Mercurial > libervia-backend
annotate libervia/backend/plugins/plugin_sec_pubsub_signing.py @ 4306:94e0968987cd
plugin XEP-0033: code modernisation, improve delivery, data validation:
- Code has been rewritten using Pydantic models and `async` coroutines for data validation
and cleaner element parsing/generation.
- Delivery has been completely rewritten. It now works even if server doesn't support
multicast, and send to local multicast service first. Delivering to local multicast
service first is due to bad support of XEP-0033 in server (notably Prosody which has an
incomplete implementation), and the current impossibility to detect if a sub-domain
service handles fully multicast or only for local domains. This is a workaround to have
a good balance between backward compatilibity and use of bandwith, and to make it work
with the incoming email gateway implementation (the gateway will only deliver to
entities of its own domain).
- disco feature checking now uses `async` corountines. `host` implementation still use
Deferred return values for compatibility with legacy code.
rel 450
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Thu, 26 Sep 2024 16:12:01 +0200 |
| parents | 0d7bb4df2343 |
| children |
| rev | line source |
|---|---|
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
1 #!/usr/bin/env python3 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
2 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
3 # Libervia plugin for Pubsub Items Signature |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
4 # Copyright (C) 2009-2022 Jérôme Poisson (goffi@goffi.org) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
5 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
6 # This program is free software: you can redistribute it and/or modify |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
7 # it under the terms of the GNU Affero General Public License as published by |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
8 # the Free Software Foundation, either version 3 of the License, or |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
9 # (at your option) any later version. |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
10 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
11 # This program is distributed in the hope that it will be useful, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
14 # GNU Affero General Public License for more details. |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
16 # You should have received a copy of the GNU Affero General Public License |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
18 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
19 import base64 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 import time |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
21 from typing import Any, Dict, List, Optional |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
22 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
23 from lxml import etree |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
24 import shortuuid |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
25 from twisted.internet import defer |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
26 from twisted.words.protocols.jabber import jid, xmlstream |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
27 from twisted.words.xish import domish |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
28 from wokkel import disco, iwokkel |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
29 from wokkel import pubsub |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
30 from zope.interface import implementer |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
31 |
|
4071
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
32 from libervia.backend.core import exceptions |
|
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
33 from libervia.backend.core.constants import Const as C |
|
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
34 from libervia.backend.core.core_types import SatXMPPEntity |
|
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
35 from libervia.backend.core.i18n import _ |
|
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
36 from libervia.backend.core.log import getLogger |
|
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
37 from libervia.backend.tools import utils |
|
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
38 from libervia.backend.tools.common import data_format |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
39 |
|
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
40 from .plugin_xep_0373 import VerificationFailed |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
41 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
42 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
43 log = getLogger(__name__) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
44 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
45 IMPORT_NAME = "pubsub-signing" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
46 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
47 PLUGIN_INFO = { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
48 C.PI_NAME: "Pubsub Signing", |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
49 C.PI_IMPORT_NAME: IMPORT_NAME, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
50 C.PI_TYPE: C.PLUG_TYPE_XEP, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
51 C.PI_MODES: C.PLUG_MODE_BOTH, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
52 C.PI_PROTOCOLS: [], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
53 C.PI_DEPENDENCIES: ["XEP-0060", "XEP-0373", "XEP-0470"], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
54 C.PI_MAIN: "PubsubSigning", |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
55 C.PI_HANDLER: "yes", |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
56 C.PI_DESCRIPTION: _( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
57 """Pubsub Signature can be used to strongly authenticate a pubsub item""" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
58 ), |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
59 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
60 NS_PUBSUB_SIGNING = "urn:xmpp:pubsub-signing:0" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
61 NS_PUBSUB_SIGNING_OPENPGP = "urn:xmpp:pubsub-signing:openpgp:0" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
62 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
63 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
64 class PubsubSigning: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
65 namespace = NS_PUBSUB_SIGNING |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
66 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
67 def __init__(self, host): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
68 log.info(_("Pubsub Signing plugin initialization")) |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3963
diff
changeset
|
69 host.register_namespace("pubsub-signing", NS_PUBSUB_SIGNING) |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
70 self.host = host |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
71 self._p = host.plugins["XEP-0060"] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
72 self._ox = host.plugins["XEP-0373"] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
73 self._a = host.plugins["XEP-0470"] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
74 self._a.register_attachment_handler( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
75 "signature", NS_PUBSUB_SIGNING, self.signature_get, self.signature_set |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
76 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
77 host.trigger.add("XEP-0060_publish", self._publish_trigger) |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3963
diff
changeset
|
78 host.bridge.add_method( |
|
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3963
diff
changeset
|
79 "ps_signature_check", |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
80 ".plugin", |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
81 in_sign="sssss", |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
82 out_sign="s", |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
83 method=self._check, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
84 async_=True, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
85 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
86 |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3963
diff
changeset
|
87 def get_handler(self, client): |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
88 return PubsubSigning_Handler() |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
89 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
90 def get_data_to_sign( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
91 self, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
92 item_elt: domish.Element, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
93 to_jid: jid.JID, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
94 timestamp: float, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
95 signer: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
96 ) -> bytes: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
97 """Generate the wrapper element, normalize, serialize and return it""" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
98 # we remove values which must not be in the serialised data |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
99 item_id = item_elt.attributes.pop("id") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
100 item_publisher = item_elt.attributes.pop("publisher", None) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
