Server key component (#1050)

* Server key API (works for monolith but not for polylith yet) * Re-enable caching on server key API component * Groundwork for HTTP APIs for server key API * Hopefully implement HTTP for server key API * Simplify public key request marshalling from map keys * Update gomatrixserverlib * go mod tidy * Common -> internal * remove keyring.go * Update Docker Hub for server key API * YAML is funny about indentation * Wire in new server key API into hybrid monolith mode * Create maps * Route server key API endpoints on internal API mux * Fix server key API URLs * Add fetcher behaviour into server key API implementation * Return error if we failed to fetch some keys * Return results anyway * Move things about a bit * Remove unused code * Fix comments, don't use federation sender URL in polylith mode * Add server_key_api to sample config * Review comments * HTTP API to cache keys that have been requested * Overwrite server_key_api listen in monolith hybrid mode
2025-07-29 12:42:46 +00:00 · 2020-05-27 10:19:24 +01:00 · 2020-05-27 10:19:24 +01:00 · 7d6461dd3c
commit 7d6461dd3c
parent 267a4d1823
31 changed files with 542 additions and 169 deletions
--- a/internal/basecomponent/base.go
+++ b/internal/basecomponent/base.go
@ -21,12 +21,8 @@ import (
 	"net/url"
 	"time"

-	"golang.org/x/crypto/ed25519"
-
 	"github.com/matrix-org/dendrite/internal/caching"
 	"github.com/matrix-org/dendrite/internal/httpapis"
-	"github.com/matrix-org/dendrite/internal/keydb"
-	"github.com/matrix-org/dendrite/internal/keydb/cache"
 	"github.com/matrix-org/dendrite/internal/sqlutil"
 	"github.com/matrix-org/gomatrixserverlib"
 	"github.com/matrix-org/naffka"
@ -43,6 +39,7 @@ import (
 	federationSenderAPI "github.com/matrix-org/dendrite/federationsender/api"
 	"github.com/matrix-org/dendrite/internal/config"
 	roomserverAPI "github.com/matrix-org/dendrite/roomserver/api"
+	serverKeyAPI "github.com/matrix-org/dendrite/serverkeyapi/api"
 	"github.com/sirupsen/logrus"

 	_ "net/http/pprof"
@ -157,6 +154,20 @@ func (b *BaseDendrite) CreateHTTPFederationSenderAPIs() federationSenderAPI.Fede
 	return f
 }

+// CreateHTTPServerKeyAPIs returns ServerKeyInternalAPI for hitting the server key
+// API over HTTP
+func (b *BaseDendrite) CreateHTTPServerKeyAPIs() serverKeyAPI.ServerKeyInternalAPI {
+	f, err := serverKeyAPI.NewServerKeyInternalAPIHTTP(
+		b.Cfg.ServerKeyAPIURL(),
+		b.httpClient,
+		b.ImmutableCache,
+	)
+	if err != nil {
+		logrus.WithError(err).Panic("NewServerKeyInternalAPIHTTP failed", b.httpClient)
+	}
+	return f
+}
+
 // CreateDeviceDB creates a new instance of the device database. Should only be
 // called once per component.
 func (b *BaseDendrite) CreateDeviceDB() devices.Database {
@ -179,27 +190,6 @@ func (b *BaseDendrite) CreateAccountsDB() accounts.Database {
 	return db
 }

-// CreateKeyDB creates a new instance of the key database. Should only be called
-// once per component.
-func (b *BaseDendrite) CreateKeyDB() keydb.Database {
-	db, err := keydb.NewDatabase(
-		string(b.Cfg.Database.ServerKey),
-		b.Cfg.DbProperties(),
-		b.Cfg.Matrix.ServerName,
-		b.Cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey),
-		b.Cfg.Matrix.KeyID,
-	)
-	if err != nil {
-		logrus.WithError(err).Panicf("failed to connect to keys db")
-	}
-
-	cachedDB, err := cache.NewKeyDatabase(db, b.ImmutableCache)
-	if err != nil {
-		logrus.WithError(err).Panicf("failed to create key cache wrapper")
-	}
-	return cachedDB
-}
-
 // CreateFederationClient creates a new federation client. Should only be called
 // once per component.
