libervia-backend: libervia/backend/plugins/plugin_sec

annotate libervia/backend/plugins/plugin_sec_oxps.py @ 4242:8acf46ed7f36

frontends: remote control implementation: This is the frontends common part of remote control implementation. It handle the creation of WebRTC session, and management of inputs. For now the reception use freedesktop.org Desktop portal, and works mostly with Wayland based Desktop Environments. rel 436

author	Goffi <goffi@goffi.org>
date	Sat, 11 May 2024 13:52:43 +0200
parents	4b842c1fb686
children	0d7bb4df2343

rev	line source
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	1 #!/usr/bin/env python3
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	2
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	3 # Libervia plugin for Pubsub Encryption
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	4 # Copyright (C) 2009-2022 Jérôme Poisson (goffi@goffi.org)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	5
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	6 # This program is free software: you can redistribute it and/or modify
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	7 # it under the terms of the GNU Affero General Public License as published by
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	8 # the Free Software Foundation, either version 3 of the License, or
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	9 # (at your option) any later version.
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	10
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	11 # This program is distributed in the hope that it will be useful,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	14 # GNU Affero General Public License for more details.
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	15
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	16 # You should have received a copy of the GNU Affero General Public License
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	18
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	19 import base64
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	20 import dataclasses
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	21 import secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	22 import time
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	23 from typing import Any, Dict, Iterable, List, Optional, Set, Tuple, Union
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	24 from collections import OrderedDict
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	25
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	26 import shortuuid
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	27 from twisted.internet import defer
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	28 from twisted.words.protocols.jabber import jid, xmlstream
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	29 from twisted.words.xish import domish
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	30 from wokkel import disco, iwokkel
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	31 from wokkel import rsm
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	32 from zope.interface import implementer
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	33
4071 4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend` Goffi <goffi@goffi.org> parents: 4051 diff changeset	34 from libervia.backend.core import exceptions
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend` Goffi <goffi@goffi.org> parents: 4051 diff changeset	35 from libervia.backend.core.constants import Const as C
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend` Goffi <goffi@goffi.org> parents: 4051 diff changeset	36 from libervia.backend.core.core_types import SatXMPPEntity
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend` Goffi <goffi@goffi.org> parents: 4051 diff changeset	37 from libervia.backend.core.i18n import _
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend` Goffi <goffi@goffi.org> parents: 4051 diff changeset	38 from libervia.backend.core.log import getLogger
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend` Goffi <goffi@goffi.org> parents: 4051 diff changeset	39 from libervia.backend.memory import persistent
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend` Goffi <goffi@goffi.org> parents: 4051 diff changeset	40 from libervia.backend.tools import utils
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend` Goffi <goffi@goffi.org> parents: 4051 diff changeset	41 from libervia.backend.tools import xml_tools
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend` Goffi <goffi@goffi.org> parents: 4051 diff changeset	42 from libervia.backend.tools.common import data_format
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend` Goffi <goffi@goffi.org> parents: 4051 diff changeset	43 from libervia.backend.tools.common import uri
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend` Goffi <goffi@goffi.org> parents: 4051 diff changeset	44 from libervia.backend.tools.common.async_utils import async_lru
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	45
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	46 from .plugin_xep_0373 import NS_OX, get_gpg_provider
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	47
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	48
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	49 log = getLogger(__name__)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	50
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	51 IMPORT_NAME = "OXPS"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	52
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	53 PLUGIN_INFO = {
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	54 C.PI_NAME: "OpenPGP for XMPP Pubsub",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	55 C.PI_IMPORT_NAME: IMPORT_NAME,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	56 C.PI_TYPE: C.PLUG_TYPE_XEP,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	57 C.PI_MODES: C.PLUG_MODE_BOTH,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	58 C.PI_PROTOCOLS: [],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	59 C.PI_DEPENDENCIES: ["XEP-0060", "XEP-0334", "XEP-0373"],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	60 C.PI_MAIN: "PubsubEncryption",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	61 C.PI_HANDLER: "yes",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	62 C.PI_DESCRIPTION: _("""Pubsub e2e encryption via OpenPGP"""),
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	63 }
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	64 NS_OXPS = "urn:xmpp:openpgp:pubsub:0"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	65
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	66 KEY_REVOKED = "revoked"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	67 CACHE_MAX = 5
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	68
