Support MSC3983: Keys Claim request (#307)

* Support MSC3983: Keys Claim request

See matrix-org/matrix-spec-proposals#3983

* Include test code

* Appease the linter

Author: turt2live

examples/encryption_appservice.ts

@@ -36,7 +36,7 @@ const worksImage = fs.readFileSync("./examples/static/it-works.png");
 const registration: IAppserviceRegistration = {
     "as_token": creds?.['asToken'] ?? "change_me",
     "hs_token": creds?.['hsToken'] ?? "change_me",
-    "sender_localpart": "crypto_main_bot_user",
+    "sender_localpart": "crypto_main_bot_user2",
     "namespaces": {
         users: [{
             regex: "@crypto.*:localhost",
@@ -95,6 +95,11 @@ const bot = appservice.botIntent;
         });
     }
 
+    appservice.on("query.key_claim", (req, done) => {
+        LogService.info("index", "Key claim request:", req);
+        done({});
+    });
+
     appservice.on("room.failed_decryption", async (roomId: string, event: any, e: Error) => {
         LogService.error("index", `Failed to decrypt ${roomId} ${event['event_id']} because `, e);
     });

src/appservice/Appservice.ts

@@ -17,6 +17,7 @@ import {
     MatrixClient,
     MemoryStorageProvider,
     Metrics,
+    MSC3983KeyClaimResponse,
     OTKAlgorithm,
     redactObjectForLogging,
     UserID,
@@ -291,6 +292,11 @@ export class Appservice extends EventEmitter {
         this.app.get("/_matrix/app/v1/thirdparty/user", this.onThirdpartyUser.bind(this));
         this.app.get("/_matrix/app/v1/thirdparty/location/:protocol", this.onThirdpartyLocation.bind(this));
         this.app.get("/_matrix/app/v1/thirdparty/location", this.onThirdpartyLocation.bind(this));
+        this.app.post("/_matrix/app/unstable/org.matrix.msc3983/keys/claim", this.onKeysClaim.bind(this));
+
+        // Workaround for https://github.com/matrix-org/synapse/issues/3780
+        this.app.post("/_matrix/app/v1/unstable/org.matrix.msc3983/keys/claim", this.onKeysClaim.bind(this));
+        this.app.post("/unstable/org.matrix.msc3983/keys/claim", this.onKeysClaim.bind(this));
 
         // Everything else can 404
 
@@ -931,6 +937,34 @@ export class Appservice extends EventEmitter {
         });
     }
 
+    private async onKeysClaim(req: express.Request, res: express.Response): Promise<any> {
+        if (!this.isAuthed(req)) {
+            res.status(401).json({ errcode: "AUTH_FAILED", error: "Authentication failed" });
+            return;
+        }
+
+        if (typeof (req.body) !== "object") {
+            res.status(400).json({ errcode: "BAD_REQUEST", error: "Expected JSON" });
+            return;
+        }
+
+        let responded = false;
+        this.emit("query.key_claim", req.body, async (result: MSC3983KeyClaimResponse | undefined | null) => {
+            if (result?.then) result = await result;
+            if (!result) {
+                res.status(405).json({ errcode: "M_UNRECOGNIZED", error: "Endpoint not implemented" });
+                responded = true;
+                return;
+            }
+
+            res.status(200).json(result);
+            responded = true;
+        });
+        if (!responded) {
+            res.status(405).json({ errcode: "M_UNRECOGNIZED", error: "Endpoint not implemented" });
+        }
+    }
+
     private onThirdpartyProtocol(req: express.Request, res: express.Response) {
         if (!this.isAuthed(req)) {
             res.status(401).json({ errcode: "AUTH_FAILED", error: "Authentication failed" });

src/appservice/http_responses.ts

@@ -22,3 +22,25 @@ interface IProtocolInstance {
     fields: { [field: string]: string };
     network_id: string;
 }
+
+/**
+ * This is the response format for an MSC3983 `/keys/claim` request.
+ * See https://github.com/matrix-org/matrix-spec-proposals/pull/3983
+ * @deprecated This can be removed at any time without notice as it is unstable functionality.
+ * @category Application services
+ */
+export interface MSC3983KeyClaimResponse {
+    [userId: string]: {
+        [deviceId: string]: {
+            [keyId: string]: {
+                // for signed_curve25519 keys
+                key: string;
+                signatures: {
+                    [userId: string]: {
+                        [keyId: string]: string;
+                    };
+                };
+            };
+        };
+    };
+}

