hueso/gajim-plugins
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[openpgp] Port to Gtk4

Browse Source
This commit is contained in:
Philipp Hörist
2025-02-08 16:10:31 +01:00
parent 3a5816259c
commit c67e7f341b
19 changed files with 935 additions and 1111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
openpgp/backend/base.py Normal file
View File

@@ -0,0 +1,97 @@
# Copyright (C) 2025 Philipp Hörist <philipp AT hoerist.com>
#
# This file is part of the OpenPGP Gajim Plugin.
#
# OpenPGP Gajim Plugin is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation; version 3 only.
#
# OpenPGP Gajim Plugin is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with OpenPGP Gajim Plugin. If not, see <http://www.gnu.org/licenses/>.
from __future__ import annotations
from typing import Any
from typing import TYPE_CHECKING
from collections.abc import Sequence
from pathlib import Path
from nbxmpp.protocol import JID
if TYPE_CHECKING:
from openpgp.modules.key_store import KeyData
class BaseKeyringItem:
def __init__(self, key: Any) -> None:
self._key = key
self._uid = self._get_uid()
@property
def is_xmpp_key(self) -> bool:
try:
return self.jid is not None
except Exception:
return False
def is_valid(self, jid: JID) -> bool:
if not self.is_xmpp_key:
return False
return jid == self.jid
def _get_uid(self) -> str | None:
raise NotImplementedError
@property
def fingerprint(self) -> str:
raise NotImplementedError
@property
def uid(self):
if self._uid is not None:
return self._uid
@property
def jid(self) -> JID | None:
if self._uid is not None:
return JID.from_string(self._uid)
def __hash__(self):
return hash(self.fingerprint)
class BasePGPBackend:
def __init__(self, jid: str, gnupghome: Path) -> None:
raise NotImplementedError
def generate_key(self) -> None:
raise NotImplementedError
def encrypt(
self, payload: bytes, keys: list[KeyData]
) -> tuple[bytes | None, str | None]:
raise NotImplementedError
def decrypt(self, payload: bytes) -> tuple[str, str]:
raise NotImplementedError
def get_keys(self) -> Sequence[BaseKeyringItem]:
raise NotImplementedError
def import_key(self, data: bytes, jid: JID) -> BaseKeyringItem | None:
raise NotImplementedError
def get_own_key_details(self) -> tuple[str | None, int | None]:
raise NotImplementedError
def export_key(self, fingerprint: str) -> bytes | None:
raise NotImplementedError
def delete_key(self, fingerprint: str) -> None:
raise NotImplementedError

