Include old verify keys in _matrix/key/v2/server response

2025-12-16 15:21:24 +01:00 · 2024-09-13 16:50:11 +00:00 · 2024-09-13 16:50:11 +00:00 · 3bb4a25c1d
commit 3bb4a25c1d
parent 296824fef4
1 changed files with 24 additions and 20 deletions
--- a/src/api/server_server.rs
+++ b/src/api/server_server.rs
@ -4,7 +4,7 @@ use std::{
    mem,
    net::{IpAddr, SocketAddr},
    sync::Arc,
-    time::{Duration, Instant, SystemTime},
+    time::Instant,
 };

 use axum::{response::IntoResponse, Json};
@ -22,7 +22,6 @@ use ruma::{
            directory::{get_public_rooms, get_public_rooms_filtered},
            discovery::{
                get_server_keys, get_server_version, ServerSigningKeys,
-                VerifyKey,
            },
            event::{
                get_event, get_missing_events, get_room_state,
@ -70,7 +69,10 @@ use super::appservice_server;
 use crate::{
    api::client_server::{self, claim_keys_helper, get_keys_helper},
    observability::{FoundIn, Lookup, METRICS},
-    service::pdu::{gen_event_id_canonical_json, PduBuilder},
+    service::{
+        globals::SigningKeys,
+        pdu::{gen_event_id_canonical_json, PduBuilder},
+    },
    services,
    utils::{self, dbg_truncate_str, MxcData},
    Ar, Error, PduEvent, Ra, Result,
@ -577,29 +579,31 @@ pub(crate) async fn get_server_version_route(
 // Response type for this endpoint is Json because we need to calculate a
 // signature for the response
 pub(crate) async fn get_server_keys_route() -> Result<impl IntoResponse> {
-    let mut verify_keys: BTreeMap<OwnedServerSigningKeyId, VerifyKey> =
-        BTreeMap::new();
-    verify_keys.insert(
-        format!("ed25519:{}", services().globals.keypair().version())
-            .try_into()
-            .expect("found invalid server signing keys in DB"),
-        VerifyKey {
-            key: Base64::new(
-                services().globals.keypair().public_key().to_vec(),
-            ),
-        },
-    );
+    fn convert_key_ids<K>(
+        keys: BTreeMap<String, K>,
+    ) -> BTreeMap<OwnedServerSigningKeyId, K> {
+        keys.into_iter()
+            .map(|(id, key)| {
+                let id = id
+                    .try_into()
+                    .expect("found invalid server signing keys in DB");
+                (id, key)
+            })
+            .collect()
+    }
+
+    let keys = SigningKeys::load_own_keys();
+    let verify_keys = convert_key_ids(keys.verify_keys);
+    let old_verify_keys = convert_key_ids(keys.old_verify_keys);
+
    let mut response = serde_json::from_slice(
        get_server_keys::v2::Response {
            server_key: Raw::new(&ServerSigningKeys {
                server_name: services().globals.server_name().to_owned(),
                verify_keys,
-                old_verify_keys: BTreeMap::new(),
+                old_verify_keys,
                signatures: BTreeMap::new(),
-                valid_until_ts: MilliSecondsSinceUnixEpoch::from_system_time(
-                    SystemTime::now() + Duration::from_secs(86400 * 7),
-                )
-                .expect("time is valid"),
+                valid_until_ts: keys.valid_until_ts,
            })
            .expect("static conversion, no errors"),
        }