Federation fixes for virtual hosting

2025-08-01 13:52:46 +00:00 · 2022-11-15 15:05:23 +00:00 · 2022-11-15 15:05:23 +00:00 · 6650712a1c
commit 6650712a1c
parent f4ee397734
73 changed files with 736 additions and 420 deletions
--- a/federationapi/api/api.go
+++ b/federationapi/api/api.go
@ -21,8 +21,8 @@ type FederationInternalAPI interface {

 	QueryServerKeys(ctx context.Context, request *QueryServerKeysRequest, response *QueryServerKeysResponse) error
 	LookupServerKeys(ctx context.Context, s gomatrixserverlib.ServerName, keyRequests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp) ([]gomatrixserverlib.ServerKeys, error)
-	MSC2836EventRelationships(ctx context.Context, dst gomatrixserverlib.ServerName, r gomatrixserverlib.MSC2836EventRelationshipsRequest, roomVersion gomatrixserverlib.RoomVersion) (res gomatrixserverlib.MSC2836EventRelationshipsResponse, err error)
-	MSC2946Spaces(ctx context.Context, dst gomatrixserverlib.ServerName, roomID string, suggestedOnly bool) (res gomatrixserverlib.MSC2946SpacesResponse, err error)
+	MSC2836EventRelationships(ctx context.Context, origin, dst gomatrixserverlib.ServerName, r gomatrixserverlib.MSC2836EventRelationshipsRequest, roomVersion gomatrixserverlib.RoomVersion) (res gomatrixserverlib.MSC2836EventRelationshipsResponse, err error)
+	MSC2946Spaces(ctx context.Context, origin, dst gomatrixserverlib.ServerName, roomID string, suggestedOnly bool) (res gomatrixserverlib.MSC2946SpacesResponse, err error)

 	// Broadcasts an EDU to all servers in rooms we are joined to. Used in the yggdrasil demos.
 	PerformBroadcastEDU(
@ -60,18 +60,18 @@ type RoomserverFederationAPI interface {
 	// containing only the server names (without information for membership events).
 	// The response will include this server if they are joined to the room.
 	QueryJoinedHostServerNamesInRoom(ctx context.Context, request *QueryJoinedHostServerNamesInRoomRequest, response *QueryJoinedHostServerNamesInRoomResponse) error
-	GetEventAuth(ctx context.Context, s gomatrixserverlib.ServerName, roomVersion gomatrixserverlib.RoomVersion, roomID, eventID string) (res gomatrixserverlib.RespEventAuth, err error)
-	GetEvent(ctx context.Context, s gomatrixserverlib.ServerName, eventID string) (res gomatrixserverlib.Transaction, err error)
-	LookupMissingEvents(ctx context.Context, s gomatrixserverlib.ServerName, roomID string, missing gomatrixserverlib.MissingEvents, roomVersion gomatrixserverlib.RoomVersion) (res gomatrixserverlib.RespMissingEvents, err error)
+	GetEventAuth(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomVersion gomatrixserverlib.RoomVersion, roomID, eventID string) (res gomatrixserverlib.RespEventAuth, err error)
+	GetEvent(ctx context.Context, origin, s gomatrixserverlib.ServerName, eventID string) (res gomatrixserverlib.Transaction, err error)
+	LookupMissingEvents(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string, missing gomatrixserverlib.MissingEvents, roomVersion gomatrixserverlib.RoomVersion) (res gomatrixserverlib.RespMissingEvents, err error)
 }

 // KeyserverFederationAPI is a subset of gomatrixserverlib.FederationClient functions which the keyserver
 // implements as proxy calls, with built-in backoff/retries/etc. Errors returned from functions in
 // this interface are of type FederationClientError
 type KeyserverFederationAPI interface {
-	GetUserDevices(ctx context.Context, s gomatrixserverlib.ServerName, userID string) (res gomatrixserverlib.RespUserDevices, err error)
-	ClaimKeys(ctx context.Context, s gomatrixserverlib.ServerName, oneTimeKeys map[string]map[string]string) (res gomatrixserverlib.RespClaimKeys, err error)
-	QueryKeys(ctx context.Context, s gomatrixserverlib.ServerName, keys map[string][]string) (res gomatrixserverlib.RespQueryKeys, err error)
+	GetUserDevices(ctx context.Context, origin, s gomatrixserverlib.ServerName, userID string) (res gomatrixserverlib.RespUserDevices, err error)
+	ClaimKeys(ctx context.Context, origin, s gomatrixserverlib.ServerName, oneTimeKeys map[string]map[string]string) (res gomatrixserverlib.RespClaimKeys, err error)
+	QueryKeys(ctx context.Context, origin, s gomatrixserverlib.ServerName, keys map[string][]string) (res gomatrixserverlib.RespQueryKeys, err error)
 }

 // an interface for gmsl.FederationClient - contains functions called by federationapi only.
@ -80,28 +80,28 @@ type FederationClient interface {
 	SendTransaction(ctx context.Context, t gomatrixserverlib.Transaction) (res gomatrixserverlib.RespSend, err error)

 	// Perform operations
-	LookupRoomAlias(ctx context.Context, s gomatrixserverlib.ServerName, roomAlias string) (res gomatrixserverlib.RespDirectory, err error)
-	Peek(ctx context.Context, s gomatrixserverlib.ServerName, roomID, peekID string, roomVersions []gomatrixserverlib.RoomVersion) (res gomatrixserverlib.RespPeek, err error)
-	MakeJoin(ctx context.Context, s gomatrixserverlib.ServerName, roomID, userID string, roomVersions []gomatrixserverlib.RoomVersion) (res gomatrixserverlib.RespMakeJoin, err error)
-	SendJoin(ctx context.Context, s gomatrixserverlib.ServerName, event *gomatrixserverlib.Event) (res gomatrixserverlib.RespSendJoin, err error)
-	MakeLeave(ctx context.Context, s gomatrixserverlib.ServerName, roomID, userID string) (res gomatrixserverlib.RespMakeLeave, err error)
-	SendLeave(ctx context.Context, s gomatrixserverlib.ServerName, event *gomatrixserverlib.Event) (err error)
-	SendInviteV2(ctx context.Context, s gomatrixserverlib.ServerName, request gomatrixserverlib.InviteV2Request) (res gomatrixserverlib.RespInviteV2, err error)
+	LookupRoomAlias(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomAlias string) (res gomatrixserverlib.RespDirectory, err error)
+	Peek(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID, peekID string, roomVersions []gomatrixserverlib.RoomVersion) (res gomatrixserverlib.RespPeek, err error)
+	MakeJoin(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID, userID string, roomVersions []gomatrixserverlib.RoomVersion) (res gomatrixserverlib.RespMakeJoin, err error)
+	SendJoin(ctx context.Context, origin, s gomatrixserverlib.ServerName, event *gomatrixserverlib.Event) (res gomatrixserverlib.RespSendJoin, err error)
+	MakeLeave(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID, userID string) (res gomatrixserverlib.RespMakeLeave, err error)
+	SendLeave(ctx context.Context, origin, s gomatrixserverlib.ServerName, event *gomatrixserverlib.Event) (err error)
+	SendInviteV2(ctx context.Context, origin, s gomatrixserverlib.ServerName, request gomatrixserverlib.InviteV2Request) (res gomatrixserverlib.RespInviteV2, err error)

-	GetEvent(ctx context.Context, s gomatrixserverlib.ServerName, eventID string) (res gomatrixserverlib.Transaction, err error)
+	GetEvent(ctx context.Context, origin, s gomatrixserverlib.ServerName, eventID string) (res gomatrixserverlib.Transaction, err error)

-	GetEventAuth(ctx context.Context, s gomatrixserverlib.ServerName, roomVersion gomatrixserverlib.RoomVersion, roomID, eventID string) (res gomatrixserverlib.RespEventAuth, err error)
-	GetUserDevices(ctx context.Context, s gomatrixserverlib.ServerName, userID string) (gomatrixserverlib.RespUserDevices, error)
-	ClaimKeys(ctx context.Context, s gomatrixserverlib.ServerName, oneTimeKeys map[string]map[string]string) (gomatrixserverlib.RespClaimKeys, error)
-	QueryKeys(ctx context.Context, s gomatrixserverlib.ServerName, keys map[string][]string) (gomatrixserverlib.RespQueryKeys, error)
-	Backfill(ctx context.Context, s gomatrixserverlib.ServerName, roomID string, limit int, eventIDs []string) (res gomatrixserverlib.Transaction, err error)
-	MSC2836EventRelationships(ctx context.Context, dst gomatrixserverlib.ServerName, r gomatrixserverlib.MSC2836EventRelationshipsRequest, roomVersion gomatrixserverlib.RoomVersion) (res gomatrixserverlib.MSC2836EventRelationshipsResponse, err error)
-	MSC2946Spaces(ctx context.Context, dst gomatrixserverlib.ServerName, roomID string, suggestedOnly bool) (res gomatrixserverlib.MSC2946SpacesResponse, err error)
+	GetEventAuth(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomVersion gomatrixserverlib.RoomVersion, roomID, eventID string) (res gomatrixserverlib.RespEventAuth, err error)
+	GetUserDevices(ctx context.Context, origin, s gomatrixserverlib.ServerName, userID string) (gomatrixserverlib.RespUserDevices, error)
+	ClaimKeys(ctx context.Context, origin, s gomatrixserverlib.ServerName, oneTimeKeys map[string]map[string]string) (gomatrixserverlib.RespClaimKeys, error)
+	QueryKeys(ctx context.Context, origin, s gomatrixserverlib.ServerName, keys map[string][]string) (gomatrixserverlib.RespQueryKeys, error)
+	Backfill(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string, limit int, eventIDs []string) (res gomatrixserverlib.Transaction, err error)
+	MSC2836EventRelationships(ctx context.Context, origin, dst gomatrixserverlib.ServerName, r gomatrixserverlib.MSC2836EventRelationshipsRequest, roomVersion gomatrixserverlib.RoomVersion) (res gomatrixserverlib.MSC2836EventRelationshipsResponse, err error)
+	MSC2946Spaces(ctx context.Context, origin, dst gomatrixserverlib.ServerName, roomID string, suggestedOnly bool) (res gomatrixserverlib.MSC2946SpacesResponse, err error)

