mirror of
https://gitlab.com/famedly/conduit.git
synced 2025-06-27 16:35:59 +00:00
101 lines
3.5 KiB
Rust
101 lines
3.5 KiB
Rust
use std::{
|
|
collections::BTreeMap,
|
|
time::{Duration, SystemTime},
|
|
};
|
|
|
|
use crate::{services, Result};
|
|
use async_trait::async_trait;
|
|
use ruma::{
|
|
api::federation::discovery::{OldVerifyKey, ServerSigningKeys, VerifyKey},
|
|
serde::Base64,
|
|
signatures::Ed25519KeyPair,
|
|
DeviceId, MilliSecondsSinceUnixEpoch, ServerName, UserId,
|
|
};
|
|
use serde::Deserialize;
|
|
|
|
/// Similar to ServerSigningKeys, but drops a few unnecessary fields we don't require post-validation
|
|
#[derive(Deserialize, Debug, Clone)]
|
|
pub struct SigningKeys {
|
|
pub verify_keys: BTreeMap<String, VerifyKey>,
|
|
pub old_verify_keys: BTreeMap<String, OldVerifyKey>,
|
|
pub valid_until_ts: MilliSecondsSinceUnixEpoch,
|
|
}
|
|
|
|
impl SigningKeys {
|
|
/// Creates the SigningKeys struct, using the keys of the current server
|
|
pub fn load_own_keys() -> Self {
|
|
let mut keys = Self {
|
|
verify_keys: BTreeMap::new(),
|
|
old_verify_keys: BTreeMap::new(),
|
|
valid_until_ts: MilliSecondsSinceUnixEpoch::from_system_time(
|
|
SystemTime::now() + Duration::from_secs(7 * 86400),
|
|
)
|
|
.expect("Should be valid until year 500,000,000"),
|
|
};
|
|
|
|
keys.verify_keys.insert(
|
|
format!("ed25519:{}", services().globals.keypair().version()),
|
|
VerifyKey {
|
|
key: Base64::new(services().globals.keypair.public_key().to_vec()),
|
|
},
|
|
);
|
|
|
|
keys
|
|
}
|
|
}
|
|
|
|
impl From<ServerSigningKeys> for SigningKeys {
|
|
fn from(value: ServerSigningKeys) -> Self {
|
|
let ServerSigningKeys {
|
|
verify_keys,
|
|
old_verify_keys,
|
|
valid_until_ts,
|
|
..
|
|
} = value;
|
|
|
|
Self {
|
|
verify_keys: verify_keys
|
|
.into_iter()
|
|
.map(|(id, key)| (id.to_string(), key))
|
|
.collect(),
|
|
old_verify_keys: old_verify_keys
|
|
.into_iter()
|
|
.map(|(id, key)| (id.to_string(), key))
|
|
.collect(),
|
|
valid_until_ts,
|
|
}
|
|
}
|
|
}
|
|
|
|
#[async_trait]
|
|
pub trait Data: Send + Sync {
|
|
fn next_count(&self) -> Result<u64>;
|
|
fn current_count(&self) -> Result<u64>;
|
|
fn last_check_for_updates_id(&self) -> Result<u64>;
|
|
fn update_check_for_updates_id(&self, id: u64) -> Result<()>;
|
|
async fn watch(&self, user_id: &UserId, device_id: &DeviceId) -> Result<()>;
|
|
fn cleanup(&self) -> Result<()>;
|
|
fn memory_usage(&self) -> String;
|
|
fn clear_caches(&self, amount: u32);
|
|
fn load_keypair(&self) -> Result<Ed25519KeyPair>;
|
|
fn remove_keypair(&self) -> Result<()>;
|
|
/// Only extends the cached keys, not moving any verify_keys to old_verify_keys, as if we suddenly
|
|
/// receive requests from the origin server, we want to be able to accept requests from them
|
|
fn add_signing_key_from_trusted_server(
|
|
&self,
|
|
origin: &ServerName,
|
|
new_keys: ServerSigningKeys,
|
|
) -> Result<SigningKeys>;
|
|
/// Extends cached keys, as well as moving verify_keys that are not present in these new keys to
|
|
/// old_verify_keys, so that potnetially compromised keys cannot be used to make requests
|
|
fn add_signing_key_from_origin(
|
|
&self,
|
|
origin: &ServerName,
|
|
new_keys: ServerSigningKeys,
|
|
) -> Result<SigningKeys>;
|
|
|
|
/// This returns an empty `Ok(BTreeMap<..>)` when there are no keys found for the server.
|
|
fn signing_keys_for(&self, origin: &ServerName) -> Result<Option<SigningKeys>>;
|
|
fn database_version(&self) -> Result<u64>;
|
|
fn bump_database_version(&self, new_version: u64) -> Result<()>;
|
|
}
|