Mercurial > libervia-backend

annotate sat/plugins/plugin_sec_pubsub_signing.py @ 3956:3cb9ade2ab84

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugin pubsub signing: pubsub items signature implementation: - this is based on a protoXEP, not yet an official XEP: https://github.com/xsf/xeps/pull/1228 - XEP-0470: `set` attachment handler can now be async rel 381
author Goffi <goffi@goffi.org>
date Fri, 28 Oct 2022 18:47:17 +0200
parents
children a15c171836bb
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
1 #!/usr/bin/env python3
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
2
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
3 # Libervia plugin for Pubsub Items Signature
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
4 # Copyright (C) 2009-2022 Jérôme Poisson (goffi@goffi.org)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
5
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
6 # This program is free software: you can redistribute it and/or modify
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
7 # it under the terms of the GNU Affero General Public License as published by
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
8 # the Free Software Foundation, either version 3 of the License, or
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
9 # (at your option) any later version.
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
10
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
11 # This program is distributed in the hope that it will be useful,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
14 # GNU Affero General Public License for more details.
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
15
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
16 # You should have received a copy of the GNU Affero General Public License
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
18
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
19 import base64
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
20 import time
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
21 from typing import Any, Dict, List, Optional
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
22
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
23 from lxml import etree
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
24 import shortuuid
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
25 from twisted.internet import defer
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
26 from twisted.words.protocols.jabber import jid, xmlstream
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
27 from twisted.words.xish import domish
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
28 from wokkel import disco, iwokkel
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
29 from wokkel import pubsub
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
30 from zope.interface import implementer
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
31
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
32 from sat.core import exceptions
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
33 from sat.core.constants import Const as C
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
34 from sat.core.core_types import SatXMPPEntity
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
35 from sat.core.i18n import _
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
36 from sat.core.log import getLogger
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
37 from sat.tools import utils
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
38 from sat.tools.common import data_format
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
39
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
40 from .plugin_xep_0373 import get_gpg_provider, VerificationFailed
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
41
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
42
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
43 log = getLogger(__name__)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
44
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
45 IMPORT_NAME = "pubsub-signing"
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
46
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
47 PLUGIN_INFO = {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
48 C.PI_NAME: "Pubsub Signing",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
49 C.PI_IMPORT_NAME: IMPORT_NAME,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
50 C.PI_TYPE: C.PLUG_TYPE_XEP,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
51 C.PI_MODES: C.PLUG_MODE_BOTH,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
52 C.PI_PROTOCOLS: [],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
53 C.PI_DEPENDENCIES: ["XEP-0060", "XEP-0373", "XEP-0470"],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
54 C.PI_MAIN: "PubsubSigning",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
55 C.PI_HANDLER: "yes",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
56 C.PI_DESCRIPTION: _(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
57 """Pubsub Signature can be used to strongly authenticate a pubsub item"""
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
58 ),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
59 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
60 NS_PUBSUB_SIGNING = "urn:xmpp:pubsub-signing:0"
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
61 NS_PUBSUB_SIGNING_OPENPGP = "urn:xmpp:pubsub-signing:openpgp:0"
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
62
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
63
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
64 class PubsubSigning:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
65 namespace = NS_PUBSUB_SIGNING
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
66
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
67 def __init__(self, host):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
68 log.info(_("Pubsub Signing plugin initialization"))
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
69 host.registerNamespace("pubsub-signing", NS_PUBSUB_SIGNING)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
70 self.host = host
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
71 self._p = host.plugins["XEP-0060"]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
72 self._ox = host.plugins["XEP-0373"]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
73 self._a = host.plugins["XEP-0470"]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
74 self._a.register_attachment_handler(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
75 "signature", NS_PUBSUB_SIGNING, self.signature_get, self.signature_set
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
76 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
77 host.trigger.add("XEP-0060_publish", self._publish_trigger)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
78 host.bridge.addMethod(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
79 "psSignatureCheck",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
80 ".plugin",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
81 in_sign="sssss",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
82 out_sign="s",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
83 method=self._check,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
84 async_=True,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
85 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
86
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
87 def getHandler(self, client):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
88 return PubsubSigning_Handler()
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
89
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
90 async def profileConnecting(self, client):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
91 self.gpg_provider = get_gpg_provider(self.host, client)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
92
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
93 def get_data_to_sign(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
94 self,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
95 item_elt: domish.Element,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
96 to_jid: jid.JID,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
97 timestamp: float,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
98 signer: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
99 ) -> bytes:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
100 """Generate the wrapper element, normalize, serialize and return it"""
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
101 # we remove values which must not be in the serialised data
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
102 item_id = item_elt.attributes.pop("id")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
103 item_publisher = item_elt.attributes.pop("publisher", None)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
104 item_parent = item_elt.parent
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
105
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
106 # we need to be sure that item element namespace is right
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
107 item_elt.uri = item_elt.defaultUri = pubsub.NS_PUBSUB
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
108
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
109 sign_data_elt = domish.Element((NS_PUBSUB_SIGNING, "sign-data"))
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
110 to_elt = sign_data_elt.addElement("to")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
111 to_elt["jid"] = to_jid.userhost()
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
112 time_elt = sign_data_elt.addElement("time")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
113 time_elt["stamp"] = utils.xmpp_date(timestamp)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
114 sign_data_elt.addElement("signer", content=signer)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
115 sign_data_elt.addChild(item_elt)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
116 # FIXME: xml_tools.domish_elt_2_et_elt must be used once implementation is
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
117 # complete. For now serialisation/deserialisation is more secure.
