Mercurial > libervia-backend
annotate sat/plugins/plugin_sec_pubsub_signing.py @ 4005:54a6b44f173b
component AP gateway: reset stream position after getting payload:
the stream position needs to be reset, as the body may be read again to compute signature
hash.
author | Goffi <goffi@goffi.org> |
---|---|
date | Thu, 16 Mar 2023 12:28:52 +0100 |
parents | d105ead599b6 |
children | 524856bd7b19 |
rev | line source |
---|---|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
1 #!/usr/bin/env python3 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
2 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
3 # Libervia plugin for Pubsub Items Signature |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
4 # Copyright (C) 2009-2022 Jérôme Poisson (goffi@goffi.org) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
5 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
6 # This program is free software: you can redistribute it and/or modify |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
7 # it under the terms of the GNU Affero General Public License as published by |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
8 # the Free Software Foundation, either version 3 of the License, or |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
9 # (at your option) any later version. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
10 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
11 # This program is distributed in the hope that it will be useful, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
14 # GNU Affero General Public License for more details. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
16 # You should have received a copy of the GNU Affero General Public License |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
18 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
19 import base64 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 import time |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
21 from typing import Any, Dict, List, Optional |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
22 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
23 from lxml import etree |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
24 import shortuuid |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
25 from twisted.internet import defer |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
26 from twisted.words.protocols.jabber import jid, xmlstream |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
27 from twisted.words.xish import domish |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
28 from wokkel import disco, iwokkel |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
29 from wokkel import pubsub |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
30 from zope.interface import implementer |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
31 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
32 from sat.core import exceptions |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
33 from sat.core.constants import Const as C |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
34 from sat.core.core_types import SatXMPPEntity |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
35 from sat.core.i18n import _ |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
36 from sat.core.log import getLogger |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
37 from sat.tools import utils |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
38 from sat.tools.common import data_format |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
39 |
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
40 from .plugin_xep_0373 import VerificationFailed |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
41 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
42 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
43 log = getLogger(__name__) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
44 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
45 IMPORT_NAME = "pubsub-signing" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
46 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
47 PLUGIN_INFO = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
48 C.PI_NAME: "Pubsub Signing", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
49 C.PI_IMPORT_NAME: IMPORT_NAME, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
50 C.PI_TYPE: C.PLUG_TYPE_XEP, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
51 C.PI_MODES: C.PLUG_MODE_BOTH, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
52 C.PI_PROTOCOLS: [], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
53 C.PI_DEPENDENCIES: ["XEP-0060", "XEP-0373", "XEP-0470"], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
54 C.PI_MAIN: "PubsubSigning", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
55 C.PI_HANDLER: "yes", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
56 C.PI_DESCRIPTION: _( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
57 """Pubsub Signature can be used to strongly authenticate a pubsub item""" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
58 ), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
59 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
60 NS_PUBSUB_SIGNING = "urn:xmpp:pubsub-signing:0" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
61 NS_PUBSUB_SIGNING_OPENPGP = "urn:xmpp:pubsub-signing:openpgp:0" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
62 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
63 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
64 class PubsubSigning: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
65 namespace = NS_PUBSUB_SIGNING |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
66 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
67 def __init__(self, host): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
68 log.info(_("Pubsub Signing plugin initialization")) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
69 host.registerNamespace("pubsub-signing", NS_PUBSUB_SIGNING) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
70 self.host = host |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
71 self._p = host.plugins["XEP-0060"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
72 self._ox = host.plugins["XEP-0373"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
73 self._a = host.plugins["XEP-0470"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
74 self._a.register_attachment_handler( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
75 "signature", NS_PUBSUB_SIGNING, self.signature_get, self.signature_set |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
76 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
77 host.trigger.add("XEP-0060_publish", self._publish_trigger) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
78 host.bridge.addMethod( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
79 "psSignatureCheck", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
80 ".plugin", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
81 in_sign="sssss", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
82 out_sign="s", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
83 method=self._check, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
84 async_=True, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
85 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
86 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
87 def getHandler(self, client): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
88 return PubsubSigning_Handler() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
89 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
90 def get_data_to_sign( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
91 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
92 item_elt: domish.Element, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
93 to_jid: jid.JID, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
94 timestamp: float, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
95 signer: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
96 ) -> bytes: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
97 """Generate the wrapper element, normalize, serialize and return it""" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
98 # we remove values which must not be in the serialised data |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
99 item_id = item_elt.attributes.pop("id") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
100 item_publisher = item_elt.attributes.pop("publisher", None) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
101 item_parent = item_elt.parent |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
102 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
103 # we need to be sure that item element namespace is right |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
104 item_elt.uri = item_elt.defaultUri = pubsub.NS_PUBSUB |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
105 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
106 sign_data_elt = domish.Element((NS_PUBSUB_SIGNING, "sign-data")) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
107 to_elt = sign_data_elt.addElement("to") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
108 to_elt["jid"] = to_jid.userhost() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