-	ExchangeThirdPartyInvite(ctx context.Context, s gomatrixserverlib.ServerName, builder gomatrixserverlib.EventBuilder) (err error)
-	LookupState(ctx context.Context, s gomatrixserverlib.ServerName, roomID string, eventID string, roomVersion gomatrixserverlib.RoomVersion) (res gomatrixserverlib.RespState, err error)
-	LookupStateIDs(ctx context.Context, s gomatrixserverlib.ServerName, roomID string, eventID string) (res gomatrixserverlib.RespStateIDs, err error)
-	LookupMissingEvents(ctx context.Context, s gomatrixserverlib.ServerName, roomID string, missing gomatrixserverlib.MissingEvents, roomVersion gomatrixserverlib.RoomVersion) (res gomatrixserverlib.RespMissingEvents, err error)
+	ExchangeThirdPartyInvite(ctx context.Context, origin, s gomatrixserverlib.ServerName, builder gomatrixserverlib.EventBuilder) (err error)
+	LookupState(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string, eventID string, roomVersion gomatrixserverlib.RoomVersion) (res gomatrixserverlib.RespState, err error)
+	LookupStateIDs(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string, eventID string) (res gomatrixserverlib.RespStateIDs, err error)
+	LookupMissingEvents(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string, missing gomatrixserverlib.MissingEvents, roomVersion gomatrixserverlib.RoomVersion) (res gomatrixserverlib.RespMissingEvents, err error)
 }

 // FederationClientError is returned from FederationClient methods in the event of a problem.
--- a/federationapi/federationapi.go
+++ b/federationapi/federationapi.go
@ -120,17 +120,7 @@ func NewInternalAPI(

 	js, nats := base.NATS.Prepare(base.ProcessContext, &cfg.Matrix.JetStream)

-	signingInfo := map[gomatrixserverlib.ServerName]*queue.SigningInfo{}
-	for _, serverName := range append(
-		[]gomatrixserverlib.ServerName{base.Cfg.Global.ServerName},
-		base.Cfg.Global.SecondaryServerNames...,
-	) {
-		signingInfo[serverName] = &queue.SigningInfo{
-			KeyID:      cfg.Matrix.KeyID,
-			PrivateKey: cfg.Matrix.PrivateKey,
-			ServerName: serverName,
-		}
-	}
+	signingInfo := base.Cfg.Global.SigningIdentities()

 	queues := queue.NewOutgoingQueues(
 		federationDB, base.ProcessContext,
--- a/federationapi/federationapi_keys_test.go
+++ b/federationapi/federationapi_keys_test.go
@ -104,7 +104,7 @@ func TestMain(m *testing.M) {

 			// Create the federation client.
 			s.fedclient = gomatrixserverlib.NewFederationClient(
-				s.config.Matrix.ServerName, serverKeyID, testPriv,
+				s.config.Matrix.SigningIdentities(),
 				gomatrixserverlib.WithTransport(transport),
 			)

--- a/federationapi/federationapi_test.go
+++ b/federationapi/federationapi_test.go
@ -103,7 +103,7 @@ func (f *fedClient) GetServerKeys(ctx context.Context, matrixServer gomatrixserv
 	return keys, nil
 }

-func (f *fedClient) MakeJoin(ctx context.Context, s gomatrixserverlib.ServerName, roomID, userID string, roomVersions []gomatrixserverlib.RoomVersion) (res gomatrixserverlib.RespMakeJoin, err error) {
+func (f *fedClient) MakeJoin(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID, userID string, roomVersions []gomatrixserverlib.RoomVersion) (res gomatrixserverlib.RespMakeJoin, err error) {
 	for _, r := range f.allowJoins {
 		if r.ID == roomID {
 			res.RoomVersion = r.Version
@ -127,7 +127,7 @@ func (f *fedClient) MakeJoin(ctx context.Context, s gomatrixserverlib.ServerName
 	}
 	return
 }
-func (f *fedClient) SendJoin(ctx context.Context, s gomatrixserverlib.ServerName, event *gomatrixserverlib.Event) (res gomatrixserverlib.RespSendJoin, err error) {
+func (f *fedClient) SendJoin(ctx context.Context, origin, s gomatrixserverlib.ServerName, event *gomatrixserverlib.Event) (res gomatrixserverlib.RespSendJoin, err error) {
 	f.fedClientMutex.Lock()
 	defer f.fedClientMutex.Unlock()
 	for _, r := range f.allowJoins {
@ -283,7 +283,7 @@ func TestRoomsV3URLEscapeDoNot404(t *testing.T) {
 	serverName := gomatrixserverlib.ServerName(strings.TrimPrefix(baseURL, "https://"))

 	fedCli := gomatrixserverlib.NewFederationClient(
-		serverName, cfg.Global.KeyID, cfg.Global.PrivateKey,
+		cfg.Global.SigningIdentities(),
 		gomatrixserverlib.WithSkipVerify(true),
 	)

@ -326,7 +326,7 @@ func TestRoomsV3URLEscapeDoNot404(t *testing.T) {
 			t.Errorf("failed to create invite v2 request: %s", err)
 			continue
 		}
-		_, err = fedCli.SendInviteV2(context.Background(), serverName, invReq)
+		_, err = fedCli.SendInviteV2(context.Background(), cfg.Global.ServerName, serverName, invReq)
 		if err == nil {
 			t.Errorf("expected an error, got none")
 			continue
--- a/federationapi/internal/federationclient.go
+++ b/federationapi/internal/federationclient.go
@ -11,13 +11,13 @@ import (
 // client.

 func (a *FederationInternalAPI) GetEventAuth(
-	ctx context.Context, s gomatrixserverlib.ServerName,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName,
 	roomVersion gomatrixserverlib.RoomVersion, roomID, eventID string,
 ) (res gomatrixserverlib.RespEventAuth, err error) {
 	ctx, cancel := context.WithTimeout(ctx, time.Second*30)
 	defer cancel()
 	ires, err := a.doRequestIfNotBlacklisted(s, func() (interface{}, error) {
-		return a.federation.GetEventAuth(ctx, s, roomVersion, roomID, eventID)
+		return a.federation.GetEventAuth(ctx, origin, s, roomVersion, roomID, eventID)
 	})
 	if err != nil {
 		return gomatrixserverlib.RespEventAuth{}, err
@ -26,12 +26,12 @@ func (a *FederationInternalAPI) GetEventAuth(
 }

 func (a *FederationInternalAPI) GetUserDevices(
-	ctx context.Context, s gomatrixserverlib.ServerName, userID string,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, userID string,
 ) (gomatrixserverlib.RespUserDevices, error) {
 	ctx, cancel := context.WithTimeout(ctx, time.Second*30)
 	defer cancel()
 	ires, err := a.doRequestIfNotBlacklisted(s, func() (interface{}, error) {
-		return a.federation.GetUserDevices(ctx, s, userID)
+		return a.federation.GetUserDevices(ctx, origin, s, userID)
 	})
 	if err != nil {
 		return gomatrixserverlib.RespUserDevices{}, err
@ -40,12 +40,12 @@ func (a *FederationInternalAPI) GetUserDevices(
 }

 func (a *FederationInternalAPI) ClaimKeys(
-	ctx context.Context, s gomatrixserverlib.ServerName, oneTimeKeys map[string]map[string]string,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, oneTimeKeys map[string]map[string]string,
 ) (gomatrixserverlib.RespClaimKeys, error) {
 	ctx, cancel := context.WithTimeout(ctx, time.Second*30)
 	defer cancel()
 	ires, err := a.doRequestIfNotBlacklisted(s, func() (interface{}, error) {
-		return a.federation.ClaimKeys(ctx, s, oneTimeKeys)
+		return a.federation.ClaimKeys(ctx, origin, s, oneTimeKeys)
 	})
 	if err != nil {
 		return gomatrixserverlib.RespClaimKeys{}, err
@ -54,10 +54,10 @@ func (a *FederationInternalAPI) ClaimKeys(
 }