 func (b *BaseDendrite) CreateFederationClient() *gomatrixserverlib.FederationClient {
--- a/internal/config/config.go
+++ b/internal/config/config.go
@ -223,6 +223,7 @@ type Dendrite struct {
 		MediaAPI         Address `yaml:"media_api"`
 		ClientAPI        Address `yaml:"client_api"`
 		FederationAPI    Address `yaml:"federation_api"`
+		ServerKeyAPI     Address `yaml:"server_key_api"`
 		AppServiceAPI    Address `yaml:"appservice_api"`
 		SyncAPI          Address `yaml:"sync_api"`
 		RoomServer       Address `yaml:"room_server"`
@ -237,6 +238,7 @@ type Dendrite struct {
 		MediaAPI         Address `yaml:"media_api"`
 		ClientAPI        Address `yaml:"client_api"`
 		FederationAPI    Address `yaml:"federation_api"`
+		ServerKeyAPI     Address `yaml:"server_key_api"`
 		AppServiceAPI    Address `yaml:"appservice_api"`
 		SyncAPI          Address `yaml:"sync_api"`
 		RoomServer       Address `yaml:"room_server"`
@ -620,6 +622,7 @@ func (config *Dendrite) checkListen(configErrs *configErrors) {
 	checkNotEmpty(configErrs, "listen.sync_api", string(config.Listen.SyncAPI))
 	checkNotEmpty(configErrs, "listen.room_server", string(config.Listen.RoomServer))
 	checkNotEmpty(configErrs, "listen.edu_server", string(config.Listen.EDUServer))
+	checkNotEmpty(configErrs, "listen.server_key_api", string(config.Listen.EDUServer))
 }

 // checkLogging verifies the parameters logging.* are valid.
@ -751,6 +754,15 @@ func (config *Dendrite) FederationSenderURL() string {
 	return "http://" + string(config.Listen.FederationSender)
 }

+// FederationSenderURL returns an HTTP URL for where the federation sender is listening.
+func (config *Dendrite) ServerKeyAPIURL() string {
+	// Hard code the server key API server to talk HTTP for now.
+	// If we support HTTPS we need to think of a practical way to do certificate validation.
+	// People setting up servers shouldn't need to get a certificate valid for the public
+	// internet for an internal API.
+	return "http://" + string(config.Listen.ServerKeyAPI)
+}
+
 // SetupTracing configures the opentracing using the supplied configuration.
 func (config *Dendrite) SetupTracing(serviceName string) (closer io.Closer, err error) {
 	if !config.Tracing.Enabled {
--- a/internal/keydb/cache/keydb.go
+++ b/internal/keydb/cache/keydb.go
@ -1,69 +0,0 @@
-package cache
-
-import (
-	"context"
-	"errors"
-
-	"github.com/matrix-org/dendrite/internal/caching"
-	"github.com/matrix-org/dendrite/internal/keydb"
-	"github.com/matrix-org/gomatrixserverlib"
-)
-
-// A Database implements gomatrixserverlib.KeyDatabase and is used to store
-// the public keys for other matrix servers.
