ircd:Ⓜ️ Remove tls fingerprint related.

2024-12-26 15:33:54 +01:00 · 2019-09-30 19:30:09 -07:00 · 2019-09-30 19:30:09 -07:00 · 9c49e8bdb5
commit 9c49e8bdb5
parent 06d8e4f5cf
3 changed files with 0 additions and 367 deletions
--- a/include/ircd/m/keys.h
+++ b/include/ircd/m/keys.h
@ -40,7 +40,6 @@ namespace ircd::m
 /// verify_keys         Object, Public keys of the homeserver for verifying digital signatures.
 /// old_verify_keys     Object, The public keys that the server used to use and when it stopped using them.
 /// signatures          Object, Digital signatures for this object signed using the verify_keys.
-/// tls_fingerprints    Array of Objects, Hashes of X.509 TLS certificates used by this this server encoded as Unpadded Base64.
 /// valid_until_ts      Integer, POSIX timestamp when the list of valid keys should be refreshed.
 ///
 struct ircd::m::keys
@ -49,7 +48,6 @@ struct ircd::m::keys
 	json::property<name::old_verify_keys, json::object>,
 	json::property<name::server_name, json::string>,
 	json::property<name::signatures, json::object>,
-	json::property<name::tls_fingerprints, json::array>,
 	json::property<name::valid_until_ts, time_t>,
 	json::property<name::verify_keys, json::object>
 >
--- a/matrix/keys.cc
+++ b/matrix/keys.cc
@ -21,14 +21,6 @@ ircd::m::pretty_oneline(std::ostream &s,
 	  << " (" << json::get<"valid_until_ts"_>(keys) << ")"
 	  << ' ';

-	for(const json::object &fp : json::get<"tls_fingerprints"_>(keys))
-	{
-		s << "tls[ ";
-		for(const auto &[digest, fingerprint] : fp)
-			s << digest << ' ';
-		s << "] ";
-	}
-
 	for(const auto &[domain, signature_] : json::get<"signatures"_>(keys))
 	{
 		s << "sig[ " << domain << ' ';
@ -63,12 +55,6 @@ ircd::m::pretty(std::ostream &s,
 	  << " (" << json::get<"valid_until_ts"_>(keys) << ")"
 	  << '\n';

-	for(const json::object &fp : json::get<"tls_fingerprints"_>(keys))
-		for(const auto &[digest, fingerprint] : fp)
-			s << std::setw(16) << std::right << "[fingerprint]  "
-			  << digest << ' ' << unquote(fingerprint)
-			  << '\n';
-
 	for(const auto &[domain, signature_] : json::get<"signatures"_>(keys))
 		for(const auto &[key_id, signature] : json::object(signature_))
 			s << std::setw(16) << std::right << "[signature]  "
@ -666,353 +652,3 @@ catch(...)
 		std::current_exception()
 	};
 }
-
-///////////////////////////////////////////////////////////////////////////////
-//
-// m/self.h
-//
-
-//
-// self::init
-//
-
-void
-IRCD_MODULE_EXPORT
-ircd::m::self::init::keys()
-{
-	tls_certificate();
-	federation_ed25519();
-}
-
-namespace ircd::m::self
-{
-	extern conf::item<std::string> tls_key_dir;
-}
-
-decltype(ircd::m::self::tls_key_dir)
-ircd::m::self::tls_key_dir
-{
-	{ "name",     "ircd.keys.tls_key_dir"  },
-	{ "default",  fs::cwd()                }
-};
-
-void
-IRCD_MODULE_EXPORT
-ircd::m::self::init::tls_certificate()
-{
-	if(empty(self::origin))
-		throw error
-		{
-			"The m::self::origin must be set to init my ed25519 key."