109 time_elt = sign_data_elt.addElement("time") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
110 time_elt["stamp"] = utils.xmpp_date(timestamp) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
111 sign_data_elt.addElement("signer", content=signer) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
112 sign_data_elt.addChild(item_elt) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
113 # FIXME: xml_tools.domish_elt_2_et_elt must be used once implementation is |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
114 # complete. For now serialisation/deserialisation is more secure. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
115 # et_sign_data_elt = xml_tools.domish_elt_2_et_elt(sign_data_elt, True) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
116 et_sign_data_elt = etree.fromstring(sign_data_elt.toXml()) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
117 to_sign = etree.tostring( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
118 et_sign_data_elt, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
119 method="c14n2", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
120 with_comments=False, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
121 strip_text=True |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
122 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
123 # the data to sign is serialised, we cna restore original values |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
124 item_elt["id"] = item_id |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
125 if item_publisher is not None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
126 item_elt["publisher"] = item_publisher |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
127 item_elt.parent = item_parent |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
128 return to_sign |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
129 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
130 def _check( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
131 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
132 service: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
133 node: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
134 item_id: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
135 signature_data_s: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
136 profile_key: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
137 ) -> defer.Deferred: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
138 d = defer.ensureDeferred( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
139 self.check( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
140 self.host.getClient(profile_key), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
141 jid.JID(service), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
142 node, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
143 item_id, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
144 data_format.deserialise(signature_data_s) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
145 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
146 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
147 d.addCallback(data_format.serialise) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
148 return d |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
149 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
150 async def check( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
151 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
152 client: SatXMPPEntity, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
153 service: jid.JID, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
154 node: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
155 item_id: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
156 signature_data: Dict[str, Any], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
157 ) -> Dict[str, Any]: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
158 items, __ = await self._p.getItems( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
159 client, service, node, item_ids=[item_id] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
160 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
161 if not items != 1: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
162 raise exceptions.NotFound( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
163 f"target item not found for {item_id!r} at {node!r} for {service}" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
164 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
165 item_elt = items[0] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
166 timestamp = signature_data["timestamp"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
167 signers = signature_data["signers"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
168 if not signers: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
169 raise ValueError("we must have at least one signer to check the signature") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
170 if len(signers) > 1: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
171 raise NotImplemented("multiple signers are not supported yet") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
172 signer = jid.JID(signers[0]) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
173 signature = base64.b64decode(signature_data["signature"]) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
174 verification_keys = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
175 k for k in await self._ox.import_all_public_keys(client, signer) |
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
176 if client.gpg_provider.can_sign(k) |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
177 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
178 signed_data = self.get_data_to_sign(item_elt, service, timestamp, signer.full()) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
179 try: |
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
180 client.gpg_provider.verify_detached(signed_data, signature, verification_keys) |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
181 except VerificationFailed: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
182 validated = False |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
183 else: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
184 validated = True |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
185 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
186 trusts = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
187 k.fingerprint: (await self._ox.get_trust(client, k, signer)).value.lower() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
188 for k in verification_keys |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
189 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
190 return { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
191 "signer": signer.full(), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
192 "validated": validated, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
193 "trusts": trusts, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
194 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
195 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
196 def signature_get( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
197 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
198 client: SatXMPPEntity, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
199 attachments_elt: domish.Element, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
200 data: Dict[str, Any], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
201 ) -> None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
202 try: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
203 signature_elt = next( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
204 attachments_elt.elements(NS_PUBSUB_SIGNING, "signature") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
205 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
206 except StopIteration: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
207 pass |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
208 else: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
209 time_elts = list(signature_elt.elements(NS_PUBSUB_SIGNING, "time")) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
210 if len(time_elts) != 1: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
211 raise exceptions.DataError("only a single <time/> element is allowed") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
212 try: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
213 timestamp = utils.parse_xmpp_date(time_elts[0]["stamp"]) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
214 except (KeyError, exceptions.ParsingError): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
215 raise exceptions.DataError( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
216 "invalid time element: {signature_elt.toXml()}" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
217 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
218 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
219 signature_data: Dict[str, Any] = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
220 "timestamp": timestamp, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
221 "signers": [ |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
