annotate libervia/backend/plugins/plugin_sec_pubsub_signing.py @ 4094:c3b68fdc2de7

component AP gateway: fix handling of XMPP comments authors: the gateway was supposing that comments where emitted from PEP of author. While this is the case for most blog posts, it's not for comments. Instead the component is now using `author_jid` which is retrieved by XEP-0277 plugin, and reject the item if the auhor is not verified (i.e. if `publisher` attribute is not set by XMPP service).
author Goffi <goffi@goffi.org>
date Mon, 12 Jun 2023 14:50:43 +0200
parents 4b842c1fb686
children 0d7bb4df2343
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
1 #!/usr/bin/env python3
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
2
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
3 # Libervia plugin for Pubsub Items Signature
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
4 # Copyright (C) 2009-2022 Jérôme Poisson (goffi@goffi.org)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
5
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
6 # This program is free software: you can redistribute it and/or modify
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
7 # it under the terms of the GNU Affero General Public License as published by
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
8 # the Free Software Foundation, either version 3 of the License, or
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
9 # (at your option) any later version.
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
10
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
11 # This program is distributed in the hope that it will be useful,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
14 # GNU Affero General Public License for more details.
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
15
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
16 # You should have received a copy of the GNU Affero General Public License
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
17 # along with this program. If not, see <http://www.gnu.org/licenses/>.
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
18
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
19 import base64
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
20 import time
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
21 from typing import Any, Dict, List, Optional
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
22
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
23 from lxml import etree
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
24 import shortuuid
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
25 from twisted.internet import defer
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
26 from twisted.words.protocols.jabber import jid, xmlstream
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
27 from twisted.words.xish import domish
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
28 from wokkel import disco, iwokkel
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
29 from wokkel import pubsub
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
30 from zope.interface import implementer
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
31
4071
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4037
diff changeset
32 from libervia.backend.core import exceptions
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4037
diff changeset
33 from libervia.backend.core.constants import Const as C
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4037
diff changeset
34 from libervia.backend.core.core_types import SatXMPPEntity
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4037
diff changeset
35 from libervia.backend.core.i18n import _
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4037
diff changeset
36 from libervia.backend.core.log import getLogger
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4037
diff changeset
37 from libervia.backend.tools import utils
4b842c1fb686 refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents: 4037
diff changeset
38 from libervia.backend.tools.common import data_format
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
39
3961
a15c171836bb plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents: 3956
diff changeset
40 from .plugin_xep_0373 import VerificationFailed
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
41
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
42
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
43 log = getLogger(__name__)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
44
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
45 IMPORT_NAME = "pubsub-signing"
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
46
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
47 PLUGIN_INFO = {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
48 C.PI_NAME: "Pubsub Signing",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
49 C.PI_IMPORT_NAME: IMPORT_NAME,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
50 C.PI_TYPE: C.PLUG_TYPE_XEP,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
51 C.PI_MODES: C.PLUG_MODE_BOTH,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
52 C.PI_PROTOCOLS: [],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
53 C.PI_DEPENDENCIES: ["XEP-0060", "XEP-0373", "XEP-0470"],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
54 C.PI_MAIN: "PubsubSigning",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
55 C.PI_HANDLER: "yes",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
56 C.PI_DESCRIPTION: _(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
57 """Pubsub Signature can be used to strongly authenticate a pubsub item"""
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
58 ),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
59 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
60 NS_PUBSUB_SIGNING = "urn:xmpp:pubsub-signing:0"
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
61 NS_PUBSUB_SIGNING_OPENPGP = "urn:xmpp:pubsub-signing:openpgp:0"
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
62
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
63
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
64 class PubsubSigning:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
65 namespace = NS_PUBSUB_SIGNING
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
66
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
67 def __init__(self, host):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
68 log.info(_("Pubsub Signing plugin initialization"))
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3963
diff changeset
69 host.register_namespace("pubsub-signing", NS_PUBSUB_SIGNING)
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
70 self.host = host
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
71 self._p = host.plugins["XEP-0060"]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
72 self._ox = host.plugins["XEP-0373"]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
73 self._a = host.plugins["XEP-0470"]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
74 self._a.register_attachment_handler(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
75 "signature", NS_PUBSUB_SIGNING, self.signature_get, self.signature_set
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
76 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
77 host.trigger.add("XEP-0060_publish", self._publish_trigger)
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3963
diff changeset
78 host.bridge.add_method(
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3963
diff changeset
79 "ps_signature_check",
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
80 ".plugin",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
81 in_sign="sssss",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
82 out_sign="s",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
83 method=self._check,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
84 async_=True,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
85 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
86
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3963
diff changeset
87 def get_handler(self, client):
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
88 return PubsubSigning_Handler()
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
89
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
90 def get_data_to_sign(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
91 self,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
92 item_elt: domish.Element,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
93 to_jid: jid.JID,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
94 timestamp: float,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
95 signer: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
96 ) -> bytes:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
97 """Generate the wrapper element, normalize, serialize and return it"""
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
98 # we remove values which must not be in the serialised data
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
99 item_id = item_elt.attributes.pop("id")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
100 item_publisher = item_elt.attributes.pop("publisher", None)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
101 item_parent = item_elt.parent
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
102
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
103 # we need to be sure that item element namespace is right
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
104 item_elt.uri = item_elt.defaultUri = pubsub.NS_PUBSUB
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
105
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
106 sign_data_elt = domish.Element((NS_PUBSUB_SIGNING, "sign-data"))
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
107 to_elt = sign_data_elt.addElement("to")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
108 to_elt["jid"] = to_jid.userhost()
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
109 time_elt = sign_data_elt.addElement("time")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
110 time_elt["stamp"] = utils.xmpp_date(timestamp)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
111 sign_data_elt.addElement("signer", content=signer)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
112 sign_data_elt.addChild(item_elt)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
113 # FIXME: xml_tools.domish_elt_2_et_elt must be used once implementation is
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
114 # complete. For now serialisation/deserialisation is more secure.