 func (a *FederationInternalAPI) QueryKeys(
-	ctx context.Context, s gomatrixserverlib.ServerName, keys map[string][]string,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, keys map[string][]string,
 ) (gomatrixserverlib.RespQueryKeys, error) {
 	ires, err := a.doRequestIfNotBackingOffOrBlacklisted(s, func() (interface{}, error) {
-		return a.federation.QueryKeys(ctx, s, keys)
+		return a.federation.QueryKeys(ctx, origin, s, keys)
 	})
 	if err != nil {
 		return gomatrixserverlib.RespQueryKeys{}, err
@ -66,12 +66,12 @@ func (a *FederationInternalAPI) QueryKeys(
 }

 func (a *FederationInternalAPI) Backfill(
-	ctx context.Context, s gomatrixserverlib.ServerName, roomID string, limit int, eventIDs []string,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string, limit int, eventIDs []string,
 ) (res gomatrixserverlib.Transaction, err error) {
 	ctx, cancel := context.WithTimeout(ctx, time.Second*30)
 	defer cancel()
 	ires, err := a.doRequestIfNotBlacklisted(s, func() (interface{}, error) {
-		return a.federation.Backfill(ctx, s, roomID, limit, eventIDs)
+		return a.federation.Backfill(ctx, origin, s, roomID, limit, eventIDs)
 	})
 	if err != nil {
 		return gomatrixserverlib.Transaction{}, err
@ -80,12 +80,12 @@ func (a *FederationInternalAPI) Backfill(
 }

 func (a *FederationInternalAPI) LookupState(
-	ctx context.Context, s gomatrixserverlib.ServerName, roomID, eventID string, roomVersion gomatrixserverlib.RoomVersion,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID, eventID string, roomVersion gomatrixserverlib.RoomVersion,
 ) (res gomatrixserverlib.RespState, err error) {
 	ctx, cancel := context.WithTimeout(ctx, time.Second*30)
 	defer cancel()
 	ires, err := a.doRequestIfNotBlacklisted(s, func() (interface{}, error) {
-		return a.federation.LookupState(ctx, s, roomID, eventID, roomVersion)
+		return a.federation.LookupState(ctx, origin, s, roomID, eventID, roomVersion)
 	})
 	if err != nil {
 		return gomatrixserverlib.RespState{}, err
@ -94,12 +94,12 @@ func (a *FederationInternalAPI) LookupState(
 }

 func (a *FederationInternalAPI) LookupStateIDs(
-	ctx context.Context, s gomatrixserverlib.ServerName, roomID, eventID string,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID, eventID string,
 ) (res gomatrixserverlib.RespStateIDs, err error) {
 	ctx, cancel := context.WithTimeout(ctx, time.Second*30)
 	defer cancel()
 	ires, err := a.doRequestIfNotBlacklisted(s, func() (interface{}, error) {
-		return a.federation.LookupStateIDs(ctx, s, roomID, eventID)
+		return a.federation.LookupStateIDs(ctx, origin, s, roomID, eventID)
 	})
 	if err != nil {
 		return gomatrixserverlib.RespStateIDs{}, err
@ -108,13 +108,13 @@ func (a *FederationInternalAPI) LookupStateIDs(
 }

 func (a *FederationInternalAPI) LookupMissingEvents(
-	ctx context.Context, s gomatrixserverlib.ServerName, roomID string,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string,
 	missing gomatrixserverlib.MissingEvents, roomVersion gomatrixserverlib.RoomVersion,
 ) (res gomatrixserverlib.RespMissingEvents, err error) {
 	ctx, cancel := context.WithTimeout(ctx, time.Second*30)
 	defer cancel()
 	ires, err := a.doRequestIfNotBlacklisted(s, func() (interface{}, error) {
-		return a.federation.LookupMissingEvents(ctx, s, roomID, missing, roomVersion)
+		return a.federation.LookupMissingEvents(ctx, origin, s, roomID, missing, roomVersion)
 	})
 	if err != nil {
 		return gomatrixserverlib.RespMissingEvents{}, err
@ -123,12 +123,12 @@ func (a *FederationInternalAPI) LookupMissingEvents(
 }

 func (a *FederationInternalAPI) GetEvent(
-	ctx context.Context, s gomatrixserverlib.ServerName, eventID string,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, eventID string,
 ) (res gomatrixserverlib.Transaction, err error) {
 	ctx, cancel := context.WithTimeout(ctx, time.Second*30)
 	defer cancel()
 	ires, err := a.doRequestIfNotBlacklisted(s, func() (interface{}, error) {
-		return a.federation.GetEvent(ctx, s, eventID)
+		return a.federation.GetEvent(ctx, origin, s, eventID)
 	})
 	if err != nil {
 		return gomatrixserverlib.Transaction{}, err
@ -151,13 +151,13 @@ func (a *FederationInternalAPI) LookupServerKeys(
 }

 func (a *FederationInternalAPI) MSC2836EventRelationships(
-	ctx context.Context, s gomatrixserverlib.ServerName, r gomatrixserverlib.MSC2836EventRelationshipsRequest,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, r gomatrixserverlib.MSC2836EventRelationshipsRequest,
 	roomVersion gomatrixserverlib.RoomVersion,
 ) (res gomatrixserverlib.MSC2836EventRelationshipsResponse, err error) {
 	ctx, cancel := context.WithTimeout(ctx, time.Minute)
 	defer cancel()
 	ires, err := a.doRequestIfNotBlacklisted(s, func() (interface{}, error) {
-		return a.federation.MSC2836EventRelationships(ctx, s, r, roomVersion)
+		return a.federation.MSC2836EventRelationships(ctx, origin, s, r, roomVersion)
 	})
 	if err != nil {
 		return res, err
@ -166,12 +166,12 @@ func (a *FederationInternalAPI) MSC2836EventRelationships(
 }

 func (a *FederationInternalAPI) MSC2946Spaces(
-	ctx context.Context, s gomatrixserverlib.ServerName, roomID string, suggestedOnly bool,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string, suggestedOnly bool,
 ) (res gomatrixserverlib.MSC2946SpacesResponse, err error) {
 	ctx, cancel := context.WithTimeout(ctx, time.Minute)
 	defer cancel()
 	ires, err := a.doRequestIfNotBlacklisted(s, func() (interface{}, error) {
-		return a.federation.MSC2946Spaces(ctx, s, roomID, suggestedOnly)
+		return a.federation.MSC2946Spaces(ctx, origin, s, roomID, suggestedOnly)
 	})
 	if err != nil {
 		return res, err
--- a/federationapi/internal/perform.go
+++ b/federationapi/internal/perform.go
@ -26,6 +26,7 @@ func (r *FederationInternalAPI) PerformDirectoryLookup(
 ) (err error) {
 	dir, err := r.federation.LookupRoomAlias(
 		ctx,
+		r.cfg.Matrix.ServerName,
 		request.ServerName,
 		request.RoomAlias,
 	)
@ -143,10 +144,16 @@ func (r *FederationInternalAPI) performJoinUsingServer(
 	supportedVersions []gomatrixserverlib.RoomVersion,
 	unsigned map[string]interface{},
 ) error {
+	_, origin, err := r.cfg.Matrix.SplitLocalID('@', userID)
+	if err != nil {
+		return err
+	}
+
 	// Try to perform a make_join using the information supplied in the
 	// request.
 	respMakeJoin, err := r.federation.MakeJoin(
 		ctx,
+		origin,
 		serverName,
 		roomID,
 		userID,
@ -192,7 +199,7 @@ func (r *FederationInternalAPI) performJoinUsingServer(
 	// Build the join event.
 	event, err := respMakeJoin.JoinEvent.Build(
 		time.Now(),
-		r.cfg.Matrix.ServerName,
+		origin,
 		r.cfg.Matrix.KeyID,
 		r.cfg.Matrix.PrivateKey,
 		respMakeJoin.RoomVersion,
@ -204,6 +211,7 @@ func (r *FederationInternalAPI) performJoinUsingServer(
 	// Try to perform a send_join using the newly built event.
 	respSendJoin, err := r.federation.SendJoin(
 		context.Background(),
+		origin,
 		serverName,
 		event,
 	)
@ -246,7 +254,7 @@ func (r *FederationInternalAPI) performJoinUsingServer(
 		respMakeJoin.RoomVersion,
 		r.keyRing,
 		event,
-		federatedAuthProvider(ctx, r.federation, r.keyRing, serverName),
+		federatedAuthProvider(ctx, r.federation, r.keyRing, origin, serverName),
 	)
 	if err != nil {
 		return fmt.Errorf("respSendJoin.Check: %w", err)
@ -281,6 +289,7 @@ func (r *FederationInternalAPI) performJoinUsingServer(
 	if err = roomserverAPI.SendEventWithState(
 		context.Background(),
 		r.rsAPI,
+		origin,
 		roomserverAPI.KindNew,
 		respState,
 		event.Headered(respMakeJoin.RoomVersion),
@ -427,6 +436,7 @@ func (r *FederationInternalAPI) performOutboundPeekUsingServer(
 	// request.
 	respPeek, err := r.federation.Peek(
 		ctx,
+		r.cfg.Matrix.ServerName,
 		serverName,
 		roomID,
 		peekID,
@ -453,7 +463,7 @@ func (r *FederationInternalAPI) performOutboundPeekUsingServer(

