annotate libervia/backend/plugins/plugin_sec_oxps.py @ 4332:71c939e34ca6

XEP-0373 (OX): Adjust to gpgme updates: generate with explicit algorithm and subkeys
author Syndace <me@syndace.dev>
date Sat, 13 Jul 2024 18:28:28 +0200
parents 0d7bb4df2343
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
1 #!/usr/bin/env python3
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
2
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
3 # Libervia plugin for Pubsub Encryption
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
4 # Copyright (C) 2009-2022 Jérôme Poisson (goffi@goffi.org)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
5
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
6 # This program is free software: you can redistribute it and/or modify
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
7 # it under the terms of the GNU Affero General Public License as published by
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
8 # the Free Software Foundation, either version 3 of the License, or
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
9 # (at your option) any later version.
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
10
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
11 # This program is distributed in the hope that it will be useful,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
14 # GNU Affero General Public License for more details.
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
15
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
16 # You should have received a copy of the GNU Affero General Public License
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
18
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
19 import base64
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
20 import dataclasses
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
21 import secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
22 import time
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
23 from typing import Any, Dict, Iterable, List, Optional, Set, Tuple, Union
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
24 from collections import OrderedDict
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
25
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
26 import shortuuid
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
27 from twisted.internet import defer
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
28 from twisted.words.protocols.jabber import jid, xmlstream
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
29 from twisted.words.xish import domish
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
30 from wokkel import disco, iwokkel
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
31 from wokkel import rsm
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
32 from zope.interface import implementer
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
33
4071
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4051
diff changeset
34 from libervia.backend.core import exceptions
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4051
diff changeset
35 from libervia.backend.core.constants import Const as C
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4051
diff changeset
36 from libervia.backend.core.core_types import SatXMPPEntity
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4051
diff changeset
37 from libervia.backend.core.i18n import _
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4051
diff changeset
38 from libervia.backend.core.log import getLogger
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4051
diff changeset
39 from libervia.backend.memory import persistent
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4051
diff changeset
40 from libervia.backend.tools import utils
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4051
diff changeset
41 from libervia.backend.tools import xml_tools
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4051
diff changeset
42 from libervia.backend.tools.common import data_format
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4051
diff changeset
43 from libervia.backend.tools.common import uri
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4051
diff changeset
44 from libervia.backend.tools.common.async_utils import async_lru
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
45
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
46 from .plugin_xep_0373 import NS_OX, get_gpg_provider
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
47
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
48
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
49 log = getLogger(__name__)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
50
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
51 IMPORT_NAME = "OXPS"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
52
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
53 PLUGIN_INFO = {
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
54 C.PI_NAME: "OpenPGP for XMPP Pubsub",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
55 C.PI_IMPORT_NAME: IMPORT_NAME,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
56 C.PI_TYPE: C.PLUG_TYPE_XEP,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
57 C.PI_MODES: C.PLUG_MODE_BOTH,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
58 C.PI_PROTOCOLS: [],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
59 C.PI_DEPENDENCIES: ["XEP-0060", "XEP-0334", "XEP-0373"],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
60 C.PI_MAIN: "PubsubEncryption",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
61 C.PI_HANDLER: "yes",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
62 C.PI_DESCRIPTION: _("""Pubsub e2e encryption via OpenPGP"""),
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
63 }
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
64 NS_OXPS = "urn:xmpp:openpgp:pubsub:0"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
65
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
66 KEY_REVOKED = "revoked"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
67 CACHE_MAX = 5
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
68
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
69
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
70 @dataclasses.dataclass
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
71 class SharedSecret:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
72 id: str
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
73 key: str
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
74 timestamp: float
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
75 # bare JID of who has generated the secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
76 origin: jid.JID
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
77 revoked: bool = False
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
78 shared_with: Set[jid.JID] = dataclasses.field(default_factory=set)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
79
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
80
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
81 class PubsubEncryption:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
82 namespace = NS_OXPS
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
83
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
84 def __init__(self, host):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
85 log.info(_("OpenPGP for XMPP Pubsub plugin initialization"))
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
86 host.register_namespace("oxps", NS_OXPS)
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
87 self.host = host
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
88 self._p = host.plugins["XEP-0060"]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
89 self._h = host.plugins["XEP-0334"]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
90 self._ox = host.plugins["XEP-0373"]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
91 host.trigger.add("XEP-0060_publish", self._publish_trigger)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
92 host.trigger.add("XEP-0060_items", self._items_trigger)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
93 host.trigger.add(
4051
