Cross-signing groundwork (#1953)

* Cross-signing groundwork * Update to matrix-org/gomatrixserverlib#274 * Fix gobind builds, which stops unit tests in CI from yelling * Some changes from review comments * Fix build by passing in UIA * Update to matrix-org/gomatrixserverlib@bec8d22 * Process master/self-signing keys from devices call * nolint * Enum-ify the key type in the database * Process self-signing key too * Fix sanity check in device list updater * Fix check * Fix sytest, hopefully * Fix build
2025-08-01 22:02:46 +00:00 · 2021-08-04 17:56:29 +01:00 · 2021-08-04 17:56:29 +01:00 · eb0efa4636
commit eb0efa4636
parent 4cc8b28b7f
27 changed files with 860 additions and 50 deletions
--- a/keyserver/internal/device_list_update.go
+++ b/keyserver/internal/device_list_update.go
@ -82,6 +82,7 @@ type DeviceListUpdater struct {
 	mu            *sync.Mutex // protects UserIDToMutex

 	db          DeviceListUpdaterDatabase
+	api         DeviceListUpdaterAPI
 	producer    KeyChangeProducer
 	fedClient   fedsenderapi.FederationClient
 	workerChans []chan gomatrixserverlib.ServerName
@ -114,6 +115,10 @@ type DeviceListUpdaterDatabase interface {
 	DeviceKeysJSON(ctx context.Context, keys []api.DeviceMessage) error
 }

+type DeviceListUpdaterAPI interface {
+	PerformUploadDeviceKeys(ctx context.Context, req *api.PerformUploadDeviceKeysRequest, res *api.PerformUploadDeviceKeysResponse)
+}
+
 // KeyChangeProducer is the interface for producers.KeyChange useful for testing.
 type KeyChangeProducer interface {
 	ProduceKeyChanges(keys []api.DeviceMessage) error
@ -121,13 +126,14 @@ type KeyChangeProducer interface {

 // NewDeviceListUpdater creates a new updater which fetches fresh device lists when they go stale.
 func NewDeviceListUpdater(
-	db DeviceListUpdaterDatabase, producer KeyChangeProducer, fedClient fedsenderapi.FederationClient,
-	numWorkers int,
+	db DeviceListUpdaterDatabase, api DeviceListUpdaterAPI, producer KeyChangeProducer,
+	fedClient fedsenderapi.FederationClient, numWorkers int,
 ) *DeviceListUpdater {
 	return &DeviceListUpdater{
 		userIDToMutex:  make(map[string]*sync.Mutex),
 		mu:             &sync.Mutex{},
 		db:             db,
+		api:            api,
 		producer:       producer,
 		fedClient:      fedClient,
 		workerChans:    make([]chan gomatrixserverlib.ServerName, numWorkers),
@ -367,6 +373,23 @@ func (u *DeviceListUpdater) processServer(serverName gomatrixserverlib.ServerNam
 			}
 			continue
 		}
+		if res.MasterKey != nil || res.SelfSigningKey != nil {
+			uploadReq := &api.PerformUploadDeviceKeysRequest{
+				UserID: userID,
+			}
+			uploadRes := &api.PerformUploadDeviceKeysResponse{}
+			if res.MasterKey != nil {
+				if err = sanityCheckKey(*res.MasterKey, userID, gomatrixserverlib.CrossSigningKeyPurposeMaster); err == nil {
+					uploadReq.MasterKey = *res.MasterKey
+				}
+			}
+			if res.SelfSigningKey != nil {
+				if err = sanityCheckKey(*res.SelfSigningKey, userID, gomatrixserverlib.CrossSigningKeyPurposeSelfSigning); err == nil {
+					uploadReq.SelfSigningKey = *res.SelfSigningKey
+				}
+			}
+			u.api.PerformUploadDeviceKeys(ctx, uploadReq, uploadRes)
+		}
 		err = u.updateDeviceList(&res)
 		if err != nil {
 			logger.WithError(err).WithField("user_id", userID).Error("fetched device list but failed to store/emit it")