101 item_parent = item_elt.parent |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
102 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
103 # we need to be sure that item element namespace is right |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
104 item_elt.uri = item_elt.defaultUri = pubsub.NS_PUBSUB |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
105 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
106 sign_data_elt = domish.Element((NS_PUBSUB_SIGNING, "sign-data")) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
107 to_elt = sign_data_elt.addElement("to") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
108 to_elt["jid"] = to_jid.userhost() |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
109 time_elt = sign_data_elt.addElement("time") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
110 time_elt["stamp"] = utils.xmpp_date(timestamp) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
111 sign_data_elt.addElement("signer", content=signer) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
112 sign_data_elt.addChild(item_elt) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
113 # FIXME: xml_tools.domish_elt_2_et_elt must be used once implementation is |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
114 # complete. For now serialisation/deserialisation is more secure. |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
115 # et_sign_data_elt = xml_tools.domish_elt_2_et_elt(sign_data_elt, True) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
116 et_sign_data_elt = etree.fromstring(sign_data_elt.toXml()) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
117 to_sign = etree.tostring( |
|
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
118 et_sign_data_elt, method="c14n2", with_comments=False, strip_text=True |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
119 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
120 # the data to sign is serialised, we cna restore original values |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
121 item_elt["id"] = item_id |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
122 if item_publisher is not None: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
123 item_elt["publisher"] = item_publisher |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
124 item_elt.parent = item_parent |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
125 return to_sign |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
126 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
127 def _check( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
128 self, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
129 service: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
130 node: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
131 item_id: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
132 signature_data_s: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
133 profile_key: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
134 ) -> defer.Deferred: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
135 d = defer.ensureDeferred( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
136 self.check( |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3963
diff
changeset
|
137 self.host.get_client(profile_key), |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
138 jid.JID(service), |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
139 node, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
140 item_id, |
|
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
141 data_format.deserialise(signature_data_s), |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
142 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
143 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
144 d.addCallback(data_format.serialise) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
145 return d |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
146 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
147 async def check( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
148 self, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
149 client: SatXMPPEntity, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
150 service: jid.JID, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
151 node: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
152 item_id: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
153 signature_data: Dict[str, Any], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
154 ) -> Dict[str, Any]: |
|
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
155 items, __ = await self._p.get_items(client, service, node, item_ids=[item_id]) |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
156 if not items != 1: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
157 raise exceptions.NotFound( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
158 f"target item not found for {item_id!r} at {node!r} for {service}" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
159 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
160 item_elt = items[0] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
161 timestamp = signature_data["timestamp"] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
162 signers = signature_data["signers"] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
163 if not signers: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
164 raise ValueError("we must have at least one signer to check the signature") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
165 if len(signers) > 1: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
166 raise NotImplemented("multiple signers are not supported yet") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
167 signer = jid.JID(signers[0]) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
168 signature = base64.b64decode(signature_data["signature"]) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
169 verification_keys = { |
|
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
170 k |
|
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
171 for k in await self._ox.import_all_public_keys(client, signer) |
|
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
172 if client.gpg_provider.can_sign(k) |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
173 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
174 signed_data = self.get_data_to_sign(item_elt, service, timestamp, signer.full()) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
175 try: |
|
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
176 client.gpg_provider.verify_detached(signed_data, signature, verification_keys) |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
177 except VerificationFailed: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
178 validated = False |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
179 else: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
180 validated = True |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
181 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
182 trusts = { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
183 k.fingerprint: (await self._ox.get_trust(client, k, signer)).value.lower() |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
184 for k in verification_keys |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
185 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
186 return { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
187 "signer": signer.full(), |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
188 "validated": validated, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
189 "trusts": trusts, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
190 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
191 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
192 def signature_get( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
193 self, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
194 client: SatXMPPEntity, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
195 attachments_elt: domish.Element, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
196 data: Dict[str, Any], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
197 ) -> None: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
198 try: |
|
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
199 signature_elt = next(attachments_elt.elements(NS_PUBSUB_SIGNING, "signature")) |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
200 except StopIteration: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
201 pass |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
202 else: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
203 time_elts = list(signature_elt.elements(NS_PUBSUB_SIGNING, "time")) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
204 if len(time_elts) != 1: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
205 raise exceptions.DataError("only a single <time/> element is allowed") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
206 try: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
207 timestamp = utils.parse_xmpp_date(time_elts[0]["stamp"]) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
208 except (KeyError, exceptions.ParsingError): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
209 raise exceptions.DataError( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
210 "invalid time element: {signature_elt.toXml()}" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
211 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
212 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
213 signature_data: Dict[str, Any] = { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
214 "timestamp": timestamp, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
