Mercurial > libervia-backend
annotate sat/plugins/plugin_sec_oxps.py @ 3939:8ae3e870be94
cli (pubsub): new `secret` subcommands:
commands are added to `share`, `revoke` and `rotate` secrets of an encrypted pubsub node.
rel 380
author | Goffi <goffi@goffi.org> |
---|---|
date | Sat, 15 Oct 2022 20:38:30 +0200 |
parents | e345d93fb6e5 |
children | cd4d95b3fed3 |
rev | line source |
---|---|
3934
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
1 #!/usr/bin/env python3 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
2 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
3 # Libervia plugin for Pubsub Encryption |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
4 # Copyright (C) 2009-2022 Jérôme Poisson (goffi@goffi.org) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
5 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
6 # This program is free software: you can redistribute it and/or modify |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
7 # it under the terms of the GNU Affero General Public License as published by |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
8 # the Free Software Foundation, either version 3 of the License, or |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
9 # (at your option) any later version. |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
10 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
11 # This program is distributed in the hope that it will be useful, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
14 # GNU Affero General Public License for more details. |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
16 # You should have received a copy of the GNU Affero General Public License |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
18 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
19 import base64 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 import dataclasses |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
21 import secrets |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
22 import time |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
23 from typing import Any, Dict, Iterable, List, Optional, Set, Tuple, Union |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
24 from collections import OrderedDict |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
25 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
26 import shortuuid |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
27 from twisted.internet import defer |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
28 from twisted.words.protocols.jabber import jid, xmlstream |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
29 from twisted.words.xish import domish |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
30 from wokkel import disco, iwokkel |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
31 from wokkel import rsm |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
32 from zope.interface import implementer |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
33 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
34 from sat.core import exceptions |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
35 from sat.core.constants import Const as C |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
36 from sat.core.core_types import SatXMPPEntity |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
37 from sat.core.i18n import _ |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
38 from sat.core.log import getLogger |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
39 from sat.memory import persistent |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
40 from sat.tools import utils |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
41 from sat.tools import xml_tools |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
42 from sat.tools.common import data_format |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
43 from sat.tools.common import uri |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
44 from sat.tools.common.async_utils import async_lru |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
45 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
46 from .plugin_xep_0373 import NS_OX, get_gpg_provider |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
47 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
48 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
49 log = getLogger(__name__) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
50 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
51 IMPORT_NAME = "OXPS" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
52 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
53 PLUGIN_INFO = { |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
54 C.PI_NAME: "OpenPGP for XMPP Pubsub", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
55 C.PI_IMPORT_NAME: IMPORT_NAME, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
56 C.PI_TYPE: C.PLUG_TYPE_XEP, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
57 C.PI_MODES: C.PLUG_MODE_BOTH, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
58 C.PI_PROTOCOLS: [], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
59 C.PI_DEPENDENCIES: ["XEP-0060", "XEP-0334", "XEP-0373"], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
60 C.PI_MAIN: "PubsubEncryption", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
61 C.PI_HANDLER: "yes", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
62 C.PI_DESCRIPTION: _("""Pubsub e2e encryption via OpenPGP"""), |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
63 } |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
64 NS_OXPS = "urn:xmpp:openpgp:pubsub:0" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
65 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
66 KEY_REVOKED = "revoked" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
67 CACHE_MAX = 5 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
68 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
69 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
70 @dataclasses.dataclass |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
71 class SharedSecret: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
72 id: str |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
73 key: str |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
74 timestamp: float |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
75 # bare JID of who has generated the secret |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
76 origin: jid.JID |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
77 revoked: bool = False |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
78 shared_with: Set[jid.JID] = dataclasses.field(default_factory=set) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
79 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
80 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
81 class PubsubEncryption: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
82 namespace = NS_OXPS |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
83 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
84 def __init__(self, host): |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
85 log.info(_("OpenPGP for XMPP Pubsub plugin initialization")) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
86 host.registerNamespace("oxps", NS_OXPS) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
87 self.host = host |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
88 self._p = host.plugins["XEP-0060"] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
89 self._h = host.plugins["XEP-0334"] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
90 self._ox = host.plugins["XEP-0373"] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
91 host.trigger.add("XEP-0060_publish", self._publish_trigger) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
92 host.trigger.add("XEP-0060_items", self._items_trigger) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
93 host.trigger.add( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
94 "messageReceived", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
95 self._message_received_trigger, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
96 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
97 host.bridge.addMethod( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
