Mercurial > libervia-backend
annotate libervia/backend/plugins/plugin_sec_pubsub_signing.py @ 4094:c3b68fdc2de7
component AP gateway: fix handling of XMPP comments authors:
the gateway was supposing that comments where emitted from PEP of author. While this is
the case for most blog posts, it's not for comments. Instead the component is now using
`author_jid` which is retrieved by XEP-0277 plugin, and reject the item if the auhor is
not verified (i.e. if `publisher` attribute is not set by XMPP service).
author | Goffi <goffi@goffi.org> |
---|---|
date | Mon, 12 Jun 2023 14:50:43 +0200 |
parents | 4b842c1fb686 |
children | 0d7bb4df2343 |
rev | line source |
---|---|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
1 #!/usr/bin/env python3 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
2 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
3 # Libervia plugin for Pubsub Items Signature |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
4 # Copyright (C) 2009-2022 Jérôme Poisson (goffi@goffi.org) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
5 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
6 # This program is free software: you can redistribute it and/or modify |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
7 # it under the terms of the GNU Affero General Public License as published by |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
8 # the Free Software Foundation, either version 3 of the License, or |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
9 # (at your option) any later version. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
10 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
11 # This program is distributed in the hope that it will be useful, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
14 # GNU Affero General Public License for more details. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
16 # You should have received a copy of the GNU Affero General Public License |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
18 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
19 import base64 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 import time |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
21 from typing import Any, Dict, List, Optional |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
22 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
23 from lxml import etree |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
24 import shortuuid |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
25 from twisted.internet import defer |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
26 from twisted.words.protocols.jabber import jid, xmlstream |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
27 from twisted.words.xish import domish |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
28 from wokkel import disco, iwokkel |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
29 from wokkel import pubsub |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
30 from zope.interface import implementer |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
31 |
4071
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
32 from libervia.backend.core import exceptions |
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
33 from libervia.backend.core.constants import Const as C |
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
34 from libervia.backend.core.core_types import SatXMPPEntity |
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
35 from libervia.backend.core.i18n import _ |
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
36 from libervia.backend.core.log import getLogger |
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
37 from libervia.backend.tools import utils |
4b842c1fb686
refactoring: renamed `sat` package to `libervia.backend`
Goffi <goffi@goffi.org>
parents:
4037
diff
changeset
|
38 from libervia.backend.tools.common import data_format |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
39 |
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
40 from .plugin_xep_0373 import VerificationFailed |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
41 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
42 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
43 log = getLogger(__name__) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
44 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
45 IMPORT_NAME = "pubsub-signing" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
46 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
47 PLUGIN_INFO = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
48 C.PI_NAME: "Pubsub Signing", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
49 C.PI_IMPORT_NAME: IMPORT_NAME, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
50 C.PI_TYPE: C.PLUG_TYPE_XEP, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
51 C.PI_MODES: C.PLUG_MODE_BOTH, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
52 C.PI_PROTOCOLS: [], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
53 C.PI_DEPENDENCIES: ["XEP-0060", "XEP-0373", "XEP-0470"], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
54 C.PI_MAIN: "PubsubSigning", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
55 C.PI_HANDLER: "yes", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
56 C.PI_DESCRIPTION: _( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
57 """Pubsub Signature can be used to strongly authenticate a pubsub item""" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
58 ), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
59 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
60 NS_PUBSUB_SIGNING = "urn:xmpp:pubsub-signing:0" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
61 NS_PUBSUB_SIGNING_OPENPGP = "urn:xmpp:pubsub-signing:openpgp:0" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
62 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
63 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
64 class PubsubSigning: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
65 namespace = NS_PUBSUB_SIGNING |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
66 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
67 def __init__(self, host): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
68 log.info(_("Pubsub Signing plugin initialization")) |
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3963
diff
changeset
|
69 host.register_namespace("pubsub-signing", NS_PUBSUB_SIGNING) |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
70 self.host = host |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
71 self._p = host.plugins["XEP-0060"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
72 self._ox = host.plugins["XEP-0373"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
73 self._a = host.plugins["XEP-0470"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
74 self._a.register_attachment_handler( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
75 "signature", NS_PUBSUB_SIGNING, self.signature_get, self.signature_set |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
76 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
77 host.trigger.add("XEP-0060_publish", self._publish_trigger) |
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3963
diff
changeset
|
78 host.bridge.add_method( |
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3963
diff
changeset
|
79 "ps_signature_check", |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
80 ".plugin", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
81 in_sign="sssss", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
82 out_sign="s", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
83 method=self._check, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
84 async_=True, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
85 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
86 |
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3963
diff
changeset
|
87 def get_handler(self, client): |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
88 return PubsubSigning_Handler() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
89 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
90 def get_data_to_sign( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
91 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
92 item_elt: domish.Element, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
93 to_jid: jid.JID, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
94 timestamp: float, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
95 signer: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
96 ) -> bytes: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
97 """Generate the wrapper element, normalize, serialize and return it""" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
98 # we remove values which must not be in the serialised data |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
99 item_id = item_elt.attributes.pop("id") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
100 item_publisher = item_elt.attributes.pop("publisher", None) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
101 item_parent = item_elt.parent |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
102 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
103 # we need to be sure that item element namespace is right |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
104 item_elt.uri = item_elt.defaultUri = pubsub.NS_PUBSUB |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
105 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