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	69
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	70 @dataclasses.dataclass
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	71 class SharedSecret:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	72 id: str
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	73 key: str
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	74 timestamp: float
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	75 # bare JID of who has generated the secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	76 origin: jid.JID
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	77 revoked: bool = False
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	78 shared_with: Set[jid.JID] = dataclasses.field(default_factory=set)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	79
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	80
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	81 class PubsubEncryption:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	82 namespace = NS_OXPS
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	83
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	84 def __init__(self, host):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	85 log.info(_("OpenPGP for XMPP Pubsub plugin initialization"))
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	86 host.register_namespace("oxps", NS_OXPS)
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	87 self.host = host
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	88 self._p = host.plugins["XEP-0060"]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	89 self._h = host.plugins["XEP-0334"]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	90 self._ox = host.plugins["XEP-0373"]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	91 host.trigger.add("XEP-0060_publish", self._publish_trigger)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	92 host.trigger.add("XEP-0060_items", self._items_trigger)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	93 host.trigger.add(
4051 c23cad65ae99 core: renamed `messageReceived` trigger to `message_received` Goffi <goffi@goffi.org> parents: 4037 diff changeset	94 "message_received",
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	95 self._message_received_trigger,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	96 )
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	97 host.bridge.add_method(
524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	98 "ps_secret_share",
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	99 ".plugin",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	100 in_sign="sssass",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	101 out_sign="",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	102 method=self._ps_secret_share,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	103 async_=True,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	104 )
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	105 host.bridge.add_method(
524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	106 "ps_secret_revoke",
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	107 ".plugin",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	108 in_sign="sssass",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	109 out_sign="",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	110 method=self._ps_secret_revoke,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	111 async_=True,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	112 )
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	113 host.bridge.add_method(
524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	114 "ps_secret_rotate",
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	115 ".plugin",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	116 in_sign="ssass",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	117 out_sign="",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	118 method=self._ps_secret_rotate,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	119 async_=True,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	120 )
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	121 host.bridge.add_method(
524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	122 "ps_secrets_list",
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	123 ".plugin",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	124 in_sign="sss",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	125 out_sign="s",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	126 method=self._ps_secrets_list,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	127 async_=True,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	128 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	129
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	130 def get_handler(self, client):
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	131 return PubsubEncryption_Handler()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	132
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	133 async def profile_connecting(self, client):
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	134 client.__storage = persistent.LazyPersistentBinaryDict(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	135 IMPORT_NAME, client.profile
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	136 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	137 # cache to avoid useless DB access, and to avoid race condition by ensuring that
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	138 # the same shared_secrets instance is always used for a given node.
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	139 client.__cache = OrderedDict()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	140 self.gpg_provider = get_gpg_provider(self.host, client)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	141
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	142 async def load_secrets(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	143 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	144 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	145 node_uri: str
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	146 ) -> Optional[Dict[str, SharedSecret]]:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	147 """Load shared secret from databse or cache
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	148
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	149 A cache is used per client to avoid usueless db access, as shared secrets are
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	150 often needed several times in a row. Cache is also necessary to avoir race
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	151 condition, when updating a secret, by ensuring that the same instance is used
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	152 for all updates during a session.
