Mercurial > libervia-backend
annotate sat/plugins/plugin_sec_pubsub_signing.py @ 3959:da0e772881c3
cli (pubsub): new `signature` subcommands:
A first `check` command can be used to check signature using the signature JSON data.
More commands should follow to check or sign items.
rel 381
author | Goffi <goffi@goffi.org> |
---|---|
date | Fri, 28 Oct 2022 18:47:17 +0200 |
parents | 3cb9ade2ab84 |
children | a15c171836bb |
rev | line source |
---|---|
3956
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
1 #!/usr/bin/env python3 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
2 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
3 # Libervia plugin for Pubsub Items Signature |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
4 # Copyright (C) 2009-2022 Jérôme Poisson (goffi@goffi.org) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
5 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
6 # This program is free software: you can redistribute it and/or modify |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
7 # it under the terms of the GNU Affero General Public License as published by |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
8 # the Free Software Foundation, either version 3 of the License, or |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
9 # (at your option) any later version. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
10 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
11 # This program is distributed in the hope that it will be useful, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
12 # but WITHOUT ANY WARRANTY; without even the implied warranty of |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
14 # GNU Affero General Public License for more details. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
15 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
16 # You should have received a copy of the GNU Affero General Public License |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
17 # along with this program. If not, see <http://www.gnu.org/licenses/>. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
18 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
19 import base64 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
20 import time |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
21 from typing import Any, Dict, List, Optional |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
22 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
23 from lxml import etree |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
24 import shortuuid |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
25 from twisted.internet import defer |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
26 from twisted.words.protocols.jabber import jid, xmlstream |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
27 from twisted.words.xish import domish |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
28 from wokkel import disco, iwokkel |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
29 from wokkel import pubsub |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
30 from zope.interface import implementer |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
31 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
32 from sat.core import exceptions |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
33 from sat.core.constants import Const as C |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
34 from sat.core.core_types import SatXMPPEntity |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
35 from sat.core.i18n import _ |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
36 from sat.core.log import getLogger |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
37 from sat.tools import utils |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
38 from sat.tools.common import data_format |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
39 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
40 from .plugin_xep_0373 import get_gpg_provider, VerificationFailed |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
41 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
42 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
43 log = getLogger(__name__) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
44 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
45 IMPORT_NAME = "pubsub-signing" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
46 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
47 PLUGIN_INFO = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
48 C.PI_NAME: "Pubsub Signing", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
49 C.PI_IMPORT_NAME: IMPORT_NAME, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
50 C.PI_TYPE: C.PLUG_TYPE_XEP, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
51 C.PI_MODES: C.PLUG_MODE_BOTH, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
52 C.PI_PROTOCOLS: [], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
53 C.PI_DEPENDENCIES: ["XEP-0060", "XEP-0373", "XEP-0470"], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
54 C.PI_MAIN: "PubsubSigning", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
55 C.PI_HANDLER: "yes", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
56 C.PI_DESCRIPTION: _( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
57 """Pubsub Signature can be used to strongly authenticate a pubsub item""" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
58 ), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
59 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
60 NS_PUBSUB_SIGNING = "urn:xmpp:pubsub-signing:0" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
61 NS_PUBSUB_SIGNING_OPENPGP = "urn:xmpp:pubsub-signing:openpgp:0" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
62 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
63 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
64 class PubsubSigning: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
65 namespace = NS_PUBSUB_SIGNING |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
66 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
67 def __init__(self, host): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
68 log.info(_("Pubsub Signing plugin initialization")) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
69 host.registerNamespace("pubsub-signing", NS_PUBSUB_SIGNING) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
70 self.host = host |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
71 self._p = host.plugins["XEP-0060"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
72 self._ox = host.plugins["XEP-0373"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
73 self._a = host.plugins["XEP-0470"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
74 self._a.register_attachment_handler( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
75 "signature", NS_PUBSUB_SIGNING, self.signature_get, self.signature_set |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
76 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
77 host.trigger.add("XEP-0060_publish", self._publish_trigger) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
78 host.bridge.addMethod( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
79 "psSignatureCheck", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
80 ".plugin", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
81 in_sign="sssss", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
82 out_sign="s", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
83 method=self._check, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
84 async_=True, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
85 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
86 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
87 def getHandler(self, client): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
88 return PubsubSigning_Handler() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
89 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
90 async def profileConnecting(self, client): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
91 self.gpg_provider = get_gpg_provider(self.host, client) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
92 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
93 def get_data_to_sign( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
94 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
95 item_elt: domish.Element, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
96 to_jid: jid.JID, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
97 timestamp: float, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
98 signer: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
99 ) -> bytes: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
100 """Generate the wrapper element, normalize, serialize and return it""" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
101 # we remove values which must not be in the serialised data |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
102 item_id = item_elt.attributes.pop("id") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
103 item_publisher = item_elt.attributes.pop("publisher", None) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
104 item_parent = item_elt.parent |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
105 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
106 # we need to be sure that item element namespace is right |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