c23cad65ae99 core: renamed `messageReceived` trigger to `message_received`
Goffi <goffi@goffi.org>
parents: 4037
diff changeset
94 "message_received",
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
95 self._message_received_trigger,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
96 )
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
97 host.bridge.add_method(
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
98 "ps_secret_share",
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
99 ".plugin",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
100 in_sign="sssass",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
101 out_sign="",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
102 method=self._ps_secret_share,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
103 async_=True,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
104 )
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
105 host.bridge.add_method(
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
106 "ps_secret_revoke",
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
107 ".plugin",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
108 in_sign="sssass",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
109 out_sign="",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
110 method=self._ps_secret_revoke,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
111 async_=True,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
112 )
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
113 host.bridge.add_method(
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
114 "ps_secret_rotate",
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
115 ".plugin",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
116 in_sign="ssass",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
117 out_sign="",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
118 method=self._ps_secret_rotate,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
119 async_=True,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
120 )
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
121 host.bridge.add_method(
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
122 "ps_secrets_list",
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
123 ".plugin",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
124 in_sign="sss",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
125 out_sign="s",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
126 method=self._ps_secrets_list,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
127 async_=True,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
128 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
129
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
130 def get_handler(self, client):
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
131 return PubsubEncryption_Handler()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
132
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
133 async def profile_connecting(self, client):
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
134 client.__storage = persistent.LazyPersistentBinaryDict(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
135 IMPORT_NAME, client.profile
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
136 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
137 # cache to avoid useless DB access, and to avoid race condition by ensuring that
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
138 # the same shared_secrets instance is always used for a given node.
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
139 client.__cache = OrderedDict()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
140 self.gpg_provider = get_gpg_provider(self.host, client)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
141
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
142 async def load_secrets(
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
143 self, client: SatXMPPEntity, node_uri: str
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
144 ) -> Optional[Dict[str, SharedSecret]]:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
145 """Load shared secret from databse or cache
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
146
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
147 A cache is used per client to avoid usueless db access, as shared secrets are
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
148 often needed several times in a row. Cache is also necessary to avoir race
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
149 condition, when updating a secret, by ensuring that the same instance is used
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
150 for all updates during a session.
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
151
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
152 @param node_uri: XMPP URI of the encrypted pubsub node
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
153 @return shared secrets, or None if no secrets are known yet
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
154 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
155 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
156 shared_secrets = client.__cache[node_uri]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
157 except KeyError:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
158 pass
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
159 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
160 client.__cache.move_to_end(node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
161 return shared_secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
162
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
163 secrets_as_dict = await client.__storage.get(node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
164
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
165 if secrets_as_dict is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
166 return None
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
167 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
168 shared_secrets = {
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
169 s["id"]: SharedSecret(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
170 id=s["id"],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
171 key=s["key"],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
172 timestamp=s["timestamp"],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
173 origin=jid.JID(s["origin"]),
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
174 revoked=s["revoked"],
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
175 shared_with={jid.JID(w) for w in s["shared_with"]},
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
176 )
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
177 for s in secrets_as_dict
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
178 }
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
179 client.__cache[node_uri] = shared_secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
180 while len(client.__cache) > CACHE_MAX:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
181 client.__cache.popitem(False)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
182 return shared_secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
183
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
184 def __secrect_dict_factory(self, data: List[Tuple[str, Any]]) -> Dict[str, Any]:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
185 ret = {}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
186 for k, v in data:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
187 if k == "origin":
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
188 v = v.full()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
189 elif k == "shared_with":
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
190 v = [j.full() for j in v]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
191 ret[k] = v
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
192 return ret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
193
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
194 async def store_secrets(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