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	153
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	154 @param node_uri: XMPP URI of the encrypted pubsub node
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	155 @return shared secrets, or None if no secrets are known yet
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	156 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	157 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	158 shared_secrets = client.__cache[node_uri]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	159 except KeyError:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	160 pass
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	161 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	162 client.__cache.move_to_end(node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	163 return shared_secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	164
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	165 secrets_as_dict = await client.__storage.get(node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	166
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	167 if secrets_as_dict is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	168 return None
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	169 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	170 shared_secrets = {
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	171 s["id"]: SharedSecret(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	172 id=s["id"],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	173 key=s["key"],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	174 timestamp=s["timestamp"],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	175 origin=jid.JID(s["origin"]),
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	176 revoked=s["revoked"],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	177 shared_with={jid.JID(w) for w in s["shared_with"]}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	178 ) for s in secrets_as_dict
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	179 }
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	180 client.__cache[node_uri] = shared_secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	181 while len(client.__cache) > CACHE_MAX:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	182 client.__cache.popitem(False)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	183 return shared_secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	184
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	185 def __secrect_dict_factory(self, data: List[Tuple[str, Any]]) -> Dict[str, Any]:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	186 ret = {}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	187 for k, v in data:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	188 if k == "origin":
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	189 v = v.full()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	190 elif k == "shared_with":
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	191 v = [j.full() for j in v]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	192 ret[k] = v
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	193 return ret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	194
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	195 async def store_secrets(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	196 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	197 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	198 node_uri: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	199 shared_secrets: Dict[str, SharedSecret]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	200 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	201 """Store shared secrets to database
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	202
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	203 Shared secrets are serialised before being stored.
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	204 If ``node_uri`` is not in cache, the shared_secrets instance is also put in cache/
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	205
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	206 @param node_uri: XMPP URI of the encrypted pubsub node
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	207 @param shared_secrets: shared secrets to store
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	208 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	209 if node_uri not in client.__cache:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	210 client.__cache[node_uri] = shared_secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	211 while len(client.__cache) > CACHE_MAX:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	212 client.__cache.popitem(False)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	213
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	214 secrets_as_dict = [
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	215 dataclasses.asdict(s, dict_factory=self.__secrect_dict_factory)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	216 for s in shared_secrets.values()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	217 ]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	218 await client.__storage.aset(node_uri, secrets_as_dict)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	219
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	220 def generate_secret(self, client: SatXMPPEntity) -> SharedSecret:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	221 """Generate a new shared secret"""
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	222 log.info("Generating a new shared secret.")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	223 secret_key = secrets.token_urlsafe(64)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	224 secret_id = shortuuid.uuid()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	225 return SharedSecret(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	226 id = secret_id,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	227 key = secret_key,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	228 timestamp = time.time(),
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	229 origin = client.jid.userhostJID()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	230 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	231
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	232 def _ps_secret_revoke(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	233 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	234 service: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	235 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	236 secret_id: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	237 recipients: List[str],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	238 profile_key: str
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	239 ) -> defer.Deferred:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	240 return defer.ensureDeferred(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	241 self.revoke(
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	242 self.host.get_client(profile_key),
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	243 jid.JID(service) if service else None,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	244 node,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	245 secret_id,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	246 [jid.JID(r) for r in recipients] or None,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	247 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	248 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	249
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	250 async def revoke(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	251 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	252 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	253 service: Optional[jid.JID],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	254 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	255 secret_id: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	256 recipients: Optional[Iterable[jid.JID]] = None
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	257 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	258 """Revoke a secret and notify entities
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	259
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	260 @param service: pubsub/PEP service where the node is
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	261 @param node: node name
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	262 @param secret_id: ID of the secret to revoke (must have been generated by
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	263 ourselves)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	264 recipients: JIDs of entities to send the revocation notice to. If None, all
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	265 entities known to have the shared secret will be notified.
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	266 Use empty list if you don't want to notify anybody (not recommended)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	267 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	268 if service is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	269 service = client.jid.userhostJID()
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	270 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	271 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	272 if not shared_secrets:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	273 raise exceptions.NotFound(f"No shared secret is known for {node_uri}")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	274 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	275 shared_secret = shared_secrets[secret_id]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	276 except KeyError:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	277 raise exceptions.NotFound(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	278 f"No shared secret with ID {secret_id!r} has been found for {node_uri}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	279 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	280 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	281 if shared_secret.origin != client.jid.userhostJID():
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	282 raise exceptions.PermissionError(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	283 f"The shared secret {shared_secret.id} originate from "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	284 f"{shared_secret.origin}, not you ({client.jid.userhostJID()}). You "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	285 "can't revoke it"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	286 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	287 shared_secret.revoked = True
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	288 await self.store_secrets(client, node_uri, shared_secrets)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	289 log.info(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	290 f"shared secret {secret_id!r} for {node_uri} has been revoked."