98 "psSecretShare", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
99 ".plugin", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
100 in_sign="sssass", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
101 out_sign="", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
102 method=self._ps_secret_share, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
103 async_=True, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
104 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
105 host.bridge.addMethod( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
106 "psSecretRevoke", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
107 ".plugin", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
108 in_sign="sssass", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
109 out_sign="", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
110 method=self._ps_secret_revoke, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
111 async_=True, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
112 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
113 host.bridge.addMethod( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
114 "psSecretRotate", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
115 ".plugin", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
116 in_sign="ssass", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
117 out_sign="", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
118 method=self._ps_secret_rotate, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
119 async_=True, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
120 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
121 host.bridge.addMethod( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
122 "psSecretsList", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
123 ".plugin", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
124 in_sign="sss", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
125 out_sign="s", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
126 method=self._ps_secrets_list, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
127 async_=True, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
128 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
129 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
130 def getHandler(self, client): |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
131 return PubsubEncryption_Handler() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
132 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
133 async def profileConnecting(self, client): |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
134 client.__storage = persistent.LazyPersistentBinaryDict( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
135 IMPORT_NAME, client.profile |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
136 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
137 # cache to avoid useless DB access, and to avoid race condition by ensuring that |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
138 # the same shared_secrets instance is always used for a given node. |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
139 client.__cache = OrderedDict() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
140 self.gpg_provider = get_gpg_provider(self.host, client) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
141 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
142 async def load_secrets( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
143 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
144 client: SatXMPPEntity, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
145 node_uri: str |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
146 ) -> Optional[Dict[str, SharedSecret]]: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
147 """Load shared secret from databse or cache |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
148 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
149 A cache is used per client to avoid usueless db access, as shared secrets are |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
150 often needed several times in a row. Cache is also necessary to avoir race |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
151 condition, when updating a secret, by ensuring that the same instance is used |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
152 for all updates during a session. |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
153 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
154 @param node_uri: XMPP URI of the encrypted pubsub node |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
155 @return shared secrets, or None if no secrets are known yet |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
156 """ |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
157 try: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
158 shared_secrets = client.__cache[node_uri] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
159 except KeyError: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
160 pass |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
161 else: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
162 client.__cache.move_to_end(node_uri) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
163 return shared_secrets |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
164 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
165 secrets_as_dict = await client.__storage.get(node_uri) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
166 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
167 if secrets_as_dict is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
168 return None |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
169 else: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
170 shared_secrets = { |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
171 s["id"]: SharedSecret( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
172 id=s["id"], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
173 key=s["key"], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
174 timestamp=s["timestamp"], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
175 origin=jid.JID(s["origin"]), |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
176 revoked=s["revoked"], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
177 shared_with={jid.JID(w) for w in s["shared_with"]} |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
178 ) for s in secrets_as_dict |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
179 } |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
180 client.__cache[node_uri] = shared_secrets |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
181 while len(client.__cache) > CACHE_MAX: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
182 client.__cache.popitem(False) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
183 return shared_secrets |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
184 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
185 def __secrect_dict_factory(self, data: List[Tuple[str, Any]]) -> Dict[str, Any]: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
186 ret = {} |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
187 for k, v in data: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
188 if k == "origin": |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
189 v = v.full() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
190 elif k == "shared_with": |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
191 v = [j.full() for j in v] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
192 ret[k] = v |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
193 return ret |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
194 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
195 async def store_secrets( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
196 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
197 client: SatXMPPEntity, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
198 node_uri: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
199 shared_secrets: Dict[str, SharedSecret] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
200 ) -> None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
201 """Store shared secrets to database |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