195 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
196 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
197 node_uri: str,
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
198 shared_secrets: Dict[str, SharedSecret],
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
199 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
200 """Store shared secrets to database
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
201
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
202 Shared secrets are serialised before being stored.
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
203 If ``node_uri`` is not in cache, the shared_secrets instance is also put in cache/
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
204
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
205 @param node_uri: XMPP URI of the encrypted pubsub node
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
206 @param shared_secrets: shared secrets to store
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
207 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
208 if node_uri not in client.__cache:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
209 client.__cache[node_uri] = shared_secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
210 while len(client.__cache) > CACHE_MAX:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
211 client.__cache.popitem(False)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
212
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
213 secrets_as_dict = [
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
214 dataclasses.asdict(s, dict_factory=self.__secrect_dict_factory)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
215 for s in shared_secrets.values()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
216 ]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
217 await client.__storage.aset(node_uri, secrets_as_dict)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
218
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
219 def generate_secret(self, client: SatXMPPEntity) -> SharedSecret:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
220 """Generate a new shared secret"""
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
221 log.info("Generating a new shared secret.")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
222 secret_key = secrets.token_urlsafe(64)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
223 secret_id = shortuuid.uuid()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
224 return SharedSecret(
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
225 id=secret_id,
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
226 key=secret_key,
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
227 timestamp=time.time(),
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
228 origin=client.jid.userhostJID(),
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
229 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
230
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
231 def _ps_secret_revoke(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
232 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
233 service: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
234 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
235 secret_id: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
236 recipients: List[str],
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
237 profile_key: str,
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
238 ) -> defer.Deferred:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
239 return defer.ensureDeferred(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
240 self.revoke(
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
241 self.host.get_client(profile_key),
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
242 jid.JID(service) if service else None,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
243 node,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
244 secret_id,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
245 [jid.JID(r) for r in recipients] or None,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
246 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
247 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
248
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
249 async def revoke(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
250 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
251 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
252 service: Optional[jid.JID],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
253 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
254 secret_id: str,
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
255 recipients: Optional[Iterable[jid.JID]] = None,
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
256 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
257 """Revoke a secret and notify entities
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
258
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
259 @param service: pubsub/PEP service where the node is
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
260 @param node: node name
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
261 @param secret_id: ID of the secret to revoke (must have been generated by
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
262 ourselves)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
263 recipients: JIDs of entities to send the revocation notice to. If None, all
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
264 entities known to have the shared secret will be notified.
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
265 Use empty list if you don't want to notify anybody (not recommended)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
266 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
267 if service is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
268 service = client.jid.userhostJID()
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
269 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
270 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
271 if not shared_secrets:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
272 raise exceptions.NotFound(f"No shared secret is known for {node_uri}")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
273 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
274 shared_secret = shared_secrets[secret_id]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
275 except KeyError:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
276 raise exceptions.NotFound(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
277 f"No shared secret with ID {secret_id!r} has been found for {node_uri}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
278 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
279 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
280 if shared_secret.origin != client.jid.userhostJID():
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
281 raise exceptions.PermissionError(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
282 f"The shared secret {shared_secret.id} originate from "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
283 f"{shared_secret.origin}, not you ({client.jid.userhostJID()}). You "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
284 "can't revoke it"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
285 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
286 shared_secret.revoked = True
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
287 await self.store_secrets(client, node_uri, shared_secrets)
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
288 log.info(f"shared secret {secret_id!r} for {node_uri} has been revoked.")
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
289 if recipients is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
290 recipients = shared_secret.shared_with
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
291 if recipients:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
292 for recipient in recipients:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
293 await self.send_revoke_notification(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
294 client, service, node, shared_secret.id, recipient
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
295 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
296 log.info(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
297 f"shared secret {shared_secret.id} revocation notification for "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
298 f"{node_uri} has been send to {''.join(str(r) for r in recipients)}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
299 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
300 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
301 log.info(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
302 "Due to empty recipients list, no revocation notification has been sent "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
303 f"for shared secret {shared_secret.id} for {node_uri}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
304 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
305
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
306 async def send_revoke_notification(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
307 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
308 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
309 service: jid.JID,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
310 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
311 secret_id: str,
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