-type KeyDatabase struct {
-	inner keydb.Database
-	cache caching.ImmutableCache
-}
-
-func NewKeyDatabase(inner keydb.Database, cache caching.ImmutableCache) (*KeyDatabase, error) {
-	if inner == nil {
-		return nil, errors.New("inner database can't be nil")
-	}
-	if cache == nil {
-		return nil, errors.New("cache can't be nil")
-	}
-	return &KeyDatabase{
-		inner: inner,
-		cache: cache,
-	}, nil
-}
-
-// FetcherName implements KeyFetcher
-func (d KeyDatabase) FetcherName() string {
-	return "InMemoryKeyCache"
-}
-
-// FetchKeys implements gomatrixserverlib.KeyDatabase
-func (d *KeyDatabase) FetchKeys(
-	ctx context.Context,
-	requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
-) (map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult, error) {
-	results := make(map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult)
-	for req := range requests {
-		if res, cached := d.cache.GetServerKey(req); cached {
-			results[req] = res
-			delete(requests, req)
-		}
-	}
-	fromDB, err := d.inner.FetchKeys(ctx, requests)
-	if err != nil {
-		return results, err
-	}
-	for req, res := range fromDB {
-		results[req] = res
-		d.cache.StoreServerKey(req, res)
-	}
-	return results, nil
-}
-
-// StoreKeys implements gomatrixserverlib.KeyDatabase
-func (d *KeyDatabase) StoreKeys(
-	ctx context.Context,
-	keyMap map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult,
-) error {
-	for req, res := range keyMap {
-		d.cache.StoreServerKey(req, res)
-	}
-	return d.inner.StoreKeys(ctx, keyMap)
-}
--- a/internal/keydb/interface.go
+++ b/internal/keydb/interface.go
@ -1,13 +0,0 @@
-package keydb
-
-import (
-	"context"
-
-	"github.com/matrix-org/gomatrixserverlib"
-)
-
-type Database interface {
-	FetcherName() string
-	FetchKeys(ctx context.Context, requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp) (map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult, error)
-	StoreKeys(ctx context.Context, keyMap map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult) error
-}
--- a/internal/keydb/keydb.go
+++ b/internal/keydb/keydb.go
@ -1,50 +0,0 @@
-// Copyright 2020 The Matrix.org Foundation C.I.C.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// +build !wasm
-
-package keydb
-
-import (
-	"net/url"
-
-	"golang.org/x/crypto/ed25519"
-
-	"github.com/matrix-org/dendrite/internal"
-	"github.com/matrix-org/dendrite/internal/keydb/postgres"
-	"github.com/matrix-org/dendrite/internal/keydb/sqlite3"
-	"github.com/matrix-org/gomatrixserverlib"
-)
-
-// NewDatabase opens a database connection.
-func NewDatabase(
-	dataSourceName string,
-	dbProperties internal.DbProperties,
-	serverName gomatrixserverlib.ServerName,
-	serverKey ed25519.PublicKey,
-	serverKeyID gomatrixserverlib.KeyID,
-) (Database, error) {
-	uri, err := url.Parse(dataSourceName)
-	if err != nil {
-		return postgres.NewDatabase(dataSourceName, dbProperties, serverName, serverKey, serverKeyID)
-	}
-	switch uri.Scheme {
-	case "postgres":
-		return postgres.NewDatabase(dataSourceName, dbProperties, serverName, serverKey, serverKeyID)
-	case "file":
-		return sqlite3.NewDatabase(dataSourceName, serverName, serverKey, serverKeyID)
-	default:
-		return postgres.NewDatabase(dataSourceName, dbProperties, serverName, serverKey, serverKeyID)
-	}
-}
--- a/internal/keydb/keydb_wasm.go
+++ b/internal/keydb/keydb_wasm.go
@ -1,48 +0,0 @@
-// Copyright 2020 The Matrix.org Foundation C.I.C.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package keydb
-
-import (
-	"fmt"
-	"net/url"
-
-	"golang.org/x/crypto/ed25519"
-
-	"github.com/matrix-org/dendrite/internal"
-	"github.com/matrix-org/dendrite/internal/keydb/sqlite3"
-	"github.com/matrix-org/gomatrixserverlib"
-)
-
-// NewDatabase opens a database connection.
-func NewDatabase(
-	dataSourceName string,
-	dbProperties internal.DbProperties, // nolint:unparam
-	serverName gomatrixserverlib.ServerName,
-	serverKey ed25519.PublicKey,
-	serverKeyID gomatrixserverlib.KeyID,
-) (Database, error) {
-	uri, err := url.Parse(dataSourceName)
-	if err != nil {
-		return nil, err
-	}
-	switch uri.Scheme {
-	case "postgres":
-		return nil, fmt.Errorf("Cannot use postgres implementation")
-	case "file":
-		return sqlite3.NewDatabase(uri.Path, serverName, serverKey, serverKeyID)
-	default:
-		return nil, fmt.Errorf("Cannot use postgres implementation")
-	}
-}
--- a/internal/keydb/keyring.go
+++ b/internal/keydb/keyring.go
@ -1,74 +0,0 @@
-// Copyright 2017 New Vector Ltd
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package keydb
-
-import (
-	"encoding/base64"
-
-	"github.com/matrix-org/dendrite/internal/config"
-	"github.com/matrix-org/gomatrixserverlib"
-	"github.com/sirupsen/logrus"
-	"golang.org/x/crypto/ed25519"
-)
-
-// CreateKeyRing creates and configures a KeyRing object.
