libervia-backend: src/plugins/plugin_sec

comparison src/plugins/plugin_sec_otr.py @ 1095:ef7b7dd5c5db

plugin OTR: various improvments: - otr_data is now saved between sessions - private key is encrypted before saving - state change is detected (unencrypted/started/refreshed/finished) and (un)trusted (trusting is not implemented yet) - user feedback - fixed unencrypted message in an encrypted context warning - fixed inject msg encoding - minor refactoring

author	Goffi <goffi@goffi.org>
date	Thu, 26 Jun 2014 14:58:25 +0200
parents	abcac1ac27a7
children	8def4a3f55c2

comparison

equal deleted inserted replaced

-:4286a19e9e8a
+:ef7b7dd5c5db
 from sat.core.log import getLogger
 from sat.core import exceptions
 log = getLogger(__name__)
 from twisted.words.protocols.jabber import jid
 from twisted.python import failure
+from twisted.internet import defer
 import potr
+from sat.memory import persistent
+NS_OTR = "otr_plugin"
+PRIVATE_KEY = "PRIVATE KEY"
 DEFAULT_POLICY_FLAGS = {
 'ALLOW_V1':False,
 'ALLOW_V2':True,
 'REQUIRE_ENCRYPTION':True,
 "handler": "no",
 "description": _("""Implementation of OTR""")
 }
-PROTOCOL='xmpp'
-MMS=1024
 class Context(potr.context.Context):
-def __init__(self, host, account, peer):
+def __init__(self, host, account, other_jid):
-super(Context, self).__init__(account, peer)
+super(Context, self).__init__(account, other_jid)
 self.host = host
 def getPolicy(self, key):
 if key in DEFAULT_POLICY_FLAGS:
 return DEFAULT_POLICY_FLAGS[key]
 else:
 return False
-def inject(self, msg, appdata=None):
+def inject(self, msg_str, appdata=None):
-to_jid, profile = appdata
+assert isinstance(self.peer, jid.JID)
-assert isinstance(to_jid, jid.JID)
+msg = msg_str.decode('utf-8')
-client = self.host.getClient(profile)
+client = self.user.client
-log.debug('inject(%s, appdata=%s, to=%s)' % (msg, appdata, to_jid))
+log.debug(u'inject(%s, appdata=%s, to=%s)' % (msg, appdata, self.peer))
 mess_data = {'message': msg,
 'type': 'chat',
 'from': client.jid,
-'to': to_jid,
+'to': self.peer,
 'subject': None,
 }
 self.host.generateMessageXML(mess_data)
 client.xmlstream.send(mess_data['xml'])
 def setState(self, state):
+old_state = self.state
 super(Context, self).setState(state)
-log.debug("setState: %s (self = %s)" % (state, self))
+log.debug(u"setState: %s (old_state=%s) " % (state, old_state))
-# TODO: send signal to frontends, maybe a message feedback too
+if state == potr.context.STATE_PLAINTEXT:
+feedback = _(u"/!\\ conversation with %(other_jid)s is now UNENCRYPTED") % {'other_jid': self.peer.full()}
+elif state == potr.context.STATE_ENCRYPTED:
+try:
+fingerprint, trusted = self.getCurrentTrust()
+except TypeError:
+trusted = False
+trusted_str = _(u"trusted") if trusted else _(u"untrusted")
+if old_state == potr.context.STATE_ENCRYPTED:
+feedback = _(u"%(trusted)s OTR conversation with %(other_jid)s REFRESHED") % {'trusted': trusted_str, 'other_jid': self.peer.full()}
+else:
+feedback = _(u"%(trusted)s Encrypted OTR conversation started with %(other_jid)s") % {'trusted': trusted_str, 'other_jid': self.peer.full()}
+elif state == potr.context.STATE_FINISHED:
+feedback = _(u"OTR conversation with %(other_jid)s is FINISHED") % {'other_jid': self.peer.full()}
+else:
+log.error(_(u"Unknown OTR state"))
+return
+client = self.user.client
+# FIXME: newMessage should manage system message, so they don't appear as coming from the contact
+self.host.bridge.newMessage(client.jid.full(),
+feedback,
+mess_type="headline",
+to_jid=self.peer.full(),
+extra={},
+profile=client.profile)
+# TODO: send signal to frontends
 class Account(potr.context.Account):
-def __init__(self, account_jid):
+def __init__(self, host, client):
-global PROTOCOL, MMS
+log.debug(u"new account: %s" % client.jid)
-assert isinstance(account_jid, jid.JID)
+super(Account, self).__init__(client.jid, "xmpp", 1024)
-log.debug("new account: %s" % account_jid)
+self.host = host
-super(Account, self).__init__(account_jid, PROTOCOL, MMS)
+self.client = client
 def loadPrivkey(self):
-# TODO
+log.debug(u"loadPrivkey")
-log.debug("loadPrivkey")
+return self.client.otr_priv_key
-return None