215 "signers": [ |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
216 str(s) for s in signature_elt.elements(NS_PUBSUB_SIGNING, "signer") |
|
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
217 ], |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
218 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
219 # FIXME: only OpenPGP signature is available for now, to be updated if and |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
220 # when more algorithms are available. |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
221 sign_elt = next( |
|
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
222 signature_elt.elements(NS_PUBSUB_SIGNING_OPENPGP, "sign"), None |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
223 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
224 if sign_elt is None: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
225 log.warning( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
226 "no known signature profile element found, ignoring signature: " |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
227 f"{signature_elt.toXml()}" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
228 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
229 return |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
230 else: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
231 signature_data["signature"] = str(sign_elt) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
232 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
233 data["signature"] = signature_data |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
234 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
235 async def signature_set( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
236 self, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
237 client: SatXMPPEntity, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
238 attachments_data: Dict[str, Any], |
|
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
239 former_elt: Optional[domish.Element], |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
240 ) -> Optional[domish.Element]: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
241 signature_data = attachments_data["extra"].get("signature") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
242 if signature_data is None: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
243 return former_elt |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
244 elif signature_data: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
245 item_elt = signature_data.get("item_elt") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
246 service = jid.JID(attachments_data["service"]) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
247 if item_elt is None: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
248 node = attachments_data["node"] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
249 item_id = attachments_data["id"] |
|
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3963
diff
changeset
|
250 items, __ = await self._p.get_items( |
|
3963
d105ead599b6
plugin pubsub signature: fix attachment setting + default signer:
Goffi <goffi@goffi.org>
parents:
3961
diff
changeset
|
251 client, service, node, item_ids=[item_id] |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
252 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
253 if not items != 1: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
254 raise exceptions.NotFound( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
255 f"target item not found for {item_id!r} at {node!r} for {service}" |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
256 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
257 item_elt = items[0] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
258 |
|
3963
d105ead599b6
plugin pubsub signature: fix attachment setting + default signer:
Goffi <goffi@goffi.org>
parents:
3961
diff
changeset
|
259 signer = signature_data.get("signer") or client.jid.userhost() |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
260 timestamp = time.time() |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
261 timestamp_xmpp = utils.xmpp_date(timestamp) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
262 to_sign = self.get_data_to_sign(item_elt, service, timestamp, signer) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
263 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
264 signature_elt = domish.Element( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
265 (NS_PUBSUB_SIGNING, "signature"), |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
266 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
267 time_elt = signature_elt.addElement("time") |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
268 time_elt["stamp"] = timestamp_xmpp |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
269 signature_elt.addElement("signer", content=signer) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
270 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
271 sign_elt = signature_elt.addElement((NS_PUBSUB_SIGNING_OPENPGP, "sign")) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
272 signing_keys = { |
|
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
273 k |
|
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
274 for k in self._ox.list_secret_keys(client) |
|
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
275 if client.gpg_provider.can_sign(k.public_key) |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
276 } |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
277 # the base64 encoded signature itself |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
278 sign_elt.addContent( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
279 base64.b64encode( |
|
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
280 client.gpg_provider.sign_detached(to_sign, signing_keys) |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
281 ).decode() |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
282 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
283 return signature_elt |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
284 else: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
285 return None |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
286 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
287 async def _publish_trigger( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
288 self, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
289 client: SatXMPPEntity, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
290 service: jid.JID, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
291 node: str, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
292 items: Optional[List[domish.Element]], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
293 options: Optional[dict], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
294 sender: jid.JID, |
|
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
295 extra: Dict[str, Any], |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
296 ) -> bool: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
297 if not items or not extra.get("signed"): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
298 return True |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
299 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
300 for item_elt in items: |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
301 # we need an ID to find corresponding attachment node, and so to sign an item |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
302 if not item_elt.hasAttribute("id"): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
303 item_elt["id"] = shortuuid.uuid() |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
304 await self._a.set_attachements( |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
305 client, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
306 { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
307 "service": service.full(), |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
308 "node": node, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
309 "id": item_elt["id"], |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
310 "extra": { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
311 "signature": { |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
312 "item_elt": item_elt, |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
313 "signer": sender.userhost(), |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
314 } |
|
4270
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
315 }, |
|
0d7bb4df2343
Reformatted code base using black.
Goffi <goffi@goffi.org>
parents:
4071
diff
changeset
|
316 }, |
|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
317 ) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
318 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
319 return True |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
320 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
321 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
322 @implementer(iwokkel.IDisco) |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
323 class PubsubSigning_Handler(xmlstream.XMPPHandler): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
324 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
325 def getDiscoInfo(self, requestor, service, nodeIdentifier=""): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
326 return [disco.DiscoFeature(NS_PUBSUB_SIGNING)] |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
327 |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
328 def getDiscoItems(self, requestor, service, nodeIdentifier=""): |
|
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
329 return [] |