with
// the cache implementation or we failed to get the key.
cres, ok := serverA.cache.GetServerKey(req, ts)
if !ok {
t.Fatalf("server B key should be in cache but isn't")
}
if !reflect.DeepEqual(cres, res[req]) {
t.Fatalf("the cached result from server B wasn't what server B gave us")
}
// If we ask the cache for the same key but this time for an event
// that happened in +30 minutes. Since the validity period is for
// another hour, then we should get a response back from the cache.
_, ok = serverA.cache.GetServerKey(
req,
gomatrixserverlib.AsTimestamp(time.Now().Add(time.Minute*30)),
)
if !ok {
t.Fatalf("server B key isn't in cache when it should be (+30 minutes)")
}
// If we ask the cache for the same key but this time for an event
// that happened in +90 minutes then we should expect to get no
// cache result. This is because the cache shouldn't return a result
// that is obviously past the validity of the event.
_, ok = serverA.cache.GetServerKey(
req,
gomatrixserverlib.AsTimestamp(time.Now().Add(time.Minute*90)),
)
if ok {
t.Fatalf("server B key is in cache when it shouldn't be (+90 minutes)")
}
}
func TestRenewalBehaviour(t *testing.T) {
// Server A will request Server C's key but their validity period
// is an hour in the past. We'll retrieve the key as, even though it's
// past its validity, it will be able to verify past events.
req := gomatrixserverlib.PublicKeyLookupRequest{
ServerName: serverC.name,
KeyID: serverKeyID,
}
res, err := serverA.api.FetchKeys(
context.Background(),
map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp{
req: gomatrixserverlib.AsTimestamp(time.Now()),
},
)
if err != nil {
t.Fatalf("server A failed to retrieve server C key: %s", err)
}
if len(res) != 1 {
t.Fatalf("server C should have returned one key but instead returned %d keys", len(res))
}
if _, ok := res[req]; !ok {
t.Fatalf("server C isn't included in the key fetch response")
}
// If we ask the cache for the server key for an event that happened
// 90 minutes ago then we should get a cache result, as the key hadn't
// passed its validity by that point. The fact that the key is now in
// the cache is, in itself, proof that we successfully retrieved the
// key before.
oldcached, ok := serverA.cache.GetServerKey(
req,
gomatrixserverlib.AsTimestamp(time.Now().Add(-time.Minute*90)),
)
if !ok {
t.Fatalf("server C key isn't in cache when it should be (-90 minutes)")
}
// If we now ask the cache for the same key but this time for an event
// that only happened 30 minutes ago then we shouldn't get a cached
// result, as the event happened after the key validity expired. This
// is really just for sanity checking.
_, ok = serverA.cache.GetServerKey(
req,
gomatrixserverlib.AsTimestamp(time.Now().Add(-time.Minute*30)),
)
if ok {
t.Fatalf("server B key is in cache when it shouldn't be (-30 minutes)")
}
// We're now going to kick server C into renewing its key. Since we're
// happy at this point that the key that we already have is from the past
// then repeating a key fetch should cause us to try and renew the key.
// If so, then the new key will end up in our cache.
serverC.renew()
res, err = serverA.api.FetchKeys(
context.Background(),
map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp{
req: gomatrixserverlib.AsTimestamp(time.Now()),
},
)
if err != nil {
t.Fatalf("server A failed to retrieve server C key: %s", err)
}
if len(res) != 1 {
t.Fatalf("server C should have returned one key but instead returned %d keys", len(res))
}
if _, ok = res[req]; !ok {
t.Fatalf("server C isn't included in the key fetch response")
}
// We're now going to ask the cache what the new key validity is. If
// it is still the same as the previous validity then we've failed to
// retrieve the renewed key. If it's newer then we've successfully got
// the renewed key.
newcached, ok := serverA.cache.GetServerKey(
req,
gomatrixserverlib.AsTimestamp(time.Now().Add(-time.Minute*30)),
)
if !ok {
t.Fatalf("server B key isn't in cache when it shouldn't be (post-renewal)")
}
if oldcached.ValidUntilTS >= newcached.ValidUntilTS {
t.Fatalf("the server B key should have been renewed but wasn't")
}
t.Log(res)
}

4
serverkeyapi/storage/cache/keydb.go vendored
View file

@ -39,8 +39,8 @@ func (d *KeyDatabase) FetchKeys(
requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
) (map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult, error) {
results := make(map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult)
for req := range requests {
if res, cached := d.cache.GetServerKey(req); cached {
for req, ts := range requests {
if res, cached := d.cache.GetServerKey(req, ts); cached {
results[req] = res
delete(requests, req)
}

23
serverkeyapi/storage/postgres/keydb.go
View file

@ -17,7 +17,6 @@ package postgres
import (
"context"
"time"
"golang.org/x/crypto/ed25519"
@ -51,28 +50,6 @@ func NewDatabase(
if err != nil {
return nil, err
}
// Store our own keys so that we don't end up making HTTP requests to find our
// own keys
index := gomatrixserverlib.PublicKeyLookupRequest{
ServerName: serverName,
KeyID: serverKeyID,
}
value := gomatrixserverlib.PublicKeyLookupResult{
VerifyKey: gomatrixserverlib.VerifyKey{
Key: gomatrixserverlib.Base64Bytes(serverKey),
},
ValidUntilTS: gomatrixserverlib.AsTimestamp(time.Now().Add(100 * 365 * 24 * time.Hour)),
ExpiredTS: gomatrixserverlib.PublicKeyNotExpired,
}
err = d.StoreKeys(
context.Background(),
map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult{
index: value,
},
)
if err != nil {
return nil, err
}
return d, nil
}

20
serverkeyapi/storage/sqlite3/keydb.go
View file

@ -17,7 +17,6 @@ package sqlite3
import (
"context"
"time"
"golang.org/x/crypto/ed25519"
@ -56,25 +55,6 @@ func NewDatabase(
if err != nil {
return nil, err
}
// Store our own keys so that we don't end up making HTTP requests to find our
// own keys
index := gomatrixserverlib.PublicKeyLookupRequest{
ServerName: serverName,
KeyID: serverKeyID,
}
value := gomatrixserverlib.PublicKeyLookupResult{
VerifyKey: gomatrixserverlib.VerifyKey{
Key: gomatrixserverlib.Base64Bytes(serverKey),
},
ValidUntilTS: gomatrixserverlib.AsTimestamp(time.Now().Add(100 * 365 * 24 * time.Hour)),
ExpiredTS: gomatrixserverlib.PublicKeyNotExpired,
}
err = d.StoreKeys(
context.Background(),
map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult{
index: value,
},
)
if err != nil {
return nil, err
}