-//
-// It creates the necessary key fetchers and collects them into a KeyRing
-// backed by the given KeyDatabase.
-func CreateKeyRing(client gomatrixserverlib.Client,
-	keyDB gomatrixserverlib.KeyDatabase,
-	cfg config.KeyPerspectives) gomatrixserverlib.KeyRing {
-
-	fetchers := gomatrixserverlib.KeyRing{
-		KeyFetchers: []gomatrixserverlib.KeyFetcher{
-			&gomatrixserverlib.DirectKeyFetcher{
-				Client: client,
-			},
-		},
-		KeyDatabase: keyDB,
-	}
-
-	logrus.Info("Enabled direct key fetcher")
-
-	var b64e = base64.StdEncoding.WithPadding(base64.NoPadding)
-	for _, ps := range cfg {
-		perspective := &gomatrixserverlib.PerspectiveKeyFetcher{
-			PerspectiveServerName: ps.ServerName,
-			PerspectiveServerKeys: map[gomatrixserverlib.KeyID]ed25519.PublicKey{},
-			Client:                client,
-		}
-
-		for _, key := range ps.Keys {
-			rawkey, err := b64e.DecodeString(key.PublicKey)
-			if err != nil {
-				logrus.WithError(err).WithFields(logrus.Fields{
-					"server_name": ps.ServerName,
-					"public_key":  key.PublicKey,
-				}).Warn("Couldn't parse perspective key")
-				continue
-			}
-			perspective.PerspectiveServerKeys[key.KeyID] = rawkey
-		}
-
-		fetchers.KeyFetchers = append(fetchers.KeyFetchers, perspective)
-
-		logrus.WithFields(logrus.Fields{
-			"server_name":     ps.ServerName,
-			"num_public_keys": len(ps.Keys),
-		}).Info("Enabled perspective key fetcher")
-	}
-
-	return fetchers
-}
--- a/internal/keydb/postgres/keydb.go
+++ b/internal/keydb/postgres/keydb.go
@ -1,115 +0,0 @@
-// Copyright 2017-2018 New Vector Ltd
-// Copyright 2019-2020 The Matrix.org Foundation C.I.C.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package postgres
-
-import (
-	"context"
-	"time"
-
-	"golang.org/x/crypto/ed25519"
-
-	"github.com/matrix-org/dendrite/internal"
-	"github.com/matrix-org/dendrite/internal/sqlutil"
-	"github.com/matrix-org/gomatrixserverlib"
-)
-
-// A Database implements gomatrixserverlib.KeyDatabase and is used to store
-// the public keys for other matrix servers.
-type Database struct {
-	statements serverKeyStatements
-}
-
-// NewDatabase prepares a new key database.
-// It creates the necessary tables if they don't already exist.
-// It prepares all the SQL statements that it will use.
-// Returns an error if there was a problem talking to the database.
-func NewDatabase(
-	dataSourceName string,
-	dbProperties internal.DbProperties,
-	serverName gomatrixserverlib.ServerName,
-	serverKey ed25519.PublicKey,
-	serverKeyID gomatrixserverlib.KeyID,
-) (*Database, error) {
-	db, err := sqlutil.Open("postgres", dataSourceName, dbProperties)
-	if err != nil {
-		return nil, err
-	}
-	d := &Database{}
-	err = d.statements.prepare(db)
-	if err != nil {
-		return nil, err
-	}
-	// Store our own keys so that we don't end up making HTTP requests to find our
-	// own keys
-	index := gomatrixserverlib.PublicKeyLookupRequest{
-		ServerName: serverName,
-		KeyID:      serverKeyID,
-	}
-	value := gomatrixserverlib.PublicKeyLookupResult{
-		VerifyKey: gomatrixserverlib.VerifyKey{
-			Key: gomatrixserverlib.Base64String(serverKey),
-		},
-		ValidUntilTS: gomatrixserverlib.AsTimestamp(time.Now().Add(100 * 365 * 24 * time.Hour)),
-		ExpiredTS:    gomatrixserverlib.PublicKeyNotExpired,
-	}
-	err = d.StoreKeys(
-		context.Background(),
-		map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult{
-			index: value,
-		},
-	)
-	if err != nil {
-		return nil, err
-	}
-	return d, nil
-}
-
-// FetcherName implements KeyFetcher
-func (d Database) FetcherName() string {
-	return "PostgresKeyDatabase"
-}
-
-// FetchKeys implements gomatrixserverlib.KeyDatabase
-func (d *Database) FetchKeys(
-	ctx context.Context,
-	requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
-) (map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult, error) {
-	return d.statements.bulkSelectServerKeys(ctx, requests)
-}
-
-// StoreKeys implements gomatrixserverlib.KeyDatabase
-func (d *Database) StoreKeys(
-	ctx context.Context,
-	keyMap map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult,
-) error {
-	// TODO: Inserting all the keys within a single transaction may
-	// be more efficient since the transaction overhead can be quite
-	// high for a single insert statement.