131
openpgp/backend/gpgme.py
View File

@@ -14,34 +14,29 @@
# You should have received a copy of the GNU General Public License
# along with OpenPGP Gajim Plugin. If not, see <http://www.gnu.org/licenses/>.
from typing import Any
from typing import cast
import logging
from collections.abc import Sequence
from pathlib import Path
import gpg
from gpg.errors import KeyNotFound
from gpg.results import ImportResult
from nbxmpp.protocol import JID
from openpgp.backend.base import BaseKeyringItem
from openpgp.backend.base import BasePGPBackend
from openpgp.backend.gpgme_types import Key
from openpgp.backend.util import parse_uid
from openpgp.modules.key_store import KeyData
from openpgp.modules.util import DecryptionFailed
log = logging.getLogger("gajim.p.openpgp.gpgme")
class KeyringItem:
def __init__(self, key):
self._key = key
self._uid = self._get_uid()
@property
def is_xmpp_key(self) -> bool:
try:
return self.jid is not None
except Exception:
return False
def is_valid(self, jid: JID) -> bool:
if not self.is_xmpp_key:
return False
return jid == self.jid
class KeyringItem(BaseKeyringItem):
def _get_uid(self) -> str | None:
for uid in self._key.uids:
@@ -51,36 +46,22 @@ class KeyringItem:
pass
@property
def fingerprint(self):
def fingerprint(self) -> str:
return self._key.fpr
@property
def uid(self):
if self._uid is not None:
return self._uid
@property
def jid(self):
if self._uid is not None:
return JID.from_string(self._uid)
def __hash__(self):
return hash(self.fingerprint)
class GPGME:
def __init__(self, jid, gnuhome):
class GPGMe(BasePGPBackend):
def __init__(self, jid: str, gnuhome: Path) -> None:
self._jid = jid
self._context_args = {
"home_dir": str(gnuhome),
"offline": True,
"armor": False,
}
self._home_dir = str(gnuhome)
def generate_key(self):
with gpg.Context(**self._context_args) as context:
def _get_context(self) -> gpg.Context:
return gpg.Context(armor=False, offline=True, home_dir=self._home_dir)
def generate_key(self) -> None:
with self._get_context() as context:
result = context.create_key(
f"xmpp:{str(self._jid)}",
f"xmpp:{self._jid}",
algorithm="default",
expires=False,
passphrase=None,
@@ -89,11 +70,11 @@ class GPGME:
log.info("Generated new key: %s", result.fpr)
def get_key(self, fingerprint):
with gpg.Context(**self._context_args) as context:
def _get_key(self, fingerprint: str) -> Key | None:
with self._get_context() as context:
try:
key = context.get_key(fingerprint)
except gpg.errors.KeyNotFound as error:
return cast(Key, context.get_key(fingerprint))
except KeyNotFound as error:
log.warning("key not found: %s", error.keystr)
return
@@ -101,11 +82,9 @@ class GPGME:
log.warning("get_key() error: %s", error)
return
return key
def get_own_key_details(self):
with gpg.Context(**self._context_args) as context:
keys = list(context.keylist(secret=True))
def get_own_key_details(self) -> tuple[str | None, int | None]:
with self._get_context() as context:
keys = cast(list[Key], list(context.keylist(secret=True)))
if not keys:
return None, None
@@ -116,10 +95,10 @@ class GPGME:
return None, None
def get_keys(self):
keys = []
with gpg.Context(**self._context_args) as context:
for key in context.keylist():
def get_keys(self) -> Sequence[KeyringItem]:
keys: list[KeyringItem] = []
with self._get_context() as context:
for key in context.keylist(secret=False):
keyring_item = KeyringItem(key)
if not keyring_item.is_xmpp_key:
log.warning("Key not suited for xmpp: %s", key.fpr)
@@ -130,10 +109,9 @@ class GPGME:
return keys
def export_key(self, fingerprint):
with gpg.Context(**self._context_args) as context:
key = context.key_export_minimal(pattern=fingerprint)
return key
def export_key(self, fingerprint: str) -> bytes | None:
with self._get_context() as context:
return context.key_export_minimal(pattern=fingerprint)
# def encrypt_decrypt_files(self):
# c = gpg.Context()
@@ -149,9 +127,11 @@ class GPGME:
# with open('foo2.txt', 'w') as output_file:
# c.decrypt(input_file, output_file)
def encrypt(self, plaintext, keys):
recipients = []
with gpg.Context(**self._context_args) as context:
def encrypt(
self, payload: bytes, keys: list[KeyData]
) -> tuple[bytes | None, str | None]:
recipients: list[Any] = []
with self._get_context() as context:
for key in keys:
key = context.get_key(key.fingerprint)
if key is not None:
@@ -160,18 +140,18 @@ class GPGME:
if not recipients:
return None, "No keys found to encrypt to"
with gpg.Context(**self._context_args) as context:
result = context.encrypt(
str(plaintext).encode(), recipients, always_trust=True
)
with self._get_context() as context:
result = context.encrypt(payload, recipients, always_trust=True)
ciphertext, result, _sign_result = result
return ciphertext, None
ciphertext, result, _sign_result = result
return ciphertext, None
def decrypt(self, ciphertext):
with gpg.Context(**self._context_args) as context:
raise RuntimeError
def decrypt(self, payload: bytes) -> tuple[str, str]:
with self._get_context() as context:
try:
result = context.decrypt(ciphertext)
result = context.decrypt(payload)
except Exception as error:
raise DecryptionFailed("Decryption failed: %s" % error)
@@ -186,9 +166,9 @@ class GPGME:
return plaintext, fingerprints[0]
def import_key(self, data, jid):
def import_key(self, data: bytes, jid: JID) -> KeyringItem | None:
log.info("Import key from %s", jid)
with gpg.Context(**self._context_args) as context:
with self._get_context() as context:
result = context.key_import(data)
if not isinstance(result, ImportResult) or result.imported != 1:
log.error("Key import failed: %s", jid)
@@ -196,7 +176,7 @@ class GPGME:
return
fingerprint = result.imports[0].fpr
key = self.get_key(fingerprint)
key = self._get_key(fingerprint)
item = KeyringItem(key)
if not item.is_valid(jid):
log.warning("Invalid key found")
@@ -206,8 +186,9 @@ class GPGME:
return item
def delete_key(self, fingerprint):
def delete_key(self, fingerprint: str) -> None:
log.info("Delete Key: %s", fingerprint)
key = self.get_key(fingerprint)
with gpg.Context(**self._context_args) as context:
key = self._get_key(fingerprint)
assert key is not None
with self._get_context() as context:
context.op_delete(key, True)

86
openpgp/backend/gpgme_types.py Normal file
View File

@@ -0,0 +1,86 @@
# Copyright (C) 2025 Philipp Hörist <philipp AT hoerist.com>
#
# This file is part of the OpenPGP Gajim Plugin.
#
# OpenPGP Gajim Plugin is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published
# by the Free Software Foundation; version 3 only.
#
# OpenPGP Gajim Plugin is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with OpenPGP Gajim Plugin. If not, see <http://www.gnu.org/licenses/>.
from __future__ import annotations
from typing import Any
class UID:
address: Any | None
comment: str
email: str
invalid: int
last_update: int
name: str
origin: int
revoked: int
signatures: list[Any]
thisown: bool
tofu: list[Any]
uid: str
uidhash: str
validity: int
class SubKey:
can_authenticate: int
can_certify: int
can_encrypt: int
can_sign: int
card_number: Any | None
curve: Any | None
disabled: int
expired: int
expires: int
fpr: str
invalid: int
is_cardkey: int
is_de_vs: int
is_qualified: int
keygrip: Any | None
keyid: str
length: int
pubkey_algo: int
revoked: int
secret: int
thisown: bool
timestamp: int
class Key:
can_authenticate: int
can_certify: int
can_encrypt: int
can_sign: int
chain_id: Any | None
disabled: int
expired: int
fpr: str
invalid: int
is_qualified: int
issuer_name: str | None
issuer_serial: str | None
keylist_mode: int
last_update: int
origin: int
owner_trust: int
protocol: int
revoked: int
secret: int
subkeys: list[SubKey]
thisown: bool
uids: list[UID]