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
115 # et_sign_data_elt = xml_tools.domish_elt_2_et_elt(sign_data_elt, True)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
116 et_sign_data_elt = etree.fromstring(sign_data_elt.toXml())
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
117 to_sign = etree.tostring(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
118 et_sign_data_elt,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
119 method="c14n2",
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
120 with_comments=False,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
121 strip_text=True
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
122 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
123 # the data to sign is serialised, we cna restore original values
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
124 item_elt["id"] = item_id
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
125 if item_publisher is not None:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
126 item_elt["publisher"] = item_publisher
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
127 item_elt.parent = item_parent
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
128 return to_sign
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
129
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
130 def _check(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
131 self,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
132 service: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
133 node: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
134 item_id: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
135 signature_data_s: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
136 profile_key: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
137 ) -> defer.Deferred:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
138 d = defer.ensureDeferred(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
139 self.check(
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3963
diff changeset
140 self.host.get_client(profile_key),
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
141 jid.JID(service),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
142 node,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
143 item_id,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
144 data_format.deserialise(signature_data_s)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
145 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
146 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
147 d.addCallback(data_format.serialise)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
148 return d
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
149
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
150 async def check(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
151 self,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
152 client: SatXMPPEntity,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
153 service: jid.JID,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
154 node: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
155 item_id: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
156 signature_data: Dict[str, Any],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
157 ) -> Dict[str, Any]:
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3963
diff changeset
158 items, __ = await self._p.get_items(
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
159 client, service, node, item_ids=[item_id]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
160 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
161 if not items != 1:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
162 raise exceptions.NotFound(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
163 f"target item not found for {item_id!r} at {node!r} for {service}"
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
164 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
165 item_elt = items[0]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
166 timestamp = signature_data["timestamp"]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
167 signers = signature_data["signers"]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
168 if not signers:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
169 raise ValueError("we must have at least one signer to check the signature")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
170 if len(signers) > 1:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
171 raise NotImplemented("multiple signers are not supported yet")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
172 signer = jid.JID(signers[0])
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
173 signature = base64.b64decode(signature_data["signature"])
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
174 verification_keys = {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
175 k for k in await self._ox.import_all_public_keys(client, signer)
3961
a15c171836bb plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents: 3956
diff changeset
176 if client.gpg_provider.can_sign(k)
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
177 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
178 signed_data = self.get_data_to_sign(item_elt, service, timestamp, signer.full())
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
179 try:
3961
a15c171836bb plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents: 3956
diff changeset
180 client.gpg_provider.verify_detached(signed_data, signature, verification_keys)
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
181 except VerificationFailed:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
182 validated = False
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
183 else:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
184 validated = True
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
185
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
186 trusts = {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
187 k.fingerprint: (await self._ox.get_trust(client, k, signer)).value.lower()
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
188 for k in verification_keys
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
189 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
190 return {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
191 "signer": signer.full(),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
192 "validated": validated,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
193 "trusts": trusts,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
194 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
195
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
196 def signature_get(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
197 self,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
198 client: SatXMPPEntity,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
199 attachments_elt: domish.Element,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
200 data: Dict[str, Any],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
201 ) -> None:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
202 try:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
203 signature_elt = next(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
204 attachments_elt.elements(NS_PUBSUB_SIGNING, "signature")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
205 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
206 except StopIteration:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
207 pass
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
208 else:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
209 time_elts = list(signature_elt.elements(NS_PUBSUB_SIGNING, "time"))
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
210 if len(time_elts) != 1:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
211 raise exceptions.DataError("only a single <time/> element is allowed")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
212 try:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
213 timestamp = utils.parse_xmpp_date(time_elts[0]["stamp"])
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
214 except (KeyError, exceptions.ParsingError):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
215 raise exceptions.DataError(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
216 "invalid time element: {signature_elt.toXml()}"
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
217 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
218
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
219 signature_data: Dict[str, Any] = {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
220 "timestamp": timestamp,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
221 "signers": [
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
222 str(s) for s in signature_elt.elements(NS_PUBSUB_SIGNING, "signer")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
223 ]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
224 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
225 # FIXME: only OpenPGP signature is available for now, to be updated if and
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
226 # when more algorithms are available.
