scripts-dev/sign_json: support for signing events (#11486)

This commit is contained in:
Richard van der Hoff 2021-12-02 15:18:40 +00:00 committed by GitHub
parent a6f1a3abec
commit f61462e1be
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 43 additions and 1 deletions

1
changelog.d/11486.misc Normal file
View file

@ -0,0 +1 @@
Extend the `scripts-dev/sign_json` script to support signing events.

View file

@ -15,6 +15,25 @@
# See the License for the specific language governing permissions and
# limitations under the License.
"""
Script for signing and sending federation requests.
Some tips on doing the join dance with this:
room_id=...
user_id=...
# make_join
federation_client.py "/_matrix/federation/v1/make_join/$room_id/$user_id?ver=5" > make_join.json
# sign
jq -M .event make_join.json | sign_json --sign-event-room-version=$(jq -r .room_version make_join.json) -o signed-join.json
# send_join
federation_client.py -X PUT "/_matrix/federation/v2/send_join/$room_id/x" --body $(<signed-join.json) > send_join.json
"""
import argparse
import base64
import json

View file

@ -22,6 +22,8 @@ import yaml
from signedjson.key import read_signing_keys
from signedjson.sign import sign_json
from synapse.api.room_versions import KNOWN_ROOM_VERSIONS
from synapse.crypto.event_signing import add_hashes_and_signatures
from synapse.util import json_encoder
@ -68,6 +70,16 @@ Example usage:
),
)
parser.add_argument(
"--sign-event-room-version",
type=str,
help=(
"Sign the JSON as an event for the given room version, rather than raw JSON. "
"This means that we will add a 'hashes' object, and redact the event before "
"signing."
),
)
input_args = parser.add_mutually_exclusive_group()
input_args.add_argument("input_data", nargs="?", help="Raw JSON to be signed.")
@ -116,7 +128,17 @@ Example usage:
print("Input json was not an object", file=sys.stderr)
sys.exit(1)
sign_json(obj, args.server_name, keys[0])
if args.sign_event_room_version:
room_version = KNOWN_ROOM_VERSIONS.get(args.sign_event_room_version)
if not room_version:
print(
f"Unknown room version {args.sign_event_room_version}", file=sys.stderr
)
sys.exit(1)
add_hashes_and_signatures(room_version, obj, args.server_name, keys[0])
else:
sign_json(obj, args.server_name, keys[0])
for c in json_encoder.iterencode(obj):
args.output.write(c)
args.output.write("\n")