312 recipient: jid.JID,
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
313 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
314 revoke_elt = domish.Element((NS_OXPS, "revoke"))
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
315 revoke_elt["jid"] = service.full()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
316 revoke_elt["node"] = node
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
317 revoke_elt["id"] = secret_id
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
318 signcrypt_elt, payload_elt = self._ox.build_signcrypt_element([recipient])
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
319 payload_elt.addChild(revoke_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
320 openpgp_elt = await self._ox.build_openpgp_element(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
321 client, signcrypt_elt, {recipient}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
322 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
323 message_elt = domish.Element((None, "message"))
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
324 message_elt["from"] = client.jid.full()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
325 message_elt["to"] = recipient.full()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
326 message_elt.addChild((openpgp_elt))
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
327 self._h.add_hint_elements(message_elt, [self._h.HINT_STORE])
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
328 client.send(message_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
329
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
330 def _ps_secret_share(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
331 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
332 recipient: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
333 service: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
334 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
335 secret_ids: List[str],
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
336 profile_key: str,
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
337 ) -> defer.Deferred:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
338 return defer.ensureDeferred(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
339 self.share_secrets(
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
340 self.host.get_client(profile_key),
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
341 jid.JID(recipient),
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
342 jid.JID(service) if service else None,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
343 node,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
344 secret_ids or None,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
345 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
346 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
347
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
348 async def share_secret(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
349 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
350 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
351 service: Optional[jid.JID],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
352 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
353 shared_secret: SharedSecret,
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
354 recipient: jid.JID,
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
355 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
356 """Create and send <shared-secret> element"""
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
357 if service is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
358 service = client.jid.userhostJID()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
359 shared_secret_elt = domish.Element((NS_OXPS, "shared-secret"))
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
360 shared_secret_elt["jid"] = service.full()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
361 shared_secret_elt["node"] = node
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
362 shared_secret_elt["id"] = shared_secret.id
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
363 shared_secret_elt["timestamp"] = utils.xmpp_date(shared_secret.timestamp)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
364 if shared_secret.revoked:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
365 shared_secret_elt["revoked"] = C.BOOL_TRUE
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
366 # TODO: add type attribute
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
367 shared_secret_elt.addContent(shared_secret.key)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
368 signcrypt_elt, payload_elt = self._ox.build_signcrypt_element([recipient])
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
369 payload_elt.addChild(shared_secret_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
370 openpgp_elt = await self._ox.build_openpgp_element(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
371 client, signcrypt_elt, {recipient}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
372 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
373 message_elt = domish.Element((None, "message"))
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
374 message_elt["from"] = client.jid.full()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
375 message_elt["to"] = recipient.full()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
376 message_elt.addChild((openpgp_elt))
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
377 self._h.add_hint_elements(message_elt, [self._h.HINT_STORE])
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
378 client.send(message_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
379 shared_secret.shared_with.add(recipient)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
380
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
381 async def share_secrets(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
382 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
383 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
384 recipient: jid.JID,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
385 service: Optional[jid.JID],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
386 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
387 secret_ids: Optional[List[str]] = None,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
388 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
389 """Share secrets of a pubsub node with a recipient
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
390
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
391 @param recipient: who to share secrets with
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
392 @param service: pubsub/PEP service where the node is
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
393 @param node: node name
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
394 @param secret_ids: IDs of the secrets to share, or None to share all known secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
395 (disabled or not)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
396 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
397 if service is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
398 service = client.jid.userhostJID()
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
399 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
400 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
401 if shared_secrets is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
402 # no secret shared yet, let's generate one
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
403 shared_secret = self.generate_secret(client)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
404 shared_secrets = {shared_secret.id: shared_secret}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
405 await self.store_secrets(client, node_uri, shared_secrets)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
406 if secret_ids is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
407 # we share all secrets of the node
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
408 to_share = shared_secrets.values()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
409 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
410 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
411 to_share = [shared_secrets[s_id] for s_id in secret_ids]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
412 except KeyError as e:
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
413 raise exceptions.NotFound(f"no shared secret found with given ID: {e}")
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
414 for shared_secret in to_share:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
415 await self.share_secret(client, service, node, shared_secret, recipient)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
416 await self.store_secrets(client, node_uri, shared_secrets)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
417
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
418 def _ps_secret_rotate(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
419 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
420 service: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
421 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
422 recipients: List[str],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
423 profile_key: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
424 ) -> defer.Deferred:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
425 return defer.ensureDeferred(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
426 self.rotate_secret(
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