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	291 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	292 if recipients is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	293 recipients = shared_secret.shared_with
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	294 if recipients:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	295 for recipient in recipients:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	296 await self.send_revoke_notification(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	297 client, service, node, shared_secret.id, recipient
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	298 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	299 log.info(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	300 f"shared secret {shared_secret.id} revocation notification for "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	301 f"{node_uri} has been send to {''.join(str(r) for r in recipients)}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	302 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	303 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	304 log.info(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	305 "Due to empty recipients list, no revocation notification has been sent "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	306 f"for shared secret {shared_secret.id} for {node_uri}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	307 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	308
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	309 async def send_revoke_notification(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	310 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	311 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	312 service: jid.JID,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	313 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	314 secret_id: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	315 recipient: jid.JID
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	316 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	317 revoke_elt = domish.Element((NS_OXPS, "revoke"))
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	318 revoke_elt["jid"] = service.full()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	319 revoke_elt["node"] = node
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	320 revoke_elt["id"] = secret_id
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	321 signcrypt_elt, payload_elt = self._ox.build_signcrypt_element([recipient])
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	322 payload_elt.addChild(revoke_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	323 openpgp_elt = await self._ox.build_openpgp_element(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	324 client, signcrypt_elt, {recipient}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	325 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	326 message_elt = domish.Element((None, "message"))
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	327 message_elt["from"] = client.jid.full()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	328 message_elt["to"] = recipient.full()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	329 message_elt.addChild((openpgp_elt))
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	330 self._h.add_hint_elements(message_elt, [self._h.HINT_STORE])
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	331 client.send(message_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	332
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	333 def _ps_secret_share(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	334 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	335 recipient: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	336 service: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	337 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	338 secret_ids: List[str],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	339 profile_key: str
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	340 ) -> defer.Deferred:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	341 return defer.ensureDeferred(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	342 self.share_secrets(
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	343 self.host.get_client(profile_key),
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	344 jid.JID(recipient),
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	345 jid.JID(service) if service else None,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	346 node,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	347 secret_ids or None,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	348 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	349 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	350
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	351 async def share_secret(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	352 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	353 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	354 service: Optional[jid.JID],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	355 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	356 shared_secret: SharedSecret,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	357 recipient: jid.JID
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	358 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	359 """Create and send <shared-secret> element"""
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	360 if service is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	361 service = client.jid.userhostJID()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	362 shared_secret_elt = domish.Element((NS_OXPS, "shared-secret"))
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	363 shared_secret_elt["jid"] = service.full()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	364 shared_secret_elt["node"] = node
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	365 shared_secret_elt["id"] = shared_secret.id
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	366 shared_secret_elt["timestamp"] = utils.xmpp_date(shared_secret.timestamp)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	367 if shared_secret.revoked:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	368 shared_secret_elt["revoked"] = C.BOOL_TRUE
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	369 # TODO: add type attribute
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	370 shared_secret_elt.addContent(shared_secret.key)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	371 signcrypt_elt, payload_elt = self._ox.build_signcrypt_element([recipient])
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	372 payload_elt.addChild(shared_secret_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	373 openpgp_elt = await self._ox.build_openpgp_element(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	374 client, signcrypt_elt, {recipient}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	375 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	376 message_elt = domish.Element((None, "message"))
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	377 message_elt["from"] = client.jid.full()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	378 message_elt["to"] = recipient.full()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	379 message_elt.addChild((openpgp_elt))
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	380 self._h.add_hint_elements(message_elt, [self._h.HINT_STORE])
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	381 client.send(message_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	382 shared_secret.shared_with.add(recipient)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	383
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	384 async def share_secrets(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	385 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	386 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	387 recipient: jid.JID,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	388 service: Optional[jid.JID],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	389 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	390 secret_ids: Optional[List[str]] = None,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	391 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	392 """Share secrets of a pubsub node with a recipient
