hueso/gajim-plugins
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[pgp] Move all Gajim PGP code into plugin

Browse Source
This commit is contained in:
Philipp Hörist
2019-04-14 22:08:07 +02:00
parent b35a259980
commit 466a4e91f7
15 changed files with 1178 additions and 346 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
pgp/backend/__init__.py Normal file
View File

153
pgp/backend/python_gnupg.py Normal file
View File

@@ -0,0 +1,153 @@
# Copyright (C) 2019 Philipp Hörist <philipp AT hoerist.com>
# Copyright (C) 2003-2014 Yann Leboulanger <asterix AT lagaule.org>
# Copyright (C) 2005 Alex Mauer <hawke AT hawkesnest.net>
# Copyright (C) 2005-2006 Nikos Kouremenos <kourem AT gmail.com>
# Copyright (C) 2007 Stephan Erb <steve-e AT h3c.de>
# Copyright (C) 2008 Jean-Marie Traissard <jim AT lapin.org>
# Jonathan Schleifer <js-gajim AT webkeks.org>
#
# This file is part of PGP Gajim Plugin.
#
# PGP Gajim Plugin is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation; version 3 only.
#
# PGP Gajim Plugin is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with PGP Gajim Plugin. If not, see <http://www.gnu.org/licenses/>.
import os
import logging
from functools import lru_cache
import gnupg
from gajim.common.helpers import Singleton
from pgp.exceptions import SignError
logger = logging.getLogger('gajim.p.pgplegacy')
if logger.getEffectiveLevel() == logging.DEBUG:
logger = logging.getLogger('gnupg')
logger.addHandler(logging.StreamHandler())
logger.setLevel(logging.DEBUG)
class PGP(gnupg.GPG, metaclass=Singleton):
def __init__(self, binary, encoding=None):
super().__init__(gpgbinary=binary,
use_agent=True)
if encoding is not None:
self.encoding = encoding
self.decode_errors = 'replace'
def encrypt(self, payload, recipients, always_trust=False):
if not always_trust:
# check that we'll be able to encrypt
result = self.get_key(recipients[0])
for key in result:
if key['trust'] not in ('f', 'u'):
return '', 'NOT_TRUSTED ' + key['keyid'][-8:]
result = super().encrypt(
payload.encode('utf8'),
recipients,
always_trust=always_trust)
if result.ok:
error = ''
else:
error = result.status
return self._strip_header_footer(str(result)), error
def decrypt(self, payload):
data = self._add_header_footer(payload, 'MESSAGE')
result = super().decrypt(data.encode('utf8'))
return result.data.decode('utf8')
@lru_cache(maxsize=8)
def sign(self, payload, key_id):
if payload is None:
payload = ''
result = super().sign(payload.encode('utf8'),
keyid=key_id,
detach=True)
if result.fingerprint:
return self._strip_header_footer(str(result))
raise SignError(result.status)
def verify(self, payload, signed):
# Hash algorithm is not transfered in the signed
# presence stanza so try all algorithms.
# Text name for hash algorithms from RFC 4880 - section 9.4
if payload is None:
payload = ''
hash_algorithms = ['SHA512', 'SHA384', 'SHA256',
'SHA224', 'SHA1', 'RIPEMD160']
for algo in hash_algorithms:
data = os.linesep.join(
['-----BEGIN PGP SIGNED MESSAGE-----',
'Hash: ' + algo,
'',
payload,
self._add_header_footer(signed, 'SIGNATURE')]
)
result = super().verify(data.encode('utf8'))
if result.valid:
return result.key_id
def get_key(self, key_id):
return super().list_keys(keys=[key_id])
def get_keys(self, secret=False):
keys = {}
result = super().list_keys(secret=secret)
for key in result:
# Take first not empty uid
keys[key['keyid'][8:]] = [uid for uid in key['uids'] if uid][0]
return keys
@staticmethod
def _strip_header_footer(data):
"""
Remove header and footer from data
"""
if not data:
return ''
lines = data.splitlines()
while lines[0] != '':
lines.remove(lines[0])
while lines[0] == '':
lines.remove(lines[0])
i = 0
for line in lines:
if line:
if line[0] == '-':
break
i = i+1
line = '\n'.join(lines[0:i])
return line
@staticmethod
def _add_header_footer(data, type_):
"""
Add header and footer from data
"""
out = "-----BEGIN PGP %s-----" % type_ + os.linesep
out = out + "Version: PGP" + os.linesep
out = out + os.linesep
out = out + data + os.linesep
out = out + "-----END PGP %s-----" % type_ + os.linesep
return out

105
pgp/backend/store.py Normal file
View File

@@ -0,0 +1,105 @@
# Copyright (C) 2019 Philipp Hörist <philipp AT hoerist.com>
#
# This file is part of the PGP Gajim Plugin.
#
# PGP Gajim Plugin is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation; version 3 only.
#
# PGP Gajim Plugin is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with PGP Gajim Plugin. If not, see <http://www.gnu.org/licenses/>.
import json
from pathlib import Path
from gajim.common import app
from gajim.common import configpaths
from gajim.common.helpers import delay_execution
class KeyStore:
def __init__(self, account, own_jid, log):
self._log = log
self._account = account
self._store = {
'own_key_data': None,
'contact_key_data': {},
}
own_bare_jid = own_jid.getBare()
path = Path(configpaths.get('PLUGINS_DATA')) / 'pgplegacy' / own_bare_jid
if not path.exists():
path.mkdir(parents=True)
self._store_path = path / 'store'
if self._store_path.exists():
with self._store_path.open('r') as file:
try:
self._store = json.load(file)
except Exception:
log.exception('Could not load config')
if not self._store['contact_key_data']:
self._migrate()
def _migrate(self):
keys = {}
attached_keys = app.config.get_per(
'accounts', self._account, 'attached_gpg_keys').split()
if attached_keys is None:
return
for i in range(len(attached_keys) // 2):
keys[attached_keys[2 * i]] = attached_keys[2 * i + 1]
for jid, key_id in keys.items():
self.set_contact_key_data(jid, (key_id, ''))
own_key_id = app.config.get_per('accounts', self._account, 'keyid')
own_key_user = app.config.get_per('accounts', self._account, 'keyname')
if own_key_id:
self.set_own_key_data((own_key_id, own_key_user))
self._log.info('Migration successful')
@delay_execution(500)
def _save_store(self):
with self._store_path.open('w') as file:
json.dump(self._store, file)
def _get_dict_key(self, jid):
return '%s-%s' % (self._account, jid)
def set_own_key_data(self, key_data):
if key_data is None:
self._store['own_key_data'] = None
else:
self._store['own_key_data'] = {
'key_id': key_data[0],
'key_user': key_data[1]
}
self._save_store()
def get_own_key_data(self):
return self._store['own_key_data']
def get_contact_key_data(self, jid):
key_ids = self._store['contact_key_data']
dict_key = self._get_dict_key(jid)
return key_ids.get(dict_key)
def set_contact_key_data(self, jid, key_data):
key_ids = self._store['contact_key_data']
dict_key = self._get_dict_key(jid)
if key_data is None:
self._store['contact_key_data'][dict_key] = None
else:
key_ids[dict_key] = {
'key_id': key_data[0],
'key_user': key_data[1]
}
self._save_store()