Mercurial > libervia-backend
annotate sat/tools/web.py @ 3696:52ee22d78e18
plugin XEP-0384: fix encryption for user own devices:
our own jid is added automatically by OMEMO library, but during the generation of the
stanza, our list of jids was used to get the keys (and thus our own jid and devices keys
was missing).
fix 402
author | Goffi <goffi@goffi.org> |
---|---|
date | Fri, 22 Oct 2021 18:46:51 +0200 |
parents | 7550ae9cfbac |
children | 65bac82e4049 |
rev | line source |
---|---|
3089
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
1 #!/usr/bin/env python3 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
2 |
3480
7550ae9cfbac
Renamed the project from "Salut à Toi" to "Libervia":
Goffi <goffi@goffi.org>
parents:
3479
diff
changeset
|
3 # Libervia: an XMPP client |
3479 | 4 # Copyright (C) 2009-2021 Jérôme Poisson (goffi@goffi.org) |
3089
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
5 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
6 # This program is free software: you can redistribute it and/or modify |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
7 # it under the terms of the GNU Affero General Public License as published by |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
8 # the Free Software Foundation, either version 3 of the License, or |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
9 # (at your option) any later version. |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
10 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
11 # This program is distributed in the hope that it will be useful, |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
14 # GNU Affero General Public License for more details. |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
16 # You should have received a copy of the GNU Affero General Public License |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
18 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
19 from OpenSSL import SSL |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 from zope.interface import implementer |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
21 from treq.client import HTTPClient |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
22 from twisted.internet.interfaces import IOpenSSLClientConnectionCreator |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
23 from twisted.internet import reactor, ssl |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
24 from twisted.web import iweb |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
25 from twisted.web import client as http_client |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
26 from sat.core.log import getLogger |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
27 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
28 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
29 log = getLogger(__name__) |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
30 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
31 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
32 SSLError = SSL.Error |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
33 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
34 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
35 @implementer(IOpenSSLClientConnectionCreator) |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
36 class NoCheckConnectionCreator(object): |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
37 def __init__(self, hostname, ctx): |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
38 self._ctx = ctx |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
39 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
40 def clientConnectionForTLS(self, tlsProtocol): |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
41 context = self._ctx |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
42 connection = SSL.Connection(context, None) |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
43 connection.set_app_data(tlsProtocol) |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
44 return connection |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
45 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
46 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
47 @implementer(iweb.IPolicyForHTTPS) |
3205
2c0628f3927e
plugin download, aesgcm: disable TLS check if `check_certificate` setting is disabled
Goffi <goffi@goffi.org>
parents:
3136
diff
changeset
|
48 class NoCheckContextFactory: |
3089
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
49 """Context factory which doesn't do TLS certificate check |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
50 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
51 /!\\ it's obvisously a security flaw to use this class, |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
52 and it should be used only with explicit agreement from the end used |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
53 """ |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
54 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
55 def creatorForNetloc(self, hostname, port): |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
56 log.warning( |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
57 "TLS check disabled for {host} on port {port}".format( |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
58 host=hostname, port=port |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
59 ) |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
60 ) |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
61 certificateOptions = ssl.CertificateOptions(trustRoot=None) |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
62 return NoCheckConnectionCreator(hostname, certificateOptions.getContext()) |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
63 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
64 |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
65 #: following treq doesn't check TLS, obviously it is unsecure and should not be used |
e75024e41f81
plugin upload, XEP-0363: code modernisation + preparation for extension:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
66 #: without explicit warning |
3205
2c0628f3927e
plugin download, aesgcm: disable TLS check if `check_certificate` setting is disabled
Goffi <goffi@goffi.org>
parents:
3136
diff
changeset
|
67 treq_client_no_ssl = HTTPClient(http_client.Agent(reactor, NoCheckContextFactory())) |