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	393
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	394 @param recipient: who to share secrets with
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	395 @param service: pubsub/PEP service where the node is
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	396 @param node: node name
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	397 @param secret_ids: IDs of the secrets to share, or None to share all known secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	398 (disabled or not)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	399 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	400 if service is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	401 service = client.jid.userhostJID()
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	402 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	403 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	404 if shared_secrets is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	405 # no secret shared yet, let's generate one
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	406 shared_secret = self.generate_secret(client)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	407 shared_secrets = {shared_secret.id: shared_secret}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	408 await self.store_secrets(client, node_uri, shared_secrets)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	409 if secret_ids is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	410 # we share all secrets of the node
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	411 to_share = shared_secrets.values()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	412 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	413 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	414 to_share = [shared_secrets[s_id] for s_id in secret_ids]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	415 except KeyError as e:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	416 raise exceptions.NotFound(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	417 f"no shared secret found with given ID: {e}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	418 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	419 for shared_secret in to_share:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	420 await self.share_secret(client, service, node, shared_secret, recipient)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	421 await self.store_secrets(client, node_uri, shared_secrets)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	422
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	423 def _ps_secret_rotate(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	424 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	425 service: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	426 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	427 recipients: List[str],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	428 profile_key: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	429 ) -> defer.Deferred:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	430 return defer.ensureDeferred(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	431 self.rotate_secret(
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	432 self.host.get_client(profile_key),
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	433 jid.JID(service) if service else None,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	434 node,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	435 [jid.JID(r) for r in recipients] or None
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	436 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	437 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	438
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	439 async def rotate_secret(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	440 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	441 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	442 service: Optional[jid.JID],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	443 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	444 recipients: Optional[List[jid.JID]] = None
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	445 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	446 """Revoke all current known secrets, create and share a new one
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	447
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	448 @param service: pubsub/PEP service where the node is
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	449 @param node: node name
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	450 @param recipients: who must receive the new shared secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	451 if None, all recipients known to have last active shared secret will get the
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	452 new secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	453 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	454 if service is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	455 service = client.jid.userhostJID()
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	456 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	457 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	458 if shared_secrets is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	459 shared_secrets = {}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	460 for shared_secret in shared_secrets.values():
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	461 if not shared_secret.revoked:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	462 await self.revoke(client, service, node, shared_secret.id)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	463 shared_secret.revoked = True
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	464
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	465 if recipients is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	466 if shared_secrets:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	467 # we get recipients from latests shared secret's shared_with list,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	468 # regarless of deprecation (cause all keys may be deprecated)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	469 recipients = list(sorted(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	470 shared_secrets.values(),
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	471 key=lambda s: s.timestamp,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	472 reverse=True
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	473 )[0].shared_with)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	474 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	475 recipients = []
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	476
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	477 shared_secret = self.generate_secret(client)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	478 shared_secrets[shared_secret.id] = shared_secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	479 # we send notification to last entities known to already have the shared secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	480 for recipient in recipients:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	481 await self.share_secret(client, service, node, shared_secret, recipient)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	482 await self.store_secrets(client, node_uri, shared_secrets)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	483
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	484 def _ps_secrets_list(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	485 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	486 service: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	487 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	488 profile_key: str
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	489 ) -> defer.Deferred:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	490 d = defer.ensureDeferred(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	491 self.list_shared_secrets(