 def savePrivkey(self):
-# TODO
+log.debug(u"savePrivkey")
-log.debug("savePrivkey")
+priv_key = self.getPrivkey().serializePrivateKey()
+d = self.host.memory.encryptValue(priv_key, self.client.profile)
+def save_encrypted_key(encrypted_priv_key):
+self.client.otr_data[PRIVATE_KEY] = encrypted_priv_key
+d.addCallback(save_encrypted_key)
 class ContextManager(object):
 def __init__(self, host, client):
 self.host = host
-self.account = Account(client.jid)
+self.account = Account(host, client)
 self.contexts = {}
-def startContext(self, other):
+def startContext(self, other_jid):
-assert isinstance(other, jid.JID)
+assert isinstance(other_jid, jid.JID)
-if not other in self.contexts:
+context = self.contexts.setdefault(other_jid, Context(self.host, self.account, other_jid))
-self.contexts[other] = Context(self.host, self.account, other)
+return context
-return self.contexts[other]
 def getContextForUser(self, other):
-log.debug("getContextForUser [%s]" % other)
+log.debug(u"getContextForUser [%s]" % other)
 return self.startContext(other)
 class OTR(object):
 def __init__(self, host):
-log.info(_("OTR plugin initialization"))
+log.info(_(u"OTR plugin initialization"))
 self.host = host
 self.context_managers = {}
 host.trigger.add("MessageReceived", self.MessageReceivedTrigger, priority=100000)
 host.trigger.add("sendMessage", self.sendMessageTrigger, priority=100000)
+@defer.inlineCallbacks
 def profileConnected(self, profile):
 client = self.host.getClient(profile)
 self.context_managers[profile] = ContextManager(self.host, client)
+client.otr_data = persistent.PersistentBinaryDict(NS_OTR, profile)
+yield client.otr_data.load()
+encrypted_priv_key = client.otr_data.get(PRIVATE_KEY, None)
+if encrypted_priv_key is not None:
+priv_key = yield self.host.memory.decryptValue(encrypted_priv_key, profile)
+client.otr_priv_key = potr.crypt.PK.parsePrivateKey(priv_key)[0]
+else:
+client.otr_priv_key = None
 def _receivedTreatment(self, data, profile):
 from_jid = jid.JID(data['from'])
-log.debug("_receivedTreatment [from_jid = %s]" % from_jid)
+log.debug(u"_receivedTreatment [from_jid = %s]" % from_jid)
 otrctx = self.context_managers[profile].getContextForUser(from_jid)
 encrypted = True
 try:
-res = otrctx.receiveMessage(data['body'].encode('utf-8'), appdata=(from_jid, profile))
+res = otrctx.receiveMessage(data['body'].encode('utf-8'))
 except potr.context.UnencryptedMessage:
-log.warning("Received unencrypted message in an encrypted context")
+if otrctx.state == potr.context.STATE_ENCRYPTED:
-# TODO: feedback to frontends (either message or popup)
+log.warning(u"Received unencrypted message in an encrypted context (from %(jid)s)" % {'jid': from_jid.full()})
+client = self.host.getClient(profile)
+self.host.bridge.newMessage(from_jid.full(),
+_(u"WARNING: received unencrypted data in a supposedly encrypted context"),
+mess_type="headline", # FIXME: add message type for internal informations
+to_jid=client.jid.full(),
+extra={},
+profile=client.profile)
 encrypted = False
-if encrypted == False:
+if not encrypted:
 return data
 else:
 if res[0] != None:
 # decrypted messages handling.
 # receiveMessage() will return a tuple, the first part of which will be the decrypted message
 to_jid = mess_data['to']
 if mess_data['type'] != 'groupchat' and not to_jid.resource:
 to_jid.resource = self.host.memory.getLastResource(to_jid, profile) # FIXME: it's dirty, but frontends don't manage resources correctly now, refactoring is planed
 otrctx = self.context_managers[profile].getContextForUser(to_jid)
 if mess_data['type'] != 'groupchat' and otrctx.state == potr.context.STATE_ENCRYPTED:
-log.debug("encrypting message")
+log.debug(u"encrypting message")
-otrctx.sendMessage(0, mess_data['message'].encode('utf-8'), appdata=(to_jid, profile))
+otrctx.sendMessage(0, mess_data['message'].encode('utf-8'))
 client = self.host.getClient(profile)
 self.host.sendMessageToBridge(mess_data, client)
 return False
 else:
-log.debug("sending message unencrypted")
+log.debug(u"sending message unencrypted")
 return True

Mercurial > libervia-backend

comparison src/plugins/plugin_sec_otr.py @ 1095:ef7b7dd5c5db