107 item_elt.uri = item_elt.defaultUri = pubsub.NS_PUBSUB |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
108 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
109 sign_data_elt = domish.Element((NS_PUBSUB_SIGNING, "sign-data")) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
110 to_elt = sign_data_elt.addElement("to") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
111 to_elt["jid"] = to_jid.userhost() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
112 time_elt = sign_data_elt.addElement("time") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
113 time_elt["stamp"] = utils.xmpp_date(timestamp) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
114 sign_data_elt.addElement("signer", content=signer) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
115 sign_data_elt.addChild(item_elt) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
116 # FIXME: xml_tools.domish_elt_2_et_elt must be used once implementation is |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
117 # complete. For now serialisation/deserialisation is more secure. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
118 # et_sign_data_elt = xml_tools.domish_elt_2_et_elt(sign_data_elt, True) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
119 et_sign_data_elt = etree.fromstring(sign_data_elt.toXml()) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
120 to_sign = etree.tostring( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
121 et_sign_data_elt, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
122 method="c14n2", |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
123 with_comments=False, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
124 strip_text=True |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
125 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
126 # the data to sign is serialised, we cna restore original values |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
127 item_elt["id"] = item_id |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
128 if item_publisher is not None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
129 item_elt["publisher"] = item_publisher |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
130 item_elt.parent = item_parent |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
131 return to_sign |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
132 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
133 def _check( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
134 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
135 service: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
136 node: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
137 item_id: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
138 signature_data_s: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
139 profile_key: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
140 ) -> defer.Deferred: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
141 d = defer.ensureDeferred( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
142 self.check( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
143 self.host.getClient(profile_key), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
144 jid.JID(service), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
145 node, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
146 item_id, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
147 data_format.deserialise(signature_data_s) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
148 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
149 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
150 d.addCallback(data_format.serialise) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
151 return d |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
152 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
153 async def check( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
154 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
155 client: SatXMPPEntity, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
156 service: jid.JID, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
157 node: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
158 item_id: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
159 signature_data: Dict[str, Any], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
160 ) -> Dict[str, Any]: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
161 items, __ = await self._p.getItems( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
162 client, service, node, item_ids=[item_id] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
163 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
164 if not items != 1: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
165 raise exceptions.NotFound( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
166 f"target item not found for {item_id!r} at {node!r} for {service}" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
167 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
168 item_elt = items[0] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
169 timestamp = signature_data["timestamp"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
170 signers = signature_data["signers"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
171 if not signers: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
172 raise ValueError("we must have at least one signer to check the signature") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
173 if len(signers) > 1: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
174 raise NotImplemented("multiple signers are not supported yet") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
175 signer = jid.JID(signers[0]) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
176 signature = base64.b64decode(signature_data["signature"]) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
177 verification_keys = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
178 k for k in await self._ox.import_all_public_keys(client, signer) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
179 if self.gpg_provider.can_sign(k) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
180 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
181 signed_data = self.get_data_to_sign(item_elt, service, timestamp, signer.full()) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
182 try: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
183 self.gpg_provider.verify_detached(signed_data, signature, verification_keys) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
184 except VerificationFailed: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
185 validated = False |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
186 else: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
187 validated = True |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
188 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
189 trusts = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
190 k.fingerprint: (await self._ox.get_trust(client, k, signer)).value.lower() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
191 for k in verification_keys |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
192 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
193 return { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
194 "signer": signer.full(), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
195 "validated": validated, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
196 "trusts": trusts, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
197 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
198 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
199 def signature_get( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
200 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
201 client: SatXMPPEntity, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
202 attachments_elt: domish.Element, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
203 data: Dict[str, Any], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
204 ) -> None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
205 try: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
206 signature_elt = next( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
207 attachments_elt.elements(NS_PUBSUB_SIGNING, "signature") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
208 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
209 except StopIteration: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
210 pass |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
211 else: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
212 time_elts = list(signature_elt.elements(NS_PUBSUB_SIGNING, "time")) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
213 if len(time_elts) != 1: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
214 raise exceptions.DataError("only a single <time/> element is allowed") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
215 try: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
216 timestamp = utils.parse_xmpp_date(time_elts[0]["stamp"]) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
217 except (KeyError, exceptions.ParsingError): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
218 raise exceptions.DataError( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
219 "invalid time element: {signature_elt.toXml()}" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
220 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
221 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