 	// authenticate the state returned (check its auth events etc)
 	// the equivalent of CheckSendJoinResponse()
-	authEvents, _, err := respState.Check(ctx, respPeek.RoomVersion, r.keyRing, federatedAuthProvider(ctx, r.federation, r.keyRing, serverName))
+	authEvents, _, err := respState.Check(ctx, respPeek.RoomVersion, r.keyRing, federatedAuthProvider(ctx, r.federation, r.keyRing, r.cfg.Matrix.ServerName, serverName))
 	if err != nil {
 		return fmt.Errorf("error checking state returned from peeking: %w", err)
 	}
@ -475,7 +485,7 @@ func (r *FederationInternalAPI) performOutboundPeekUsingServer(
 	// logrus.Warnf("got respPeek %#v", respPeek)
 	// Send the newly returned state to the roomserver to update our local view.
 	if err = roomserverAPI.SendEventWithState(
-		ctx, r.rsAPI,
+		ctx, r.rsAPI, r.cfg.Matrix.ServerName,
 		roomserverAPI.KindNew,
 		&respState,
 		respPeek.LatestEvent.Headered(respPeek.RoomVersion),
@ -495,6 +505,11 @@ func (r *FederationInternalAPI) PerformLeave(
 	request *api.PerformLeaveRequest,
 	response *api.PerformLeaveResponse,
 ) (err error) {
+	_, origin, err := r.cfg.Matrix.SplitLocalID('@', request.UserID)
+	if err != nil {
+		return err
+	}
+
 	// Deduplicate the server names we were provided.
 	util.SortAndUnique(request.ServerNames)

@ -505,6 +520,7 @@ func (r *FederationInternalAPI) PerformLeave(
 		// request.
 		respMakeLeave, err := r.federation.MakeLeave(
 			ctx,
+			origin,
 			serverName,
 			request.RoomID,
 			request.UserID,
@ -546,7 +562,7 @@ func (r *FederationInternalAPI) PerformLeave(
 		// Build the leave event.
 		event, err := respMakeLeave.LeaveEvent.Build(
 			time.Now(),
-			r.cfg.Matrix.ServerName,
+			origin,
 			r.cfg.Matrix.KeyID,
 			r.cfg.Matrix.PrivateKey,
 			respMakeLeave.RoomVersion,
@ -559,6 +575,7 @@ func (r *FederationInternalAPI) PerformLeave(
 		// Try to perform a send_leave using the newly built event.
 		err = r.federation.SendLeave(
 			ctx,
+			origin,
 			serverName,
 			event,
 		)
@ -585,6 +602,11 @@ func (r *FederationInternalAPI) PerformInvite(
 	request *api.PerformInviteRequest,
 	response *api.PerformInviteResponse,
 ) (err error) {
+	_, origin, err := r.cfg.Matrix.SplitLocalID('@', request.Event.Sender())
+	if err != nil {
+		return err
+	}
+
 	if request.Event.StateKey() == nil {
 		return errors.New("invite must be a state event")
 	}
@ -607,7 +629,7 @@ func (r *FederationInternalAPI) PerformInvite(
 		return fmt.Errorf("gomatrixserverlib.NewInviteV2Request: %w", err)
 	}

-	inviteRes, err := r.federation.SendInviteV2(ctx, destination, inviteReq)
+	inviteRes, err := r.federation.SendInviteV2(ctx, origin, destination, inviteReq)
 	if err != nil {
 		return fmt.Errorf("r.federation.SendInviteV2: failed to send invite: %w", err)
 	}
@ -708,7 +730,7 @@ func setDefaultRoomVersionFromJoinEvent(joinEvent gomatrixserverlib.EventBuilder
 // FederatedAuthProvider is an auth chain provider which fetches events from the server provided
 func federatedAuthProvider(
 	ctx context.Context, federation api.FederationClient,
-	keyRing gomatrixserverlib.JSONVerifier, server gomatrixserverlib.ServerName,
+	keyRing gomatrixserverlib.JSONVerifier, origin, server gomatrixserverlib.ServerName,
 ) gomatrixserverlib.AuthChainProvider {
 	// A list of events that we have retried, if they were not included in
 	// the auth events supplied in the send_join.
@ -738,7 +760,7 @@ func federatedAuthProvider(

 			// Try to retrieve the event from the server that sent us the send
 			// join response.
-			tx, txerr := federation.GetEvent(ctx, server, eventID)
+			tx, txerr := federation.GetEvent(ctx, origin, server, eventID)
 			if txerr != nil {
 				return nil, fmt.Errorf("missingAuth r.federation.GetEvent: %w", txerr)
 			}
--- a/federationapi/inthttp/client.go
+++ b/federationapi/inthttp/client.go
@ -152,16 +152,18 @@ func (h *httpFederationInternalAPI) PerformBroadcastEDU(

 type getUserDevices struct {
 	S      gomatrixserverlib.ServerName
+	Origin gomatrixserverlib.ServerName
 	UserID string
 }

 func (h *httpFederationInternalAPI) GetUserDevices(
-	ctx context.Context, s gomatrixserverlib.ServerName, userID string,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, userID string,
 ) (gomatrixserverlib.RespUserDevices, error) {
 	return httputil.CallInternalProxyAPI[getUserDevices, gomatrixserverlib.RespUserDevices, *api.FederationClientError](
 		"GetUserDevices", h.federationAPIURL+FederationAPIGetUserDevicesPath, h.httpClient,
 		ctx, &getUserDevices{
 			S:      s,
+			Origin: origin,
 			UserID: userID,
 		},
 	)
@ -169,52 +171,58 @@ func (h *httpFederationInternalAPI) GetUserDevices(

 type claimKeys struct {
 	S           gomatrixserverlib.ServerName
+	Origin      gomatrixserverlib.ServerName
 	OneTimeKeys map[string]map[string]string
 }

 func (h *httpFederationInternalAPI) ClaimKeys(
-	ctx context.Context, s gomatrixserverlib.ServerName, oneTimeKeys map[string]map[string]string,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, oneTimeKeys map[string]map[string]string,
 ) (gomatrixserverlib.RespClaimKeys, error) {
 	return httputil.CallInternalProxyAPI[claimKeys, gomatrixserverlib.RespClaimKeys, *api.FederationClientError](
 		"ClaimKeys", h.federationAPIURL+FederationAPIClaimKeysPath, h.httpClient,
 		ctx, &claimKeys{
 			S:           s,
+			Origin:      origin,
 			OneTimeKeys: oneTimeKeys,
 		},
 	)
 }

 type queryKeys struct {
-	S    gomatrixserverlib.ServerName
-	Keys map[string][]string
+	S      gomatrixserverlib.ServerName
+	Origin gomatrixserverlib.ServerName
+	Keys   map[string][]string
 }

 func (h *httpFederationInternalAPI) QueryKeys(
-	ctx context.Context, s gomatrixserverlib.ServerName, keys map[string][]string,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, keys map[string][]string,
 ) (gomatrixserverlib.RespQueryKeys, error) {
 	return httputil.CallInternalProxyAPI[queryKeys, gomatrixserverlib.RespQueryKeys, *api.FederationClientError](
 		"QueryKeys", h.federationAPIURL+FederationAPIQueryKeysPath, h.httpClient,
 		ctx, &queryKeys{
-			S:    s,
-			Keys: keys,
+			S:      s,
+			Origin: origin,
+			Keys:   keys,
 		},
 	)
 }

 type backfill struct {
 	S        gomatrixserverlib.ServerName
+	Origin   gomatrixserverlib.ServerName
 	RoomID   string
 	Limit    int
 	EventIDs []string
 }

 func (h *httpFederationInternalAPI) Backfill(
-	ctx context.Context, s gomatrixserverlib.ServerName, roomID string, limit int, eventIDs []string,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string, limit int, eventIDs []string,
 ) (gomatrixserverlib.Transaction, error) {
 	return httputil.CallInternalProxyAPI[backfill, gomatrixserverlib.Transaction, *api.FederationClientError](
 		"Backfill", h.federationAPIURL+FederationAPIBackfillPath, h.httpClient,
 		ctx, &backfill{
 			S:        s,
+			Origin:   origin,
 			RoomID:   roomID,
 			Limit:    limit,
 			EventIDs: eventIDs,
@ -224,18 +232,20 @@ func (h *httpFederationInternalAPI) Backfill(

 type lookupState struct {
 	S           gomatrixserverlib.ServerName
+	Origin      gomatrixserverlib.ServerName
 	RoomID      string
 	EventID     string
 	RoomVersion gomatrixserverlib.RoomVersion
 }