202 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
203 Shared secrets are serialised before being stored. |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
204 If ``node_uri`` is not in cache, the shared_secrets instance is also put in cache/ |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
205 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
206 @param node_uri: XMPP URI of the encrypted pubsub node |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
207 @param shared_secrets: shared secrets to store |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
208 """ |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
209 if node_uri not in client.__cache: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
210 client.__cache[node_uri] = shared_secrets |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
211 while len(client.__cache) > CACHE_MAX: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
212 client.__cache.popitem(False) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
213 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
214 secrets_as_dict = [ |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
215 dataclasses.asdict(s, dict_factory=self.__secrect_dict_factory) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
216 for s in shared_secrets.values() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
217 ] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
218 await client.__storage.aset(node_uri, secrets_as_dict) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
219 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
220 def generate_secret(self, client: SatXMPPEntity) -> SharedSecret: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
221 """Generate a new shared secret""" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
222 log.info("Generating a new shared secret.") |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
223 secret_key = secrets.token_urlsafe(64) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
224 secret_id = shortuuid.uuid() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
225 return SharedSecret( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
226 id = secret_id, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
227 key = secret_key, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
228 timestamp = time.time(), |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
229 origin = client.jid.userhostJID() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
230 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
231 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
232 def _ps_secret_revoke( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
233 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
234 service: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
235 node: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
236 secret_id: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
237 recipients: List[str], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
238 profile_key: str |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
239 ) -> defer.Deferred: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
240 return defer.ensureDeferred( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
241 self.revoke( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
242 self.host.getClient(profile_key), |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
243 jid.JID(service) if service else None, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
244 node, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
245 secret_id, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
246 [jid.JID(r) for r in recipients] or None, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
247 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
248 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
249 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
250 async def revoke( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
251 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
252 client: SatXMPPEntity, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
253 service: Optional[jid.JID], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
254 node: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
255 secret_id: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
256 recipients: Optional[Iterable[jid.JID]] = None |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
257 ) -> None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
258 """Revoke a secret and notify entities |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
259 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
260 @param service: pubsub/PEP service where the node is |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
261 @param node: node name |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
262 @param secret_id: ID of the secret to revoke (must have been generated by |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
263 ourselves) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
264 recipients: JIDs of entities to send the revocation notice to. If None, all |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
265 entities known to have the shared secret will be notified. |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
266 Use empty list if you don't want to notify anybody (not recommended) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
267 """ |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
268 if service is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
269 service = client.jid.userhostJID() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
270 node_uri = uri.buildXMPPUri("pubsub", path=service.full(), node=node) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
271 shared_secrets = await self.load_secrets(client, node_uri) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
272 if not shared_secrets: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
273 raise exceptions.NotFound(f"No shared secret is known for {node_uri}") |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
274 try: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
275 shared_secret = shared_secrets[secret_id] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
276 except KeyError: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
277 raise exceptions.NotFound( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
278 f"No shared secret with ID {secret_id!r} has been found for {node_uri}" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
279 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
280 else: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
281 if shared_secret.origin != client.jid.userhostJID(): |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
282 raise exceptions.PermissionError( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
283 f"The shared secret {shared_secret.id} originate from " |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
284 f"{shared_secret.origin}, not you ({client.jid.userhostJID()}). You " |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
285 "can't revoke it" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
286 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
287 shared_secret.revoked = True |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
288 await self.store_secrets(client, node_uri, shared_secrets) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
289 log.info( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
290 f"shared secret {secret_id!r} for {node_uri} has been revoked." |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
291 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
292 if recipients is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
293 recipients = shared_secret.shared_with |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
294 if recipients: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
295 for recipient in recipients: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
296 await self.send_revoke_notification( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
297 client, service, node, shared_secret.id, recipient |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
298 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