94
openpgp/backend/pygpg.py
View File

@@ -15,12 +15,16 @@
# along with OpenPGP Gajim Plugin. If not, see <http://www.gnu.org/licenses/>.
import logging
from collections.abc import Sequence
from pathlib import Path
import gnupg
from nbxmpp.protocol import JID
from openpgp.backend.base import BaseKeyringItem
from openpgp.backend.base import BasePGPBackend
from openpgp.backend.util import parse_uid
from openpgp.modules.key_store import KeyData
from openpgp.modules.util import DecryptionFailed
log = logging.getLogger("gajim.p.openpgp.pygnupg")
@@ -30,22 +34,7 @@ if log.getEffectiveLevel() == logging.DEBUG:
log.setLevel(logging.DEBUG)
class KeyringItem:
def __init__(self, key):
self._key = key
self._uid = self._get_uid()
@property
def is_xmpp_key(self) -> bool:
try:
return self.jid is not None
except Exception:
return False
def is_valid(self, jid: JID) -> bool:
if not self.is_xmpp_key:
return False
return jid == self.jid
class KeyringItem(BaseKeyringItem):
@property
def keyid(self) -> str:
@@ -59,32 +48,18 @@ class KeyringItem:
pass
@property
def fingerprint(self):
def fingerprint(self) -> str:
return self._key["fingerprint"]
@property
def uid(self):
if self._uid is not None:
return self._uid
@property
def jid(self):
if self._uid is not None:
return JID.from_string(self._uid)
def __hash__(self):
return hash(self.fingerprint)
class PythonGnuPG(gnupg.GPG):
class PythonGnuPG(BasePGPBackend):
def __init__(self, jid: str, gnupghome: Path) -> None:
gnupg.GPG.__init__(self, gpgbinary="gpg", gnupghome=str(gnupghome))
self._gnupg = gnupg.GPG(gpgbinary="gpg", gnupghome=str(gnupghome))
self._jid = jid
self._own_fingerprint = None
@staticmethod
def _get_key_params(jid):
def _get_key_params(jid: str) -> str:
"""
Generate --gen-key input
"""
@@ -102,17 +77,19 @@ class PythonGnuPG(gnupg.GPG):
out += "%commit\n"
return out
def generate_key(self):
super().gen_key(self._get_key_params(self._jid))
def generate_key(self) -> None:
self._gnupg.gen_key(self._get_key_params(self._jid))
def encrypt(self, payload, keys):
def encrypt(
self, payload: bytes, keys: list[KeyData]
) -> tuple[bytes | None, str | None]:
recipients = [key.fingerprint for key in keys]
log.info("encrypt to:")
for fingerprint in recipients:
log.info(fingerprint)
result = super().encrypt(
str(payload).encode("utf8"),
result = self._gnupg.encrypt(
payload,
recipients,
armor=False,
sign=self._own_fingerprint,
@@ -126,19 +103,20 @@ class PythonGnuPG(gnupg.GPG):
return result.data, error
def decrypt(self, payload):
result = super().decrypt(payload, always_trust=True)
def decrypt(self, payload: bytes) -> tuple[str, str]:
result = self._gnupg.decrypt(payload, always_trust=True)
if not result.ok:
raise DecryptionFailed(result.status)
assert result.fingerprint is not None
return result.data.decode("utf8"), result.fingerprint
def get_key(self, fingerprint):
return super().list_keys(keys=[fingerprint])
def _get_key(self, fingerprint: str) -> gnupg.ListKeys:
return self._gnupg.list_keys(keys=[fingerprint])
def get_keys(self, secret=False):
result = super().list_keys(secret=secret)
keys = []
def get_keys(self) -> Sequence[KeyringItem]:
result = self._gnupg.list_keys(secret=False)
keys: list[KeyringItem] = []
for key in result:
item = KeyringItem(key)
if not item.is_xmpp_key:
@@ -149,15 +127,18 @@ class PythonGnuPG(gnupg.GPG):
keys.append(item)
return keys
def import_key(self, data, jid):
def import_key(self, data: bytes, jid: JID) -> KeyringItem | None:
log.info("Import key from %s", jid)
result = super().import_keys(data)
result = self._gnupg.import_keys(data)
if not result:
log.error("Could not import key")
log.error(result)
return
key = self.get_key(result.results[0]["fingerprint"])
fpr = result.results[0]["fingerprint"]
assert fpr is not None
key = self._get_key(fpr)
item = KeyringItem(key[0])
if not item.is_valid(jid):
log.warning("Invalid key found, deleting key")
@@ -167,8 +148,8 @@ class PythonGnuPG(gnupg.GPG):
return item
def get_own_key_details(self):
result = super().list_keys(secret=True)
def get_own_key_details(self) -> tuple[str | None, int | None]:
result = self._gnupg.list_keys(secret=True)
if not result:
return None, None
@@ -179,10 +160,13 @@ class PythonGnuPG(gnupg.GPG):
self._own_fingerprint = result[0]["fingerprint"]
return self._own_fingerprint, int(result[0]["date"])
def export_key(self, fingerprint):
key = super().export_keys(fingerprint, secret=False, armor=False, minimal=True)
def export_key(self, fingerprint: str) -> bytes | None:
key = self._gnupg.export_keys(
fingerprint, secret=False, armor=False, minimal=True
)
assert isinstance(key, bytes | None)
return key
def delete_key(self, fingerprint):
def delete_key(self, fingerprint: str) -> None:
log.info("Delete Key: %s", fingerprint)
super().delete_keys(fingerprint)
self._gnupg.delete_keys(fingerprint)