 func (h *httpFederationInternalAPI) LookupState(
-	ctx context.Context, s gomatrixserverlib.ServerName, roomID, eventID string, roomVersion gomatrixserverlib.RoomVersion,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID, eventID string, roomVersion gomatrixserverlib.RoomVersion,
 ) (gomatrixserverlib.RespState, error) {
 	return httputil.CallInternalProxyAPI[lookupState, gomatrixserverlib.RespState, *api.FederationClientError](
 		"LookupState", h.federationAPIURL+FederationAPILookupStatePath, h.httpClient,
 		ctx, &lookupState{
 			S:           s,
+			Origin:      origin,
 			RoomID:      roomID,
 			EventID:     eventID,
 			RoomVersion: roomVersion,
@ -245,17 +255,19 @@ func (h *httpFederationInternalAPI) LookupState(

 type lookupStateIDs struct {
 	S       gomatrixserverlib.ServerName
+	Origin  gomatrixserverlib.ServerName
 	RoomID  string
 	EventID string
 }

 func (h *httpFederationInternalAPI) LookupStateIDs(
-	ctx context.Context, s gomatrixserverlib.ServerName, roomID, eventID string,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID, eventID string,
 ) (gomatrixserverlib.RespStateIDs, error) {
 	return httputil.CallInternalProxyAPI[lookupStateIDs, gomatrixserverlib.RespStateIDs, *api.FederationClientError](
 		"LookupStateIDs", h.federationAPIURL+FederationAPILookupStateIDsPath, h.httpClient,
 		ctx, &lookupStateIDs{
 			S:       s,
+			Origin:  origin,
 			RoomID:  roomID,
 			EventID: eventID,
 		},
@ -264,19 +276,21 @@ func (h *httpFederationInternalAPI) LookupStateIDs(

 type lookupMissingEvents struct {
 	S           gomatrixserverlib.ServerName
+	Origin      gomatrixserverlib.ServerName
 	RoomID      string
 	Missing     gomatrixserverlib.MissingEvents
 	RoomVersion gomatrixserverlib.RoomVersion
 }

 func (h *httpFederationInternalAPI) LookupMissingEvents(
-	ctx context.Context, s gomatrixserverlib.ServerName, roomID string,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string,
 	missing gomatrixserverlib.MissingEvents, roomVersion gomatrixserverlib.RoomVersion,
 ) (res gomatrixserverlib.RespMissingEvents, err error) {
 	return httputil.CallInternalProxyAPI[lookupMissingEvents, gomatrixserverlib.RespMissingEvents, *api.FederationClientError](
 		"LookupMissingEvents", h.federationAPIURL+FederationAPILookupMissingEventsPath, h.httpClient,
 		ctx, &lookupMissingEvents{
 			S:           s,
+			Origin:      origin,
 			RoomID:      roomID,
 			Missing:     missing,
 			RoomVersion: roomVersion,
@ -286,16 +300,18 @@ func (h *httpFederationInternalAPI) LookupMissingEvents(

 type getEvent struct {
 	S       gomatrixserverlib.ServerName
+	Origin  gomatrixserverlib.ServerName
 	EventID string
 }

 func (h *httpFederationInternalAPI) GetEvent(
-	ctx context.Context, s gomatrixserverlib.ServerName, eventID string,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, eventID string,
 ) (gomatrixserverlib.Transaction, error) {
 	return httputil.CallInternalProxyAPI[getEvent, gomatrixserverlib.Transaction, *api.FederationClientError](
 		"GetEvent", h.federationAPIURL+FederationAPIGetEventPath, h.httpClient,
 		ctx, &getEvent{
 			S:       s,
+			Origin:  origin,
 			EventID: eventID,
 		},
 	)
@ -303,19 +319,21 @@ func (h *httpFederationInternalAPI) GetEvent(

 type getEventAuth struct {
 	S           gomatrixserverlib.ServerName
+	Origin      gomatrixserverlib.ServerName
 	RoomVersion gomatrixserverlib.RoomVersion
 	RoomID      string
 	EventID     string
 }

 func (h *httpFederationInternalAPI) GetEventAuth(
-	ctx context.Context, s gomatrixserverlib.ServerName,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName,
 	roomVersion gomatrixserverlib.RoomVersion, roomID, eventID string,
 ) (gomatrixserverlib.RespEventAuth, error) {
 	return httputil.CallInternalProxyAPI[getEventAuth, gomatrixserverlib.RespEventAuth, *api.FederationClientError](
 		"GetEventAuth", h.federationAPIURL+FederationAPIGetEventAuthPath, h.httpClient,
 		ctx, &getEventAuth{
 			S:           s,
+			Origin:      origin,
 			RoomVersion: roomVersion,
 			RoomID:      roomID,
 			EventID:     eventID,
@ -351,18 +369,20 @@ func (h *httpFederationInternalAPI) LookupServerKeys(

 type eventRelationships struct {
 	S       gomatrixserverlib.ServerName
+	Origin  gomatrixserverlib.ServerName
 	Req     gomatrixserverlib.MSC2836EventRelationshipsRequest
 	RoomVer gomatrixserverlib.RoomVersion
 }

 func (h *httpFederationInternalAPI) MSC2836EventRelationships(
-	ctx context.Context, s gomatrixserverlib.ServerName, r gomatrixserverlib.MSC2836EventRelationshipsRequest,
+	ctx context.Context, origin, s gomatrixserverlib.ServerName, r gomatrixserverlib.MSC2836EventRelationshipsRequest,
 	roomVersion gomatrixserverlib.RoomVersion,
 ) (res gomatrixserverlib.MSC2836EventRelationshipsResponse, err error) {
 	return httputil.CallInternalProxyAPI[eventRelationships, gomatrixserverlib.MSC2836EventRelationshipsResponse, *api.FederationClientError](
 		"MSC2836EventRelationships", h.federationAPIURL+FederationAPIEventRelationshipsPath, h.httpClient,
 		ctx, &eventRelationships{
 			S:       s,
+			Origin:  origin,
 			Req:     r,
 			RoomVer: roomVersion,
 		},
@ -371,17 +391,19 @@ func (h *httpFederationInternalAPI) MSC2836EventRelationships(

 type spacesReq struct {
 	S             gomatrixserverlib.ServerName
+	Origin        gomatrixserverlib.ServerName
 	SuggestedOnly bool
 	RoomID        string
 }

