chris/ruwuma
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

federation-api: Add query server key discovery endpoints

Browse Source
This commit is contained in:
stoically 2020-06-08 15:48:15 +02:00
parent baa8710456
commit d59a616e2c
No known key found for this signature in database
GPG Key ID: 3026ED2F90EE0DE9
7 changed files with 162 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
ruma-federation-api/src/discovery.rs
View File

@ -1,5 +1,49 @@
//! Server discovery endpoints. //! Server discovery endpoints.
use std::{collections::BTreeMap, time::SystemTime};
use ruma_identifiers::ServerKeyId;
use serde::{Deserialize, Serialize};
pub mod discover_homeserver; pub mod discover_homeserver;
pub mod get_remote_server_keys;
pub mod get_remote_server_keys_batch;
pub mod get_server_keys; pub mod get_server_keys;
pub mod get_server_version; pub mod get_server_version;
/// Public key of the homeserver for verifying digital signatures.
#[derive(Clone, Debug, Deserialize, Serialize)]
pub struct VerifyKey {
/// The Unpadded Base64 encoded key.
pub key: String,
}
/// A key the server used to use, but stopped using.
#[derive(Clone, Debug, Deserialize, Serialize)]
pub struct OldVerifyKey {
/// Timestamp when this key expired.
#[serde(with = "ruma_serde::time::ms_since_unix_epoch")]
pub expired_ts: SystemTime,
/// The Unpadded Base64 encoded key.
pub key: String,
}
// Spec is wrong, all fields are required (see
// https://github.com/matrix-org/matrix-doc/issues/2508)
/// Queried server key, signed by the notary server.
#[derive(Clone, Debug, Deserialize, Serialize)]
pub struct ServerKey {
/// DNS name of the homeserver.
pub server_name: String,
/// Public keys of the homeserver for verifying digital signatures.
pub verify_keys: BTreeMap<String, VerifyKey>,
/// Public keys that the homeserver used to use and when it stopped using them.
pub old_verify_keys: BTreeMap<String, OldVerifyKey>,
/// Digital signatures of this object signed using the verify_keys. Map of
/// server name to keys by key ID
pub signatures: BTreeMap<String, BTreeMap<ServerKeyId, String>>,
/// Timestamp when the keys should be refreshed. This field MUST be ignored in room
/// versions 1, 2, 3, and 4.
#[serde(with = "ruma_serde::time::ms_since_unix_epoch")]
pub valid_until_ts: SystemTime,
}

3
ruma-federation-api/src/discovery/get_remote_server_keys/mod.rs Normal file
View File

@ -0,0 +1,3 @@
//! Query for another server's keys. The receiving (notary) server must sign the keys returned by the queried server.
pub mod v2;

38
ruma-federation-api/src/discovery/get_remote_server_keys/v2.rs Normal file
View File

@ -0,0 +1,38 @@
//! [GET /_matrix/key/v2/query/{serverName}/{keyId}](https://matrix.org/docs/spec/server_server/r0.1.4#get-matrix-key-v2-query-servername-keyid)
use std::time::SystemTime;
use crate::discovery::ServerKey;
use ruma_api::ruma_api;
ruma_api! {
metadata {
description: "Query for another server's keys.",
method: GET,
name: "get_remote_server_keys",
path: "/_matrix/key/v2/query/:server_name",
rate_limited: false,
requires_authentication: false,
}
request {
/// The server's DNS name to query
#[ruma_api(path)]
pub server_name: String,
/// A millisecond POSIX timestamp in milliseconds indicating when the
/// returned certificates will need to be valid until to be useful to
/// the requesting server.
///
/// If not supplied, the current time as determined by the notary server
/// is used.
#[ruma_api(query)]
#[serde(with = "ruma_serde::time::ms_since_unix_epoch")]
pub minimum_valid_until_ts: SystemTime,
}
response {
/// The queried server's keys, signed by the notary server.
pub server_keys: Vec<ServerKey>,
}
}

3
ruma-federation-api/src/discovery/get_remote_server_keys_batch/mod.rs Normal file
View File

@ -0,0 +1,3 @@
//! Query for keys from multiple servers in a batch format. The receiving (notary) server must sign the keys returned by the queried servers.
pub mod v2;

65
ruma-federation-api/src/discovery/get_remote_server_keys_batch/v2.rs Normal file
View File