48
openpgp/backend/sql.py
View File

@@ -14,9 +14,18 @@
# You should have received a copy of the GNU General Public License
# along with OpenPGP Gajim Plugin. If not, see <http://www.gnu.org/licenses/>.
from typing import Any
from typing import NamedTuple
import logging
import sqlite3
from collections import namedtuple
from collections.abc import Iterator
from pathlib import Path
from nbxmpp.protocol import JID
from openpgp.modules.util import Trust
log = logging.getLogger("gajim.p.openpgp.sql")
@@ -32,8 +41,16 @@ TABLE_LAYOUT = """
CREATE UNIQUE INDEX jid_fingerprint ON contacts (jid, fingerprint);"""
class ContactRow(NamedTuple):
jid: JID
fingerprint: str
active: bool
trust: Trust
timestamp: float
class Storage:
def __init__(self, folder_path):
def __init__(self, folder_path: Path) -> None:
self._con = sqlite3.connect(
str(folder_path / "contacts.db"), detect_types=sqlite3.PARSE_COLNAMES
)
@@ -45,21 +62,21 @@ class Storage:
self._con.commit()
@staticmethod
def _namedtuple_factory(cursor, row):
def _namedtuple_factory(cursor: sqlite3.Cursor, row: Any) -> Any:
fields = [col[0] for col in cursor.description]
Row = namedtuple("Row", fields)
Row = namedtuple("Row", fields) # pyright: ignore
named_row = Row(*row)
return named_row
def _user_version(self):
def _user_version(self) -> int:
return self._con.execute("PRAGMA user_version").fetchone()[0]
def _create_database(self):
def _create_database(self) -> None:
if not self._user_version():
log.info("Create contacts.db")
self._execute_query(TABLE_LAYOUT)
def _execute_query(self, query):
def _execute_query(self, query: str) -> None:
transaction = """
BEGIN TRANSACTION;
%s
@@ -70,40 +87,41 @@ class Storage:
)
self._con.executescript(transaction)
def _migrate_database(self):
def _migrate_database(self) -> None:
pass
def load_contacts(self):
def load_contacts(self) -> list[ContactRow]:
sql = """SELECT jid as "jid [jid]",
fingerprint,
active,
trust,
timestamp,
comment
timestamp
FROM contacts"""
return self._con.execute(sql).fetchall()
def save_contact(self, db_values):
def save_contact(
self, db_values: Iterator[tuple[JID, str, bool, Trust, float]]
) -> None:
sql = """REPLACE INTO
contacts(jid, fingerprint, active, trust, timestamp, comment)
contacts(jid, fingerprint, active, trust, timestamp)
VALUES(?, ?, ?, ?, ?, ?)"""
for values in db_values:
log.info("Store key: %s", values)
self._con.execute(sql, values)
self._con.commit()
def set_trust(self, jid, fingerprint, trust):
def set_trust(self, jid: JID, fingerprint: str, trust: Trust) -> None:
sql = "UPDATE contacts SET trust = ? WHERE jid = ? AND fingerprint = ?"
log.info("Set Trust: %s %s %s", trust, jid, fingerprint)
self._con.execute(sql, (trust, jid, fingerprint))
self._con.commit()
def delete_key(self, jid, fingerprint):
def delete_key(self, jid: JID, fingerprint: str) -> None:
sql = "DELETE from contacts WHERE jid = ? AND fingerprint = ?"
log.info("Delete Key: %s %s", jid, fingerprint)
self._con.execute(sql, (jid, fingerprint))
self._con.commit()
def cleanup(self):
def cleanup(self) -> None:
self._con.close()

2
openpgp/backend/util.py
View File

@@ -1,7 +1,7 @@
from __future__ import annotations
def parse_uid(uid: str, compat=False) -> str:
def parse_uid(uid: str, compat: bool = False) -> str:
if uid.startswith("xmpp:"):
return uid[5:]

