libervia-backend: sat/plugins/plugin_sec

comparison sat/plugins/plugin_sec_otr.py @ 2653:7213caa5c5d0

plugin OTR: integrated in new encryption handler + fixed use of bare jid where full jid was expected

author	Goffi <goffi@goffi.org>
date	Sat, 11 Aug 2018 18:24:55 +0200
parents	189e38fb11ff
children	9190874a8ac5

comparison

equal deleted inserted replaced

-:baccc27d5c5c
+:7213caa5c5d0
 old_state = self.state
 super(Context, self).setState(state)
 log.debug(u"setState: %s (old_state=%s)" % (state, old_state))
 if state == potr.context.STATE_PLAINTEXT:
+client.encryption.stop(self.peer, NS_OTR)
 feedback = _(u"/!\\ conversation with %(other_jid)s is now UNENCRYPTED") % {
 "other_jid": self.peer.full()
 }
 self.host.bridge.otrState(
 OTR_STATE_UNENCRYPTED, self.peer.full(), client.profile
 )
 elif state == potr.context.STATE_ENCRYPTED:
+client.encryption.start(self.peer, NS_OTR)
 try:
 trusted = self.getCurrentTrust()
 except TypeError:
 trusted = False
 trusted_str = _(u"trusted") if trusted else _(u"untrusted")
 )
 self.host.bridge.otrState(
 OTR_STATE_ENCRYPTED, self.peer.full(), client.profile
 )
 elif state == potr.context.STATE_FINISHED:
+client.encryption.stop(self.peer, NS_OTR)
 feedback = D_(u"OTR conversation with {other_jid} is FINISHED").format(
 other_jid=self.peer.full()
 )
 self.host.bridge.otrState(
 OTR_STATE_UNENCRYPTED, self.peer.full(), client.profile
 self._dropPrivKey,
 security_limit=0,
 type_=C.MENU_SINGLE,
 )
 host.trigger.add("presenceReceived", self._presenceReceivedTrigger)
+self.host.registerEncryptionPlugin(self, u"OTR", NS_OTR)
 def _skipOTR(self, profile):
 """Tell the backend to not handle OTR for this profile.
 @param profile (str): %(doc_profile)s
 def startRefresh(self, client, to_jid):
 """Start or refresh an OTR session
 @param to_jid(jid.JID): jid to start encrypted session with
 """
+encrypted_session = client.encryption.getSession(to_jid.userhostJID())
+if encrypted_session and encrypted_session[u'plugin'].namespace != NS_OTR:
+raise exceptions.ConflictError(_(
+u"Can't start an OTR session, there is already an encrypted session "
+u"with {name}").format(name=encrypted_session[u'plugin'].name))
 if not to_jid.resource:
 to_jid.resource = self.host.memory.getMainResource(
 client, to_jid
 )  # FIXME: temporary and unsecure, must be changed when frontends
 #        are refactored
 u"WARNING: received unencrypted data in a supposedly encrypted "
 u"context"
 ),
 )
 client.feedback(from_jid, feedback)
+except potr.context.NotEncryptedError:
+msg = D_(u"WARNING: received OTR encrypted data in an unencrypted context")
+log.warning(msg)
+feedback = msg
+client.feedback(from_jid, msg)
+raise failure.Failure(exceptions.CancelError(msg))
 except StopIteration:
 return data
 else:
 encrypted = True
 # TODO: add skip history as an option, but by default we don't skip it
 # data[u'history'] = C.HISTORY_SKIP # we send the decrypted message to
 # frontends, but we don't want it in
 # history
 else:
-log.warning(
-u"An encrypted message was expected, but got {}".format(
-data["message"]
-)
-)
 raise failure.Failure(
 exceptions.CancelError("Cancelled by OTR")
 )  # no message at all (no history, no signal)
 return data
 else:
 post_treat.addCallback(self._receivedTreatment, client)
 return True
 def _sendMessageDataTrigger(self, client, mess_data):
-if not "OTR" in mess_data:
+encryption = mess_data.get(C.MESS_KEY_ENCRYPTION)
+if encryption is None or encryption['plugin'].namespace != NS_OTR:
 return
-otrctx = mess_data["OTR"]
+to_jid = mess_data['to']
+if not to_jid.resource:
+to_jid.resource = self.host.memory.getMainResource(
+client, to_jid
+)  # FIXME: temporary and unsecure, must be changed when frontends
+otrctx = client._otr_context_manager.getContextForUser(to_jid)
 message_elt = mess_data["xml"]
-to_jid = mess_data["to"]
 if otrctx.state == potr.context.STATE_ENCRYPTED:
 log.debug(u"encrypting message")
 body = None
 for child in list(message_elt.children):
 if child.name == "body":
 message_elt.children.remove(child)
 if body is None:
 log.warning(u"No message found")
 else:
 self._p_carbons.setPrivate(message_elt)
+self._p_hints.addHintElements(message_elt, [
+self._p_hints.HINT_NO_COPY,
+self._p_hints.HINT_NO_PERMANENT_STORE])
 otrctx.sendMessage(0, unicode(body).encode("utf-8"), appdata=mess_data)
 else:
 feedback = D_(
 u"Your message was not sent because your correspondent closed the "
 u"encrypted conversation on his/her side. "
 if client.profile in self.skipped_profiles:
 #  FIXME: should not be done on a per-profile basis
 return True
 to_jid = copy.copy(mess_data["to"])
+if client.encryption.getSession(to_jid.userhostJID()):
+# there is already an encrypted session with this entity
+return True
 if not to_jid.resource:
 to_jid.resource = self.host.memory.getMainResource(
 client, to_jid
 )  # FIXME: full jid may not be known
 otrctx = client._otr_context_manager.getContextForUser(to_jid)
 if otrctx.state != potr.context.STATE_PLAINTEXT:
-self._p_hints.addHint(mess_data, self._p_hints.HINT_NO_COPY)
+client.encryption.start(to_jid, NS_OTR)
-self._p_hints.addHint(mess_data, self._p_hints.HINT_NO_PERMANENT_STORE)
+client.encryption.setEncryptionFlag(mess_data)
-mess_data["OTR"] = (otrctx)  #  this indicate that encryption is needed in
-#  sendMessageData trigger
 if not mess_data["to"].resource:
 # if not resource was given, we force it here
 mess_data["to"] = to_jid
 return True

Mercurial > libervia-backend

comparison sat/plugins/plugin_sec_otr.py @ 2653:7213caa5c5d0