-	var lastErr error
-	for request, keys := range keyMap {
-		if err := d.statements.upsertServerKeys(ctx, request, keys); err != nil {
-			// Rather than returning immediately on error we try to insert the
-			// remaining keys.
-			// Since we are inserting the keys outside of a transaction it is
-			// possible for some of the inserts to succeed even though some
-			// of the inserts have failed.
-			// Ensuring that we always insert all the keys we can means that
-			// this behaviour won't depend on the iteration order of the map.
-			lastErr = err
-		}
-	}
-	return lastErr
-}
--- a/internal/keydb/postgres/server_key_table.go
+++ b/internal/keydb/postgres/server_key_table.go
@ -1,144 +0,0 @@
-// Copyright 2017-2018 New Vector Ltd
-// Copyright 2019-2020 The Matrix.org Foundation C.I.C.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package postgres
-
-import (
-	"context"
-	"database/sql"
-
-	"github.com/matrix-org/dendrite/internal"
-
-	"github.com/lib/pq"
-	"github.com/matrix-org/gomatrixserverlib"
-)
-
-const serverKeysSchema = `
-- A cache of signing keys downloaded from remote servers.
-CREATE TABLE IF NOT EXISTS keydb_server_keys (
-	-- The name of the matrix server the key is for.
-	server_name TEXT NOT NULL,
-	-- The ID of the server key.
-	server_key_id TEXT NOT NULL,
-	-- Combined server name and key ID separated by the ASCII unit separator
-	-- to make it easier to run bulk queries.
-	server_name_and_key_id TEXT NOT NULL,
-	-- When the key is valid until as a millisecond timestamp.
-	-- 0 if this is an expired key (in which case expired_ts will be non-zero)
-	valid_until_ts BIGINT NOT NULL,
-	-- When the key expired as a millisecond timestamp.
-	-- 0 if this is an active key (in which case valid_until_ts will be non-zero)
-	expired_ts BIGINT NOT NULL,
-	-- The base64-encoded public key.