161
openpgp/gtk/key.py
View File

@@ -14,6 +14,8 @@
# You should have received a copy of the GNU General Public License
# along with OpenPGP Gajim Plugin. If not, see <http://www.gnu.org/licenses/>.
from __future__ import annotations
import logging
import time
@@ -22,8 +24,11 @@ from gi.repository import Gtk
from gajim.common import app
from gajim.gtk.dialogs import ConfirmationDialog
from gajim.gtk.dialogs import DialogButton
from gajim.gtk.util.misc import container_remove_all
from gajim.gtk.widgets import GajimAppWindow
from gajim.plugins.plugins_i18n import _
from openpgp.modules.key_store import KeyData
from openpgp.modules.util import Trust
log = logging.getLogger("gajim.p.openpgp.keydialog")
@@ -36,48 +41,60 @@ TRUST_DATA = {
}
class KeyDialog(Gtk.Dialog):
def __init__(self, account, jid, transient):
super().__init__(title=_("Public Keys for %s") % jid, destroy_with_parent=True)
class KeyDialog(GajimAppWindow):
def __init__(self, account: str, jid: str, transient: Gtk.Window) -> None:
self.set_transient_for(transient)
self.set_resizable(True)
self.set_default_size(500, 300)
GajimAppWindow.__init__(
self,
name="PGPKeyDialog",
title=_("Public Keys for %s") % jid,
default_width=450,
default_height=400,
transient_for=transient,
modal=True,
)
self.get_style_context().add_class("openpgp-key-dialog")
self.window.add_css_class("openpgp-key-dialog")
self._client = app.get_client(account)
self._listbox = Gtk.ListBox()
self._listbox.set_selection_mode(Gtk.SelectionMode.NONE)
self._scrolled = Gtk.ScrolledWindow()
self._scrolled = Gtk.ScrolledWindow(hexpand=True)
self._scrolled.set_policy(Gtk.PolicyType.NEVER, Gtk.PolicyType.AUTOMATIC)
self._scrolled.add(self._listbox)
self._scrolled.set_child(self._listbox)
box = self.get_content_area()
box.pack_start(self._scrolled, True, True, 0)
self.set_child(self._scrolled)
keys = self._client.get_module("OpenPGP").get_keys(jid, only_trusted=False)
for key in keys:
log.info("Load: %s", key.fingerprint)
self._listbox.add(KeyRow(key))
self.show_all()
self._listbox.append(KeyRow(key, self))
self.show()
def _cleanup(self) -> None:
del self._client
del self._listbox
del self._scrolled
class KeyRow(Gtk.ListBoxRow):
def __init__(self, key):
def __init__(self, key: KeyData, dialog: GajimAppWindow):
Gtk.ListBoxRow.__init__(self)
self.set_activatable(False)
self._dialog = self.get_toplevel()
self._dialog = dialog
self.key = key
box = Gtk.Box()
box.set_spacing(12)
self._trust_button = TrustButton(self)
box.add(self._trust_button)
self._trust_button = Gtk.MenuButton()
self._trust_button.set_popover(TrustPopver(self))
self._update_button_state()
box.append(self._trust_button)
label_box = Gtk.Box(orientation=Gtk.Orientation.VERTICAL)
fingerprint = Gtk.Label(label=self._format_fingerprint(key.fingerprint))
@@ -88,25 +105,37 @@ class KeyRow(Gtk.ListBoxRow):
fingerprint.set_halign(Gtk.Align.START)
fingerprint.set_valign(Gtk.Align.START)
fingerprint.set_hexpand(True)
label_box.add(fingerprint)
label_box.append(fingerprint)
date = Gtk.Label(label=self._format_timestamp(key.timestamp))
date.set_halign(Gtk.Align.START)
date.get_style_context().add_class("openpgp-mono")
if not key.active:
date.get_style_context().add_class("openpgp-inactive-color")
label_box.add(date)
label_box.append(date)
box.add(label_box)
box.append(label_box)
self.set_child(box)
self.add(box)
self.show_all()
def _update_button_state(self) -> None:
icon_name, tooltip, css_class = TRUST_DATA[self.key.trust]
self._trust_button.set_icon_name(icon_name)
def delete_fingerprint(self, *args):
for css_cls in self._trust_button.get_css_classes():
if css_cls.startswith("openpgp"):
self._trust_button.remove_css_class(css_cls)
if not self.key.active:
css_class = "inactive-color"
tooltip = "%s - %s" % (_("Inactive"), tooltip)
self._trust_button.add_css_class(f"openpgp-{css_class}")
