2 years ago · f61462e1be
--- a/changelog.d/11486.misc
+++ b/changelog.d/11486.misc
@@ -0,0 +1 @@
 
				+Extend the `scripts-dev/sign_json` script to support signing events.
			
--- a/scripts-dev/federation_client.py
+++ b/scripts-dev/federation_client.py
@@ -15,6 +15,25 @@
 
				 # See the License for the specific language governing permissions and
			
 
				 # limitations under the License.
			
 
				 
			
 
				+
			
 
				+"""
			
 
				+Script for signing and sending federation requests.
			
 
				+
			
 
				+Some tips on doing the join dance with this:
			
 
				+
			
 
				+    room_id=...
			
 
				+    user_id=...
			
 
				+
			
 
				+    # make_join
			
 
				+    federation_client.py "/_matrix/federation/v1/make_join/$room_id/$user_id?ver=5" > make_join.json
			
 
				+
			
 
				+    # sign
			
 
				+    jq -M .event make_join.json | sign_json --sign-event-room-version=$(jq -r .room_version make_join.json) -o signed-join.json
			
 
				+
			
 
				+    # send_join
			
 
				+    federation_client.py -X PUT "/_matrix/federation/v2/send_join/$room_id/x" --body $(<signed-join.json) > send_join.json
			
 
				+"""
			
 
				+
			
 
				 import argparse
			
 
				 import base64
			
 
				 import json
			
--- a/scripts-dev/sign_json
+++ b/scripts-dev/sign_json
@@ -22,6 +22,8 @@ import yaml
 
				 from signedjson.key import read_signing_keys
			
 
				 from signedjson.sign import sign_json
			
 
				 
			
 
				+from synapse.api.room_versions import KNOWN_ROOM_VERSIONS
			
 
				+from synapse.crypto.event_signing import add_hashes_and_signatures
			
 
				 from synapse.util import json_encoder
			
 
				 
			
 
				 
			
@@ -68,6 +70,16 @@ Example usage:
 
				         ),
			
 
				     )
			
 
				 
			
 
				+    parser.add_argument(
			
 
				+        "--sign-event-room-version",
			
 
				+        type=str,
			
 
				+        help=(
			
 
				+            "Sign the JSON as an event for the given room version, rather than raw JSON. "
			
 
				+            "This means that we will add a 'hashes' object, and redact the event before "
			
 
				+            "signing."
			
 
				+        ),
			
 
				+    )
			
 
				+
			
 
				     input_args = parser.add_mutually_exclusive_group()
			
 
				 
			
 
				     input_args.add_argument("input_data", nargs="?", help="Raw JSON to be signed.")
			
@@ -116,7 +128,17 @@ Example usage:
 
				         print("Input json was not an object", file=sys.stderr)
			
 
				         sys.exit(1)
			
 
				 
			
 
				-    sign_json(obj, args.server_name, keys[0])
			
 
				+    if args.sign_event_room_version:
			
 
				+        room_version = KNOWN_ROOM_VERSIONS.get(args.sign_event_room_version)
			
 
				+        if not room_version:
			
 
				+            print(
			
 
				+                f"Unknown room version {args.sign_event_room_version}", file=sys.stderr
			
 
				+            )
			
 
				+            sys.exit(1)
			
 
				+        add_hashes_and_signatures(room_version, obj, args.server_name, keys[0])
			
 
				+    else:
			
 
				+        sign_json(obj, args.server_name, keys[0])
			
 
				+
			
 
				     for c in json_encoder.iterencode(obj):
			
 
				         args.output.write(c)
			
 
				     args.output.write("\n")
		`@@ -0,0 +1 @@`
		+Extend the `scripts-dev/sign_json` script to support signing events.