-		};
-
-	const std::string private_key_path_parts[]
-	{
-		std::string{tls_key_dir},
-		self::origin + ".crt.key",
-	};
-
-	const std::string public_key_path_parts[]
-	{
-		std::string{tls_key_dir},
-		self::origin + ".crt.key.pub",
-	};
-
-	const std::string dhparam_path_parts[]
-	{
-		std::string{tls_key_dir},
-		self::origin + ".crt.dh",
-	};
-
-	const std::string certificate_path_parts[]
-	{
-		std::string{tls_key_dir},
-		self::origin + ".crt",
-	};
-
-	const std::string private_key_file
-	{
-		fs::path_string(private_key_path_parts)
-	};
-
-	const std::string public_key_file
-	{
-		fs::path_string(public_key_path_parts)
-	};
-
-	const std::string cert_file
-	{
-		fs::path_string(certificate_path_parts)
-	};
-
-	if(!fs::exists(private_key_file) && !ircd::write_avoid)
-	{
-		log::warning
-		{
-			"Failed to find certificate private key @ `%s'; creating...",
-			private_key_file
-		};
-
-		openssl::genrsa(private_key_file, public_key_file);
-	}
-
-	const json::object config{};
-	if(!fs::exists(cert_file) && !ircd::write_avoid)
-	{
-		const json::object &certificate
-		{
-			config.get("certificate")
-		};
-
-		const json::object &self_
-		{
-			certificate.get(self::origin)
-		};
-
-		std::string subject
-		{
-			self_.get("subject")
-		};
-
-		if(empty(subject))
-			subject = json::strung{json::members
-			{
-				{ "CN", self::origin }
-			}};
-
-		log::warning
-		{
-			"Failed to find SSL certificate @ `%s'; creating for '%s'...",
-			cert_file,
-			self::origin
-		};
-
-		const unique_buffer<mutable_buffer> buf
-		{
-			1_MiB
-		};
-
-		const json::strung opts{json::members
-		{
-			{ "private_key_pem_path",  private_key_file  },
-			{ "public_key_pem_path",   public_key_file   },
-			{ "subject",               subject           },
-		}};
-
-		const auto cert
-		{
-			openssl::genX509_rsa(buf, opts)
-		};
-
-		fs::overwrite(cert_file, cert);
-	}
-
-	const auto cert_pem
-	{
-		fs::read(cert_file)
-	};
-
-	const unique_buffer<mutable_buffer> der_buf
-	{
-		8_KiB
-	};
-
-	const auto cert_der
-	{
-		openssl::cert2d(der_buf, cert_pem)
-	};
-
-	const fixed_buffer<const_buffer, crh::sha256::digest_size> hash
-	{
-		sha256{cert_der}
-	};
-
-	m::self::tls_cert_der_sha256_b64 =
-	{
-		b64encode_unpadded(hash)
-	};
-
-	log::info
-	{
-		m::log, "Certificate `%s' :PEM %zu bytes; DER %zu bytes; sha256b64 %s",
-		cert_file,
-		cert_pem.size(),
-		ircd::size(cert_der),
-		m::self::tls_cert_der_sha256_b64
-	};
-
-	const unique_buffer<mutable_buffer> print_buf
-	{
-		8_KiB
-	};
-
-	log::info
-	{
-		m::log, "Certificate `%s' :%s",
-		cert_file,
-		openssl::print_subject(print_buf, cert_pem)
-	};
-}
-
-//
-// federation_ed25519
-//
-
-namespace ircd::m::self
-{
-	extern conf::item<std::string> ed25519_key_dir;
-}
-
-decltype(ircd::m::self::ed25519_key_dir)
-ircd::m::self::ed25519_key_dir
-{
-	{ "name",     "ircd.keys.ed25519_key_dir"  },
-	{ "default",  fs::cwd()                    }
-};
-
-void
-IRCD_MODULE_EXPORT
-ircd::m::self::init::federation_ed25519()
-{
-	if(empty(m::self::origin))
-		throw error
-		{
-			"The m::self::origin must be set to init my ed25519 key."