self._trust_button.set_tooltip_text(tooltip)
def delete_fingerprint(self):
def _remove():
self.get_parent().remove(self)
self.key.delete()
self.destroy()
ConfirmationDialog(
_("Delete Public Key?"),
@@ -117,98 +146,76 @@ class KeyRow(Gtk.ListBoxRow):
],
).show()
def set_trust(self, trust):
icon_name, tooltip, css_class = TRUST_DATA[trust]
image = self._trust_button.get_child()
image.set_from_icon_name(icon_name, Gtk.IconSize.MENU)
image.get_style_context().add_class(css_class)
def set_trust(self, trust: Trust) -> None:
self.key.trust = trust
self._update_button_state()
@staticmethod
def _format_fingerprint(fingerprint):
def _format_fingerprint(fingerprint: str) -> str:
fplen = len(fingerprint)
wordsize = fplen // 8
buf = ""
for w in range(0, fplen, wordsize):
buf += "{0} ".format(fingerprint[w : w + wordsize])
buf += f"{fingerprint[w : w + wordsize]} "
return buf.rstrip()
@staticmethod
def _format_timestamp(timestamp):
def _format_timestamp(timestamp: float) -> str:
return time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(timestamp))
class TrustButton(Gtk.MenuButton):
def __init__(self, row):
Gtk.MenuButton.__init__(self)
self._row = row
self._css_class = ""
self.set_popover(TrustPopver(row))
self.update()
def update(self):
icon_name, tooltip, css_class = TRUST_DATA[self._row.key.trust]
image = self.get_child()
image.set_from_icon_name(icon_name, Gtk.IconSize.MENU)
# remove old color from icon
image.get_style_context().remove_class(self._css_class)
if not self._row.key.active:
css_class = "openpgp-inactive-color"
tooltip = "%s - %s" % (_("Inactive"), tooltip)
image.get_style_context().add_class(css_class)
self._css_class = css_class
self.set_tooltip_text(tooltip)
class TrustPopver(Gtk.Popover):
def __init__(self, row):
def __init__(self, row: KeyRow):
Gtk.Popover.__init__(self)
self._row = row
self._listbox = Gtk.ListBox()
self._listbox.set_selection_mode(Gtk.SelectionMode.NONE)
if row.key.trust != Trust.VERIFIED:
self._listbox.add(VerifiedOption())
self._listbox.append(VerifiedOption())
if row.key.trust != Trust.NOT_TRUSTED:
self._listbox.add(NotTrustedOption())
self._listbox.add(DeleteOption())
self.add(self._listbox)
self._listbox.show_all()
self._listbox.append(NotTrustedOption())
self._listbox.append(DeleteOption())
self.set_child(self._listbox)
self._listbox.connect("row-activated", self._activated)
self.get_style_context().add_class("openpgp-trust-popover")
self.add_css_class("openpgp-trust-popover")
def _activated(self, listbox, row):
def _activated(self, listbox: Gtk.ListBox, row: MenuOption) -> None:
self.popdown()
if row.type_ is None:
self._row.delete_fingerprint()
else:
self._row.key.trust = row.type_
self.get_relative_to().update()
self._row.set_trust(row.type_)
self.update()
def update(self):
self._listbox.foreach(lambda row: self._listbox.remove(row))
container_remove_all(self._listbox)
if self._row.key.trust != Trust.VERIFIED:
self._listbox.add(VerifiedOption())
self._listbox.append(VerifiedOption())
if self._row.key.trust != Trust.NOT_TRUSTED:
self._listbox.add(NotTrustedOption())
self._listbox.add(DeleteOption())
self._listbox.append(NotTrustedOption())
self._listbox.append(DeleteOption())
class MenuOption(Gtk.ListBoxRow):
type_: Trust | None
icon: str
label: str
color: str
def __init__(self):
Gtk.ListBoxRow.__init__(self)
box = Gtk.Box()
box.set_spacing(6)
image = Gtk.Image.new_from_icon_name(self.icon, Gtk.IconSize.MENU)
label = Gtk.Label(label=self.label)
image.get_style_context().add_class(self.color)
image = Gtk.Image.new_from_icon_name(self.icon)
if self.color:
image.add_css_class(self.color)
box.add(image)
box.add(label)
self.add(box)
self.show_all()
label = Gtk.Label(label=self.label)
box.append(image)
box.append(label)
self.set_child(box)
class VerifiedOption(MenuOption):