222 signature_data: Dict[str, Any] = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
223 "timestamp": timestamp, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
224 "signers": [ |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
225 str(s) for s in signature_elt.elements(NS_PUBSUB_SIGNING, "signer") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
226 ] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
227 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
228 # FIXME: only OpenPGP signature is available for now, to be updated if and |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
229 # when more algorithms are available. |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
230 sign_elt = next( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
231 signature_elt.elements(NS_PUBSUB_SIGNING_OPENPGP, "sign"), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
232 None |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
233 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
234 if sign_elt is None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
235 log.warning( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
236 "no known signature profile element found, ignoring signature: " |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
237 f"{signature_elt.toXml()}" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
238 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
239 return |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
240 else: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
241 signature_data["signature"] = str(sign_elt) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
242 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
243 data["signature"] = signature_data |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
244 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
245 async def signature_set( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
246 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
247 client: SatXMPPEntity, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
248 attachments_data: Dict[str, Any], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
249 former_elt: Optional[domish.Element] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
250 ) -> Optional[domish.Element]: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
251 signature_data = attachments_data["extra"].get("signature") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
252 if signature_data is None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
253 return former_elt |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
254 elif signature_data: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
255 item_elt = signature_data.get("item_elt") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
256 service = jid.JID(attachments_data["service"]) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
257 if item_elt is None: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
258 node = attachments_data["node"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
259 item_id = attachments_data["id"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
260 items, __ = await self._p.getItems( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
261 client, service, node, items_ids=[item_id] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
262 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
263 if not items != 1: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
264 raise exceptions.NotFound( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
265 f"target item not found for {item_id!r} at {node!r} for {service}" |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
266 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
267 item_elt = items[0] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
268 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
269 signer = signature_data["signer"] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
270 timestamp = time.time() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
271 timestamp_xmpp = utils.xmpp_date(timestamp) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
272 to_sign = self.get_data_to_sign(item_elt, service, timestamp, signer) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
273 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
274 signature_elt = domish.Element( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
275 (NS_PUBSUB_SIGNING, "signature"), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
276 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
277 time_elt = signature_elt.addElement("time") |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
278 time_elt["stamp"] = timestamp_xmpp |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
279 signature_elt.addElement("signer", content=signer) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
280 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
281 sign_elt = signature_elt.addElement((NS_PUBSUB_SIGNING_OPENPGP, "sign")) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
282 signing_keys = { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
283 k for k in self._ox.list_secret_keys(client) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
284 if self.gpg_provider.can_sign(k.public_key) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
285 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
286 # the base64 encoded signature itself |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
287 sign_elt.addContent( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
288 base64.b64encode( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
289 self.gpg_provider.sign_detached(to_sign, signing_keys) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
290 ).decode() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
291 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
292 return signature_elt |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
293 else: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
294 return None |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
295 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
296 async def _publish_trigger( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
297 self, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
298 client: SatXMPPEntity, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
299 service: jid.JID, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
300 node: str, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
301 items: Optional[List[domish.Element]], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
302 options: Optional[dict], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
303 sender: jid.JID, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
304 extra: Dict[str, Any] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
305 ) -> bool: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
306 if not items or not extra.get("signed"): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
307 return True |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
308 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
309 for item_elt in items: |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
310 # we need an ID to find corresponding attachment node, and so to sign an item |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
311 if not item_elt.hasAttribute("id"): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
312 item_elt["id"] = shortuuid.uuid() |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
313 await self._a.set_attachements( |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
314 client, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
315 { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
316 "service": service.full(), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
317 "node": node, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
318 "id": item_elt["id"], |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
319 "extra": { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
320 "signature": { |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
321 "item_elt": item_elt, |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
322 "signer": sender.userhost(), |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
323 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
324 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
325 } |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
326 ) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
327 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
328 return True |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
329 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
330 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
331 @implementer(iwokkel.IDisco) |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
332 class PubsubSigning_Handler(xmlstream.XMPPHandler): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
333 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
334 def getDiscoInfo(self, requestor, service, nodeIdentifier=""): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
335 return [disco.DiscoFeature(NS_PUBSUB_SIGNING)] |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
336 |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
337 def getDiscoItems(self, requestor, service, nodeIdentifier=""): |
3cb9ade2ab84
plugin pubsub signing: pubsub items signature implementation:
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
338 return [] |