From 29e0110a1d5a8f3785a89a4f78a4b00144b07d7e Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Wed, 1 Dec 2021 21:26:17 +0000 Subject: [PATCH 1/5] `scripts-dev/sign_json`: support for signing events --- scripts-dev/sign_json | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/scripts-dev/sign_json b/scripts-dev/sign_json index 6ac55ef2f704..945954310610 100755 --- a/scripts-dev/sign_json +++ b/scripts-dev/sign_json @@ -22,6 +22,8 @@ import yaml from signedjson.key import read_signing_keys from signedjson.sign import sign_json +from synapse.api.room_versions import KNOWN_ROOM_VERSIONS +from synapse.crypto.event_signing import add_hashes_and_signatures from synapse.util import json_encoder @@ -68,6 +70,16 @@ Example usage: ), ) + parser.add_argument( + "--sign-event-room-version", + type=str, + help=( + "Sign the JSON as an event for the given room version, rather than raw JSON. " + "This means that we will add a 'hashes' object, and redact the event before " + "signing." + ), + ) + input_args = parser.add_mutually_exclusive_group() input_args.add_argument("input_data", nargs="?", help="Raw JSON to be signed.") @@ -116,7 +128,17 @@ Example usage: print("Input json was not an object", file=sys.stderr) sys.exit(1) - sign_json(obj, args.server_name, keys[0]) + if args.sign_event_room_version: + room_version = KNOWN_ROOM_VERSIONS.get(args.sign_event_room_version) + if not room_version: + print( + f"Unknown room version {args.sign_event_room_version}", file=sys.stderr + ) + sys.exit(1) + add_hashes_and_signatures(room_version, obj, args.server_name, keys[0]) + else: + sign_json(obj, args.server_name, keys[0]) + for c in json_encoder.iterencode(obj): args.output.write(c) args.output.write("\n") From c0f437bb4001d8449817aa882fe5b0ec9ea50c14 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Wed, 1 Dec 2021 21:38:22 +0000 Subject: [PATCH 2/5] notes on performing the send_join dance --- scripts-dev/federation_client.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/scripts-dev/federation_client.py b/scripts-dev/federation_client.py index 6f76c08fcff2..668621510f51 100755 --- a/scripts-dev/federation_client.py +++ b/scripts-dev/federation_client.py @@ -15,6 +15,25 @@ # See the License for the specific language governing permissions and # limitations under the License. + +""" +Script for signing and sending federation requests. + +Some tips on doing the join dance with this: + + room_id=... + user_id=... + + # make_join + federation_client.py "/_matrix/federation/v1/make_join/$room_id/$user_id?ver=5" > make_join.json + + # sign + jq -M .event make_join.json | sign_json --sign-event-room-version=$(jq -r .room_version make_join.json) -o signed-join.json + + # send_join + federation_client.py -X PUT "/_matrix/federation/v2/send_join/$room_id/x" --body $( send_join.json +""" + import argparse import base64 import json From a63afb8e77d9ae73b071ba413cd0acaed2a6b30a Mon Sep 17 00:00:00 2001 From: Richard van der Hoff Date: Wed, 1 Dec 2021 21:39:27 +0000 Subject: [PATCH 3/5] changelog --- changelog.d/11484.misc | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/11484.misc diff --git a/changelog.d/11484.misc b/changelog.d/11484.misc new file mode 100644 index 000000000000..966f04d185f5 --- /dev/null +++ b/changelog.d/11484.misc @@ -0,0 +1 @@ +Extend the `scripts-dev/sign_json` script to support signing events. From 91723a2ebcaef6384f2035b1ad6dd5a862d31adb Mon Sep 17 00:00:00 2001 From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Date: Thu, 2 Dec 2021 13:06:53 +0000 Subject: [PATCH 4/5] Update scripts-dev/federation_client.py Co-authored-by: Patrick Cloke --- scripts-dev/federation_client.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts-dev/federation_client.py b/scripts-dev/federation_client.py index 668621510f51..c72e19f61d62 100755 --- a/scripts-dev/federation_client.py +++ b/scripts-dev/federation_client.py @@ -24,14 +24,14 @@ room_id=... user_id=... - # make_join - federation_client.py "/_matrix/federation/v1/make_join/$room_id/$user_id?ver=5" > make_join.json + # make_join + federation_client.py "/_matrix/federation/v1/make_join/$room_id/$user_id?ver=5" > make_join.json - # sign - jq -M .event make_join.json | sign_json --sign-event-room-version=$(jq -r .room_version make_join.json) -o signed-join.json + # sign + jq -M .event make_join.json | sign_json --sign-event-room-version=$(jq -r .room_version make_join.json) -o signed-join.json - # send_join - federation_client.py -X PUT "/_matrix/federation/v2/send_join/$room_id/x" --body $( send_join.json + # send_join + federation_client.py -X PUT "/_matrix/federation/v2/send_join/$room_id/x" --body $( send_join.json """ import argparse From b765f86d6e8549288faf54ff8fa0b108b5d86f10 Mon Sep 17 00:00:00 2001 From: Richard van der Hoff <1389908+richvdh@users.noreply.github.com> Date: Thu, 2 Dec 2021 13:10:32 +0000 Subject: [PATCH 5/5] Rename 11484.misc to 11486.misc --- changelog.d/{11484.misc => 11486.misc} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename changelog.d/{11484.misc => 11486.misc} (100%) diff --git a/changelog.d/11484.misc b/changelog.d/11486.misc similarity index 100% rename from changelog.d/11484.misc rename to changelog.d/11486.misc