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
118 # et_sign_data_elt = xml_tools.domish_elt_2_et_elt(sign_data_elt, True)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
119 et_sign_data_elt = etree.fromstring(sign_data_elt.toXml())
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
120 to_sign = etree.tostring(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
121 et_sign_data_elt,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
122 method="c14n2",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
123 with_comments=False,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
124 strip_text=True
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
125 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
126 # the data to sign is serialised, we cna restore original values
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
127 item_elt["id"] = item_id
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
128 if item_publisher is not None:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
129 item_elt["publisher"] = item_publisher
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
130 item_elt.parent = item_parent
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
131 return to_sign
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
132
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
133 def _check(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
134 self,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
135 service: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
136 node: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
137 item_id: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
138 signature_data_s: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
139 profile_key: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
140 ) -> defer.Deferred:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
141 d = defer.ensureDeferred(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
142 self.check(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
143 self.host.getClient(profile_key),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
144 jid.JID(service),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
145 node,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
146 item_id,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
147 data_format.deserialise(signature_data_s)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
148 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
149 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
150 d.addCallback(data_format.serialise)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
151 return d
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
152
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
153 async def check(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
154 self,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
155 client: SatXMPPEntity,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
156 service: jid.JID,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
157 node: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
158 item_id: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
159 signature_data: Dict[str, Any],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
160 ) -> Dict[str, Any]:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
161 items, __ = await self._p.getItems(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
162 client, service, node, item_ids=[item_id]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
163 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
164 if not items != 1:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
165 raise exceptions.NotFound(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
166 f"target item not found for {item_id!r} at {node!r} for {service}"
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
167 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
168 item_elt = items[0]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
169 timestamp = signature_data["timestamp"]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
170 signers = signature_data["signers"]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
171 if not signers:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
172 raise ValueError("we must have at least one signer to check the signature")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
173 if len(signers) > 1:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
174 raise NotImplemented("multiple signers are not supported yet")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
175 signer = jid.JID(signers[0])
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
176 signature = base64.b64decode(signature_data["signature"])
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
177 verification_keys = {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
178 k for k in await self._ox.import_all_public_keys(client, signer)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
179 if self.gpg_provider.can_sign(k)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
180 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
181 signed_data = self.get_data_to_sign(item_elt, service, timestamp, signer.full())
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
182 try:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
183 self.gpg_provider.verify_detached(signed_data, signature, verification_keys)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
184 except VerificationFailed:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
185 validated = False
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
186 else:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
187 validated = True
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
188
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
189 trusts = {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
190 k.fingerprint: (await self._ox.get_trust(client, k, signer)).value.lower()
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
191 for k in verification_keys
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
192 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
193 return {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
194 "signer": signer.full(),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
195 "validated": validated,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
196 "trusts": trusts,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
197 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
198
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
199 def signature_get(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
200 self,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
201 client: SatXMPPEntity,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
202 attachments_elt: domish.Element,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
203 data: Dict[str, Any],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
204 ) -> None:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
205 try:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
206 signature_elt = next(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
207 attachments_elt.elements(NS_PUBSUB_SIGNING, "signature")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
208 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
209 except StopIteration:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
210 pass
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
211 else:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
212 time_elts = list(signature_elt.elements(NS_PUBSUB_SIGNING, "time"))
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
213 if len(time_elts) != 1:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
214 raise exceptions.DataError("only a single <time/> element is allowed")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
215 try:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
216 timestamp = utils.parse_xmpp_date(time_elts[0]["stamp"])
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
217 except (KeyError, exceptions.ParsingError):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
218 raise exceptions.DataError(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
219 "invalid time element: {signature_elt.toXml()}"
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
220 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
221
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
222 signature_data: Dict[str, Any] = {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
223 "timestamp": timestamp,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
224 "signers": [
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
225 str(s) for s in signature_elt.elements(NS_PUBSUB_SIGNING, "signer")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
226 ]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
227 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
228 # FIXME: only OpenPGP signature is available for now, to be updated if and
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
229 # when more algorithms are available.
