Cross-signing groundwork (#1953)

* Cross-signing groundwork * Update to matrix-org/gomatrixserverlib#274 * Fix gobind builds, which stops unit tests in CI from yelling * Some changes from review comments * Fix build by passing in UIA * Update to matrix-org/gomatrixserverlib@bec8d22 * Process master/self-signing keys from devices call * nolint * Enum-ify the key type in the database * Process self-signing key too * Fix sanity check in device list updater * Fix check * Fix sytest, hopefully * Fix build
2025-08-01 13:52:46 +00:00 · 2021-08-04 17:56:29 +01:00 · 2021-08-04 17:56:29 +01:00 · eb0efa4636
commit eb0efa4636
parent 4cc8b28b7f
27 changed files with 860 additions and 50 deletions
--- a/keyserver/inthttp/client.go
+++ b/keyserver/inthttp/client.go
@ -27,13 +27,15 @@ import (

 // HTTP paths for the internal HTTP APIs
 const (
-	InputDeviceListUpdatePath = "/keyserver/inputDeviceListUpdate"
-	PerformUploadKeysPath     = "/keyserver/performUploadKeys"
-	PerformClaimKeysPath      = "/keyserver/performClaimKeys"
-	QueryKeysPath             = "/keyserver/queryKeys"
-	QueryKeyChangesPath       = "/keyserver/queryKeyChanges"
-	QueryOneTimeKeysPath      = "/keyserver/queryOneTimeKeys"
-	QueryDeviceMessagesPath   = "/keyserver/queryDeviceMessages"
+	InputDeviceListUpdatePath         = "/keyserver/inputDeviceListUpdate"
+	PerformUploadKeysPath             = "/keyserver/performUploadKeys"
+	PerformClaimKeysPath              = "/keyserver/performClaimKeys"
+	PerformUploadDeviceKeysPath       = "/keyserver/performUploadDeviceKeys"
+	PerformUploadDeviceSignaturesPath = "/keyserver/performUploadDeviceSignatures"
+	QueryKeysPath                     = "/keyserver/queryKeys"
+	QueryKeyChangesPath               = "/keyserver/queryKeyChanges"
+	QueryOneTimeKeysPath              = "/keyserver/queryOneTimeKeys"
+	QueryDeviceMessagesPath           = "/keyserver/queryDeviceMessages"
 )

 // NewKeyServerClient creates a KeyInternalAPI implemented by talking to a HTTP POST API.
@ -175,3 +177,37 @@ func (h *httpKeyInternalAPI) QueryKeyChanges(
 		}
 	}
 }
+
+func (h *httpKeyInternalAPI) PerformUploadDeviceKeys(
+	ctx context.Context,
+	request *api.PerformUploadDeviceKeysRequest,
+	response *api.PerformUploadDeviceKeysResponse,
+) {
+	span, ctx := opentracing.StartSpanFromContext(ctx, "PerformUploadDeviceKeys")
+	defer span.Finish()
+
+	apiURL := h.apiURL + PerformUploadDeviceKeysPath
+	err := httputil.PostJSON(ctx, span, h.httpClient, apiURL, request, response)
+	if err != nil {
+		response.Error = &api.KeyError{
+			Err: err.Error(),
+		}
+	}
+}
+
+func (h *httpKeyInternalAPI) PerformUploadDeviceSignatures(
+	ctx context.Context,
+	request *api.PerformUploadDeviceSignaturesRequest,
+	response *api.PerformUploadDeviceSignaturesResponse,
+) {
+	span, ctx := opentracing.StartSpanFromContext(ctx, "PerformUploadDeviceSignatures")
+	defer span.Finish()
+
+	apiURL := h.apiURL + PerformUploadDeviceSignaturesPath
+	err := httputil.PostJSON(ctx, span, h.httpClient, apiURL, request, response)
+	if err != nil {
+		response.Error = &api.KeyError{
+			Err: err.Error(),
+		}
+	}
+}
--- a/keyserver/inthttp/server.go
+++ b/keyserver/inthttp/server.go
@ -58,6 +58,28 @@ func AddRoutes(internalAPIMux *mux.Router, s api.KeyInternalAPI) {
 			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
 		}),
 	)
+	internalAPIMux.Handle(PerformUploadDeviceKeysPath,
+		httputil.MakeInternalAPI("performUploadDeviceKeys", func(req *http.Request) util.JSONResponse {
+			request := api.PerformUploadDeviceKeysRequest{}
+			response := api.PerformUploadDeviceKeysResponse{}
+			if err := json.NewDecoder(req.Body).Decode(&request.CrossSigningKeys); err != nil {
+				return util.MessageResponse(http.StatusBadRequest, err.Error())
+			}
+			s.PerformUploadDeviceKeys(req.Context(), &request, &response)
+			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
+		}),
+	)
+	internalAPIMux.Handle(PerformUploadDeviceSignaturesPath,
+		httputil.MakeInternalAPI("performUploadDeviceSignatures", func(req *http.Request) util.JSONResponse {
+			request := api.PerformUploadDeviceSignaturesRequest{}
+			response := api.PerformUploadDeviceSignaturesResponse{}
+			if err := json.NewDecoder(req.Body).Decode(&request.Signatures); err != nil {
+				return util.MessageResponse(http.StatusBadRequest, err.Error())
+			}
+			s.PerformUploadDeviceSignatures(req.Context(), &request, &response)
+			return util.JSONResponse{Code: http.StatusOK, JSON: &response}
+		}),
+	)
 	internalAPIMux.Handle(QueryKeysPath,
 		httputil.MakeInternalAPI("queryKeys", func(req *http.Request) util.JSONResponse {
 			request := api.QueryKeysRequest{}