-	server_key TEXT NOT NULL,
-	CONSTRAINT keydb_server_keys_unique UNIQUE (server_name, server_key_id)
-);
-
-CREATE INDEX IF NOT EXISTS keydb_server_name_and_key_id ON keydb_server_keys (server_name_and_key_id);
-`
-
-const bulkSelectServerKeysSQL = "" +
-	"SELECT server_name, server_key_id, valid_until_ts, expired_ts, " +
-	"   server_key FROM keydb_server_keys" +
-	" WHERE server_name_and_key_id = ANY($1)"
-
-const upsertServerKeysSQL = "" +
-	"INSERT INTO keydb_server_keys (server_name, server_key_id," +
-	" server_name_and_key_id, valid_until_ts, expired_ts, server_key)" +
-	" VALUES ($1, $2, $3, $4, $5, $6)" +
-	" ON CONFLICT ON CONSTRAINT keydb_server_keys_unique" +
-	" DO UPDATE SET valid_until_ts = $4, expired_ts = $5, server_key = $6"
-
-type serverKeyStatements struct {
-	bulkSelectServerKeysStmt *sql.Stmt
-	upsertServerKeysStmt     *sql.Stmt
-}
-
-func (s *serverKeyStatements) prepare(db *sql.DB) (err error) {
-	_, err = db.Exec(serverKeysSchema)
-	if err != nil {
-		return
-	}
-	if s.bulkSelectServerKeysStmt, err = db.Prepare(bulkSelectServerKeysSQL); err != nil {
-		return
-	}
-	if s.upsertServerKeysStmt, err = db.Prepare(upsertServerKeysSQL); err != nil {
-		return
-	}
-	return
-}
-
-func (s *serverKeyStatements) bulkSelectServerKeys(
-	ctx context.Context,
-	requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
-) (map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult, error) {
-	var nameAndKeyIDs []string
-	for request := range requests {
-		nameAndKeyIDs = append(nameAndKeyIDs, nameAndKeyID(request))
-	}
-	stmt := s.bulkSelectServerKeysStmt
-	rows, err := stmt.QueryContext(ctx, pq.StringArray(nameAndKeyIDs))
-	if err != nil {
-		return nil, err
-	}
-	defer internal.CloseAndLogIfError(ctx, rows, "bulkSelectServerKeys: rows.close() failed")
-	results := map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult{}
-	for rows.Next() {
-		var serverName string
-		var keyID string
-		var key string
-		var validUntilTS int64
-		var expiredTS int64
-		if err = rows.Scan(&serverName, &keyID, &validUntilTS, &expiredTS, &key); err != nil {
-			return nil, err
-		}
-		r := gomatrixserverlib.PublicKeyLookupRequest{
-			ServerName: gomatrixserverlib.ServerName(serverName),
-			KeyID:      gomatrixserverlib.KeyID(keyID),
-		}
-		vk := gomatrixserverlib.VerifyKey{}
-		err = vk.Key.Decode(key)
-		if err != nil {
-			return nil, err
-		}
-		results[r] = gomatrixserverlib.PublicKeyLookupResult{
-			VerifyKey:    vk,
-			ValidUntilTS: gomatrixserverlib.Timestamp(validUntilTS),
-			ExpiredTS:    gomatrixserverlib.Timestamp(expiredTS),
-		}
-	}
-	return results, rows.Err()
-}
-
-func (s *serverKeyStatements) upsertServerKeys(
-	ctx context.Context,
-	request gomatrixserverlib.PublicKeyLookupRequest,
-	key gomatrixserverlib.PublicKeyLookupResult,
-) error {
-	_, err := s.upsertServerKeysStmt.ExecContext(
-		ctx,
-		string(request.ServerName),
-		string(request.KeyID),
-		nameAndKeyID(request),
-		key.ValidUntilTS,
-		key.ExpiredTS,
-		key.Key.Encode(),
-	)
-	return err
-}
-
-func nameAndKeyID(request gomatrixserverlib.PublicKeyLookupRequest) string {
-	return string(request.ServerName) + "\x1F" + string(request.KeyID)
-}
--- a/internal/keydb/sqlite3/keydb.go
+++ b/internal/keydb/sqlite3/keydb.go
@ -1,116 +0,0 @@
-// Copyright 2017-2018 New Vector Ltd
-// Copyright 2019-2020 The Matrix.org Foundation C.I.C.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package sqlite3
-
-import (
-	"context"
-	"time"
-
-	"golang.org/x/crypto/ed25519"
-
-	"github.com/matrix-org/dendrite/internal"
-	"github.com/matrix-org/dendrite/internal/sqlutil"
-	"github.com/matrix-org/gomatrixserverlib"
-
-	_ "github.com/mattn/go-sqlite3"
-)
-
-// A Database implements gomatrixserverlib.KeyDatabase and is used to store
-// the public keys for other matrix servers.
-type Database struct {
-	statements serverKeyStatements
-}
-
-// NewDatabase prepares a new key database.
-// It creates the necessary tables if they don't already exist.
-// It prepares all the SQL statements that it will use.
-// Returns an error if there was a problem talking to the database.