 func (h *httpFederationInternalAPI) MSC2946Spaces(
-	ctx context.Context, dst gomatrixserverlib.ServerName, roomID string, suggestedOnly bool,
+	ctx context.Context, origin, dst gomatrixserverlib.ServerName, roomID string, suggestedOnly bool,
 ) (res gomatrixserverlib.MSC2946SpacesResponse, err error) {
 	return httputil.CallInternalProxyAPI[spacesReq, gomatrixserverlib.MSC2946SpacesResponse, *api.FederationClientError](
 		"MSC2836EventRelationships", h.federationAPIURL+FederationAPISpacesSummaryPath, h.httpClient,
 		ctx, &spacesReq{
 			S:             dst,
+			Origin:        origin,
 			SuggestedOnly: suggestedOnly,
 			RoomID:        roomID,
 		},
--- a/federationapi/inthttp/server.go
+++ b/federationapi/inthttp/server.go
@ -59,7 +59,7 @@ func AddRoutes(intAPI api.FederationInternalAPI, internalAPIMux *mux.Router) {
 		httputil.MakeInternalProxyAPI(
 			"FederationAPIGetUserDevices",
 			func(ctx context.Context, req *getUserDevices) (*gomatrixserverlib.RespUserDevices, error) {
-				res, err := intAPI.GetUserDevices(ctx, req.S, req.UserID)
+				res, err := intAPI.GetUserDevices(ctx, req.Origin, req.S, req.UserID)
 				return &res, federationClientError(err)
 			},
 		),
@ -70,7 +70,7 @@ func AddRoutes(intAPI api.FederationInternalAPI, internalAPIMux *mux.Router) {
 		httputil.MakeInternalProxyAPI(
 			"FederationAPIClaimKeys",
 			func(ctx context.Context, req *claimKeys) (*gomatrixserverlib.RespClaimKeys, error) {
-				res, err := intAPI.ClaimKeys(ctx, req.S, req.OneTimeKeys)
+				res, err := intAPI.ClaimKeys(ctx, req.Origin, req.S, req.OneTimeKeys)
 				return &res, federationClientError(err)
 			},
 		),
@ -81,7 +81,7 @@ func AddRoutes(intAPI api.FederationInternalAPI, internalAPIMux *mux.Router) {
 		httputil.MakeInternalProxyAPI(
 			"FederationAPIQueryKeys",
 			func(ctx context.Context, req *queryKeys) (*gomatrixserverlib.RespQueryKeys, error) {
-				res, err := intAPI.QueryKeys(ctx, req.S, req.Keys)
+				res, err := intAPI.QueryKeys(ctx, req.Origin, req.S, req.Keys)
 				return &res, federationClientError(err)
 			},
 		),
@ -92,7 +92,7 @@ func AddRoutes(intAPI api.FederationInternalAPI, internalAPIMux *mux.Router) {
 		httputil.MakeInternalProxyAPI(
 			"FederationAPIBackfill",
 			func(ctx context.Context, req *backfill) (*gomatrixserverlib.Transaction, error) {
-				res, err := intAPI.Backfill(ctx, req.S, req.RoomID, req.Limit, req.EventIDs)
+				res, err := intAPI.Backfill(ctx, req.Origin, req.S, req.RoomID, req.Limit, req.EventIDs)
 				return &res, federationClientError(err)
 			},
 		),
@ -103,7 +103,7 @@ func AddRoutes(intAPI api.FederationInternalAPI, internalAPIMux *mux.Router) {
 		httputil.MakeInternalProxyAPI(
 			"FederationAPILookupState",
 			func(ctx context.Context, req *lookupState) (*gomatrixserverlib.RespState, error) {
-				res, err := intAPI.LookupState(ctx, req.S, req.RoomID, req.EventID, req.RoomVersion)
+				res, err := intAPI.LookupState(ctx, req.Origin, req.S, req.RoomID, req.EventID, req.RoomVersion)
 				return &res, federationClientError(err)
 			},
 		),
@ -114,7 +114,7 @@ func AddRoutes(intAPI api.FederationInternalAPI, internalAPIMux *mux.Router) {
 		httputil.MakeInternalProxyAPI(
 			"FederationAPILookupStateIDs",
 			func(ctx context.Context, req *lookupStateIDs) (*gomatrixserverlib.RespStateIDs, error) {
-				res, err := intAPI.LookupStateIDs(ctx, req.S, req.RoomID, req.EventID)
+				res, err := intAPI.LookupStateIDs(ctx, req.Origin, req.S, req.RoomID, req.EventID)
 				return &res, federationClientError(err)
 			},
 		),
@ -125,7 +125,7 @@ func AddRoutes(intAPI api.FederationInternalAPI, internalAPIMux *mux.Router) {
 		httputil.MakeInternalProxyAPI(
 			"FederationAPILookupMissingEvents",
 			func(ctx context.Context, req *lookupMissingEvents) (*gomatrixserverlib.RespMissingEvents, error) {
-				res, err := intAPI.LookupMissingEvents(ctx, req.S, req.RoomID, req.Missing, req.RoomVersion)
+				res, err := intAPI.LookupMissingEvents(ctx, req.Origin, req.S, req.RoomID, req.Missing, req.RoomVersion)
 				return &res, federationClientError(err)
 			},
 		),
@ -136,7 +136,7 @@ func AddRoutes(intAPI api.FederationInternalAPI, internalAPIMux *mux.Router) {
 		httputil.MakeInternalProxyAPI(
 			"FederationAPIGetEvent",
 			func(ctx context.Context, req *getEvent) (*gomatrixserverlib.Transaction, error) {
-				res, err := intAPI.GetEvent(ctx, req.S, req.EventID)
+				res, err := intAPI.GetEvent(ctx, req.Origin, req.S, req.EventID)
 				return &res, federationClientError(err)
 			},
 		),
@ -147,7 +147,7 @@ func AddRoutes(intAPI api.FederationInternalAPI, internalAPIMux *mux.Router) {
 		httputil.MakeInternalProxyAPI(
 			"FederationAPIGetEventAuth",
 			func(ctx context.Context, req *getEventAuth) (*gomatrixserverlib.RespEventAuth, error) {
-				res, err := intAPI.GetEventAuth(ctx, req.S, req.RoomVersion, req.RoomID, req.EventID)
+				res, err := intAPI.GetEventAuth(ctx, req.Origin, req.S, req.RoomVersion, req.RoomID, req.EventID)
 				return &res, federationClientError(err)
 			},
 		),
@ -174,7 +174,7 @@ func AddRoutes(intAPI api.FederationInternalAPI, internalAPIMux *mux.Router) {
 		httputil.MakeInternalProxyAPI(
 			"FederationAPIMSC2836EventRelationships",
 			func(ctx context.Context, req *eventRelationships) (*gomatrixserverlib.MSC2836EventRelationshipsResponse, error) {
-				res, err := intAPI.MSC2836EventRelationships(ctx, req.S, req.Req, req.RoomVer)
+				res, err := intAPI.MSC2836EventRelationships(ctx, req.Origin, req.S, req.Req, req.RoomVer)
 				return &res, federationClientError(err)
 			},
 		),
@ -185,7 +185,7 @@ func AddRoutes(intAPI api.FederationInternalAPI, internalAPIMux *mux.Router) {
 		httputil.MakeInternalProxyAPI(
 			"FederationAPIMSC2946SpacesSummary",
 			func(ctx context.Context, req *spacesReq) (*gomatrixserverlib.MSC2946SpacesResponse, error) {
-				res, err := intAPI.MSC2946Spaces(ctx, req.S, req.RoomID, req.SuggestedOnly)
+				res, err := intAPI.MSC2946Spaces(ctx, req.Origin, req.S, req.RoomID, req.SuggestedOnly)
 				return &res, federationClientError(err)
 			},
 		),
--- a/federationapi/queue/destinationqueue.go
+++ b/federationapi/queue/destinationqueue.go
@ -50,7 +50,7 @@ type destinationQueue struct {
 	queues             *OutgoingQueues
 	db                 storage.Database
 	process            *process.ProcessContext
-	signing            map[gomatrixserverlib.ServerName]*SigningInfo
+	signing            map[gomatrixserverlib.ServerName]*gomatrixserverlib.SigningIdentity
 	rsAPI              api.FederationRoomserverAPI
 	client             fedapi.FederationClient         // federation client
 	origin             gomatrixserverlib.ServerName    // origin of requests
--- a/federationapi/queue/queue.go
+++ b/federationapi/queue/queue.go
@ -15,7 +15,6 @@
 package queue

 import (
-	"crypto/ed25519"
 	"encoding/json"
 	"fmt"
 	"sync"
@ -46,7 +45,7 @@ type OutgoingQueues struct {
 	origin      gomatrixserverlib.ServerName
 	client      fedapi.FederationClient
 	statistics  *statistics.Statistics
-	signing     map[gomatrixserverlib.ServerName]*SigningInfo
+	signing     map[gomatrixserverlib.ServerName]*gomatrixserverlib.SigningIdentity
 	queuesMutex sync.Mutex // protects the below
 	queues      map[gomatrixserverlib.ServerName]*destinationQueue
 }
@ -91,7 +90,7 @@ func NewOutgoingQueues(
 	client fedapi.FederationClient,
 	rsAPI api.FederationRoomserverAPI,
 	statistics *statistics.Statistics,
-	signing map[gomatrixserverlib.ServerName]*SigningInfo,
+	signing []*gomatrixserverlib.SigningIdentity,
 ) *OutgoingQueues {
 	queues := &OutgoingQueues{
 		disabled:   disabled,
@ -101,9 +100,12 @@ func NewOutgoingQueues(
 		origin:     origin,
 		client:     client,
 		statistics: statistics,
-		signing:    signing,
+		signing:    map[gomatrixserverlib.ServerName]*gomatrixserverlib.SigningIdentity{},
 		queues:     map[gomatrixserverlib.ServerName]*destinationQueue{},
 	}
+	for _, identity := range signing {
+		queues.signing[identity.ServerName] = identity
+	}
 	// Look up which servers we have pending items for and then rehydrate those queues.
 	if !disabled {
 		serverNames := map[gomatrixserverlib.ServerName]struct{}{}
@ -135,14 +137,6 @@ func NewOutgoingQueues(
 	return queues
 }

-// TODO: Move this somewhere useful for other components as we often need to ferry these 3 variables
-// around together
-type SigningInfo struct {
-	ServerName gomatrixserverlib.ServerName
-	KeyID      gomatrixserverlib.KeyID
-	PrivateKey ed25519.PrivateKey
-}
-
 type queuedPDU struct {
 	receipt *shared.Receipt
 	pdu     *gomatrixserverlib.HeaderedEvent
--- a/federationapi/queue/queue_test.go
+++ b/federationapi/queue/queue_test.go
@ -350,8 +350,8 @@ func testSetup(failuresUntilBlacklist uint32, shouldTxSucceed bool, t *testing.T
 	}
 	rs := &stubFederationRoomServerAPI{}
 	stats := statistics.NewStatistics(db, failuresUntilBlacklist)
-	signingInfo := map[gomatrixserverlib.ServerName]*SigningInfo{
-		"localhost": {
+	signingInfo := []*gomatrixserverlib.SigningIdentity{
+		{
 			KeyID:      "ed21019:auto",
 			PrivateKey: test.PrivateKeyA,
 			ServerName: "localhost",
--- a/federationapi/routing/backfill.go
+++ b/federationapi/routing/backfill.go
@ -82,7 +82,8 @@ func Backfill(
 		BackwardsExtremities: map[string][]string{
 			"": eIDs,
 		},
-		ServerName: request.Origin(),
+		ServerName:  request.Origin(),
+		VirtualHost: request.Destination(),
 	}
 	if req.Limit, err = strconv.Atoi(limit); err != nil {
 		util.GetLogger(httpReq.Context()).WithError(err).Error("strconv.Atoi failed")
@ -123,7 +124,7 @@ func Backfill(
 	}

 	txn := gomatrixserverlib.Transaction{
-		Origin:         cfg.Matrix.ServerName,
+		Origin:         request.Destination(),
 		PDUs:           eventJSONs,
 		OriginServerTS: gomatrixserverlib.AsTimestamp(time.Now()),
 	}
--- a/federationapi/routing/invite.go
+++ b/federationapi/routing/invite.go
@ -140,6 +140,21 @@ func processInvite(
 		}
 	}

