Mercurial > libervia-backend
comparison sat/plugins/plugin_sec_pubsub_signing.py @ 3961:a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
the instance was set at the class level while it is client dependant, resulting in the
instance being overwritten on each client connexion.
rel 381
author | Goffi <goffi@goffi.org> |
---|---|
date | Sun, 30 Oct 2022 01:06:35 +0200 |
parents | 3cb9ade2ab84 |
children | d105ead599b6 |
comparison
equal
deleted
inserted
replaced
3960:4836b81c5f31 | 3961:a15c171836bb |
---|---|
35 from sat.core.i18n import _ | 35 from sat.core.i18n import _ |
36 from sat.core.log import getLogger | 36 from sat.core.log import getLogger |
37 from sat.tools import utils | 37 from sat.tools import utils |
38 from sat.tools.common import data_format | 38 from sat.tools.common import data_format |
39 | 39 |
40 from .plugin_xep_0373 import get_gpg_provider, VerificationFailed | 40 from .plugin_xep_0373 import VerificationFailed |
41 | 41 |
42 | 42 |
43 log = getLogger(__name__) | 43 log = getLogger(__name__) |
44 | 44 |
45 IMPORT_NAME = "pubsub-signing" | 45 IMPORT_NAME = "pubsub-signing" |
84 async_=True, | 84 async_=True, |
85 ) | 85 ) |
86 | 86 |
87 def getHandler(self, client): | 87 def getHandler(self, client): |
88 return PubsubSigning_Handler() | 88 return PubsubSigning_Handler() |
89 | |
90 async def profileConnecting(self, client): | |
91 self.gpg_provider = get_gpg_provider(self.host, client) | |
92 | 89 |
93 def get_data_to_sign( | 90 def get_data_to_sign( |
94 self, | 91 self, |
95 item_elt: domish.Element, | 92 item_elt: domish.Element, |
96 to_jid: jid.JID, | 93 to_jid: jid.JID, |
174 raise NotImplemented("multiple signers are not supported yet") | 171 raise NotImplemented("multiple signers are not supported yet") |
175 signer = jid.JID(signers[0]) | 172 signer = jid.JID(signers[0]) |
176 signature = base64.b64decode(signature_data["signature"]) | 173 signature = base64.b64decode(signature_data["signature"]) |
177 verification_keys = { | 174 verification_keys = { |
178 k for k in await self._ox.import_all_public_keys(client, signer) | 175 k for k in await self._ox.import_all_public_keys(client, signer) |
179 if self.gpg_provider.can_sign(k) | 176 if client.gpg_provider.can_sign(k) |
180 } | 177 } |
181 signed_data = self.get_data_to_sign(item_elt, service, timestamp, signer.full()) | 178 signed_data = self.get_data_to_sign(item_elt, service, timestamp, signer.full()) |
182 try: | 179 try: |
183 self.gpg_provider.verify_detached(signed_data, signature, verification_keys) | 180 client.gpg_provider.verify_detached(signed_data, signature, verification_keys) |
184 except VerificationFailed: | 181 except VerificationFailed: |
185 validated = False | 182 validated = False |
186 else: | 183 else: |
187 validated = True | 184 validated = True |
188 | 185 |
279 signature_elt.addElement("signer", content=signer) | 276 signature_elt.addElement("signer", content=signer) |
280 | 277 |
281 sign_elt = signature_elt.addElement((NS_PUBSUB_SIGNING_OPENPGP, "sign")) | 278 sign_elt = signature_elt.addElement((NS_PUBSUB_SIGNING_OPENPGP, "sign")) |
282 signing_keys = { | 279 signing_keys = { |
283 k for k in self._ox.list_secret_keys(client) | 280 k for k in self._ox.list_secret_keys(client) |
284 if self.gpg_provider.can_sign(k.public_key) | 281 if client.gpg_provider.can_sign(k.public_key) |
285 } | 282 } |
286 # the base64 encoded signature itself | 283 # the base64 encoded signature itself |
287 sign_elt.addContent( | 284 sign_elt.addContent( |
288 base64.b64encode( | 285 base64.b64encode( |
289 self.gpg_provider.sign_detached(to_sign, signing_keys) | 286 client.gpg_provider.sign_detached(to_sign, signing_keys) |
290 ).decode() | 287 ).decode() |
291 ) | 288 ) |
292 return signature_elt | 289 return signature_elt |
293 else: | 290 else: |
294 return None | 291 return None |