diff --git a/changelog.d/11486.misc b/changelog.d/11486.misc new file mode 100644 index 000000000..966f04d18 --- /dev/null +++ b/changelog.d/11486.misc @@ -0,0 +1 @@ +Extend the `scripts-dev/sign_json` script to support signing events. diff --git a/scripts-dev/federation_client.py b/scripts-dev/federation_client.py index 6f76c08fc..c72e19f61 100755 --- a/scripts-dev/federation_client.py +++ b/scripts-dev/federation_client.py @@ -15,6 +15,25 @@ # See the License for the specific language governing permissions and # limitations under the License. + +""" +Script for signing and sending federation requests. + +Some tips on doing the join dance with this: + + room_id=... + user_id=... + + # make_join + federation_client.py "/_matrix/federation/v1/make_join/$room_id/$user_id?ver=5" > make_join.json + + # sign + jq -M .event make_join.json | sign_json --sign-event-room-version=$(jq -r .room_version make_join.json) -o signed-join.json + + # send_join + federation_client.py -X PUT "/_matrix/federation/v2/send_join/$room_id/x" --body $( send_join.json +""" + import argparse import base64 import json diff --git a/scripts-dev/sign_json b/scripts-dev/sign_json index 6ac55ef2f..945954310 100755 --- a/scripts-dev/sign_json +++ b/scripts-dev/sign_json @@ -22,6 +22,8 @@ import yaml from signedjson.key import read_signing_keys from signedjson.sign import sign_json +from synapse.api.room_versions import KNOWN_ROOM_VERSIONS +from synapse.crypto.event_signing import add_hashes_and_signatures from synapse.util import json_encoder @@ -68,6 +70,16 @@ Example usage: ), ) + parser.add_argument( + "--sign-event-room-version", + type=str, + help=( + "Sign the JSON as an event for the given room version, rather than raw JSON. " + "This means that we will add a 'hashes' object, and redact the event before " + "signing." + ), + ) + input_args = parser.add_mutually_exclusive_group() input_args.add_argument("input_data", nargs="?", help="Raw JSON to be signed.") @@ -116,7 +128,17 @@ Example usage: print("Input json was not an object", file=sys.stderr) sys.exit(1) - sign_json(obj, args.server_name, keys[0]) + if args.sign_event_room_version: + room_version = KNOWN_ROOM_VERSIONS.get(args.sign_event_room_version) + if not room_version: + print( + f"Unknown room version {args.sign_event_room_version}", file=sys.stderr + ) + sys.exit(1) + add_hashes_and_signatures(room_version, obj, args.server_name, keys[0]) + else: + sign_json(obj, args.server_name, keys[0]) + for c in json_encoder.iterencode(obj): args.output.write(c) args.output.write("\n")