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
227 sign_elt = next(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
228 signature_elt.elements(NS_PUBSUB_SIGNING_OPENPGP, "sign"),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
229 None
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
230 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
231 if sign_elt is None:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
232 log.warning(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
233 "no known signature profile element found, ignoring signature: "
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
234 f"{signature_elt.toXml()}"
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
235 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
236 return
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
237 else:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
238 signature_data["signature"] = str(sign_elt)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
239
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
240 data["signature"] = signature_data
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
241
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
242 async def signature_set(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
243 self,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
244 client: SatXMPPEntity,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
245 attachments_data: Dict[str, Any],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
246 former_elt: Optional[domish.Element]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
247 ) -> Optional[domish.Element]:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
248 signature_data = attachments_data["extra"].get("signature")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
249 if signature_data is None:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
250 return former_elt
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
251 elif signature_data:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
252 item_elt = signature_data.get("item_elt")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
253 service = jid.JID(attachments_data["service"])
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
254 if item_elt is None:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
255 node = attachments_data["node"]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
256 item_id = attachments_data["id"]
4037
524856bd7b19 massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents: 3963
diff changeset
257 items, __ = await self._p.get_items(
3963
d105ead599b6 plugin pubsub signature: fix attachment setting + default signer:
Goffi <goffi@goffi.org>
parents: 3961
diff changeset
258 client, service, node, item_ids=[item_id]
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
259 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
260 if not items != 1:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
261 raise exceptions.NotFound(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
262 f"target item not found for {item_id!r} at {node!r} for {service}"
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
263 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
264 item_elt = items[0]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
265
3963
d105ead599b6 plugin pubsub signature: fix attachment setting + default signer:
Goffi <goffi@goffi.org>
parents: 3961
diff changeset
266 signer = signature_data.get("signer") or client.jid.userhost()
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
267 timestamp = time.time()
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
268 timestamp_xmpp = utils.xmpp_date(timestamp)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
269 to_sign = self.get_data_to_sign(item_elt, service, timestamp, signer)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
270
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
271 signature_elt = domish.Element(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
272 (NS_PUBSUB_SIGNING, "signature"),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
273 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
274 time_elt = signature_elt.addElement("time")
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
275 time_elt["stamp"] = timestamp_xmpp
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
276 signature_elt.addElement("signer", content=signer)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
277
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
278 sign_elt = signature_elt.addElement((NS_PUBSUB_SIGNING_OPENPGP, "sign"))
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
279 signing_keys = {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
280 k for k in self._ox.list_secret_keys(client)
3961
a15c171836bb plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents: 3956
diff changeset
281 if client.gpg_provider.can_sign(k.public_key)
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
282 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
283 # the base64 encoded signature itself
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
284 sign_elt.addContent(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
285 base64.b64encode(
3961
a15c171836bb plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents: 3956
diff changeset
286 client.gpg_provider.sign_detached(to_sign, signing_keys)
3956
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
287 ).decode()
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
288 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
289 return signature_elt
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
290 else:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
291 return None
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
292
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
293 async def _publish_trigger(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
294 self,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
295 client: SatXMPPEntity,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
296 service: jid.JID,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
297 node: str,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
298 items: Optional[List[domish.Element]],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
299 options: Optional[dict],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
300 sender: jid.JID,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
301 extra: Dict[str, Any]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
302 ) -> bool:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
303 if not items or not extra.get("signed"):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
304 return True
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
305
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
306 for item_elt in items:
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
307 # we need an ID to find corresponding attachment node, and so to sign an item
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
308 if not item_elt.hasAttribute("id"):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
309 item_elt["id"] = shortuuid.uuid()
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
310 await self._a.set_attachements(
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
311 client,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
312 {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
313 "service": service.full(),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
314 "node": node,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
315 "id": item_elt["id"],
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
316 "extra": {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
317 "signature": {
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
318 "item_elt": item_elt,
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
319 "signer": sender.userhost(),
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
320 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
321 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
322 }
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
323 )
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
324
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
325 return True
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
326
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
327
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
328 @implementer(iwokkel.IDisco)
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
329 class PubsubSigning_Handler(xmlstream.XMPPHandler):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
330
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
331 def getDiscoInfo(self, requestor, service, nodeIdentifier=""):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
332 return [disco.DiscoFeature(NS_PUBSUB_SIGNING)]
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
333
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
334 def getDiscoItems(self, requestor, service, nodeIdentifier=""):
3cb9ade2ab84 plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff changeset
335 return []