libervia-backend: sat/tools/web.py annotate

annotate sat/tools/web.py @ 3237:b0c57c9a4bd8

plugin XEP-0384: OMEMO trust policy: OMEMO trust policy can now be specified. For now there are 2 policies: - `manual`: each new device fingerprint must be explicitly trusted or not before the device can be used, and the message sent - `BTBV` (Blind Trust Before Verification): each new device fingerprint is automically trusted, until user manually trust or not a device, in which case the behaviour becomes the same as for `manual` for the entity. When using the Trust UI, user can put the entity back to blind trust if they wish. A message is send as feedback to user when a new device is/must be trusted, trying to explain clearly what's happening to the user. Devices which have been automically trusted are marked, so user can know which ones may cause security issue.

author	Goffi <goffi@goffi.org>
date	Fri, 27 Mar 2020 10:02:14 +0100
parents	2c0628f3927e
children	be6d91572633

rev	line source
3089 e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	1 #!/usr/bin/env python3
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	2
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	3 # SàT: an XMPP client
3136 9d0df638c8b4 dates update Goffi <goffi@goffi.org> parents: 3089 diff changeset	4 # Copyright (C) 2009-2020 Jérôme Poisson (goffi@goffi.org)
3089 e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	5
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	6 # This program is free software: you can redistribute it and/or modify
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	7 # it under the terms of the GNU Affero General Public License as published by
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	8 # the Free Software Foundation, either version 3 of the License, or
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	9 # (at your option) any later version.
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	10
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	11 # This program is distributed in the hope that it will be useful,
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	14 # GNU Affero General Public License for more details.
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	15
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	16 # You should have received a copy of the GNU Affero General Public License
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	18
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	19 from OpenSSL import SSL
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	20 from zope.interface import implementer
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	21 from treq.client import HTTPClient
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	22 from twisted.internet.interfaces import IOpenSSLClientConnectionCreator
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	23 from twisted.internet import reactor, ssl
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	24 from twisted.web import iweb
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	25 from twisted.web import client as http_client
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	26 from sat.core.log import getLogger
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	27
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	28
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	29 log = getLogger(__name__)
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	30
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	31
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	32 SSLError = SSL.Error
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	33
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	34
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	35 @implementer(IOpenSSLClientConnectionCreator)
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	36 class NoCheckConnectionCreator(object):
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	37 def __init__(self, hostname, ctx):
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	38 self._ctx = ctx
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	39
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	40 def clientConnectionForTLS(self, tlsProtocol):
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	41 context = self._ctx
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	42 connection = SSL.Connection(context, None)
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	43 connection.set_app_data(tlsProtocol)
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	44 return connection
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	45
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	46
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	47 @implementer(iweb.IPolicyForHTTPS)
3205 2c0628f3927e plugin download, aesgcm: disable TLS check if `check_certificate` setting is disabled Goffi <goffi@goffi.org> parents: 3136 diff changeset	48 class NoCheckContextFactory:
3089 e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	49 """Context factory which doesn't do TLS certificate check
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	50
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	51 /!\\ it's obvisously a security flaw to use this class,
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	52 and it should be used only with explicit agreement from the end used
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	53 """
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	54
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	55 def creatorForNetloc(self, hostname, port):
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	56 log.warning(
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	57 "TLS check disabled for {host} on port {port}".format(
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	58 host=hostname, port=port
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	59 )
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	60 )
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	61 certificateOptions = ssl.CertificateOptions(trustRoot=None)
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	62 return NoCheckConnectionCreator(hostname, certificateOptions.getContext())
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	63
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	64
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	65 #: following treq doesn't check TLS, obviously it is unsecure and should not be used
e75024e41f81 plugin upload, XEP-0363: code modernisation + preparation for extension: Goffi <goffi@goffi.org> parents: diff changeset	66 #: without explicit warning
3205 2c0628f3927e plugin download, aesgcm: disable TLS check if `check_certificate` setting is disabled Goffi <goffi@goffi.org> parents: 3136 diff changeset	67 treq_client_no_ssl = HTTPClient(http_client.Agent(reactor, NoCheckContextFactory()))

Mercurial > libervia-backend

annotate sat/tools/web.py @ 3237:b0c57c9a4bd8