Mercurial > libervia-backend
comparison sat/plugins/plugin_xep_0384.py @ 2744:e6716d90c2fe
plugin XEP-0384: various bug fixes:
- fixed trust management on message sending, when trusts are missing
- retrieve identiy keys when trust has not been set yet
- added our own device when it is found missing on PEP notification
- mark message as trusted when suitable
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Thu, 03 Jan 2019 21:04:55 +0100 |
| parents | eb58f26ed236 |
| children | 3ee396b2ecf3 |
comparison
equal
deleted
inserted
replaced
| 2743:da59ff099b32 | 2744:e6716d90c2fe |
|---|---|
| 292 def public_bundle(self): | 292 def public_bundle(self): |
| 293 return self._session.public_bundle | 293 return self._session.public_bundle |
| 294 | 294 |
| 295 @classmethod | 295 @classmethod |
| 296 def create(cls, client, storage, my_device_id = None): | 296 def create(cls, client, storage, my_device_id = None): |
| 297 omemo_session_p = client._xep_0384_session = omemo.SessionManager.create( | 297 omemo_session_p = omemo.SessionManager.create( |
| 298 storage, | 298 storage, |
| 299 SatOTPKPolicy, | 299 SatOTPKPolicy, |
| 300 omemo_backend, | 300 omemo_backend, |
| 301 client.jid.userhost(), | 301 client.jid.userhost(), |
| 302 my_device_id) | 302 my_device_id) |
| 446 if None set UI callback to trustUICb | 446 if None set UI callback to trustUICb |
| 447 @return D(xmlui): trust management form | 447 @return D(xmlui): trust management form |
| 448 """ | 448 """ |
| 449 # we need entity_jid xor trust_data | 449 # we need entity_jid xor trust_data |
| 450 assert entity_jid and not trust_data or not entity_jid and trust_data | 450 assert entity_jid and not trust_data or not entity_jid and trust_data |
| 451 if entity_jid.resource: | 451 if entity_jid and entity_jid.resource: |
| 452 raise ValueError(u"A bare jid is expected") | 452 raise ValueError(u"A bare jid is expected") |
| 453 | 453 |
| 454 session = client._xep_0384_session | 454 session = client._xep_0384_session |
| 455 | 455 |
| 456 if trust_data is None: | 456 if trust_data is None: |
| 457 cache = client._xep_0384_cache.setdefault(entity_jid, {}) | |
| 457 trust_data = {} | 458 trust_data = {} |
| 458 trust_session_data = yield session.getTrustForJID(entity_jid) | 459 trust_session_data = yield session.getTrustForJID(entity_jid) |
| 459 bare_jid_s = entity_jid.userhost() | 460 bare_jid_s = entity_jid.userhost() |
| 460 for device_id, trust_info in trust_session_data['active'].iteritems(): | 461 for device_id, trust_info in trust_session_data['active'].iteritems(): |
| 462 if trust_info is None: | |
| 463 # device has never been (un)trusted, we have to retrieve its | |
| 464 # fingerprint (i.e. identity key or "ik") through public bundle | |
| 465 if device_id not in cache: | |
| 466 bundles, missing = yield self.getBundles(client, | |
| 467 entity_jid, | |
| 468 [device_id]) | |
| 469 if device_id not in bundles: | |
| 470 log.warning(_( | |
| 471 u"Can't find bundle for device {device_id} of user " | |
| 472 u"{bare_jid}, ignoring").format(device_id=device_id, | |
| 473 bare_jid=bare_jid_s)) | |
| 474 continue | |
| 475 cache[device_id] = bundles[device_id] | |
| 476 # TODO: replace False below by None when undecided | |
| 477 # trusts are handled | |
| 478 trust_info = { | |
| 479 u"key": cache[device_id].ik, | |
| 480 u"trusted": False | |
| 481 } | |
| 482 | |
| 461 ik = trust_info["key"] | 483 ik = trust_info["key"] |
