tests: Signature upload support in E2EKeyReceiver

Have `E2EKeyReceiver` collect uploaded device signatures, so that they can be
returned by `E2EKeyResponder`.

Author: richvdh

spec/integ/crypto/cross-signing.spec.ts

@@ -225,9 +225,6 @@ describe("cross-signing", () => {
             await aliceClient.startClient();
             await syncPromise(aliceClient);
 
-            // we expect a request to upload signatures for our device ...
-            fetchMock.post({ url: "path:/_matrix/client/v3/keys/signatures/upload", name: "upload-sigs" }, {});
-
             // we expect the UserTrustStatusChanged event to be fired after the cross signing keys import
             const userTrustStatusChangedPromise = new Promise<string>((resolve) =>
                 aliceClient.on(CryptoEvent.UserTrustStatusChanged, resolve),

spec/integ/crypto/device-dehydration.spec.ts

@@ -181,7 +181,6 @@ async function initializeSecretStorage(
     const e2eKeyReceiver = new E2EKeyReceiver(homeserverUrl);
     const e2eKeyResponder = new E2EKeyResponder(homeserverUrl);
     e2eKeyResponder.addKeyReceiver(userId, e2eKeyReceiver);
-    fetchMock.post("path:/_matrix/client/v3/keys/signatures/upload", {});
     const accountData: Map<string, object> = new Map();
     fetchMock.get("glob:http://*/_matrix/client/v3/user/*/account_data/*", (url, opts) => {
         const name = url.split("/").pop()!;

spec/test-utils/E2EKeyReceiver.ts

@@ -18,7 +18,8 @@ import debugFunc, { type Debugger } from "debug";
 import fetchMock from "fetch-mock-jest";
 
 import type { IDeviceKeys, IOneTimeKey } from "../../src/@types/crypto";
-import type { CrossSigningKeys } from "../../src";
+import type { CrossSigningKeys, ISignedKey, KeySignatures } from "../../src";
+import type { CrossSigningKeyInfo } from "../../src/crypto-api";
 
 /** Interface implemented by classes that intercept `/keys/upload` requests from test clients to catch the uploaded keys
  *
@@ -62,10 +63,15 @@ export class E2EKeyReceiver implements IE2EKeyReceiver {
     /**
      * Construct a new E2EKeyReceiver.
      *
-     * It will immediately register an intercept of `/keys/uploads` and `/keys/device_signing/upload` requests for the given homeserverUrl.
+     * It will immediately register an intercept of [`/keys/upload`][1], [`/keys/signatures/upload`][2] and
+     * [`/keys/device_signing/upload`][3] requests for the given homeserverUrl.
      * Only requests made to this server will be intercepted: this allows a single test to use more than one
      * client and have the keys collected separately.
      *
+     * [1]: https://spec.matrix.org/v1.14/client-server-api/#post_matrixclientv3keysupload
+     * [2]: https://spec.matrix.org/v1.14/client-server-api/#post_matrixclientv3keyssignaturesupload
+     * [3]: https://spec.matrix.org/v1.14/client-server-api/#post_matrixclientv3keysdevice_signingupload
+     *
      * @param homeserverUrl - the Homeserver Url of the client under test.
      */
     public constructor(homeserverUrl: string) {
@@ -79,6 +85,14 @@ export class E2EKeyReceiver implements IE2EKeyReceiver {
             fetchMock.post(new URL("/_matrix/client/v3/keys/upload", homeserverUrl).toString(), listener);
         });
 
+        fetchMock.post(
+            {
+                url: new URL("/_matrix/client/v3/keys/signatures/upload", homeserverUrl).toString(),
+                name: "upload-sigs",
+            },
+            (url, options) => this.onSignaturesUploadRequest(options),
+        );
+
         fetchMock.post(
             {
                 url: new URL("/_matrix/client/v3/keys/device_signing/upload", homeserverUrl).toString(),
@@ -96,8 +110,10 @@ export class E2EKeyReceiver implements IE2EKeyReceiver {
             if (this.deviceKeys) {
                 throw new Error("Application attempted to upload E2E device keys multiple times");
             }
-            this.debug(`received device keys`);
             this.deviceKeys = content.device_keys;
+            this.debug(
+                `received device keys for user ID ${this.deviceKeys!.user_id}, device ID ${this.deviceKeys!.device_id}`,
+            );
         }
 
         if (content.one_time_keys && Object.keys(content.one_time_keys).length > 0) {
@@ -122,6 +138,35 @@ export class E2EKeyReceiver implements IE2EKeyReceiver {
         };
     }
 