427 self.host.get_client(profile_key),
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
428 jid.JID(service) if service else None,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
429 node,
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
430 [jid.JID(r) for r in recipients] or None,
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
431 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
432 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
433
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
434 async def rotate_secret(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
435 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
436 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
437 service: Optional[jid.JID],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
438 node: str,
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
439 recipients: Optional[List[jid.JID]] = None,
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
440 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
441 """Revoke all current known secrets, create and share a new one
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
442
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
443 @param service: pubsub/PEP service where the node is
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
444 @param node: node name
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
445 @param recipients: who must receive the new shared secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
446 if None, all recipients known to have last active shared secret will get the
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
447 new secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
448 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
449 if service is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
450 service = client.jid.userhostJID()
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
451 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
452 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
453 if shared_secrets is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
454 shared_secrets = {}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
455 for shared_secret in shared_secrets.values():
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
456 if not shared_secret.revoked:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
457 await self.revoke(client, service, node, shared_secret.id)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
458 shared_secret.revoked = True
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
459
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
460 if recipients is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
461 if shared_secrets:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
462 # we get recipients from latests shared secret's shared_with list,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
463 # regarless of deprecation (cause all keys may be deprecated)
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
464 recipients = list(
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
465 sorted(
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
466 shared_secrets.values(), key=lambda s: s.timestamp, reverse=True
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
467 )[0].shared_with
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
468 )
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
469 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
470 recipients = []
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
471
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
472 shared_secret = self.generate_secret(client)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
473 shared_secrets[shared_secret.id] = shared_secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
474 # we send notification to last entities known to already have the shared secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
475 for recipient in recipients:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
476 await self.share_secret(client, service, node, shared_secret, recipient)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
477 await self.store_secrets(client, node_uri, shared_secrets)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
478
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
479 def _ps_secrets_list(
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
480 self, service: str, node: str, profile_key: str
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
481 ) -> defer.Deferred:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
482 d = defer.ensureDeferred(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
483 self.list_shared_secrets(
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
484 self.host.get_client(profile_key),
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
485 jid.JID(service) if service else None,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
486 node,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
487 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
488 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
489 d.addCallback(lambda ret: data_format.serialise(ret))
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
490 return d
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
491
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
492 async def list_shared_secrets(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
493 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
494 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
495 service: Optional[jid.JID],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
496 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
497 ) -> List[Dict[str, Any]]:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
498 """Retrieve for shared secrets of a pubsub node
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
499
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
500 @param service: pubsub/PEP service where the node is
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
501 @param node: node name
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
502 @return: shared secrets data
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
503 @raise exceptions.NotFound: no shared secret found for this node
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
504 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
505 if service is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
506 service = client.jid.userhostJID()
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
507 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
508 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
509 if shared_secrets is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
510 raise exceptions.NotFound(f"No shared secrets found for {node_uri}")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
511 return [
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
512 dataclasses.asdict(s, dict_factory=self.__secrect_dict_factory)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
513 for s in shared_secrets.values()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
514 ]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
515
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
516 async def handle_revoke_elt(
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
517 self, client: SatXMPPEntity, sender: jid.JID, revoke_elt: domish.Element
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
518 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
519 """Parse a <revoke> element and update local secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
520
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
521 @param sender: bare jid of the entity who has signed the secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
522 @param revoke: <revoke/> element
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
523 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
524 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
525 service = jid.JID(revoke_elt["jid"])
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
526 node = revoke_elt["node"]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
527 secret_id = revoke_elt["id"]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
528 except (KeyError, RuntimeError) as e:
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
529 log.warning(f"ignoring invalid <revoke> element: {e}\n{revoke_elt.toXml()}")
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
530 return
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
531 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
532 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
533 if shared_secrets is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
534 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
535 f"Can't revoke shared secret {secret_id}: no known shared secrets for "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
536 f"{node_uri}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
537 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
538 return
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
539
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
540 if any(s.origin != sender for s in shared_secrets.values()):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
541 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
542 f"Rejecting shared secret revocation signed by invalid entity ({sender}):"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
543 f"\n{revoke_elt.toXml}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