src/e2ee/RustEngine.ts

@@ -134,7 +134,9 @@ export class RustEngine {
     }
 
     private async processKeysUploadRequest(request: KeysUploadRequest) {
-        const resp = await this.client.doRequest("POST", "/_matrix/client/v3/keys/upload", null, JSON.parse(request.body));
+        const body = JSON.parse(request.body);
+        // delete body["one_time_keys"]; // use this to test MSC3983
+        const resp = await this.client.doRequest("POST", "/_matrix/client/v3/keys/upload", null, body);
         await this.machine.markRequestAsSent(request.id, request.type, JSON.stringify(resp));
     }
 

test/appservice/AppserviceTest.ts

@@ -803,6 +803,7 @@ describe('Appservice', () => {
             await verifyAuth("GET", "/_matrix/app/v1/thirdparty/user");
             await verifyAuth("GET", "/_matrix/app/v1/thirdparty/location/protocolId");
             await verifyAuth("GET", "/_matrix/app/v1/thirdparty/location");
+            await verifyAuth("POST", "/_matrix/app/unstable/org.matrix.msc3983/keys/claim");
         } finally {
             appservice.stop();
         }
@@ -1953,6 +1954,117 @@ describe('Appservice', () => {
 
     });
 
+    it('should emit during MSC3983 key claim requests', async () => {
+        const port = await getPort();
+        const hsToken = "s3cret_token";
+        const appservice = new Appservice({
+            port: port,
+            bindAddress: '',
+            homeserverName: 'example.org',
+            homeserverUrl: 'https://localhost',
+            registration: {
+                as_token: "",
+                hs_token: hsToken,
+                sender_localpart: "_bot_",
+                namespaces: {
+                    users: [{ exclusive: true, regex: "@_prefix_.*:.+" }],
+                    rooms: [],
+                    aliases: [],
+                },
+            },
+        });
+        appservice.botIntent.ensureRegistered = () => {
+            return null;
+        };
+
+        await appservice.begin();
+
+        try {
+            const query = {
+                "@alice:example.org": {
+                    "DEVICEID": ["signed_curve25519"],
+                },
+            };
+            const response = {
+                "@alice:example.org": {
+                    "DEVICEID": {
+                        "signed_curve25519:AAAAHg": {
+                            "key": "...",
+                            "signatures": {
+                                "@alice:example.org": {
+                                    "ed25519:DEVICEID": "...",
+                                },
+                            },
+                        },
+                    },
+                },
+            };
+
+            const claimSpy = simple.stub().callFn((q, fn) => {
+                expect(q).toStrictEqual(query);
+                fn(response);
+            });
+            appservice.on("query.key_claim", claimSpy);
+
+            const res = await requestPromise({
+                uri: `http://localhost:${port}/_matrix/app/unstable/org.matrix.msc3983/keys/claim`,
+                method: "POST",
+                qs: { access_token: hsToken },
+                json: query,
+            });
+            expect(res).toStrictEqual(response);
+            expect(claimSpy.callCount).toBe(1);
+        } finally {
+            appservice.stop();
+        }
+    });
+
+    it('should return a 405 for MSC3983 if not used by consumer', async () => {
+        const port = await getPort();
+        const hsToken = "s3cret_token";
+        const appservice = new Appservice({
+            port: port,
+            bindAddress: '',
+            homeserverName: 'example.org',
+            homeserverUrl: 'https://localhost',
+            registration: {
+                as_token: "",
+                hs_token: hsToken,
+                sender_localpart: "_bot_",
+                namespaces: {
+                    users: [{ exclusive: true, regex: "@_prefix_.*:.+" }],
+                    rooms: [],
+                    aliases: [],
+                },
+            },
+        });
+        appservice.botIntent.ensureRegistered = () => {
+            return null;
+        };
+
+        await appservice.begin();
+
+        try {
+            const query = {
+                "@alice:example.org": {
+                    "DEVICEID": ["signed_curve25519"],
+                },
+            };
+
+            // Note how we're not registering anything with the EventEmitter
+
+            const res = await requestPromise({
+                uri: `http://localhost:${port}/_matrix/app/unstable/org.matrix.msc3983/keys/claim`,
+                method: "POST",
+                qs: { access_token: hsToken },
+                json: query,
+            }).catch(e => ({ body: e.response.body, statusCode: e.statusCode }));
+            expect(res).toStrictEqual({ statusCode: 405, body: { errcode: "M_UNRECOGNIZED", error: "Endpoint not implemented" } });
+        } finally {
+            appservice.stop();
+        }
+    });
+
     it('should emit while querying users', async () => {
         const port = await getPort();
         const hsToken = "s3cret_token";