299 log.info( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
300 f"shared secret {shared_secret.id} revocation notification for " |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
301 f"{node_uri} has been send to {''.join(str(r) for r in recipients)}" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
302 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
303 else: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
304 log.info( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
305 "Due to empty recipients list, no revocation notification has been sent " |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
306 f"for shared secret {shared_secret.id} for {node_uri}" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
307 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
308 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
309 async def send_revoke_notification( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
310 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
311 client: SatXMPPEntity, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
312 service: jid.JID, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
313 node: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
314 secret_id: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
315 recipient: jid.JID |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
316 ) -> None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
317 revoke_elt = domish.Element((NS_OXPS, "revoke")) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
318 revoke_elt["jid"] = service.full() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
319 revoke_elt["node"] = node |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
320 revoke_elt["id"] = secret_id |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
321 signcrypt_elt, payload_elt = self._ox.build_signcrypt_element([recipient]) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
322 payload_elt.addChild(revoke_elt) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
323 openpgp_elt = await self._ox.build_openpgp_element( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
324 client, signcrypt_elt, {recipient} |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
325 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
326 message_elt = domish.Element((None, "message")) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
327 message_elt["from"] = client.jid.full() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
328 message_elt["to"] = recipient.full() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
329 message_elt.addChild((openpgp_elt)) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
330 self._h.addHintElements(message_elt, [self._h.HINT_STORE]) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
331 client.send(message_elt) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
332 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
333 def _ps_secret_share( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
334 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
335 recipient: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
336 service: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
337 node: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
338 secret_ids: List[str], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
339 profile_key: str |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
340 ) -> defer.Deferred: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
341 return defer.ensureDeferred( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
342 self.share_secrets( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
343 self.host.getClient(profile_key), |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
344 jid.JID(recipient), |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
345 jid.JID(service) if service else None, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
346 node, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
347 secret_ids or None, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
348 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
349 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
350 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
351 async def share_secret( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
352 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
353 client: SatXMPPEntity, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
354 service: Optional[jid.JID], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
355 node: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
356 shared_secret: SharedSecret, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
357 recipient: jid.JID |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
358 ) -> None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
359 """Create and send <shared-secret> element""" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
360 if service is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
361 service = client.jid.userhostJID() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
362 shared_secret_elt = domish.Element((NS_OXPS, "shared-secret")) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
363 shared_secret_elt["jid"] = service.full() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
364 shared_secret_elt["node"] = node |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
365 shared_secret_elt["id"] = shared_secret.id |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
366 shared_secret_elt["timestamp"] = utils.xmpp_date(shared_secret.timestamp) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
367 if shared_secret.revoked: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
368 shared_secret_elt["revoked"] = C.BOOL_TRUE |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
369 # TODO: add type attribute |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
370 shared_secret_elt.addContent(shared_secret.key) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
371 signcrypt_elt, payload_elt = self._ox.build_signcrypt_element([recipient]) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
372 payload_elt.addChild(shared_secret_elt) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
373 openpgp_elt = await self._ox.build_openpgp_element( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
374 client, signcrypt_elt, {recipient} |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
375 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
376 message_elt = domish.Element((None, "message")) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
377 message_elt["from"] = client.jid.full() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
378 message_elt["to"] = recipient.full() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
379 message_elt.addChild((openpgp_elt)) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
380 self._h.addHintElements(message_elt, [self._h.HINT_STORE]) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
381 client.send(message_elt) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
382 shared_secret.shared_with.add(recipient) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
383 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
384 async def share_secrets( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
385 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
386 client: SatXMPPEntity, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
387 recipient: jid.JID, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
388 service: Optional[jid.JID], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
389 node: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
390 secret_ids: Optional[List[str]] = None, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
391 ) -> None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
392 """Share secrets of a pubsub node with a recipient |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
393 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
394 @param recipient: who to share secrets with |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
395 @param service: pubsub/PEP service where the node is |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
396 @param node: node name |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