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	492 self.host.get_client(profile_key),
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	493 jid.JID(service) if service else None,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	494 node,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	495 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	496 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	497 d.addCallback(lambda ret: data_format.serialise(ret))
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	498 return d
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	499
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	500 async def list_shared_secrets(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	501 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	502 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	503 service: Optional[jid.JID],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	504 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	505 ) -> List[Dict[str, Any]]:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	506 """Retrieve for shared secrets of a pubsub node
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	507
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	508 @param service: pubsub/PEP service where the node is
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	509 @param node: node name
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	510 @return: shared secrets data
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	511 @raise exceptions.NotFound: no shared secret found for this node
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	512 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	513 if service is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	514 service = client.jid.userhostJID()
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	515 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	516 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	517 if shared_secrets is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	518 raise exceptions.NotFound(f"No shared secrets found for {node_uri}")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	519 return [
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	520 dataclasses.asdict(s, dict_factory=self.__secrect_dict_factory)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	521 for s in shared_secrets.values()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	522 ]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	523
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	524 async def handle_revoke_elt(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	525 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	526 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	527 sender: jid.JID,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	528 revoke_elt: domish.Element
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	529 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	530 """Parse a <revoke> element and update local secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	531
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	532 @param sender: bare jid of the entity who has signed the secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	533 @param revoke: <revoke/> element
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	534 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	535 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	536 service = jid.JID(revoke_elt["jid"])
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	537 node = revoke_elt["node"]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	538 secret_id = revoke_elt["id"]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	539 except (KeyError, RuntimeError) as e:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	540 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	541 f"ignoring invalid <revoke> element: {e}\n{revoke_elt.toXml()}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	542 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	543 return
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	544 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	545 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	546 if shared_secrets is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	547 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	548 f"Can't revoke shared secret {secret_id}: no known shared secrets for "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	549 f"{node_uri}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	550 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	551 return
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	552
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	553 if any(s.origin != sender for s in shared_secrets.values()):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	554 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	555 f"Rejecting shared secret revocation signed by invalid entity ({sender}):"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	556 f"\n{revoke_elt.toXml}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	557 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	558 return
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	559
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	560 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	561 shared_secret = shared_secrets[secret_id]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	562 except KeyError:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	563 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	564 f"Can't revoke shared secret {secret_id}: this secret ID is unknown for "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	565 f"{node_uri}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	566 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	567 return
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	568
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	569 shared_secret.revoked = True
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	570 await self.store_secrets(client, node_uri, shared_secrets)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	571 log.info(f"Shared secret {secret_id} has been revoked for {node_uri}")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	572
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	573 async def handle_shared_secret_elt(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	574 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	575 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	576 sender: jid.JID,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	577 shared_secret_elt: domish.Element
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	578 ) -> None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	579 """Parse a <shared-secret> element and update local secrets
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	580
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	581 @param sender: bare jid of the entity who has signed the secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	582 @param shared_secret_elt: <shared-secret/> element
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	583 """
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	584 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	585 service = jid.JID(shared_secret_elt["jid"])
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	586 node = shared_secret_elt["node"]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	587 secret_id = shared_secret_elt["id"]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	588 timestamp = utils.parse_xmpp_date(shared_secret_elt["timestamp"])
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	589 # TODO: handle "type" attribute
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	590 revoked = C.bool(shared_secret_elt.getAttribute("revoked", C.BOOL_FALSE))
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	591 except (KeyError, RuntimeError, ValueError) as e:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	592 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	593 f"ignoring invalid <shared-secret> element: "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	594 f"{e}\n{shared_secret_elt.toXml()}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	595 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	596 return
