Allow configuring old verify keys (#1443)

* Allow configuring old verify keys

* Update sample config

* Update sample config

* Fix config population

* Key ID formatting validity of old_verify_keys

* Update comment

1 files changed, 10 insertions, 2 deletions

diff --git a/federationapi/routing/keys.go b/federationapi/routing/keys.go
index 785be090..17762b03 100644
--- a/federationapi/routing/keys.go
+++ b/federationapi/routing/keys.go
@@ -136,6 +136,8 @@ func localKeys(cfg *config.FederationAPI, validUntil time.Time) (*gomatrixserver
 	var keys gomatrixserverlib.ServerKeys
 
 	keys.ServerName = cfg.Matrix.ServerName
+	keys.TLSFingerprints = cfg.TLSFingerPrints
+	keys.ValidUntilTS = gomatrixserverlib.AsTimestamp(validUntil)
 
 	publicKey := cfg.Matrix.PrivateKey.Public().(ed25519.PublicKey)
 
@@ -145,9 +147,15 @@ func localKeys(cfg *config.FederationAPI, validUntil time.Time) (*gomatrixserver
 		},
 	}
 
-	keys.TLSFingerprints = cfg.TLSFingerPrints
 	keys.OldVerifyKeys = map[gomatrixserverlib.KeyID]gomatrixserverlib.OldVerifyKey{}
-	keys.ValidUntilTS = gomatrixserverlib.AsTimestamp(validUntil)
+	for _, oldVerifyKey := range cfg.Matrix.OldVerifyKeys {
+		keys.OldVerifyKeys[oldVerifyKey.KeyID] = gomatrixserverlib.OldVerifyKey{
+			VerifyKey: gomatrixserverlib.VerifyKey{
+				Key: gomatrixserverlib.Base64Bytes(oldVerifyKey.PrivateKey),
+			},
+			ExpiredTS: oldVerifyKey.ExpiredAt,
+		}
+	}
 
 	toSign, err := json.Marshal(keys.ServerKeyFields)
 	if err != nil {