libervia-backend: sat/plugins/plugin_xep

comparison sat/plugins/plugin_xep_0077.py @ 2838:8018cf9aa55b

plugin XEP-0077: correctly report invalid certificate + errback on unexpected stream close

author	Goffi <goffi@goffi.org>
date	Sun, 03 Mar 2019 19:18:45 +0100
parents	003b8b4b56a7
children	ab2696e34d29

comparison

equal deleted inserted replaced

-:e2005dd39c92
+:8018cf9aa55b
 from sat.core.constants import Const as C
 from sat.core import exceptions
 from sat.core.log import getLogger
 log = getLogger(__name__)
-from twisted.words.protocols.jabber import jid, xmlstream, client
+from twisted.words.protocols.jabber import jid, xmlstream, client, error as jabber_error
 from twisted.internet import defer, reactor
 from sat.tools import xml_tools
 from wokkel import data_form
 # FIXME: request IQ is not send to check available fields,
 #        while XEP recommand to use it
 # FIXME: doesn't handle data form or oob
 namespace = 'jabber:client'
-def __init__(self, jid_, password, email=None):
+def __init__(self, jid_, password, email=None, check_certificate=True):
 log.debug(_(u"Registration asked for {jid}").format(jid=jid_))
 xmlstream.ConnectAuthenticator.__init__(self, jid_.host)
 self.jid = jid_
 self.password = password
 self.email = email
+self.check_certificate = check_certificate
 self.registered = defer.Deferred()
 def associateWithStream(self, xs):
 xmlstream.ConnectAuthenticator.associateWithStream(self, xs)
 xs.addObserver(xmlstream.STREAM_AUTHD_EVENT, self.register)
 xs.initializers = [client.CheckVersionInitializer(xs)]
-inits = [ (xmlstream.TLSInitiatingInitializer, False),
+tls_init = xmlstream.TLSInitiatingInitializer(xs)
-]
+tls_init.required = False
+tls_init.check_certificate = self.check_certificate
-for initClass, required in inits:
+xs.initializers.append(tls_init)
-init = initClass(xs)
-init.required = required
-xs.initializers.append(init)
 def register(self, xmlstream):
 log.debug(_(u"Stream started with {server}, now registering"
 .format(server=self.jid.host)))
 iq = XEP_0077.buildRegisterIQ(self.xmlstream, self.jid, self.password, self.email)
 def registrationEb(self, failure_):
 log.info(_("Registration failure: {}").format(unicode(failure_.value)))
 self.xmlstream.sendFooter()
 raise failure_
+class ServerRegister(xmlstream.XmlStreamFactory):
+def __init__(self, *args, **kwargs):
+xmlstream.XmlStreamFactory.__init__(self, *args, **kwargs)
+self.addBootstrap(xmlstream.STREAM_END_EVENT, self._disconnected)
+def clientConnectionLost(self, connector, reason):
+connector.disconnect()
+def _disconnected(self, reason):
+if not self.authenticator.registered.called:
+err = jabber_error.StreamError(u"Server unexpectedly closed the connection")
+try:
+if reason.value.args[0][0][2] == "certificate verify failed":
+err = exceptions.InvalidCertificate()
+except (IndexError, TypeError):
+pass
+self.authenticator.registered.errback(err)
 class XEP_0077(object):
 def __init__(self, host):
 log.info(_("Plugin XEP_0077 initialization"))
 @param password(unicode): password of the account
 @param email(unicode): email of the account
 @param host(unicode): host of the server to register to
 @param port(int): port of the server to register to
 """
-authenticator = RegisteringAuthenticator(jid_, password, email)
+check_certificate = host != u"127.0.0.1"
+authenticator = RegisteringAuthenticator(
+jid_, password, email, check_certificate=check_certificate)
 registered_d = authenticator.registered
-serverRegistrer = xmlstream.XmlStreamFactory(authenticator)
+server_register = ServerRegister(authenticator)
-connector = reactor.connectTCP(host, port, serverRegistrer)
+reactor.connectTCP(host, port, server_register)
-serverRegistrer.clientConnectionLost = lambda conn, reason: connector.disconnect()
 return registered_d
 def _changePassword(self, new_password, profile_key):
 client = self.host.getClient(profile_key)
 return self.changePassword(client, new_password)

Mercurial > libervia-backend

comparison sat/plugins/plugin_xep_0077.py @ 2838:8018cf9aa55b