397 @param secret_ids: IDs of the secrets to share, or None to share all known secrets |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
398 (disabled or not) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
399 """ |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
400 if service is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
401 service = client.jid.userhostJID() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
402 node_uri = uri.buildXMPPUri("pubsub", path=service.full(), node=node) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
403 shared_secrets = await self.load_secrets(client, node_uri) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
404 if shared_secrets is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
405 # no secret shared yet, let's generate one |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
406 shared_secret = self.generate_secret(client) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
407 shared_secrets = {shared_secret.id: shared_secret} |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
408 await self.store_secrets(client, node_uri, shared_secrets) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
409 if secret_ids is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
410 # we share all secrets of the node |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
411 to_share = shared_secrets.values() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
412 else: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
413 try: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
414 to_share = [shared_secrets[s_id] for s_id in secret_ids] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
415 except KeyError as e: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
416 raise exceptions.NotFound( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
417 f"no shared secret found with given ID: {e}" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
418 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
419 for shared_secret in to_share: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
420 await self.share_secret(client, service, node, shared_secret, recipient) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
421 await self.store_secrets(client, node_uri, shared_secrets) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
422 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
423 def _ps_secret_rotate( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
424 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
425 service: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
426 node: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
427 recipients: List[str], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
428 profile_key: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
429 ) -> defer.Deferred: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
430 return defer.ensureDeferred( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
431 self.rotate_secret( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
432 self.host.getClient(profile_key), |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
433 jid.JID(service) if service else None, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
434 node, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
435 [jid.JID(r) for r in recipients] or None |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
436 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
437 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
438 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
439 async def rotate_secret( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
440 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
441 client: SatXMPPEntity, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
442 service: Optional[jid.JID], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
443 node: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
444 recipients: Optional[List[jid.JID]] = None |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
445 ) -> None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
446 """Revoke all current known secrets, create and share a new one |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
447 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
448 @param service: pubsub/PEP service where the node is |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
449 @param node: node name |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
450 @param recipients: who must receive the new shared secret |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
451 if None, all recipients known to have last active shared secret will get the |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
452 new secret |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
453 """ |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
454 if service is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
455 service = client.jid.userhostJID() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
456 node_uri = uri.buildXMPPUri("pubsub", path=service.full(), node=node) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
457 shared_secrets = await self.load_secrets(client, node_uri) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
458 if shared_secrets is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
459 shared_secrets = {} |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
460 for shared_secret in shared_secrets.values(): |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
461 if not shared_secret.revoked: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
462 await self.revoke(client, service, node, shared_secret.id) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
463 shared_secret.revoked = True |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
464 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
465 if recipients is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
466 if shared_secrets: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
467 # we get recipients from latests shared secret's shared_with list, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
468 # regarless of deprecation (cause all keys may be deprecated) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
469 recipients = list(sorted( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
470 shared_secrets.values(), |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
471 key=lambda s: s.timestamp, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
472 reverse=True |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
473 )[0].shared_with) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
474 else: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
475 recipients = [] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
476 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
477 shared_secret = self.generate_secret(client) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
478 shared_secrets[shared_secret.id] = shared_secret |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
479 # we send notification to last entities known to already have the shared secret |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
480 for recipient in recipients: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
481 await self.share_secret(client, service, node, shared_secret, recipient) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
482 await self.store_secrets(client, node_uri, shared_secrets) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
483 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
484 def _ps_secrets_list( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
485 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
486 service: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
487 node: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
488 profile_key: str |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
489 ) -> defer.Deferred: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
490 d = defer.ensureDeferred( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
491 self.list_shared_secrets( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
492 self.host.getClient(profile_key), |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
493 jid.JID(service) if service else None, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