-func NewDatabase(
-	dataSourceName string,
-	serverName gomatrixserverlib.ServerName,
-	serverKey ed25519.PublicKey,
-	serverKeyID gomatrixserverlib.KeyID,
-) (*Database, error) {
-	db, err := sqlutil.Open(internal.SQLiteDriverName(), dataSourceName, nil)
-	if err != nil {
-		return nil, err
-	}
-	d := &Database{}
-	err = d.statements.prepare(db)
-	if err != nil {
-		return nil, err
-	}
-	// Store our own keys so that we don't end up making HTTP requests to find our
-	// own keys
-	index := gomatrixserverlib.PublicKeyLookupRequest{
-		ServerName: serverName,
-		KeyID:      serverKeyID,
-	}
-	value := gomatrixserverlib.PublicKeyLookupResult{
-		VerifyKey: gomatrixserverlib.VerifyKey{
-			Key: gomatrixserverlib.Base64String(serverKey),
-		},
-		ValidUntilTS: gomatrixserverlib.AsTimestamp(time.Now().Add(100 * 365 * 24 * time.Hour)),
-		ExpiredTS:    gomatrixserverlib.PublicKeyNotExpired,
-	}
-	err = d.StoreKeys(
-		context.Background(),
-		map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult{
-			index: value,
-		},
-	)
-	if err != nil {
-		return nil, err
-	}
-	return d, nil
-}
-
-// FetcherName implements KeyFetcher
-func (d Database) FetcherName() string {
-	return "SqliteKeyDatabase"
-}
-
-// FetchKeys implements gomatrixserverlib.KeyDatabase
-func (d *Database) FetchKeys(
-	ctx context.Context,
-	requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
-) (map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult, error) {
-	return d.statements.bulkSelectServerKeys(ctx, requests)
-}
-
-// StoreKeys implements gomatrixserverlib.KeyDatabase
-func (d *Database) StoreKeys(
-	ctx context.Context,
-	keyMap map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult,
-) error {
-	// TODO: Inserting all the keys within a single transaction may
-	// be more efficient since the transaction overhead can be quite
-	// high for a single insert statement.
-	var lastErr error
-	for request, keys := range keyMap {
-		if err := d.statements.upsertServerKeys(ctx, request, keys); err != nil {
-			// Rather than returning immediately on error we try to insert the
-			// remaining keys.
-			// Since we are inserting the keys outside of a transaction it is
-			// possible for some of the inserts to succeed even though some
-			// of the inserts have failed.
-			// Ensuring that we always insert all the keys we can means that
-			// this behaviour won't depend on the iteration order of the map.
-			lastErr = err
-		}
-	}
-	return lastErr
-}
--- a/internal/keydb/sqlite3/server_key_table.go
+++ b/internal/keydb/sqlite3/server_key_table.go
@ -1,152 +0,0 @@
-// Copyright 2017-2018 New Vector Ltd
-// Copyright 2019-2020 The Matrix.org Foundation C.I.C.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package sqlite3
-
-import (
-	"context"
-	"database/sql"
-	"strings"
-
-	"github.com/matrix-org/dendrite/internal"
-	"github.com/matrix-org/gomatrixserverlib"
-)
-
-const serverKeysSchema = `
-- A cache of signing keys downloaded from remote servers.
-CREATE TABLE IF NOT EXISTS keydb_server_keys (
-	-- The name of the matrix server the key is for.
-	server_name TEXT NOT NULL,
-	-- The ID of the server key.
-	server_key_id TEXT NOT NULL,
-	-- Combined server name and key ID separated by the ASCII unit separator
-	-- to make it easier to run bulk queries.
-	server_name_and_key_id TEXT NOT NULL,
-	-- When the key is valid until as a millisecond timestamp.
-	-- 0 if this is an expired key (in which case expired_ts will be non-zero)
-	valid_until_ts BIGINT NOT NULL,
-	-- When the key expired as a millisecond timestamp.
-	-- 0 if this is an active key (in which case valid_until_ts will be non-zero)
-	expired_ts BIGINT NOT NULL,
-	-- The base64-encoded public key.