12
openpgp/gtk/style.css
View File

@@ -1,16 +1,14 @@
.openpgp-inactive-color { color: @unfocused_borders; }
.openpgp-inactive-color button > box > image { color: @unfocused_borders; }
.openpgp-error-color button > box > image { color: @error_color; }
.openpgp-warning-color button > box > image { color: @warning_color; }
.openpgp-encrypted-color button > box > image { color: rgb(75, 181, 67); }
.openpgp-mono { font-size: 12px; font-family: monospace; }
.openpgp-key-dialog > box { margin: 12px; }
.openpgp-key-dialog scrolledwindow row {
border-bottom: 1px solid;
border-color: @unfocused_borders;
padding: 10px 20px 10px 10px;
}
.openpgp-key-dialog scrolledwindow row:last-child { border-bottom: 0px}
.openpgp-key-dialog scrolledwindow row:last-child { border-bottom: 0px; }
.openpgp-key-dialog scrolledwindow { border: 1px solid; border-color:@unfocused_borders; }
.openpgp-trust-popover row { padding: 10px 15px 10px 10px; }

55
openpgp/gtk/wizard.py
View File

@@ -14,6 +14,8 @@
# You should have received a copy of the GNU General Public License
# along with OpenPGP Gajim Plugin. If not, see <http://www.gnu.org/licenses/>.
from typing import cast
import logging
import threading
from enum import IntEnum
@@ -22,8 +24,12 @@ from gi.repository import GLib
from gi.repository import Gtk
from gajim.common import app
from gajim.common.client import Client
from gajim.gtk.control import ChatControl
from gajim.plugins.plugins_i18n import _
from ..pgpplugin import OpenPGPPlugin
log = logging.getLogger("gajim.p.openpgp.wizard")
@@ -35,7 +41,9 @@ class Page(IntEnum):
class KeyWizard(Gtk.Assistant):
def __init__(self, plugin, account, chat_control):
def __init__(
self, plugin: OpenPGPPlugin, account: str, chat_control: ChatControl
) -> None:
Gtk.Assistant.__init__(self)
self._client = app.get_client(account)
@@ -48,7 +56,6 @@ class KeyWizard(Gtk.Assistant):
self.set_application(app.app)
self.set_transient_for(app.window)
self.set_resizable(True)
self.set_position(Gtk.WindowPosition.CENTER)
self.set_default_size(600, 400)
self.get_style_context().add_class("dialog-margin")
@@ -65,9 +72,9 @@ class KeyWizard(Gtk.Assistant):
self.connect("close", self._on_cancel)
self._remove_sidebar()
self.show_all()
self.show()
def _add_page(self, page):
def _add_page(self, page: Gtk.Box) -> None:
self.append_page(page)
self.set_page_type(page, page.type_)
self.set_page_title(page, page.title)
@@ -82,7 +89,7 @@ class KeyWizard(Gtk.Assistant):
action = app.window.lookup_action("set-encryption")
action.activate(GLib.Variant("s", self._plugin.encryption_name))
def _on_page_change(self, assistant, page):
def _on_page_change(self, assistant: Gtk.Assistant, page: Page) -> None:
if self.get_current_page() == Page.NEWKEY:
if self._client.get_module("OpenPGP").secret_key_available:
self.set_current_page(Page.SUCCESS)
@@ -91,8 +98,8 @@ class KeyWizard(Gtk.Assistant):
elif self.get_current_page() == Page.SUCCESS:
self._activate_encryption()
def _on_cancel(self, widget):
self.destroy()
def _on_cancel(self, widget: Gtk.Assistant):
self.close()
class WelcomePage(Gtk.Box):
@@ -106,8 +113,8 @@ class WelcomePage(Gtk.Box):
self.set_spacing(18)
title_label = Gtk.Label(label=_("Setup OpenPGP"))
text_label = Gtk.Label(label=_("Gajim will now try to setup OpenPGP for you"))
self.add(title_label)
self.add(text_label)
self.append(title_label)
self.append(text_label)
class RequestPage(Gtk.Box):
@@ -120,7 +127,7 @@ class RequestPage(Gtk.Box):
super().__init__(orientation=Gtk.Orientation.VERTICAL)
self.set_spacing(18)
spinner = Gtk.Spinner()
self.pack_start(spinner, True, True, 0)
self.append(spinner)
spinner.start()
@@ -148,7 +155,7 @@ class NewKeyPage(RequestPage):
title = _("Generating new Key")
complete = False
def __init__(self, assistant, client):
def __init__(self, assistant: Gtk.Assistant, client: Client) -> None:
super().__init__()
self._assistant = assistant
self._client = client
@@ -167,14 +174,14 @@ class NewKeyPage(RequestPage):
GLib.idle_add(self.finished, text)
def finished(self, error):
def finished(self, error: str | None) -> None:
if error is None:
self._client.get_module("OpenPGP").get_own_key_details()
self._client.get_module("OpenPGP").set_public_key()
self._client.get_module("OpenPGP").request_keylist()
self._assistant.set_current_page(Page.SUCCESS)
else:
error_page = self._assistant.get_nth_page(Page.ERROR)
error_page = cast(ErrorPage, self._assistant.get_nth_page(Page.ERROR))
error_page.set_text(error)
self._assistant.set_current_page(Page.ERROR)
@@ -206,17 +213,15 @@ class SuccessfulPage(Gtk.Box):
self.set_spacing(12)
self.set_homogeneous(True)
icon = Gtk.Image.new_from_icon_name(
"object-select-symbolic", Gtk.IconSize.DIALOG
)
icon.get_style_context().add_class("success-color")
icon = Gtk.Image.new_from_icon_name("object-select-symbolic")
icon.add_css_class("success-color")
icon.set_valign(Gtk.Align.END)
label = Gtk.Label(label=_("Setup successful"))
label.get_style_context().add_class("bold16")
label.add_css_class("bold16")
label.set_valign(Gtk.Align.START)
self.add(icon)
self.add(label)
self.append(icon)
self.append(label)
class ErrorPage(Gtk.Box):
@@ -230,17 +235,15 @@ class ErrorPage(Gtk.Box):
self.set_spacing(12)
self.set_homogeneous(True)
icon = Gtk.Image.new_from_icon_name(
"dialog-error-symbolic", Gtk.IconSize.DIALOG
)
icon = Gtk.Image.new_from_icon_name("dialog-error-symbolic")
icon.get_style_context().add_class("error-color")
icon.set_valign(Gtk.Align.END)
self._label = Gtk.Label()
self._label.get_style_context().add_class("bold16")
self._label.set_valign(Gtk.Align.START)
self.add(icon)
self.add(self._label)
self.append(icon)
self.append(self._label)
def set_text(self, text):
def set_text(self, text: str) -> None:
self._label.set_text(text)