494 node, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
495 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
496 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
497 d.addCallback(lambda ret: data_format.serialise(ret)) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
498 return d |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
499 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
500 async def list_shared_secrets( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
501 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
502 client: SatXMPPEntity, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
503 service: Optional[jid.JID], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
504 node: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
505 ) -> List[Dict[str, Any]]: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
506 """Retrieve for shared secrets of a pubsub node |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
507 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
508 @param service: pubsub/PEP service where the node is |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
509 @param node: node name |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
510 @return: shared secrets data |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
511 @raise exceptions.NotFound: no shared secret found for this node |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
512 """ |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
513 if service is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
514 service = client.jid.userhostJID() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
515 node_uri = uri.buildXMPPUri("pubsub", path=service.full(), node=node) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
516 shared_secrets = await self.load_secrets(client, node_uri) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
517 if shared_secrets is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
518 raise exceptions.NotFound(f"No shared secrets found for {node_uri}") |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
519 return [ |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
520 dataclasses.asdict(s, dict_factory=self.__secrect_dict_factory) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
521 for s in shared_secrets.values() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
522 ] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
523 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
524 async def handle_revoke_elt( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
525 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
526 client: SatXMPPEntity, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
527 sender: jid.JID, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
528 revoke_elt: domish.Element |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
529 ) -> None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
530 """Parse a <revoke> element and update local secrets |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
531 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
532 @param sender: bare jid of the entity who has signed the secret |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
533 @param revoke: <revoke/> element |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
534 """ |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
535 try: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
536 service = jid.JID(revoke_elt["jid"]) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
537 node = revoke_elt["node"] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
538 secret_id = revoke_elt["id"] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
539 except (KeyError, RuntimeError) as e: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
540 log.warning( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
541 f"ignoring invalid <revoke> element: {e}\n{revoke_elt.toXml()}" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
542 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
543 return |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
544 node_uri = uri.buildXMPPUri("pubsub", path=service.full(), node=node) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
545 shared_secrets = await self.load_secrets(client, node_uri) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
546 if shared_secrets is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
547 log.warning( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
548 f"Can't revoke shared secret {secret_id}: no known shared secrets for " |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
549 f"{node_uri}" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
550 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
551 return |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
552 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
553 if any(s.origin != sender for s in shared_secrets.values()): |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
554 log.warning( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
555 f"Rejecting shared secret revocation signed by invalid entity ({sender}):" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
556 f"\n{revoke_elt.toXml}" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
557 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
558 return |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
559 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
560 try: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
561 shared_secret = shared_secrets[secret_id] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
562 except KeyError: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
563 log.warning( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
564 f"Can't revoke shared secret {secret_id}: this secret ID is unknown for " |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
565 f"{node_uri}" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
566 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
567 return |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
568 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
569 shared_secret.revoked = True |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
570 await self.store_secrets(client, node_uri, shared_secrets) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
571 log.info(f"Shared secret {secret_id} has been revoked for {node_uri}") |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
572 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
573 async def handle_shared_secret_elt( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
574 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
575 client: SatXMPPEntity, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
576 sender: jid.JID, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
577 shared_secret_elt: domish.Element |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
578 ) -> None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
579 """Parse a <shared-secret> element and update local secrets |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
580 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
581 @param sender: bare jid of the entity who has signed the secret |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
582 @param shared_secret_elt: <shared-secret/> element |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
583 """ |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
584 try: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
585 service = jid.JID(shared_secret_elt["jid"]) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
586 node = shared_secret_elt["node"] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
587 secret_id = shared_secret_elt["id"] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
588 timestamp = utils.parse_xmpp_date(shared_secret_elt["timestamp"]) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
589 # TODO: handle "type" attribute |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
590 revoked = C.bool(shared_secret_elt.getAttribute("revoked", C.BOOL_FALSE)) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
591 except (KeyError, RuntimeError, ValueError) as e: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
592 log.warning( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