+	if event.StateKey() == nil {
+		return util.JSONResponse{
+			Code: http.StatusBadRequest,
+			JSON: jsonerror.BadJSON("The invite event has no state key"),
+		}
+	}
+
+	_, domain, err := cfg.Matrix.SplitLocalID('@', *event.StateKey())
+	if err != nil {
+		return util.JSONResponse{
+			Code: http.StatusBadRequest,
+			JSON: jsonerror.InvalidArgumentValue(fmt.Sprintf("The user ID is invalid or domain %q does not belong to this server", domain)),
+		}
+	}
+
 	// Check that the event is signed by the server sending the request.
 	redacted, err := gomatrixserverlib.RedactEventJSON(event.JSON(), event.Version())
 	if err != nil {
@ -175,7 +190,7 @@ func processInvite(

 	// Sign the event so that other servers will know that we have received the invite.
 	signedEvent := event.Sign(
-		string(cfg.Matrix.ServerName), cfg.Matrix.KeyID, cfg.Matrix.PrivateKey,
+		string(domain), cfg.Matrix.KeyID, cfg.Matrix.PrivateKey,
 	)

 	// Add the invite event to the roomserver.
--- a/federationapi/routing/join.go
+++ b/federationapi/routing/join.go
@ -131,10 +131,20 @@ func MakeJoin(
 		return jsonerror.InternalServerError()
 	}

+	identity, err := cfg.Matrix.SigningIdentityFor(request.Destination())
+	if err != nil {
+		return util.JSONResponse{
+			Code: http.StatusNotFound,
+			JSON: jsonerror.NotFound(
+				fmt.Sprintf("Server name %q does not exist", request.Destination()),
+			),
+		}
+	}
+
 	queryRes := api.QueryLatestEventsAndStateResponse{
 		RoomVersion: verRes.RoomVersion,
 	}
-	event, err := eventutil.QueryAndBuildEvent(httpReq.Context(), &builder, cfg.Matrix, time.Now(), rsAPI, &queryRes)
+	event, err := eventutil.QueryAndBuildEvent(httpReq.Context(), &builder, cfg.Matrix, identity, time.Now(), rsAPI, &queryRes)
 	if err == eventutil.ErrRoomNoExists {
 		return util.JSONResponse{
 			Code: http.StatusNotFound,
--- a/federationapi/routing/keys.go
+++ b/federationapi/routing/keys.go
@ -16,7 +16,6 @@ package routing

 import (
 	"encoding/json"
-	"fmt"
 	"net/http"
 	"time"

@ -136,38 +135,52 @@ func ClaimOneTimeKeys(
 // LocalKeys returns the local keys for the server.
 // See https://matrix.org/docs/spec/server_server/unstable.html#publishing-keys
 func LocalKeys(cfg *config.FederationAPI, serverName gomatrixserverlib.ServerName) util.JSONResponse {
-	keys, err := localKeys(cfg, serverName, time.Now().Add(cfg.Matrix.KeyValidityPeriod))
+	keys, err := localKeys(cfg, serverName)
 	if err != nil {
-		return util.ErrorResponse(err)
+		return util.MessageResponse(http.StatusNotFound, err.Error())
 	}
 	return util.JSONResponse{Code: http.StatusOK, JSON: keys}
 }

-func localKeys(cfg *config.FederationAPI, serverName gomatrixserverlib.ServerName, validUntil time.Time) (*gomatrixserverlib.ServerKeys, error) {
+func localKeys(cfg *config.FederationAPI, serverName gomatrixserverlib.ServerName) (*gomatrixserverlib.ServerKeys, error) {
 	var keys gomatrixserverlib.ServerKeys
-	if !cfg.Matrix.IsLocalServerName(serverName) {
-		return nil, fmt.Errorf("server name not known")
-	}
-
-	keys.ServerName = serverName
-	keys.ValidUntilTS = gomatrixserverlib.AsTimestamp(validUntil)
-
-	publicKey := cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey)
-
-	keys.VerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.VerifyKey{
-		cfg.Matrix.KeyID: {
-			Key: gomatrixserverlib.Base64Bytes(publicKey),
-		},
-	}
-
-	keys.OldVerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.OldVerifyKey{}
-	for _, oldVerifyKey := range cfg.Matrix.OldVerifyKeys {
-		keys.OldVerifyKeys[oldVerifyKey.KeyID] = gomatrixserverlib.OldVerifyKey{
-			VerifyKey: gomatrixserverlib.VerifyKey{
-				Key: oldVerifyKey.PublicKey,
-			},
-			ExpiredTS: oldVerifyKey.ExpiredAt,
+	var virtualHost *config.VirtualHost
+	for _, v := range cfg.Matrix.VirtualHosts {
+		if v.ServerName != serverName {
+			continue
 		}
+		virtualHost = v
+	}
+
+	if virtualHost == nil {
+		publicKey := cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey)
+		keys.ServerName = cfg.Matrix.ServerName
+		keys.ValidUntilTS = gomatrixserverlib.AsTimestamp(time.Now().Add(cfg.Matrix.KeyValidityPeriod))
+		keys.VerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.VerifyKey{
+			cfg.Matrix.KeyID: {
+				Key: gomatrixserverlib.Base64Bytes(publicKey),
+			},
+		}
+		keys.OldVerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.OldVerifyKey{}
+		for _, oldVerifyKey := range cfg.Matrix.OldVerifyKeys {
+			keys.OldVerifyKeys[oldVerifyKey.KeyID] = gomatrixserverlib.OldVerifyKey{
+				VerifyKey: gomatrixserverlib.VerifyKey{
+					Key: oldVerifyKey.PublicKey,
+				},
+				ExpiredTS: oldVerifyKey.ExpiredAt,
+			}
+		}
+	} else {
+		publicKey := virtualHost.PrivateKey.Public().(ed25519.PublicKey)
+		keys.ServerName = virtualHost.ServerName
+		keys.ValidUntilTS = gomatrixserverlib.AsTimestamp(time.Now().Add(virtualHost.KeyValidityPeriod))
+		keys.VerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.VerifyKey{
+			virtualHost.KeyID: {
+				Key: gomatrixserverlib.Base64Bytes(publicKey),
+			},
+		}
+		// TODO: Virtual hosts probably want to be able to specify old signing
+		// keys too, just in case
 	}

 	toSign, err := json.Marshal(keys.ServerKeyFields)
@ -213,7 +226,7 @@ func NotaryKeys(
 	for serverName, kidToCriteria := range req.ServerKeys {
 		var keyList []gomatrixserverlib.ServerKeys
 		if serverName == cfg.Matrix.ServerName {
-			if k, err := localKeys(cfg, serverName, time.Now().Add(cfg.Matrix.KeyValidityPeriod)); err == nil {
+			if k, err := localKeys(cfg, serverName); err == nil {
 				keyList = append(keyList, *k)
 			} else {
 				return util.ErrorResponse(err)
--- a/federationapi/routing/leave.go
+++ b/federationapi/routing/leave.go
@ -13,6 +13,7 @@
 package routing

 import (
+	"fmt"
 	"net/http"
 	"time"

@ -60,8 +61,18 @@ func MakeLeave(
 		return jsonerror.InternalServerError()
 	}

+	identity, err := cfg.Matrix.SigningIdentityFor(request.Destination())
+	if err != nil {
+		return util.JSONResponse{
+			Code: http.StatusNotFound,
+			JSON: jsonerror.NotFound(
+				fmt.Sprintf("Server name %q does not exist", request.Destination()),
+			),
+		}
+	}
+
 	var queryRes api.QueryLatestEventsAndStateResponse
-	event, err := eventutil.QueryAndBuildEvent(httpReq.Context(), &builder, cfg.Matrix, time.Now(), rsAPI, &queryRes)
+	event, err := eventutil.QueryAndBuildEvent(httpReq.Context(), &builder, cfg.Matrix, identity, time.Now(), rsAPI, &queryRes)
 	if err == eventutil.ErrRoomNoExists {
 		return util.JSONResponse{
 			Code: http.StatusNotFound,
--- a/federationapi/routing/profile.go
+++ b/federationapi/routing/profile.go
@ -22,7 +22,6 @@ import (
 	"github.com/matrix-org/dendrite/internal/eventutil"
 	"github.com/matrix-org/dendrite/setup/config"
 	userapi "github.com/matrix-org/dendrite/userapi/api"
-	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/util"
 )