-		};
-
-	const std::string path_parts[]
-	{
-		std::string{ed25519_key_dir},
-		m::self::origin + ".ed25519",
-	};
-
-	const std::string sk_file
-	{
-		ircd::string(fs::PATH_MAX_LEN, [&](const mutable_buffer &buf)
-		{
-			return fs::path(buf, path_parts);
-		})
-	};
-
-	if(fs::exists(sk_file) || ircd::write_avoid)
-		log::info
-		{
-			m::log, "Using ed25519 secret key @ `%s'", sk_file
-		};
-	else
-		log::notice
-		{
-			m::log, "Creating ed25519 secret key @ `%s'", sk_file
-		};
-
-	m::self::secret_key = ed25519::sk
-	{
-		sk_file, &m::self::public_key
-	};
-
-	m::self::public_key_b64 = b64encode_unpadded(m::self::public_key);
-	const fixed_buffer<const_buffer, sha256::digest_size> hash
-	{
-		sha256{m::self::public_key}
-	};
-
-	const auto public_key_hash_b58
-	{
-		b58encode(hash)
-	};
-
-	static const auto trunc_size{8};
-	m::self::public_key_id = fmt::snstringf
-	{
-		32, "ed25519:%s", trunc(public_key_hash_b58, trunc_size)
-	};
-
-	log::info
-	{
-		m::log, "Current key is '%s' and the public key is: %s",
-		m::self::public_key_id,
-		m::self::public_key_b64
-	};
-}
-
-//
-// create_my_key
-//
-
-namespace ircd::m::self
-{
-	extern m::hookfn<m::vm::eval &> create_my_key_hook;
-}
-
-decltype(ircd::m::self::create_my_key_hook)
-ircd::m::self::create_my_key_hook
-{
-	{
-		{ "_site",     "vm.effect"           },
-		{ "room_id",   m::my_node.room_id()  },
-		{ "type",      "m.room.create"       },
-	},
-	[](const m::event &, m::vm::eval &)
-	{
-		create_my_key();
-	}
-};
-
-void
-IRCD_MODULE_EXPORT
-ircd::m::self::create_my_key()
-{
-	const json::members verify_keys_
-	{{
-		string_view{m::self::public_key_id},
-		{
-			{ "key", m::self::public_key_b64 }
-		}
-	}};
-
-	const json::members tlsfps
-	{
-		{ "sha256", m::self::tls_cert_der_sha256_b64 }
-	};
-
-	const json::value tlsfp[1]
-	{
-		{ tlsfps }
-	};
-
-	m::keys my_key;
-	json::get<"server_name"_>(my_key) = my_host();
-	json::get<"old_verify_keys"_>(my_key) = "{}";
-
-	//TODO: conf
-	json::get<"valid_until_ts"_>(my_key) =
-		ircd::time<milliseconds>() + milliseconds(1000UL * 60 * 60 * 24 * 180).count();
-
-	const json::strung verify_keys{verify_keys_}; // must be on stack until my_keys serialized.
-	json::get<"verify_keys"_>(my_key) = verify_keys;
-
-	const json::strung tls_fingerprints{json::value{tlsfp, 1}}; // must be on stack until my_keys serialized.
-	json::get<"tls_fingerprints"_>(my_key) = tls_fingerprints;
-
-	const json::strung presig
-	{
-		my_key
-	};
-
-	const ed25519::sig sig
-	{
-		m::self::secret_key.sign(const_buffer{presig})
-	};
-
-	char signature[256];
-	const json::strung signatures{json::members
-	{
-		{ my_host(),
-		{
-			{ string_view{m::self::public_key_id}, b64encode_unpadded(signature, sig) }
-		}}
-	}};
-
-	json::get<"signatures"_>(my_key) = signatures;
-	keys::cache::set(json::strung{my_key});
-}
--- a/modules/console.cc
+++ b/modules/console.cc
@ -5892,7 +5892,6 @@ console_cmd__key(opt &out, const string_view &line)
 		out << "origin:                  " << m::my_host() << std::endl;
 		out << "public key ID:           " << m::self::public_key_id << std::endl;
 		out << "public key base64:       " << m::self::public_key_b64 << std::endl;
-		out << "TLS cert sha256 base64:  " << m::self::tls_cert_der_sha256_b64 << std::endl;
 		return true;
 	}