593 f"ignoring invalid <shared-secret> element: " |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
594 f"{e}\n{shared_secret_elt.toXml()}" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
595 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
596 return |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
597 key = str(shared_secret_elt) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
598 if not key: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
599 log.warning( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
600 "ignoring <shared-secret> element with empty key: " |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
601 f"{shared_secret_elt.toXml()}" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
602 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
603 return |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
604 shared_secret = SharedSecret( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
605 id=secret_id, key=key, timestamp=timestamp, origin=sender, revoked=revoked |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
606 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
607 node_uri = uri.buildXMPPUri("pubsub", path=service.full(), node=node) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
608 shared_secrets = await self.load_secrets(client, node_uri) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
609 if shared_secrets is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
610 shared_secrets = {} |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
611 # no known shared secret yet for this node, we have to trust first user who |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
612 # send it |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
613 else: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
614 if any(s.origin != sender for s in shared_secrets.values()): |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
615 log.warning( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
616 f"Rejecting shared secret signed by invalid entity ({sender}):\n" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
617 f"{shared_secret_elt.toXml}" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
618 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
619 return |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
620 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
621 shared_secrets[shared_secret.id] = shared_secret |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
622 await self.store_secrets(client, node_uri, shared_secrets) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
623 log.info( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
624 f"shared secret {shared_secret.id} added for {node_uri} [{client.profile}]" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
625 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
626 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
627 async def _publish_trigger( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
628 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
629 client: SatXMPPEntity, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
630 service: jid.JID, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
631 node: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
632 items: Optional[List[domish.Element]], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
633 options: Optional[dict], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
634 sender: jid.JID, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
635 extra: Dict[str, Any] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
636 ) -> bool: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
637 if not items or not extra.get("encrypted"): |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
638 return True |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
639 node_uri = uri.buildXMPPUri("pubsub", path=service.full(), node=node) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
640 shared_secrets = await self.load_secrets(client, node_uri) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
641 if shared_secrets is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
642 shared_secrets = {} |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
643 shared_secret = None |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
644 else: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
645 current_secrets = [s for s in shared_secrets.values() if not s.revoked] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
646 if not current_secrets: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
647 shared_secret = None |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
648 elif len(current_secrets) > 1: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
649 log.warning( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
650 f"more than one active shared secret found for node {node!r} at " |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
651 f"{service}, using the most recent one" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
652 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
653 current_secrets.sort(key=lambda s: s.timestamp, reverse=True) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
654 shared_secret = current_secrets[0] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
655 else: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
656 shared_secret = current_secrets[0] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
657 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
658 if shared_secret is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
659 if any(s.origin != client.jid.userhostJID() for s in shared_secrets.values()): |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
660 raise exceptions.PermissionError( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
661 "there is no known active shared secret, and you are not the " |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
662 "creator of previous shared secrets, we can't encrypt items at " |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
663 f"{node_uri} ." |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
664 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
665 shared_secret = self.generate_secret(client) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
666 shared_secrets[shared_secret.id] = shared_secret |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
667 await self.store_secrets(client, node_uri, shared_secrets) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
668 # TODO: notify other entities |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
669 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
670 for item in items: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
671 item_elts = list(item.elements()) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
672 if len(item_elts) != 1: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
673 raise ValueError( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
674 f"there should be exactly one item payload: {item.toXml()}" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
675 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
676 item_payload = item_elts[0] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
677 log.debug(f"encrypting item {item.getAttribute('id', '')}") |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
678 encrypted_item = self.gpg_provider.encrypt_symmetrically( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
679 item_payload.toXml().encode(), shared_secret.key |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
680 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
681 item.children.clear() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
682 encrypted_elt = domish.Element((NS_OXPS, "encrypted")) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
683 encrypted_elt["key"] = shared_secret.id |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
684 encrypted_elt.addContent(base64.b64encode(encrypted_item).decode()) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
685 item.addChild(encrypted_elt) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
686 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
687 return True |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
