Mercurial > libervia-backend
annotate libervia/backend/core/patches.py @ 4306:94e0968987cd
plugin XEP-0033: code modernisation, improve delivery, data validation:
- Code has been rewritten using Pydantic models and `async` coroutines for data validation
and cleaner element parsing/generation.
- Delivery has been completely rewritten. It now works even if server doesn't support
multicast, and send to local multicast service first. Delivering to local multicast
service first is due to bad support of XEP-0033 in server (notably Prosody which has an
incomplete implementation), and the current impossibility to detect if a sub-domain
service handles fully multicast or only for local domains. This is a workaround to have
a good balance between backward compatilibity and use of bandwith, and to make it work
with the incoming email gateway implementation (the gateway will only deliver to
entities of its own domain).
- disco feature checking now uses `async` corountines. `host` implementation still use
Deferred return values for compatibility with legacy code.
rel 450
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Thu, 26 Sep 2024 16:12:01 +0200 |
| parents | c14e904eee13 |
| children |
| rev | line source |
|---|---|
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
1 import base64 |
|
2809
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
2 import copy |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
3 import secrets |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
4 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
5 from cryptography.hazmat.backends import default_backend |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
6 from cryptography.hazmat.primitives import hashes, hmac |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
7 from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
8 from twisted.words.protocols.jabber import ( |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
9 client as tclient, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
10 jid, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
11 sasl, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
12 sasl_mechanisms, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
13 xmlstream, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
14 ) |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 from wokkel import client |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
16 from zope.interface import implementer |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
17 |
|
4071
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
18 from libervia.backend.core.constants import Const as C |
|
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
19 from libervia.backend.core.log import getLogger |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
21 log = getLogger(__name__) |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
22 |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
23 """This module applies monkey patches to Twisted and Wokkel |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
24 First part handle certificate validation during XMPP connectionand are temporary |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
25 (until merged upstream). |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
26 Second part add a trigger point to send and onElement method of XmlStream |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
27 """ |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
28 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
29 |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
30 # SCRAM-SHA implementation |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
31 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
32 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
33 @implementer(sasl_mechanisms.ISASLMechanism) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
34 class ScramSha: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
35 """Implements the SCRAM-SHA SASL authentication mechanism. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
36 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
37 This mechanism is defined in RFC 5802. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
38 """ |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
39 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
40 ALLOWED_ALGORITHMS = ("SHA-1", "SHA-256", "SHA-512") |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
41 backend = default_backend() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
42 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
43 def __init__(self, username: str, password: str, algorithm: str) -> None: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
44 """Initialize SCRAM-SHA mechanism with user credentials. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
45 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
46 @param username: The user's username. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
47 @param password: The user's password. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
48 """ |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
49 if algorithm not in self.ALLOWED_ALGORITHMS: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
50 raise ValueError(f"Invalid algorithm: {algorithm!r}") |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
51 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
52 self.username = username |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
53 self.password = password |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
54 self.algorithm = getattr(hashes, algorithm.replace("-", "", 1))() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
55 self.name = f"SCRAM-{algorithm}" |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
56 self.client_nonce = base64.b64encode(secrets.token_bytes(24)).decode() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
57 self.server_nonce = None |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
58 self.salted_password = None |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
59 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
60 def digest(self, data: bytes) -> bytes: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
61 hasher = hashes.Hash(self.algorithm) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
62 hasher.update(data) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
63 return hasher.finalize() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
64 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
65 def _hmac(self, key: bytes, msg: bytes) -> bytes: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
66 """Compute HMAC-SHA""" |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
67 h = hmac.HMAC(key, self.algorithm, backend=self.backend) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
68 h.update(msg) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
69 return h.finalize() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
70 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
71 def _hi(self, password: str, salt: bytes, iterations: int) -> bytes: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
72 kdf = PBKDF2HMAC( |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
73 algorithm=self.algorithm, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
74 length=self.algorithm.digest_size, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
75 salt=salt, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
76 iterations=iterations, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
77 backend=default_backend(), |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
78 ) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
79 return kdf.derive(password.encode()) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
80 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
81 def getInitialResponse(self) -> bytes: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
82 """Builds the initial client response message.""" |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
83 return f"n,,n={self.username},r={self.client_nonce}".encode() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
84 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
85 def getResponse(self, challenge: bytes) -> bytes: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
86 """SCRAM-SHA authentication final step. Building proof of having the password. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
87 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
88 @param challenge: Challenge string from the server. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
89 @return: Client proof. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
90 """ |
|
4256
c14e904eee13
core: fix SCRAM challenge parsing.
Goffi <goffi@goffi.org>
parents:
4237
diff
changeset
|
91 challenge_parts = dict( |
|
c14e904eee13
core: fix SCRAM challenge parsing.