+    private async onSignaturesUploadRequest(request: RequestInit): Promise<object> {
+        const content = JSON.parse(request.body as string) as KeySignatures;
+        for (const [userId, userKeys] of Object.entries(content)) {
+            for (const [deviceId, signedKey] of Object.entries(userKeys)) {
+                this.onDeviceSignatureUpload(userId, deviceId, signedKey);
+            }
+        }
+
+        return {};
+    }
+
+    private onDeviceSignatureUpload(userId: string, deviceId: string, signedKey: CrossSigningKeyInfo | ISignedKey) {
+        if (!this.deviceKeys || userId != this.deviceKeys.user_id || deviceId != this.deviceKeys.device_id) {
+            this.debug(
+                `Ignoring device key signature upload for unknown device user ID ${userId}, device ID ${deviceId}`,
+            );
+            return;
+        }
+
+        this.debug(`received device key signature for user ID ${userId}, device ID ${deviceId}`);
+        this.deviceKeys.signatures ??= {};
+        for (const [signingUser, signatures] of Object.entries(signedKey.signatures!)) {
+            this.deviceKeys.signatures[signingUser] = Object.assign(
+                this.deviceKeys.signatures[signingUser] ?? {},
+                signatures,
+            );
+        }
+    }
+
     private async onSigningKeyUploadRequest(request: RequestInit): Promise<object> {
         const content = JSON.parse(request.body as string);
         if (this.crossSigningKeys) {

spec/test-utils/mockEndpoints.ts

@@ -46,17 +46,13 @@ export function mockInitialApiRequests(homeserverUrl: string, userId: string = "
  * Mock the requests needed to set up cross signing, besides those provided by {@link E2EKeyReceiver}.
  *
  * Return 404 error for `GET _matrix/client/v3/user/:userId/account_data/:type` request
- * Return `{}` for `POST _matrix/client/v3/keys/signatures/upload` request (named `upload-sigs` for fetchMock check)
  */
 export function mockSetupCrossSigningRequests(): void {
     // have account_data requests return an empty object
     fetchMock.get("express:/_matrix/client/v3/user/:userId/account_data/:type", {
         status: 404,
         body: { errcode: "M_NOT_FOUND", error: "Account data not found." },
     });
-
-    // we expect a request to upload signatures for our device ...
-    fetchMock.post({ url: "path:/_matrix/client/v3/keys/signatures/upload", name: "upload-sigs" }, {});
 }
 
 /**

spec/unit/rust-crypto/rust-crypto.spec.ts

@@ -1548,10 +1548,6 @@ describe("RustCrypto", () => {
             const e2eKeyReceiver = new E2EKeyReceiver("http://server");
             const e2eKeyResponder = new E2EKeyResponder("http://server");
             e2eKeyResponder.addKeyReceiver(TEST_USER, e2eKeyReceiver);
-            fetchMock.post("path:/_matrix/client/v3/keys/signatures/upload", {
-                status: 200,
-                body: {},
-            });
             await rustCrypto.bootstrapCrossSigning({ setupNewCrossSigning: true });
             await expect(rustCrypto.pinCurrentUserIdentity(TEST_USER)).rejects.toThrow(
                 "Cannot pin identity of own user",
@@ -1789,10 +1785,6 @@ describe("RustCrypto", () => {
                     error: "Not found",
                 },
             });
-            fetchMock.post("path:/_matrix/client/v3/keys/signatures/upload", {
-                status: 200,
-                body: {},
-            });
             const rustCrypto1 = await makeTestRustCrypto(makeMatrixHttpApi(), TEST_USER, TEST_DEVICE_ID, secretStorage);
 
             // dehydration requires secret storage and cross signing
@@ -1926,10 +1918,6 @@ describe("RustCrypto", () => {
                         error: "Not found",
                     },
                 });
-                fetchMock.post("path:/_matrix/client/v3/keys/signatures/upload", {
-                    status: 200,
-                    body: {},
-                });
                 rustCrypto = await makeTestRustCrypto(makeMatrixHttpApi(), TEST_USER, TEST_DEVICE_ID, secretStorage);
 
                 // dehydration requires secret storage and cross signing