@ -42,16 +41,9 @@ func GetProfile(
 		}
 	}

-	_, domain, err := gomatrixserverlib.SplitID('@', userID)
+	_, domain, err := cfg.Matrix.SplitLocalID('@', userID)
 	if err != nil {
 		util.GetLogger(httpReq.Context()).WithError(err).Error("gomatrixserverlib.SplitID failed")
-		return util.JSONResponse{
-			Code: http.StatusBadRequest,
-			JSON: jsonerror.MissingArgument(fmt.Sprintf("Format of user ID %q is invalid", userID)),
-		}
-	}
-
-	if domain != cfg.Matrix.ServerName {
 		return util.JSONResponse{
 			Code: http.StatusBadRequest,
 			JSON: jsonerror.InvalidArgumentValue(fmt.Sprintf("Domain %q does not match this server", domain)),
--- a/federationapi/routing/query.go
+++ b/federationapi/routing/query.go
@ -83,7 +83,7 @@ func RoomAliasToID(
 			}
 		}
 	} else {
-		resp, err = federation.LookupRoomAlias(httpReq.Context(), domain, roomAlias)
+		resp, err = federation.LookupRoomAlias(httpReq.Context(), domain, cfg.Matrix.ServerName, roomAlias)
 		if err != nil {
 			switch x := err.(type) {
 			case gomatrix.HTTPError:
--- a/federationapi/routing/send.go
+++ b/federationapi/routing/send.go
@ -197,12 +197,12 @@ type txnReq struct {

 // A subset of FederationClient functionality that txn requires. Useful for testing.
 type txnFederationClient interface {
-	LookupState(ctx context.Context, s gomatrixserverlib.ServerName, roomID string, eventID string, roomVersion gomatrixserverlib.RoomVersion) (
+	LookupState(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string, eventID string, roomVersion gomatrixserverlib.RoomVersion) (
 		res gomatrixserverlib.RespState, err error,
 	)
-	LookupStateIDs(ctx context.Context, s gomatrixserverlib.ServerName, roomID string, eventID string) (res gomatrixserverlib.RespStateIDs, err error)
-	GetEvent(ctx context.Context, s gomatrixserverlib.ServerName, eventID string) (res gomatrixserverlib.Transaction, err error)
-	LookupMissingEvents(ctx context.Context, s gomatrixserverlib.ServerName, roomID string, missing gomatrixserverlib.MissingEvents,
+	LookupStateIDs(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string, eventID string) (res gomatrixserverlib.RespStateIDs, err error)
+	GetEvent(ctx context.Context, origin, s gomatrixserverlib.ServerName, eventID string) (res gomatrixserverlib.Transaction, err error)
+	LookupMissingEvents(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string, missing gomatrixserverlib.MissingEvents,
 		roomVersion gomatrixserverlib.RoomVersion) (res gomatrixserverlib.RespMissingEvents, err error)
 }

@ -287,6 +287,7 @@ func (t *txnReq) processTransaction(ctx context.Context) (*gomatrixserverlib.Res
 			[]*gomatrixserverlib.HeaderedEvent{
 				event.Headered(roomVersion),
 			},
+			t.Destination,
 			t.Origin,
 			api.DoNotSendToOtherServers,
 			nil,
--- a/federationapi/routing/send_test.go
+++ b/federationapi/routing/send_test.go
@ -147,7 +147,7 @@ type txnFedClient struct {
 	getMissingEvents func(gomatrixserverlib.MissingEvents) (res gomatrixserverlib.RespMissingEvents, err error)
 }

-func (c *txnFedClient) LookupState(ctx context.Context, s gomatrixserverlib.ServerName, roomID string, eventID string, roomVersion gomatrixserverlib.RoomVersion) (
+func (c *txnFedClient) LookupState(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string, eventID string, roomVersion gomatrixserverlib.RoomVersion) (
 	res gomatrixserverlib.RespState, err error,
 ) {
 	fmt.Println("testFederationClient.LookupState", eventID)
@ -159,7 +159,7 @@ func (c *txnFedClient) LookupState(ctx context.Context, s gomatrixserverlib.Serv
 	res = r
 	return
 }
-func (c *txnFedClient) LookupStateIDs(ctx context.Context, s gomatrixserverlib.ServerName, roomID string, eventID string) (res gomatrixserverlib.RespStateIDs, err error) {
+func (c *txnFedClient) LookupStateIDs(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string, eventID string) (res gomatrixserverlib.RespStateIDs, err error) {
 	fmt.Println("testFederationClient.LookupStateIDs", eventID)
 	r, ok := c.stateIDs[eventID]
 	if !ok {
@ -169,7 +169,7 @@ func (c *txnFedClient) LookupStateIDs(ctx context.Context, s gomatrixserverlib.S
 	res = r
 	return
 }
-func (c *txnFedClient) GetEvent(ctx context.Context, s gomatrixserverlib.ServerName, eventID string) (res gomatrixserverlib.Transaction, err error) {
+func (c *txnFedClient) GetEvent(ctx context.Context, origin, s gomatrixserverlib.ServerName, eventID string) (res gomatrixserverlib.Transaction, err error) {
 	fmt.Println("testFederationClient.GetEvent", eventID)
 	r, ok := c.getEvent[eventID]
 	if !ok {
@ -179,7 +179,7 @@ func (c *txnFedClient) GetEvent(ctx context.Context, s gomatrixserverlib.ServerN
 	res = r
 	return
 }
-func (c *txnFedClient) LookupMissingEvents(ctx context.Context, s gomatrixserverlib.ServerName, roomID string, missing gomatrixserverlib.MissingEvents,
+func (c *txnFedClient) LookupMissingEvents(ctx context.Context, origin, s gomatrixserverlib.ServerName, roomID string, missing gomatrixserverlib.MissingEvents,
 	roomVersion gomatrixserverlib.RoomVersion) (res gomatrixserverlib.RespMissingEvents, err error) {
 	return c.getMissingEvents(missing)
 }
--- a/federationapi/routing/threepid.go
+++ b/federationapi/routing/threepid.go
@ -90,7 +90,17 @@ func CreateInvitesFrom3PIDInvites(
 	}

 	// Send all the events
-	if err := api.SendEvents(req.Context(), rsAPI, api.KindNew, evs, "TODO", cfg.Matrix.ServerName, nil, false); err != nil {
+	if err := api.SendEvents(
+		req.Context(),
+		rsAPI,
+		api.KindNew,
+		evs,
+		cfg.Matrix.ServerName, // TODO: which virtual host?
+		"TODO",
+		cfg.Matrix.ServerName,
+		nil,
+		false,
+	); err != nil {
 		util.GetLogger(req.Context()).WithError(err).Error("SendEvents failed")
 		return jsonerror.InternalServerError()
 	}
@ -126,6 +136,14 @@ func ExchangeThirdPartyInvite(
 		}
 	}

+	_, senderDomain, err := cfg.Matrix.SplitLocalID('@', builder.Sender)
+	if err != nil {
+		return util.JSONResponse{
+			Code: http.StatusBadRequest,
+			JSON: jsonerror.BadJSON("Invalid sender ID: " + err.Error()),
+		}
+	}
+
 	// Check that the state key is correct.
 	_, targetDomain, err := gomatrixserverlib.SplitID('@', *builder.StateKey)
 	if err != nil {
@ -171,7 +189,7 @@ func ExchangeThirdPartyInvite(
 		util.GetLogger(httpReq.Context()).WithError(err).Error("failed to make invite v2 request")
 		return jsonerror.InternalServerError()
 	}
-	signedEvent, err := federation.SendInviteV2(httpReq.Context(), request.Origin(), inviteReq)
+	signedEvent, err := federation.SendInviteV2(httpReq.Context(), senderDomain, request.Origin(), inviteReq)
 	if err != nil {
 		util.GetLogger(httpReq.Context()).WithError(err).Error("federation.SendInvite failed")
 		return jsonerror.InternalServerError()
@ -189,6 +207,7 @@ func ExchangeThirdPartyInvite(
 		[]*gomatrixserverlib.HeaderedEvent{
 			inviteEvent.Headered(verRes.RoomVersion),
 		},
+		request.Destination(),
 		request.Origin(),
 		cfg.Matrix.ServerName,
 		nil,
@ -341,7 +360,7 @@ func buildMembershipEvent(
 // them responded with an error.
 func sendToRemoteServer(
 	ctx context.Context, inv invite,
-	federation federationAPI.FederationClient, _ *config.FederationAPI,
+	federation federationAPI.FederationClient, cfg *config.FederationAPI,
 	builder gomatrixserverlib.EventBuilder,
 ) (err error) {
 	remoteServers := make([]gomatrixserverlib.ServerName, 2)
@ -357,7 +376,7 @@ func sendToRemoteServer(
 	}

 	for _, server := range remoteServers {
-		err = federation.ExchangeThirdPartyInvite(ctx, server, builder)
+		err = federation.ExchangeThirdPartyInvite(ctx, cfg.Matrix.ServerName, server, builder)
 		if err == nil {
 			return
 		}