@ -0,0 +1,65 @@
//! [GET /_matrix/key/v2/query/{serverName}/{keyId}](https://matrix.org/docs/spec/server_server/r0.1.4#get-matrix-key-v2-query-servername-keyid)
use std::{collections::BTreeMap, time::SystemTime};
use crate::discovery::ServerKey;
use ruma_api::ruma_api;
use ruma_identifiers::ServerKeyId;
use serde::{Deserialize, Serialize};
ruma_api! {
metadata {
description: "Query for keys from multiple servers in a batch format.",
method: POST,
name: "get_remote_server_keys_batch",
path: "/_matrix/key/v2/query",
rate_limited: false,
requires_authentication: false,
}
request {
/// The query criteria. The outer string key on the object is the server
/// name (eg: matrix.org). The inner string key is the Key ID to query
/// for the particular server. If no key IDs are given to be queried,
/// the notary server should query for all keys. If no servers are
/// given, the notary server must return an empty server_keys array in
/// the response.
///
/// The notary server may return multiple keys regardless of the Key IDs
/// given.
#[ruma_api(body)]
pub server_keys: BTreeMap<String, BTreeMap<ServerKeyId, QueryCriteria>>,
/// A millisecond POSIX timestamp in milliseconds indicating when the
/// returned certificates will need to be valid until to be useful to
/// the requesting server.
///
/// If not supplied, the current time as determined by the notary server
/// is used.
#[ruma_api(query)]
#[serde(with = "ruma_serde::time::ms_since_unix_epoch")]
pub minimum_valid_until_ts: SystemTime,
}
response {
/// The queried server's keys, signed by the notary server.
pub server_keys: Vec<ServerKey>,
}
}
/// The query criteria.
#[derive(Clone, Debug, Deserialize, Serialize)]
pub struct QueryCriteria {
/// A millisecond POSIX timestamp in milliseconds indicating when the
/// returned certificates will need to be valid until to be useful to the
/// requesting server.
///
/// If not supplied, the current time as determined by the notary server is
/// used.
#[serde(
default,
skip_serializing_if = "Option::is_none",
with = "ruma_serde::time::opt_ms_since_unix_epoch"
)]
pub minimum_valid_until_ts: Option<SystemTime>,
}

41
ruma-federation-api/src/discovery/get_server_keys/v2.rs
View File

@ -1,9 +1,7 @@
//! [GET /_matrix/key/v2/server](https://matrix.org/docs/spec/server_server/r0.1.3#get-matrix-key-v2-server-keyid) //! [GET /_matrix/key/v2/server](https://matrix.org/docs/spec/server_server/r0.1.4#get-matrix-key-v2-server-keyid)
use std::{collections::BTreeMap, time::SystemTime};
use crate::discovery::ServerKey;
use ruma_api::ruma_api; use ruma_api::ruma_api;
use serde::{Deserialize, Serialize};
ruma_api! { ruma_api! {
metadata { metadata {
@ -18,37 +16,8 @@ ruma_api! {
request {} request {}
response { response {
// Spec is wrong, all fields are required (see /// Queried server key, signed by the notary server.
// https://github.com/matrix-org/matrix-doc/issues/2508) #[ruma_api(body)]
pub server_key: ServerKey,
/// DNS name of the homeserver.
pub server_name: String,
/// Public keys of the homeserver for verifying digital signatures.
pub verify_keys: BTreeMap<String, VerifyKey>,
/// Public keys that the homeserver used to use and when it stopped using them.
pub old_verify_keys: BTreeMap<String, OldVerifyKey>,
/// Digital signatures of this object signed using the verify_keys.
pub signatures: BTreeMap<String, BTreeMap<String, String>>,
/// Timestamp when the keys should be refreshed. This field MUST be ignored in room
/// versions 1, 2, 3, and 4.
#[serde(with = "ruma_serde::time::ms_since_unix_epoch")]
pub valid_until_ts: SystemTime,
} }
} }
/// Public key of the homeserver for verifying digital signatures.
#[derive(Clone, Debug, Deserialize, Serialize)]
pub struct VerifyKey {
/// The Unpadded Base64 encoded key.
pub key: String,
}
/// A key the server used to use, but stopped using.
#[derive(Clone, Debug, Deserialize, Serialize)]
pub struct OldVerifyKey {
/// Timestamp when this key expired.
#[serde(with = "ruma_serde::time::ms_since_unix_epoch")]
pub expired_ts: SystemTime,
/// The Unpadded Base64 encoded key.
pub key: String,
}