106 sign_data_elt = domish.Element((NS_PUBSUB_SIGNING, "sign-data")) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
107 to_elt = sign_data_elt.addElement("to") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
108 to_elt["jid"] = to_jid.userhost() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
109 time_elt = sign_data_elt.addElement("time") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
110 time_elt["stamp"] = utils.xmpp_date(timestamp) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
111 sign_data_elt.addElement("signer", content=signer) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
112 sign_data_elt.addChild(item_elt) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
113 # FIXME: xml_tools.domish_elt_2_et_elt must be used once implementation is |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
114 # complete. For now serialisation/deserialisation is more secure. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
115 # et_sign_data_elt = xml_tools.domish_elt_2_et_elt(sign_data_elt, True) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
116 et_sign_data_elt = etree.fromstring(sign_data_elt.toXml()) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
117 to_sign = etree.tostring( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
118 et_sign_data_elt, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
119 method="c14n2", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
120 with_comments=False, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
121 strip_text=True |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
122 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
123 # the data to sign is serialised, we cna restore original values |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
124 item_elt["id"] = item_id |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
125 if item_publisher is not None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
126 item_elt["publisher"] = item_publisher |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
127 item_elt.parent = item_parent |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
128 return to_sign |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
129 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
130 def _check( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
131 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
132 service: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
133 node: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
134 item_id: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
135 signature_data_s: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
136 profile_key: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
137 ) -> defer.Deferred: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
138 d = defer.ensureDeferred( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
139 self.check( |
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3963
diff
changeset
|
140 self.host.get_client(profile_key), |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
141 jid.JID(service), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
142 node, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
143 item_id, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
144 data_format.deserialise(signature_data_s) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
145 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
146 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
147 d.addCallback(data_format.serialise) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
148 return d |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
149 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
150 async def check( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
151 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
152 client: SatXMPPEntity, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
153 service: jid.JID, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
154 node: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
155 item_id: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
156 signature_data: Dict[str, Any], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
157 ) -> Dict[str, Any]: |
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3963
diff
changeset
|
158 items, __ = await self._p.get_items( |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
159 client, service, node, item_ids=[item_id] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
160 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
161 if not items != 1: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
162 raise exceptions.NotFound( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
163 f"target item not found for {item_id!r} at {node!r} for {service}" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
164 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
165 item_elt = items[0] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
166 timestamp = signature_data["timestamp"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
167 signers = signature_data["signers"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
168 if not signers: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
169 raise ValueError("we must have at least one signer to check the signature") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
170 if len(signers) > 1: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
171 raise NotImplemented("multiple signers are not supported yet") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
172 signer = jid.JID(signers[0]) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
173 signature = base64.b64decode(signature_data["signature"]) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
174 verification_keys = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
175 k for k in await self._ox.import_all_public_keys(client, signer) |
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
176 if client.gpg_provider.can_sign(k) |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
177 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
178 signed_data = self.get_data_to_sign(item_elt, service, timestamp, signer.full()) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
179 try: |
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
180 client.gpg_provider.verify_detached(signed_data, signature, verification_keys) |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
181 except VerificationFailed: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
182 validated = False |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
183 else: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
184 validated = True |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
185 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
186 trusts = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
187 k.fingerprint: (await self._ox.get_trust(client, k, signer)).value.lower() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
188 for k in verification_keys |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
189 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
190 return { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
191 "signer": signer.full(), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
192 "validated": validated, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
193 "trusts": trusts, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
194 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
195 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
196 def signature_get( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
197 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
198 client: SatXMPPEntity, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
199 attachments_elt: domish.Element, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
200 data: Dict[str, Any], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
201 ) -> None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
202 try: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
203 signature_elt = next( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
204 attachments_elt.elements(NS_PUBSUB_SIGNING, "signature") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
205 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
206 except StopIteration: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
207 pass |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
208 else: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
209 time_elts = list(signature_elt.elements(NS_PUBSUB_SIGNING, "time")) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
210 if len(time_elts) != 1: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
211 raise exceptions.DataError("only a single <time/> element is allowed") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
212 try: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
213 timestamp = utils.parse_xmpp_date(time_elts[0]["stamp"]) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
214 except (KeyError, exceptions.ParsingError): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
215 raise exceptions.DataError( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
216 "invalid time element: {signature_elt.toXml()}" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
217 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
218 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
219 signature_data: Dict[str, Any] = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
220 "timestamp": timestamp, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