Goffi <goffi@goffi.org>
parents:
4237
diff
changeset
|
92 item.split("=", 1) for item in challenge.decode().split(",") |
|
c14e904eee13
core: fix SCRAM challenge parsing.
Goffi <goffi@goffi.org>
parents:
4237
diff
changeset
|
93 ) |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
94 self.server_nonce = challenge_parts["r"] |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
95 salt = base64.b64decode(challenge_parts["s"]) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
96 iterations = int(challenge_parts["i"]) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
97 self.salted_password = self._hi(self.password, salt, iterations) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
98 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
99 client_key = self._hmac(self.salted_password, b"Client Key") |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
100 stored_key = self.digest(client_key) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
101 auth_message = ( |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
102 f"n={self.username},r={self.client_nonce},{challenge.decode()},c=biws," |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
103 f"r={self.server_nonce}" |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
104 ).encode() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
105 client_signature = self._hmac(stored_key, auth_message) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
106 client_proof = bytes(a ^ b for a, b in zip(client_key, client_signature)) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
107 client_final_message = ( |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
108 f"c=biws,r={self.server_nonce},p={base64.b64encode(client_proof).decode()}" |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
109 ) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
110 return client_final_message.encode() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
111 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
112 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
113 class SASLInitiatingInitializer(sasl.SASLInitiatingInitializer): |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
114 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
115 def setMechanism(self): |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
116 """ |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
117 Select and setup authentication mechanism. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
118 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
119 Uses the authenticator's C{jid} and C{password} attribute for the |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
120 authentication credentials. If no supported SASL mechanisms are |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
121 advertized by the receiving party, a failing deferred is returned with |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
122 a L{SASLNoAcceptableMechanism} exception. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
123 """ |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
124 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
125 jid = self.xmlstream.authenticator.jid |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
126 password = self.xmlstream.authenticator.password |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
127 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
128 mechanisms = sasl.get_mechanisms(self.xmlstream) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
129 if jid.user is not None: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
130 if "SCRAM-SHA-512" in mechanisms: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
131 self.mechanism = ScramSha(jid.user, password, algorithm="SHA-512") |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
132 elif "SCRAM-SHA-256" in mechanisms: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
133 self.mechanism = ScramSha(jid.user, password, algorithm="SHA-256") |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
134 elif "SCRAM-SHA-1" in mechanisms: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
135 self.mechanism = ScramSha(jid.user, password, algorithm="SHA-1") |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
136 # FIXME: PLAIN should probably be disabled. |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
137 elif "PLAIN" in mechanisms: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
138 self.mechanism = sasl_mechanisms.Plain(None, jid.user, password) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
139 else: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
140 raise sasl.SASLNoAcceptableMechanism() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
141 else: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
142 if "ANONYMOUS" in mechanisms: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
143 self.mechanism = sasl_mechanisms.Anonymous() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
144 else: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
145 raise sasl.SASLNoAcceptableMechanism() |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
146 |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
147 |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
148 ## certificate validation patches |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
149 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
150 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
151 class XMPPClient(client.XMPPClient): |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
152 |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
153 def __init__( |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
154 self, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
155 jid, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
156 password, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
157 host=None, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
158 port=5222, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
159 tls_required=True, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
160 configurationForTLS=None, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
161 ): |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
162 self.jid = jid |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
163 self.domain = jid.host.encode("idna") |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
164 self.host = host |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
165 self.port = port |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
166 |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
167 factory = HybridClientFactory( |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
168 jid, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
169 password, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
170 tls_required=tls_required, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
171 configurationForTLS=configurationForTLS, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
172 ) |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
173 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
174 client.StreamManager.__init__(self, factory) |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
175 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
176 |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
177 def HybridClientFactory(jid, password, tls_required=True, configurationForTLS=None): |
|
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
178 a = HybridAuthenticator(jid, password, tls_required, configurationForTLS) |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
179 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
180 return xmlstream.XmlStreamFactory(a) |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
181 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
182 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
183 class HybridAuthenticator(client.HybridAuthenticator): |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
184 res_binding = True |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
185 |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
186 def __init__(self, jid, password, tls_required=True, configurationForTLS=None): |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
187 xmlstream.ConnectAuthenticator.__init__(self, jid.host) |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
188 self.jid = jid |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
189 self.password = password |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
190 self.tls_required = tls_required |
|
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
191 self.configurationForTLS = configurationForTLS |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
192 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
193 def associateWithStream(self, xs): |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
194 xmlstream.ConnectAuthenticator.associateWithStream(self, xs) |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
195 |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
196 tlsInit = xmlstream.TLSInitiatingInitializer( |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
