diff --git a/scripts-dev/sign_json b/scripts-dev/sign_json
index 6ac55ef2f7..9459543106 100755
--- a/scripts-dev/sign_json
+++ b/scripts-dev/sign_json
@@ -22,6 +22,8 @@ import yaml
from signedjson.key import read_signing_keys
from signedjson.sign import sign_json
+from synapse.api.room_versions import KNOWN_ROOM_VERSIONS
+from synapse.crypto.event_signing import add_hashes_and_signatures
from synapse.util import json_encoder
@@ -68,6 +70,16 @@ Example usage:
),
)
+ parser.add_argument(
+ "--sign-event-room-version",
+ type=str,
+ help=(
+ "Sign the JSON as an event for the given room version, rather than raw JSON. "
+ "This means that we will add a 'hashes' object, and redact the event before "
+ "signing."
+ ),
+ )
+
input_args = parser.add_mutually_exclusive_group()
input_args.add_argument("input_data", nargs="?", help="Raw JSON to be signed.")
@@ -116,7 +128,17 @@ Example usage:
print("Input json was not an object", file=sys.stderr)
sys.exit(1)
- sign_json(obj, args.server_name, keys[0])
+ if args.sign_event_room_version:
+ room_version = KNOWN_ROOM_VERSIONS.get(args.sign_event_room_version)
+ if not room_version:
+ print(
+ f"Unknown room version {args.sign_event_room_version}", file=sys.stderr
+ )
+ sys.exit(1)
+ add_hashes_and_signatures(room_version, obj, args.server_name, keys[0])
+ else:
+ sign_json(obj, args.server_name, keys[0])
+
for c in json_encoder.iterencode(obj):
args.output.write(c)
args.output.write("\n")
|