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
230 sign_elt = next(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
231 signature_elt.elements(NS_PUBSUB_SIGNING_OPENPGP, "sign"),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
232 None
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
233 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
234 if sign_elt is None:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
235 log.warning(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
236 "no known signature profile element found, ignoring signature: "
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
237 f"{signature_elt.toXml()}"
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
238 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
239 return
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
240 else:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
241 signature_data["signature"] = str(sign_elt)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
242
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
243 data["signature"] = signature_data
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
244
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
245 async def signature_set(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
246 self,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
247 client: SatXMPPEntity,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
248 attachments_data: Dict[str, Any],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
249 former_elt: Optional[domish.Element]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
250 ) -> Optional[domish.Element]:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
251 signature_data = attachments_data["extra"].get("signature")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
252 if signature_data is None:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
253 return former_elt
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
254 elif signature_data:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
255 item_elt = signature_data.get("item_elt")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
256 service = jid.JID(attachments_data["service"])
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
257 if item_elt is None:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
258 node = attachments_data["node"]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
259 item_id = attachments_data["id"]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
260 items, __ = await self._p.getItems(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
261 client, service, node, items_ids=[item_id]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
262 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
263 if not items != 1:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
264 raise exceptions.NotFound(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
265 f"target item not found for {item_id!r} at {node!r} for {service}"
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
266 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
267 item_elt = items[0]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
268
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
269 signer = signature_data["signer"]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
270 timestamp = time.time()
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
271 timestamp_xmpp = utils.xmpp_date(timestamp)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
272 to_sign = self.get_data_to_sign(item_elt, service, timestamp, signer)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
273
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
274 signature_elt = domish.Element(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
275 (NS_PUBSUB_SIGNING, "signature"),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
276 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
277 time_elt = signature_elt.addElement("time")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
278 time_elt["stamp"] = timestamp_xmpp
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
279 signature_elt.addElement("signer", content=signer)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
280
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
281 sign_elt = signature_elt.addElement((NS_PUBSUB_SIGNING_OPENPGP, "sign"))
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
282 signing_keys = {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
283 k for k in self._ox.list_secret_keys(client)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
284 if self.gpg_provider.can_sign(k.public_key)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
285 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
286 # the base64 encoded signature itself
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
287 sign_elt.addContent(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
288 base64.b64encode(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
289 self.gpg_provider.sign_detached(to_sign, signing_keys)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
290 ).decode()
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
291 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
292 return signature_elt
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
293 else:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
294 return None
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
295
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
296 async def _publish_trigger(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
297 self,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
298 client: SatXMPPEntity,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
299 service: jid.JID,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
300 node: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
301 items: Optional[List[domish.Element]],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
302 options: Optional[dict],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
303 sender: jid.JID,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
304 extra: Dict[str, Any]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
305 ) -> bool:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
306 if not items or not extra.get("signed"):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
307 return True
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
308
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
309 for item_elt in items:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
310 # we need an ID to find corresponding attachment node, and so to sign an item
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
311 if not item_elt.hasAttribute("id"):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
312 item_elt["id"] = shortuuid.uuid()
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
313 await self._a.set_attachements(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
314 client,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
315 {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
316 "service": service.full(),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
317 "node": node,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
318 "id": item_elt["id"],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
319 "extra": {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
320 "signature": {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
321 "item_elt": item_elt,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
322 "signer": sender.userhost(),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
323 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
324 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
325 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
326 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
327
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
328 return True
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
329
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
330
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
331 @implementer(iwokkel.IDisco)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
332 class PubsubSigning_Handler(xmlstream.XMPPHandler):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
333
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
334 def getDiscoInfo(self, requestor, service, nodeIdentifier=""):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
335 return [disco.DiscoFeature(NS_PUBSUB_SIGNING)]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
336
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
337 def getDiscoItems(self, requestor, service, nodeIdentifier=""):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
338 return []