197 xs, required=self.tls_required, configurationForTLS=self.configurationForTLS |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
198 ) |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
199 xs.initializers = [ |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
200 client.client.CheckVersionInitializer(xs), |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
201 tlsInit, |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
202 CheckAuthInitializer(xs, self.res_binding), |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
203 ] |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
204 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
205 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
206 # XmlStream triggers |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
207 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
208 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
209 class XmlStream(xmlstream.XmlStream): |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
210 """XmlStream which allows to add hooks""" |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
211 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
212 def __init__(self, authenticator): |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
213 xmlstream.XmlStream.__init__(self, authenticator) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
214 # hooks at this level should not modify content |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
215 # so it's not needed to handle priority as with triggers |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
216 self._onElementHooks = [] |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
217 self._sendHooks = [] |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
218 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3044
diff
changeset
|
219 def add_hook(self, hook_type, callback): |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
220 """Add a send or receive hook""" |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
221 conflict_msg = f"Hook conflict: can't add {hook_type} hook {callback}" |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
222 if hook_type == C.STREAM_HOOK_RECEIVE: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
223 if callback not in self._onElementHooks: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
224 self._onElementHooks.append(callback) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
225 else: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
226 log.warning(conflict_msg) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
227 elif hook_type == C.STREAM_HOOK_SEND: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
228 if callback not in self._sendHooks: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
229 self._sendHooks.append(callback) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
230 else: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
231 log.warning(conflict_msg) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
232 else: |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
233 raise ValueError(f"Invalid hook type: {hook_type}") |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
234 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
235 def onElement(self, element): |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
236 for hook in self._onElementHooks: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
237 hook(element) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
238 xmlstream.XmlStream.onElement(self, element) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
239 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
240 def send(self, obj): |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
241 for hook in self._sendHooks: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
242 hook(obj) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
243 xmlstream.XmlStream.send(self, obj) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
244 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
245 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
246 # Binding activation (needed for stream management, XEP-0198) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
247 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
248 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
249 class CheckAuthInitializer(client.CheckAuthInitializer): |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
250 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
251 def __init__(self, xs, res_binding): |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
252 super(CheckAuthInitializer, self).__init__(xs) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
253 self.res_binding = res_binding |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
254 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
255 def initialize(self): |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
256 # XXX: modification of client.CheckAuthInitializer which has optional |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
257 # resource binding, and which doesn't do deprecated |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
258 # SessionInitializer |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
259 if (sasl.NS_XMPP_SASL, "mechanisms") in self.xmlstream.features: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
260 inits = [(SASLInitiatingInitializer, True)] |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
261 if self.res_binding: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
262 inits.append((tclient.BindInitializer, True)), |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
263 |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
264 for initClass, required in inits: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
265 init = initClass(self.xmlstream) |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
266 init.required = required |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
267 self.xmlstream.initializers.append(init) |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
268 elif (tclient.NS_IQ_AUTH_FEATURE, "auth") in self.xmlstream.features: |
|
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
269 self.xmlstream.initializers.append(tclient.IQAuthInitializer(self.xmlstream)) |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
270 else: |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
271 raise Exception("No available authentication method found") |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
272 |
|
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
273 |
|
2809
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
274 # jid fix |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
275 |
|
4237
a1e7e82a8921
core: implement SCRAM-SHA auth algorithm:
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
276 |
|
2809
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
277 def internJID(jidstring): |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
278 """ |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
279 Return interned JID. |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
280 |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
281 @rtype: L{JID} |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
282 """ |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
283 # XXX: this interJID return a copy of the cached jid |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
284 # this avoid modification of cached jid as JID is mutable |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
285 # TODO: propose this upstream |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
286 |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
287 if jidstring in jid.__internJIDs: |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
288 return copy.copy(jid.__internJIDs[jidstring]) |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
289 else: |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
290 j = jid.JID(jidstring) |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
291 jid.__internJIDs[jidstring] = j |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
292 return copy.copy(j) |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
293 |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
294 |
|
2687
e9cd473a2f46
core (xmpp): server certificate validation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
295 def apply(): |
|
3044
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
296 # certificate validation |
|
691283719bb2
core (patches): updated TLS patches:
Goffi <goffi@goffi.org>
parents:
3028
diff
changeset
|
297 client.XMPPClient = XMPPClient |
|
2691
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
298 # XmlStream triggers |
|
1ecceac3df96
plugin XEP-0198: Stream Management implementation:
Goffi <goffi@goffi.org>
parents:
2687
diff
changeset
|
299 xmlstream.XmlStreamFactory.protocol = XmlStream |
|
2809
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
300 # jid fix |
|
00d905e1b0ef
core (patches): partially fixed jid caching:
Goffi <goffi@goffi.org>
parents:
2691
diff
changeset
|
301 jid.internJID = internJID |