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	597 key = str(shared_secret_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	598 if not key:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	599 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	600 "ignoring <shared-secret> element with empty key: "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	601 f"{shared_secret_elt.toXml()}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	602 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	603 return
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	604 shared_secret = SharedSecret(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	605 id=secret_id, key=key, timestamp=timestamp, origin=sender, revoked=revoked
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	606 )
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	607 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	608 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	609 if shared_secrets is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	610 shared_secrets = {}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	611 # no known shared secret yet for this node, we have to trust first user who
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	612 # send it
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	613 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	614 if any(s.origin != sender for s in shared_secrets.values()):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	615 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	616 f"Rejecting shared secret signed by invalid entity ({sender}):\n"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	617 f"{shared_secret_elt.toXml}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	618 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	619 return
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	620
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	621 shared_secrets[shared_secret.id] = shared_secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	622 await self.store_secrets(client, node_uri, shared_secrets)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	623 log.info(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	624 f"shared secret {shared_secret.id} added for {node_uri} [{client.profile}]"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	625 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	626
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	627 async def _publish_trigger(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	628 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	629 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	630 service: jid.JID,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	631 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	632 items: Optional[List[domish.Element]],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	633 options: Optional[dict],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	634 sender: jid.JID,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	635 extra: Dict[str, Any]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	636 ) -> bool:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	637 if not items or not extra.get("encrypted"):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	638 return True
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	639 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	640 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	641 if shared_secrets is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	642 shared_secrets = {}
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	643 shared_secret = None
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	644 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	645 current_secrets = [s for s in shared_secrets.values() if not s.revoked]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	646 if not current_secrets:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	647 shared_secret = None
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	648 elif len(current_secrets) > 1:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	649 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	650 f"more than one active shared secret found for node {node!r} at "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	651 f"{service}, using the most recent one"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	652 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	653 current_secrets.sort(key=lambda s: s.timestamp, reverse=True)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	654 shared_secret = current_secrets[0]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	655 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	656 shared_secret = current_secrets[0]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	657
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	658 if shared_secret is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	659 if any(s.origin != client.jid.userhostJID() for s in shared_secrets.values()):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	660 raise exceptions.PermissionError(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	661 "there is no known active shared secret, and you are not the "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	662 "creator of previous shared secrets, we can't encrypt items at "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	663 f"{node_uri} ."
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	664 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	665 shared_secret = self.generate_secret(client)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	666 shared_secrets[shared_secret.id] = shared_secret
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	667 await self.store_secrets(client, node_uri, shared_secrets)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	668 # TODO: notify other entities
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	669
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	670 for item in items:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	671 item_elts = list(item.elements())
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	672 if len(item_elts) != 1:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	673 raise ValueError(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	674 f"there should be exactly one item payload: {item.toXml()}"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	675 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	676 item_payload = item_elts[0]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	677 log.debug(f"encrypting item {item.getAttribute('id', '')}")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	678 encrypted_item = self.gpg_provider.encrypt_symmetrically(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	679 item_payload.toXml().encode(), shared_secret.key
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	680 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	681 item.children.clear()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	682 encrypted_elt = domish.Element((NS_OXPS, "encrypted"))
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	683 encrypted_elt["key"] = shared_secret.id
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	684 encrypted_elt.addContent(base64.b64encode(encrypted_item).decode())
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	685 item.addChild(encrypted_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	686
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	687 return True
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	688
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	689 async def _items_trigger(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	690 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	691 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	692 service: Optional[jid.JID],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	693 node: str,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	694 items: List[domish.Element],
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	695 rsm_response: rsm.RSMResponse,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	696 extra: Dict[str, Any],
