Mercurial > libervia-backend
comparison sat/plugins/plugin_sec_pubsub_signing.py @ 3961:a15c171836bb
plugin pubsub signing: fix `gpg_provider` instanciation:
the instance was set at the class level while it is client dependant, resulting in the
instance being overwritten on each client connexion.
rel 381
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Sun, 30 Oct 2022 01:06:35 +0200 |
| parents | 3cb9ade2ab84 |
| children | d105ead599b6 |
comparison
equal
deleted
inserted
replaced
| 3960:4836b81c5f31 | 3961:a15c171836bb |
|---|---|
| 35 from sat.core.i18n import _ | 35 from sat.core.i18n import _ |
| 36 from sat.core.log import getLogger | 36 from sat.core.log import getLogger |
| 37 from sat.tools import utils | 37 from sat.tools import utils |
| 38 from sat.tools.common import data_format | 38 from sat.tools.common import data_format |
| 39 | 39 |
| 40 from .plugin_xep_0373 import get_gpg_provider, VerificationFailed | 40 from .plugin_xep_0373 import VerificationFailed |
| 41 | 41 |
| 42 | 42 |
| 43 log = getLogger(__name__) | 43 log = getLogger(__name__) |
| 44 | 44 |
| 45 IMPORT_NAME = "pubsub-signing" | 45 IMPORT_NAME = "pubsub-signing" |
| 84 async_=True, | 84 async_=True, |
| 85 ) | 85 ) |
| 86 | 86 |
| 87 def getHandler(self, client): | 87 def getHandler(self, client): |
| 88 return PubsubSigning_Handler() | 88 return PubsubSigning_Handler() |
| 89 | |
| 90 async def profileConnecting(self, client): | |
| 91 self.gpg_provider = get_gpg_provider(self.host, client) | |
| 92 | 89 |
| 93 def get_data_to_sign( | 90 def get_data_to_sign( |
| 94 self, | 91 self, |
| 95 item_elt: domish.Element, | 92 item_elt: domish.Element, |
| 96 to_jid: jid.JID, | 93 to_jid: jid.JID, |
| 174 raise NotImplemented("multiple signers are not supported yet") | 171 raise NotImplemented("multiple signers are not supported yet") |
| 175 signer = jid.JID(signers[0]) | 172 signer = jid.JID(signers[0]) |
| 176 signature = base64.b64decode(signature_data["signature"]) | 173 signature = base64.b64decode(signature_data["signature"]) |
| 177 verification_keys = { | 174 verification_keys = { |
| 178 k for k in await self._ox.import_all_public_keys(client, signer) | 175 k for k in await self._ox.import_all_public_keys(client, signer) |
| 179 if self.gpg_provider.can_sign(k) | 176 if client.gpg_provider.can_sign(k) |
| 180 } | 177 } |
| 181 signed_data = self.get_data_to_sign(item_elt, service, timestamp, signer.full()) | 178 signed_data = self.get_data_to_sign(item_elt, service, timestamp, signer.full()) |
| 182 try: | 179 try: |
| 183 self.gpg_provider.verify_detached(signed_data, signature, verification_keys) | 180 client.gpg_provider.verify_detached(signed_data, signature, verification_keys) |
| 184 except VerificationFailed: | 181 except VerificationFailed: |
| 185 validated = False | 182 validated = False |
| 186 else: | 183 else: |
| 187 validated = True | 184 validated = True |
| 188 | 185 |
| 279 signature_elt.addElement("signer", content=signer) | 276 signature_elt.addElement("signer", content=signer) |
| 280 | 277 |
| 281 sign_elt = signature_elt.addElement((NS_PUBSUB_SIGNING_OPENPGP, "sign")) | 278 sign_elt = signature_elt.addElement((NS_PUBSUB_SIGNING_OPENPGP, "sign")) |
| 282 signing_keys = { | 279 signing_keys = { |
| 283 k for k in self._ox.list_secret_keys(client) | 280 k for k in self._ox.list_secret_keys(client) |
| 284 if self.gpg_provider.can_sign(k.public_key) | 281 if client.gpg_provider.can_sign(k.public_key) |
| 285 } | 282 } |
| 286 # the base64 encoded signature itself | 283 # the base64 encoded signature itself |
| 287 sign_elt.addContent( | 284 sign_elt.addContent( |
| 288 base64.b64encode( | 285 base64.b64encode( |
| 289 self.gpg_provider.sign_detached(to_sign, signing_keys) | 286 client.gpg_provider.sign_detached(to_sign, signing_keys) |
| 290 ).decode() | 287 ).decode() |
| 291 ) | 288 ) |
| 292 return signature_elt | 289 return signature_elt |
| 293 else: | 290 else: |
| 294 return None | 291 return None |