-	server_key TEXT NOT NULL,
-	UNIQUE (server_name, server_key_id)
-);
-
-CREATE INDEX IF NOT EXISTS keydb_server_name_and_key_id ON keydb_server_keys (server_name_and_key_id);
-`
-
-const bulkSelectServerKeysSQL = "" +
-	"SELECT server_name, server_key_id, valid_until_ts, expired_ts, " +
-	"   server_key FROM keydb_server_keys" +
-	" WHERE server_name_and_key_id IN ($1)"
-
-const upsertServerKeysSQL = "" +
-	"INSERT INTO keydb_server_keys (server_name, server_key_id," +
-	" server_name_and_key_id, valid_until_ts, expired_ts, server_key)" +
-	" VALUES ($1, $2, $3, $4, $5, $6)" +
-	" ON CONFLICT (server_name, server_key_id)" +
-	" DO UPDATE SET valid_until_ts = $4, expired_ts = $5, server_key = $6"
-
-type serverKeyStatements struct {
-	db                       *sql.DB
-	bulkSelectServerKeysStmt *sql.Stmt
-	upsertServerKeysStmt     *sql.Stmt
-}
-
-func (s *serverKeyStatements) prepare(db *sql.DB) (err error) {
-	s.db = db
-	_, err = db.Exec(serverKeysSchema)
-	if err != nil {
-		return
-	}
-	if s.bulkSelectServerKeysStmt, err = db.Prepare(bulkSelectServerKeysSQL); err != nil {
-		return
-	}
-	if s.upsertServerKeysStmt, err = db.Prepare(upsertServerKeysSQL); err != nil {
-		return
-	}
-	return
-}
-
-func (s *serverKeyStatements) bulkSelectServerKeys(
-	ctx context.Context,
-	requests map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.Timestamp,
-) (map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult, error) {
-	var nameAndKeyIDs []string
-	for request := range requests {
-		nameAndKeyIDs = append(nameAndKeyIDs, nameAndKeyID(request))
-	}
-
-	query := strings.Replace(bulkSelectServerKeysSQL, "($1)", internal.QueryVariadic(len(nameAndKeyIDs)), 1)
-
-	iKeyIDs := make([]interface{}, len(nameAndKeyIDs))
-	for i, v := range nameAndKeyIDs {
-		iKeyIDs[i] = v
-	}
-
-	rows, err := s.db.QueryContext(ctx, query, iKeyIDs...)
-	if err != nil {
-		return nil, err
-	}
-	defer internal.CloseAndLogIfError(ctx, rows, "bulkSelectServerKeys: rows.close() failed")
-	results := map[gomatrixserverlib.PublicKeyLookupRequest]gomatrixserverlib.PublicKeyLookupResult{}
-	for rows.Next() {
-		var serverName string
-		var keyID string
-		var key string
-		var validUntilTS int64
-		var expiredTS int64
-		if err = rows.Scan(&serverName, &keyID, &validUntilTS, &expiredTS, &key); err != nil {
-			return nil, err
-		}
-		r := gomatrixserverlib.PublicKeyLookupRequest{
-			ServerName: gomatrixserverlib.ServerName(serverName),
-			KeyID:      gomatrixserverlib.KeyID(keyID),
-		}
-		vk := gomatrixserverlib.VerifyKey{}
-		err = vk.Key.Decode(key)
-		if err != nil {
-			return nil, err
-		}
-		results[r] = gomatrixserverlib.PublicKeyLookupResult{
-			VerifyKey:    vk,
-			ValidUntilTS: gomatrixserverlib.Timestamp(validUntilTS),
-			ExpiredTS:    gomatrixserverlib.Timestamp(expiredTS),
-		}
-	}
-	return results, nil
-}
-
-func (s *serverKeyStatements) upsertServerKeys(
-	ctx context.Context,
-	request gomatrixserverlib.PublicKeyLookupRequest,
-	key gomatrixserverlib.PublicKeyLookupResult,
-) error {
-	_, err := s.upsertServerKeysStmt.ExecContext(
-		ctx,
-		string(request.ServerName),
-		string(request.KeyID),
-		nameAndKeyID(request),
-		key.ValidUntilTS,
-		key.ExpiredTS,
-		key.Key.Encode(),
-	)
-	return err
-}
-
-func nameAndKeyID(request gomatrixserverlib.PublicKeyLookupRequest) string {
-	return string(request.ServerName) + "\x1F" + string(request.KeyID)
-}