| 462 trust_id = unicode(hash((bare_jid_s, device_id, ik))) | 484 trust_id = unicode(hash((bare_jid_s, device_id, ik))) |
| 463 trust_data[trust_id] = { | 485 trust_data[trust_id] = { |
| 464 u"jid": entity_jid, | 486 u"jid": entity_jid, |
| 465 u"device": device_id, | 487 u"device": device_id, |
| 786 log.warning(_( | 808 log.warning(_( |
| 787 u"Some devices have missing bundles, cleaning out public " | 809 u"Some devices have missing bundles, cleaning out public " |
| 788 u"devices list")) | 810 u"devices list")) |
| 789 existing_devices = devices - bundles_not_found | 811 existing_devices = devices - bundles_not_found |
| 790 yield self.setDevices(client, existing_devices) | 812 yield self.setDevices(client, existing_devices) |
| 813 # we check that our device has not been removed from the list | |
| 814 if entity == client.jid.userhostJID(): | |
| 815 own_device = client._xep_0384_device_id | |
| 816 if own_device not in devices: | |
| 817 log.warning(_(u"Our own device is missing from devices list, fixing it")) | |
| 818 devices.add(own_device) | |
| 819 yield self.setDevices(client, devices) | |
| 820 | |
| 791 | 821 |
| 792 ## triggers | 822 ## triggers |
| 793 | 823 |
| 794 @defer.inlineCallbacks | 824 @defer.inlineCallbacks |
| 795 def handleProblems(self, client, bundles, problems): | 825 def handleProblems(self, client, bundles, problems): |
| 812 elif isinstance(problem, omemo_excpt.NoEligibleDevicesException): | 842 elif isinstance(problem, omemo_excpt.NoEligibleDevicesException): |
| 813 pass | 843 pass |
| 814 | 844 |
| 815 if untrusted: | 845 if untrusted: |
| 816 trust_data = {} | 846 trust_data = {} |
| 817 for device_id, data in untrusted.iteritems(): | 847 for trust_id, data in untrusted.iteritems(): |
| 818 trust_data[u'jid'] = jid.JID(data.bare_jid) | 848 trust_data[trust_id] = { |
| 819 trust_data[u'device'] = data.device | 849 'jid': jid.JID(data.bare_jid), |
| 820 trust_data[u'ik'] = data.ik | 850 'device': data.device, |
| 821 | 851 'ik': data.ik} |
| 822 xmlui = yield self.getTrustUI(client, trust_data, submit_id=u"") | 852 |
| 853 xmlui = yield self.getTrustUI(client, trust_data=trust_data, submit_id=u"") | |
| 823 | 854 |
| 824 answer = yield xml_tools.deferXMLUI( | 855 answer = yield xml_tools.deferXMLUI( |
| 825 self.host, | 856 self.host, |
| 826 xmlui, | 857 xmlui, |
| 827 action_extra={ | 858 action_extra={ |
| 952 plaintext = yield omemo_session.decryptMessage(**kwargs) | 983 plaintext = yield omemo_session.decryptMessage(**kwargs) |
| 953 except omemo_excpt.UntrustedException: | 984 except omemo_excpt.UntrustedException: |
| 954 post_treat.addCallback(client.encryption.markAsUntrusted) | 985 post_treat.addCallback(client.encryption.markAsUntrusted) |
| 955 kwargs['allow_untrusted'] = True | 986 kwargs['allow_untrusted'] = True |
| 956 plaintext = yield omemo_session.decryptMessage(**kwargs) | 987 plaintext = yield omemo_session.decryptMessage(**kwargs) |
| 988 else: | |
| 989 post_treat.addCallback(client.encryption.markAsTrusted) | |
| 957 except Exception as e: | 990 except Exception as e: |
| 958 log.warning(_(u"Can't decrypt message: {reason}\n{xml}").format( | 991 log.warning(_(u"Can't decrypt message: {reason}\n{xml}").format( |
| 959 reason=e, xml=message_elt.toXml())) | 992 reason=e, xml=message_elt.toXml())) |
| 960 defer.returnValue(False) | 993 defer.returnValue(False) |
| 961 if omemo_session.republish_bundle: | 994 if omemo_session.republish_bundle: |