scripts-dev/sign_json: support for signing events (#11486)

richvdh · web-flow · commit f61462e1be36 · 2021-12-02T15:18:40.000Z
diff --git a/changelog.d/11486.misc b/changelog.d/11486.misc
@@ -0,0 +1 @@
+Extend the `scripts-dev/sign_json` script to support signing events.
diff --git a/scripts-dev/federation_client.py b/scripts-dev/federation_client.py
@@ -15,6 +15,25 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+
+"""
+Script for signing and sending federation requests.
+
+Some tips on doing the join dance with this:
+
+    room_id=...
+    user_id=...
+
+    # make_join
+    federation_client.py "/_matrix/federation/v1/make_join/$room_id/$user_id?ver=5" > make_join.json
+
+    # sign
+    jq -M .event make_join.json | sign_json --sign-event-room-version=$(jq -r .room_version make_join.json) -o signed-join.json
+
+    # send_join
+    federation_client.py -X PUT "/_matrix/federation/v2/send_join/$room_id/x" --body $(<signed-join.json) > send_join.json
+"""
+
 import argparse
 import base64
 import json
diff --git a/scripts-dev/sign_json b/scripts-dev/sign_json
@@ -22,6 +22,8 @@ import yaml
 from signedjson.key import read_signing_keys
 from signedjson.sign import sign_json
 
+from synapse.api.room_versions import KNOWN_ROOM_VERSIONS
+from synapse.crypto.event_signing import add_hashes_and_signatures
 from synapse.util import json_encoder
 
 
@@ -68,6 +70,16 @@ Example usage:
         ),
     )
 
+    parser.add_argument(
+        "--sign-event-room-version",
+        type=str,
+        help=(
+            "Sign the JSON as an event for the given room version, rather than raw JSON. "
+            "This means that we will add a 'hashes' object, and redact the event before "
+            "signing."
+        ),
+    )
+
     input_args = parser.add_mutually_exclusive_group()
 
     input_args.add_argument("input_data", nargs="?", help="Raw JSON to be signed.")
@@ -116,7 +128,17 @@ Example usage:
         print("Input json was not an object", file=sys.stderr)
         sys.exit(1)
 
-    sign_json(obj, args.server_name, keys[0])
+    if args.sign_event_room_version:
+        room_version = KNOWN_ROOM_VERSIONS.get(args.sign_event_room_version)
+        if not room_version:
+            print(
+                f"Unknown room version {args.sign_event_room_version}", file=sys.stderr
+            )
+            sys.exit(1)
+        add_hashes_and_signatures(room_version, obj, args.server_name, keys[0])
+    else:
+        sign_json(obj, args.server_name, keys[0])
+
     for c in json_encoder.iterencode(obj):
         args.output.write(c)
     args.output.write("\n")

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	+Extend the `scripts-dev/sign_json` script to support signing events.