Federation fixes for virtual hosting

2025-08-05 15:42:46 +00:00 · 2022-11-15 15:05:23 +00:00 · 2022-11-15 15:05:23 +00:00 · 6650712a1c
commit 6650712a1c
parent f4ee397734
73 changed files with 736 additions and 420 deletions
--- a/federationapi/routing/keys.go
+++ b/federationapi/routing/keys.go
@ -16,7 +16,6 @@ package routing

 import (
 	"encoding/json"
-	"fmt"
 	"net/http"
 	"time"

@ -136,38 +135,52 @@ func ClaimOneTimeKeys(
 // LocalKeys returns the local keys for the server.
 // See https://matrix.org/docs/spec/server_server/unstable.html#publishing-keys
 func LocalKeys(cfg *config.FederationAPI, serverName gomatrixserverlib.ServerName) util.JSONResponse {
-	keys, err := localKeys(cfg, serverName, time.Now().Add(cfg.Matrix.KeyValidityPeriod))
+	keys, err := localKeys(cfg, serverName)
 	if err != nil {
-		return util.ErrorResponse(err)
+		return util.MessageResponse(http.StatusNotFound, err.Error())
 	}
 	return util.JSONResponse{Code: http.StatusOK, JSON: keys}
 }

-func localKeys(cfg *config.FederationAPI, serverName gomatrixserverlib.ServerName, validUntil time.Time) (*gomatrixserverlib.ServerKeys, error) {
+func localKeys(cfg *config.FederationAPI, serverName gomatrixserverlib.ServerName) (*gomatrixserverlib.ServerKeys, error) {
 	var keys gomatrixserverlib.ServerKeys
-	if !cfg.Matrix.IsLocalServerName(serverName) {
-		return nil, fmt.Errorf("server name not known")
-	}
-
-	keys.ServerName = serverName
-	keys.ValidUntilTS = gomatrixserverlib.AsTimestamp(validUntil)
-
-	publicKey := cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey)
-
-	keys.VerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.VerifyKey{
-		cfg.Matrix.KeyID: {
-			Key: gomatrixserverlib.Base64Bytes(publicKey),
-		},
-	}
-
-	keys.OldVerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.OldVerifyKey{}
-	for _, oldVerifyKey := range cfg.Matrix.OldVerifyKeys {
-		keys.OldVerifyKeys[oldVerifyKey.KeyID] = gomatrixserverlib.OldVerifyKey{
-			VerifyKey: gomatrixserverlib.VerifyKey{
-				Key: oldVerifyKey.PublicKey,
-			},
-			ExpiredTS: oldVerifyKey.ExpiredAt,
+	var virtualHost *config.VirtualHost
+	for _, v := range cfg.Matrix.VirtualHosts {
+		if v.ServerName != serverName {
+			continue
 		}
+		virtualHost = v
+	}
+
+	if virtualHost == nil {
+		publicKey := cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey)
+		keys.ServerName = cfg.Matrix.ServerName
+		keys.ValidUntilTS = gomatrixserverlib.AsTimestamp(time.Now().Add(cfg.Matrix.KeyValidityPeriod))
+		keys.VerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.VerifyKey{
+			cfg.Matrix.KeyID: {
+				Key: gomatrixserverlib.Base64Bytes(publicKey),
+			},
+		}
+		keys.OldVerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.OldVerifyKey{}
+		for _, oldVerifyKey := range cfg.Matrix.OldVerifyKeys {
+			keys.OldVerifyKeys[oldVerifyKey.KeyID] = gomatrixserverlib.OldVerifyKey{
+				VerifyKey: gomatrixserverlib.VerifyKey{
+					Key: oldVerifyKey.PublicKey,
+				},
+				ExpiredTS: oldVerifyKey.ExpiredAt,
+			}
+		}
+	} else {
+		publicKey := virtualHost.PrivateKey.Public().(ed25519.PublicKey)
+		keys.ServerName = virtualHost.ServerName
+		keys.ValidUntilTS = gomatrixserverlib.AsTimestamp(time.Now().Add(virtualHost.KeyValidityPeriod))
+		keys.VerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.VerifyKey{
+			virtualHost.KeyID: {
+				Key: gomatrixserverlib.Base64Bytes(publicKey),
+			},
+		}
+		// TODO: Virtual hosts probably want to be able to specify old signing
+		// keys too, just in case
 	}

 	toSign, err := json.Marshal(keys.ServerKeyFields)
@ -213,7 +226,7 @@ func NotaryKeys(
 	for serverName, kidToCriteria := range req.ServerKeys {
 		var keyList []gomatrixserverlib.ServerKeys
 		if serverName == cfg.Matrix.ServerName {
-			if k, err := localKeys(cfg, serverName, time.Now().Add(cfg.Matrix.KeyValidityPeriod)); err == nil {
+			if k, err := localKeys(cfg, serverName); err == nil {
 				keyList = append(keyList, *k)
 			} else {
 				return util.ErrorResponse(err)