3952 9badc46c5481 plugin OXPS: fix triggers return values: Goffi <goffi@goffi.org> parents: 3948 diff changeset	697 ) -> bool:
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	698 if not extra.get(C.KEY_DECRYPT, True):
3952 9badc46c5481 plugin OXPS: fix triggers return values: Goffi <goffi@goffi.org> parents: 3948 diff changeset	699 return True
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	700 if service is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	701 service = client.jid.userhostJID()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	702 shared_secrets = None
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	703 for item in items:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	704 payload = item.firstChildElement()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	705 if (payload is not None
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	706 and payload.name == "encrypted"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	707 and payload.uri == NS_OXPS):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	708 encrypted_elt = payload
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	709 secret_id = encrypted_elt.getAttribute("key")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	710 if not secret_id:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	711 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	712 f'"key" attribute is missing from encrypted item: {item.toXml()}'
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	713 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	714 continue
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	715 if shared_secrets is None:
4037 524856bd7b19 massive refactoring to switch from camelCase to snake_case: Goffi <goffi@goffi.org> parents: 3952 diff changeset	716 node_uri = uri.build_xmpp_uri("pubsub", path=service.full(), node=node)
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	717 shared_secrets = await self.load_secrets(client, node_uri)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	718 if shared_secrets is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	719 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	720 f"No known shared secret for {node_uri}, can't decrypt"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	721 )
3952 9badc46c5481 plugin OXPS: fix triggers return values: Goffi <goffi@goffi.org> parents: 3948 diff changeset	722 return True
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	723 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	724 shared_secret = shared_secrets[secret_id]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	725 except KeyError:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	726 log.warning(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	727 f"No key known for encrypted item {item['id']!r} (shared secret "
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	728 f"id: {secret_id!r})"
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	729 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	730 continue
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	731 log.debug(f"decrypting item {item.getAttribute('id', '')}")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	732 decrypted = self.gpg_provider.decrypt_symmetrically(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	733 base64.b64decode(str(encrypted_elt)),
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	734 shared_secret.key
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	735 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	736 decrypted_elt = xml_tools.parse(decrypted)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	737 item.children.clear()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	738 item.addChild(decrypted_elt)
3948 cd4d95b3fed3 plugin OXPS, XEP-0060: indicate which items were e2ee: Goffi <goffi@goffi.org> parents: 3934 diff changeset	739 extra.setdefault("encrypted", {})[item["id"]] = {"type": NS_OXPS}
3952 9badc46c5481 plugin OXPS: fix triggers return values: Goffi <goffi@goffi.org> parents: 3948 diff changeset	740 return True
3934 e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	741
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	742 async def _message_received_trigger(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	743 self,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	744 client: SatXMPPEntity,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	745 message_elt: domish.Element,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	746 post_treat: defer.Deferred
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	747 ) -> bool:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	748 sender = jid.JID(message_elt["from"]).userhostJID()
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	749 # there may be an openpgp element if OXIM is not activate, in this case we have to
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	750 # decrypt it here
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	751 openpgp_elt = next(message_elt.elements(NS_OX, "openpgp"), None)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	752 if openpgp_elt is not None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	753 try:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	754 payload_elt, __ = await self._ox.unpack_openpgp_element(
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	755 client,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	756 openpgp_elt,
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	757 "signcrypt",
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	758 sender
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	759 )
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	760 except Exception as e:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	761 log.warning(f"Can't decrypt element: {e}\n{message_elt.toXml()}")
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	762 return False
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	763 message_elt.children.remove(openpgp_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	764 for c in payload_elt.children:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	765 message_elt.addChild(c)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	766
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	767 shared_secret_elt = next(message_elt.elements(NS_OXPS, "shared-secret"), None)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	768 if shared_secret_elt is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	769 # no <shared-secret>, we check if there is a <revoke> element
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	770 revoke_elt = next(message_elt.elements(NS_OXPS, "revoke"), None)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	771 if revoke_elt is None:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	772 return True
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	773 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	774 await self.handle_revoke_elt(client, sender, revoke_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	775 else:
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	776 await self.handle_shared_secret_elt(client, sender, shared_secret_elt)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	777
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	778 return False
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	779
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	780
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	781 @implementer(iwokkel.IDisco)
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	782 class PubsubEncryption_Handler(xmlstream.XMPPHandler):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	783
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	784 def getDiscoInfo(self, requestor, service, nodeIdentifier=""):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	785 return [disco.DiscoFeature(NS_OXPS)]
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	786
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	787 def getDiscoItems(self, requestor, service, nodeIdentifier=""):
e345d93fb6e5 plugin OXPS: OpenPGP for XMPP Pubsub implementation: Goffi <goffi@goffi.org> parents: diff changeset	788 return []

Mercurial > libervia-backend

annotate libervia/backend/plugins/plugin_sec_oxps.py @ 4242:8acf46ed7f36