688 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
689 async def _items_trigger( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
690 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
691 client: SatXMPPEntity, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
692 service: Optional[jid.JID], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
693 node: str, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
694 items: List[domish.Element], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
695 rsm_response: rsm.RSMResponse, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
696 extra: Dict[str, Any], |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
697 ) -> None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
698 if not extra.get(C.KEY_DECRYPT, True): |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
699 return |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
700 if service is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
701 service = client.jid.userhostJID() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
702 shared_secrets = None |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
703 for item in items: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
704 payload = item.firstChildElement() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
705 if (payload is not None |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
706 and payload.name == "encrypted" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
707 and payload.uri == NS_OXPS): |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
708 encrypted_elt = payload |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
709 secret_id = encrypted_elt.getAttribute("key") |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
710 if not secret_id: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
711 log.warning( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
712 f'"key" attribute is missing from encrypted item: {item.toXml()}' |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
713 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
714 continue |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
715 if shared_secrets is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
716 node_uri = uri.buildXMPPUri("pubsub", path=service.full(), node=node) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
717 shared_secrets = await self.load_secrets(client, node_uri) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
718 if shared_secrets is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
719 log.warning( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
720 f"No known shared secret for {node_uri}, can't decrypt" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
721 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
722 return |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
723 try: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
724 shared_secret = shared_secrets[secret_id] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
725 except KeyError: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
726 log.warning( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
727 f"No key known for encrypted item {item['id']!r} (shared secret " |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
728 f"id: {secret_id!r})" |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
729 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
730 continue |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
731 log.debug(f"decrypting item {item.getAttribute('id', '')}") |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
732 decrypted = self.gpg_provider.decrypt_symmetrically( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
733 base64.b64decode(str(encrypted_elt)), |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
734 shared_secret.key |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
735 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
736 decrypted_elt = xml_tools.parse(decrypted) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
737 item.children.clear() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
738 item.addChild(decrypted_elt) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
739 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
740 async def _message_received_trigger( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
741 self, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
742 client: SatXMPPEntity, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
743 message_elt: domish.Element, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
744 post_treat: defer.Deferred |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
745 ) -> bool: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
746 sender = jid.JID(message_elt["from"]).userhostJID() |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
747 # there may be an openpgp element if OXIM is not activate, in this case we have to |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
748 # decrypt it here |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
749 openpgp_elt = next(message_elt.elements(NS_OX, "openpgp"), None) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
750 if openpgp_elt is not None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
751 try: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
752 payload_elt, __ = await self._ox.unpack_openpgp_element( |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
753 client, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
754 openpgp_elt, |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
755 "signcrypt", |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
756 sender |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
757 ) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
758 except Exception as e: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
759 log.warning(f"Can't decrypt element: {e}\n{message_elt.toXml()}") |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
760 return False |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
761 message_elt.children.remove(openpgp_elt) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
762 for c in payload_elt.children: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
763 message_elt.addChild(c) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
764 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
765 shared_secret_elt = next(message_elt.elements(NS_OXPS, "shared-secret"), None) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
766 if shared_secret_elt is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
767 # no <shared-secret>, we check if there is a <revoke> element |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
768 revoke_elt = next(message_elt.elements(NS_OXPS, "revoke"), None) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
769 if revoke_elt is None: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
770 return True |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
771 else: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
772 await self.handle_revoke_elt(client, sender, revoke_elt) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
773 else: |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
774 await self.handle_shared_secret_elt(client, sender, shared_secret_elt) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
775 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
776 return False |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
777 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
778 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
779 @implementer(iwokkel.IDisco) |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
780 class PubsubEncryption_Handler(xmlstream.XMPPHandler): |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
781 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
782 def getDiscoInfo(self, requestor, service, nodeIdentifier=""): |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
783 return [disco.DiscoFeature(NS_OXPS)] |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
784 |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
785 def getDiscoItems(self, requestor, service, nodeIdentifier=""): |
e345d93fb6e5
plugin OXPS: OpenPGP for XMPP Pubsub implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
786 return [] |