544 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
545 return
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
546
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
547 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
548 shared_secret = shared_secrets[secret_id]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
549 except KeyError:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
550 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
551 f"Can't revoke shared secret {secret_id}: this secret ID is unknown for "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
552 f"{node_uri}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
553 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
554 return
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
555
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
556 shared_secret.revoked = True
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
557 await self.store_secrets(client, node_uri, shared_secrets)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
558 log.info(f"Shared secret {secret_id} has been revoked for {node_uri}")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
559
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
560 async def handle_shared_secret_elt(
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
561 self, client: SatXMPPEntity, sender: jid.JID, shared_secret_elt: domish.Element
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
562 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
563 """Parse a <shared-secret> element and update local secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
564
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
565 @param sender: bare jid of the entity who has signed the secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
566 @param shared_secret_elt: <shared-secret/> element
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
567 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
568 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
569 service = jid.JID(shared_secret_elt["jid"])
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
570 node = shared_secret_elt["node"]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
571 secret_id = shared_secret_elt["id"]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
572 timestamp = utils.parse_xmpp_date(shared_secret_elt["timestamp"])
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
573 # TODO: handle "type" attribute
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
574 revoked = C.bool(shared_secret_elt.getAttribute("revoked", C.BOOL_FALSE))
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
575 except (KeyError, RuntimeError, ValueError) as e:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
576 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
577 f"ignoring invalid <shared-secret> element: "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
578 f"{e}\n{shared_secret_elt.toXml()}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
579 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
580 return
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
581 key = str(shared_secret_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
582 if not key:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
583 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
584 "ignoring <shared-secret> element with empty key: "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
585 f"{shared_secret_elt.toXml()}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
586 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
587 return
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
588 shared_secret = SharedSecret(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
589 id=secret_id, key=key, timestamp=timestamp, origin=sender, revoked=revoked
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
590 )
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
591 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
592 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
593 if shared_secrets is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
594 shared_secrets = {}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
595 # no known shared secret yet for this node, we have to trust first user who
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
596 # send it
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
597 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
598 if any(s.origin != sender for s in shared_secrets.values()):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
599 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
600 f"Rejecting shared secret signed by invalid entity ({sender}):\n"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
601 f"{shared_secret_elt.toXml}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
602 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
603 return
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
604
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
605 shared_secrets[shared_secret.id] = shared_secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
606 await self.store_secrets(client, node_uri, shared_secrets)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
607 log.info(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
608 f"shared secret {shared_secret.id} added for {node_uri} [{client.profile}]"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
609 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
610
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
611 async def _publish_trigger(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
612 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
613 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
614 service: jid.JID,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
615 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
616 items: Optional[List[domish.Element]],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
617 options: Optional[dict],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
618 sender: jid.JID,
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
619 extra: Dict[str, Any],
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
620 ) -> bool:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
621 if not items or not extra.get("encrypted"):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
622 return True
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3952
diff changeset
623 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
624 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
625 if shared_secrets is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
626 shared_secrets = {}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
627 shared_secret = None
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
628 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
629 current_secrets = [s for s in shared_secrets.values() if not s.revoked]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
630 if not current_secrets:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
631 shared_secret = None
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
632 elif len(current_secrets) > 1:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
633 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
634 f"more than one active shared secret found for node {node!r} at "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
635 f"{service}, using the most recent one"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
636 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
637 current_secrets.sort(key=lambda s: s.timestamp, reverse=True)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
638 shared_secret = current_secrets[0]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
639 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
640 shared_secret = current_secrets[0]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
641
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
642 if shared_secret is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
643 if any(s.origin != client.jid.userhostJID() for s in shared_secrets.values()):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
644 raise exceptions.PermissionError(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
645 "there is no known active shared secret, and you are not the "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
646 "creator of previous shared secrets, we can't encrypt items at "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
647 f"{node_uri} ."
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
648 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
649 shared_secret = self.generate_secret(client)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
650 shared_secrets[shared_secret.id] = shared_secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
651 await self.store_secrets(client, node_uri, shared_secrets)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
652 # TODO: notify other entities
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
653
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
654 for item in items:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
655 item_elts = list(item.elements())
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
656 if len(item_elts) != 1:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
657 raise ValueError(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
658 f"there should be exactly one item payload: {item.toXml()}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
659 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
660 item_payload = item_elts[0]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