222 str(s) for s in signature_elt.elements(NS_PUBSUB_SIGNING, "signer") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
223 ] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
224 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
225 # FIXME: only OpenPGP signature is available for now, to be updated if and |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
226 # when more algorithms are available. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
227 sign_elt = next( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
228 signature_elt.elements(NS_PUBSUB_SIGNING_OPENPGP, "sign"), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
229 None |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
230 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
231 if sign_elt is None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
232 log.warning( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
233 "no known signature profile element found, ignoring signature: " |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
234 f"{signature_elt.toXml()}" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
235 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
236 return |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
237 else: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
238 signature_data["signature"] = str(sign_elt) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
239 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
240 data["signature"] = signature_data |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
241 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
242 async def signature_set( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
243 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
244 client: SatXMPPEntity, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
245 attachments_data: Dict[str, Any], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
246 former_elt: Optional[domish.Element] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
247 ) -> Optional[domish.Element]: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
248 signature_data = attachments_data["extra"].get("signature") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
249 if signature_data is None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
250 return former_elt |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
251 elif signature_data: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
252 item_elt = signature_data.get("item_elt") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
253 service = jid.JID(attachments_data["service"]) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
254 if item_elt is None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
255 node = attachments_data["node"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
256 item_id = attachments_data["id"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
257 items, __ = await self._p.getItems( |
3963
d105ead599b6
plugin pubsub signature: fix attachment setting + default signer:
Goffi <goffi@goffi.org>
parents:
3961
diff
changeset
|
258 client, service, node, item_ids=[item_id] |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
259 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
260 if not items != 1: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
261 raise exceptions.NotFound( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
262 f"target item not found for {item_id!r} at {node!r} for {service}" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
263 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
264 item_elt = items[0] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
265 |
3963
d105ead599b6
plugin pubsub signature: fix attachment setting + default signer:
Goffi <goffi@goffi.org>
parents:
3961
diff
changeset
|
266 signer = signature_data.get("signer") or client.jid.userhost() |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
267 timestamp = time.time() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
268 timestamp_xmpp = utils.xmpp_date(timestamp) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
269 to_sign = self.get_data_to_sign(item_elt, service, timestamp, signer) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
270 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
271 signature_elt = domish.Element( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
272 (NS_PUBSUB_SIGNING, "signature"), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
273 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
274 time_elt = signature_elt.addElement("time") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
275 time_elt["stamp"] = timestamp_xmpp |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
276 signature_elt.addElement("signer", content=signer) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
277 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
278 sign_elt = signature_elt.addElement((NS_PUBSUB_SIGNING_OPENPGP, "sign")) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
279 signing_keys = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
280 k for k in self._ox.list_secret_keys(client) |
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
281 if client.gpg_provider.can_sign(k.public_key) |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
282 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
283 # the base64 encoded signature itself |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
284 sign_elt.addContent( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
285 base64.b64encode( |
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
286 client.gpg_provider.sign_detached(to_sign, signing_keys) |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
287 ).decode() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
288 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
289 return signature_elt |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
290 else: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
291 return None |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
292 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
293 async def _publish_trigger( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
294 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
295 client: SatXMPPEntity, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
296 service: jid.JID, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
297 node: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
298 items: Optional[List[domish.Element]], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
299 options: Optional[dict], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
300 sender: jid.JID, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
301 extra: Dict[str, Any] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
302 ) -> bool: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
303 if not items or not extra.get("signed"): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
304 return True |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
305 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
306 for item_elt in items: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
307 # we need an ID to find corresponding attachment node, and so to sign an item |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
308 if not item_elt.hasAttribute("id"): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
309 item_elt["id"] = shortuuid.uuid() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
310 await self._a.set_attachements( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
311 client, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
312 { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
313 "service": service.full(), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
314 "node": node, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
315 "id": item_elt["id"], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
316 "extra": { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
317 "signature": { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
318 "item_elt": item_elt, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
319 "signer": sender.userhost(), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
320 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
321 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
322 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
323 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
324 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
325 return True |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
326 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
327 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
328 @implementer(iwokkel.IDisco) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
329 class PubsubSigning_Handler(xmlstream.XMPPHandler): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
330 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
331 def getDiscoInfo(self, requestor, service, nodeIdentifier=""): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
332 return [disco.DiscoFeature(NS_PUBSUB_SIGNING)] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
333 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
334 def getDiscoItems(self, requestor, service, nodeIdentifier=""): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
335 return [] |