221 "signers": [ |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
222 str(s) for s in signature_elt.elements(NS_PUBSUB_SIGNING, "signer") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
223 ] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
224 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
225 # FIXME: only OpenPGP signature is available for now, to be updated if and |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
226 # when more algorithms are available. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
227 sign_elt = next( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
228 signature_elt.elements(NS_PUBSUB_SIGNING_OPENPGP, "sign"), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
229 None |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
230 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
231 if sign_elt is None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
232 log.warning( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
233 "no known signature profile element found, ignoring signature: " |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
234 f"{signature_elt.toXml()}" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
235 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
236 return |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
237 else: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
238 signature_data["signature"] = str(sign_elt) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
239 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
240 data["signature"] = signature_data |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
241 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
242 async def signature_set( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
243 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
244 client: SatXMPPEntity, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
245 attachments_data: Dict[str, Any], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
246 former_elt: Optional[domish.Element] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
247 ) -> Optional[domish.Element]: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
248 signature_data = attachments_data["extra"].get("signature") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
249 if signature_data is None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
250 return former_elt |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
251 elif signature_data: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
252 item_elt = signature_data.get("item_elt") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
253 service = jid.JID(attachments_data["service"]) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
254 if item_elt is None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
255 node = attachments_data["node"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
256 item_id = attachments_data["id"] |
4037
524856bd7b19
massive refactoring to switch from camelCase to snake_case:
Goffi <goffi@goffi.org>
parents:
3963
diff
changeset
|
257 items, __ = await self._p.get_items( |
3963
d105ead599b6
plugin pubsub signature: fix attachment setting + default signer:
Goffi <goffi@goffi.org>
parents:
3961
diff
changeset
|
258 client, service, node, item_ids=[item_id] |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
259 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
260 if not items != 1: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
261 raise exceptions.NotFound( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
262 f"target item not found for {item_id!r} at {node!r} for {service}" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
263 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
264 item_elt = items[0] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
265 |
3963
d105ead599b6
plugin pubsub signature: fix attachment setting + default signer:
Goffi <goffi@goffi.org>
parents:
3961
diff
changeset
|
266 signer = signature_data.get("signer") or client.jid.userhost() |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
267 timestamp = time.time() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
268 timestamp_xmpp = utils.xmpp_date(timestamp) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
269 to_sign = self.get_data_to_sign(item_elt, service, timestamp, signer) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
270 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
271 signature_elt = domish.Element( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
272 (NS_PUBSUB_SIGNING, "signature"), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
273 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
274 time_elt = signature_elt.addElement("time") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
275 time_elt["stamp"] = timestamp_xmpp |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
276 signature_elt.addElement("signer", content=signer) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
277 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
278 sign_elt = signature_elt.addElement((NS_PUBSUB_SIGNING_OPENPGP, "sign")) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
279 signing_keys = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
280 k for k in self._ox.list_secret_keys(client) |
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
281 if client.gpg_provider.can_sign(k.public_key) |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
282 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
283 # the base64 encoded signature itself |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
284 sign_elt.addContent( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
285 base64.b64encode( |
3961
a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
Goffi <goffi@goffi.org>
parents:
3956
diff
changeset
|
286 client.gpg_provider.sign_detached(to_sign, signing_keys) |
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
287 ).decode() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
288 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
289 return signature_elt |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
290 else: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
291 return None |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
292 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
293 async def _publish_trigger( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
294 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
295 client: SatXMPPEntity, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
296 service: jid.JID, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
297 node: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
298 items: Optional[List[domish.Element]], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
299 options: Optional[dict], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
300 sender: jid.JID, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
301 extra: Dict[str, Any] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
302 ) -> bool: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
303 if not items or not extra.get("signed"): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
304 return True |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
305 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
306 for item_elt in items: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
307 # we need an ID to find corresponding attachment node, and so to sign an item |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
308 if not item_elt.hasAttribute("id"): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
309 item_elt["id"] = shortuuid.uuid() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
310 await self._a.set_attachements( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
311 client, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
312 { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
313 "service": service.full(), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
314 "node": node, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
315 "id": item_elt["id"], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
316 "extra": { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
317 "signature": { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
318 "item_elt": item_elt, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
319 "signer": sender.userhost(), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
320 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
321 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
322 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
323 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
324 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
325 return True |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
326 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
327 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
328 @implementer(iwokkel.IDisco) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
329 class PubsubSigning_Handler(xmlstream.XMPPHandler): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
330 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
331 def getDiscoInfo(self, requestor, service, nodeIdentifier=""): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
332 return [disco.DiscoFeature(NS_PUBSUB_SIGNING)] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
333 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
334 def getDiscoItems(self, requestor, service, nodeIdentifier=""): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
335 return [] |