661 log.debug(f"encrypting item {item.getAttribute('id', '')}")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
662 encrypted_item = self.gpg_provider.encrypt_symmetrically(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
663 item_payload.toXml().encode(), shared_secret.key
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
664 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
665 item.children.clear()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
666 encrypted_elt = domish.Element((NS_OXPS, "encrypted"))
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
667 encrypted_elt["key"] = shared_secret.id
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
668 encrypted_elt.addContent(base64.b64encode(encrypted_item).decode())
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
669 item.addChild(encrypted_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
670
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
671 return True
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
672
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
673 async def _items_trigger(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
674 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
675 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
676 service: Optional[jid.JID],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
677 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
678 items: List[domish.Element],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
679 rsm_response: rsm.RSMResponse,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
680 extra: Dict[str, Any],
3952
9badc46c5481 plugin OXPS: fix triggers return values:
Goffi <goffi@goffi.org>
parents: 3948
diff changeset
681 ) -> bool:
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
682 if not extra.get(C.KEY_DECRYPT, True):
3952
9badc46c5481 plugin OXPS: fix triggers return values:
Goffi <goffi@goffi.org>
parents: 3948
diff changeset
683 return True
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
684 if service is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
685 service = client.jid.userhostJID()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
686 shared_secrets = None
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
687 for item in items:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
688 payload = item.firstChildElement()
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
689 if (
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
690 payload is not None
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
691 and payload.name == "encrypted"
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
692 and payload.uri == NS_OXPS
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
693 ):
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
694 encrypted_elt = payload
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
695 secret_id = encrypted_elt.getAttribute("key")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
696 if not secret_id:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
697 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
698 f'"key" attribute is missing from encrypted item: {item.toXml()}'
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
699 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
700 continue
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
701 if shared_secrets is None:
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
702 node_uri = uri.build_xmpp_uri(
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
703 "pubsub", path=service.full(), node=node
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
704 )
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
705 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
706 if shared_secrets is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
707 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
708 f"No known shared secret for {node_uri}, can't decrypt"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
709 )
3952
9badc46c5481 plugin OXPS: fix triggers return values:
Goffi <goffi@goffi.org>
parents: 3948
diff changeset
710 return True
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
711 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
712 shared_secret = shared_secrets[secret_id]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
713 except KeyError:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
714 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
715 f"No key known for encrypted item {item['id']!r} (shared secret "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
716 f"id: {secret_id!r})"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
717 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
718 continue
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
719 log.debug(f"decrypting item {item.getAttribute('id', '')}")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
720 decrypted = self.gpg_provider.decrypt_symmetrically(
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
721 base64.b64decode(str(encrypted_elt)), shared_secret.key
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
722 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
723 decrypted_elt = xml_tools.parse(decrypted)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
724 item.children.clear()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
725 item.addChild(decrypted_elt)
3948
cd4d95b3fed3 plugin OXPS, XEP-0060: indicate which items were e2ee:
Goffi <goffi@goffi.org>
parents: 3934
diff changeset
726 extra.setdefault("encrypted", {})[item["id"]] = {"type": NS_OXPS}
3952
9badc46c5481 plugin OXPS: fix triggers return values:
Goffi <goffi@goffi.org>
parents: 3948
diff changeset
727 return True
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
728
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
729 async def _message_received_trigger(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
730 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
731 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
732 message_elt: domish.Element,
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
733 post_treat: defer.Deferred,
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
734 ) -> bool:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
735 sender = jid.JID(message_elt["from"]).userhostJID()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
736 # there may be an openpgp element if OXIM is not activate, in this case we have to
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
737 # decrypt it here
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
738 openpgp_elt = next(message_elt.elements(NS_OX, "openpgp"), None)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
739 if openpgp_elt is not None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
740 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
741 payload_elt, __ = await self._ox.unpack_openpgp_element(
4270
0d7bb4df2343 Reformatted code base using black.
Goffi <goffi@goffi.org>
parents: 4071
diff changeset
742 client, openpgp_elt, "signcrypt", sender
3934
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
743 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
744 except Exception as e:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
745 log.warning(f"Can't decrypt element: {e}\n{message_elt.toXml()}")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
746 return False
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
747 message_elt.children.remove(openpgp_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
748 for c in payload_elt.children:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
749 message_elt.addChild(c)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
750
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
751 shared_secret_elt = next(message_elt.elements(NS_OXPS, "shared-secret"), None)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
752 if shared_secret_elt is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
753 # no <shared-secret>, we check if there is a <revoke> element
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
754 revoke_elt = next(message_elt.elements(NS_OXPS, "revoke"), None)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
755 if revoke_elt is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
756 return True
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
757 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
758 await self.handle_revoke_elt(client, sender, revoke_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
759 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
760 await self.handle_shared_secret_elt(client, sender, shared_secret_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
761
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
762 return False
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
763
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
764
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
765 @implementer(iwokkel.IDisco)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
766 class PubsubEncryption_Handler(xmlstream.XMPPHandler):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
767
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
768 def getDiscoInfo(self, requestor, service, nodeIdentifier=""):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
769 return [disco.DiscoFeature(NS_OXPS)]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
770
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
771 def getDiscoItems(self, requestor, service, nodeIdentifier=""):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
772 return []