115
openpgp/modules/key_store.py
View File

@@ -14,8 +14,17 @@
# You should have received a copy of the GNU General Public License
# along with OpenPGP Gajim Plugin. If not, see <http://www.gnu.org/licenses/>.
import logging
from __future__ import annotations
import logging
from collections.abc import Iterator
from nbxmpp.protocol import JID
from nbxmpp.structs import PGPKeyMetadata
from openpgp.backend.base import BasePGPBackend
from openpgp.backend.sql import ContactRow
from openpgp.backend.sql import Storage
from openpgp.modules.util import Trust
log = logging.getLogger("gajim.p.openpgp.store")
@@ -26,45 +35,34 @@ class KeyData:
Holds all data related to a certain key
"""
def __init__(self, contact_data):
def __init__(
self,
contact_data: ContactData,
fingerprint: str,
active: bool,
trust: Trust,
timestamp: float,
):
self._contact_data = contact_data
self.fingerprint = None
self.active = False
self._trust = Trust.UNKNOWN
self.timestamp = None
self.fingerprint = fingerprint
self.active = active
self._trust = trust
self.timestamp = timestamp
self.comment = None
self.has_pubkey = False
@property
def trust(self):
def trust(self) -> Trust:
return self._trust
@trust.setter
def trust(self, value):
def trust(self, value: Trust) -> None:
if value not in (Trust.NOT_TRUSTED, Trust.UNKNOWN, Trust.BLIND, Trust.VERIFIED):
raise ValueError("Trust value not allowed: %s" % value)
self._trust = value
self._contact_data.set_trust(self.fingerprint, self._trust)
@classmethod
def from_key(cls, contact_data, key, trust):
keydata = cls(contact_data)
keydata.fingerprint = key.fingerprint
keydata.timestamp = key.date
keydata.active = True
keydata._trust = trust
return keydata
@classmethod
def from_row(cls, contact_data, row):
keydata = cls(contact_data)
keydata.fingerprint = row.fingerprint
keydata.timestamp = row.timestamp
keydata.comment = row.comment
keydata._trust = row.trust
keydata.active = row.active
return keydata
def delete(self):
self._contact_data.delete_key(self.fingerprint)
@@ -74,9 +72,9 @@ class ContactData:
Holds all data related to a contact
"""
def __init__(self, jid, storage, pgp):
def __init__(self, jid: JID, storage: Storage, pgp: BasePGPBackend) -> None:
self.jid = jid
self._key_store = {}
self._key_store: dict[str, KeyData] = {}
self._storage = storage
self._pgp = pgp
@@ -87,13 +85,13 @@ class ContactData:
return "xmpp:%s" % self.jid
@property
def default_trust(self):
def default_trust(self) -> Trust:
for key in self._key_store.values():
if key.trust in (Trust.NOT_TRUSTED, Trust.BLIND):
return Trust.UNKNOWN
return Trust.BLIND
def db_values(self):
def db_values(self) -> Iterator[tuple[JID, str, bool, Trust, float]]:
for key in self._key_store.values():
yield (
self.jid,
@@ -101,28 +99,39 @@ class ContactData:
key.active,
key.trust,
key.timestamp,
key.comment,
)
def add_from_key(self, key):
def add_from_key(self, key: PGPKeyMetadata) -> KeyData:
try:
keydata = self._key_store[key.fingerprint]
except KeyError:
keydata = KeyData.from_key(self, key, self.default_trust)
keydata = KeyData(
self,
key.fingerprint,
True,
self.default_trust,
key.date,
)
self._key_store[key.fingerprint] = keydata
log.info("Add from key: %s %s", self.jid, keydata.fingerprint)
return keydata
def add_from_db(self, row):
def add_from_db(self, row: ContactRow) -> KeyData:
try:
keydata = self._key_store[row.fingerprint]
except KeyError:
keydata = KeyData.from_row(self, row)
keydata = KeyData(
self,
row.fingerprint,
row.active,
row.trust,
row.timestamp,
)
self._key_store[row.fingerprint] = keydata
log.info("Add from row: %s %s", self.jid, row.fingerprint)
return keydata
def process_keylist(self, keylist):
def process_keylist(self, keylist: list[PGPKeyMetadata] | None) -> list[str]:
log.info("Process keylist: %s %s", self.jid, keylist)
if keylist is None:
@@ -131,8 +140,8 @@ class ContactData:
self._storage.save_contact(self.db_values())
return []
missing_pub_keys = []
fingerprints = set([key.fingerprint for key in keylist])
missing_pub_keys: list[str] = []
fingerprints = {key.fingerprint for key in keylist}
if fingerprints == self._key_store.keys():
log.info("No updates found")
for key in self._key_store.values():
@@ -156,7 +165,7 @@ class ContactData:
self._storage.save_contact(self.db_values())
return missing_pub_keys
def set_public_key(self, fingerprint):
def set_public_key(self, fingerprint: str) -> None:
try:
keydata = self._key_store[fingerprint]
except KeyError:
@@ -167,7 +176,7 @@ class ContactData:
keydata.has_pubkey = True
log.info("Set public key: %s %s", self.jid, fingerprint)
def get_keys(self, only_trusted=True):
def get_keys(self, only_trusted: bool = True) -> list[KeyData]:
keys = list(self._key_store.values())
if not only_trusted:
return keys
@@ -175,13 +184,13 @@ class ContactData:
k for k in keys if k.active and k.trust in (Trust.VERIFIED, Trust.BLIND)
]
def get_key(self, fingerprint):
def get_key(self, fingerprint: str) -> KeyData | None:
return self._key_store.get(fingerprint, None)
def set_trust(self, fingerprint, trust):
def set_trust(self, fingerprint: str, trust: Trust) -> None:
self._storage.set_trust(self.jid, fingerprint, trust)
def delete_key(self, fingerprint):
def delete_key(self, fingerprint: str) -> None:
self._storage.delete_key(self.jid, fingerprint)
self._pgp.delete_key(fingerprint)
del self._key_store[fingerprint]
@@ -192,8 +201,8 @@ class PGPContacts:
Holds all contacts available for PGP encryption
"""
def __init__(self, pgp, storage):
self._contacts = {}
def __init__(self, pgp: BasePGPBackend, storage: Storage) -> None:
self._contacts: dict[JID, ContactData] = {}
self._storage = storage
self._pgp = pgp
self._load_from_storage()
@@ -204,14 +213,12 @@ class PGPContacts:
keyring = self._pgp.get_keys()
for key in keyring:
log.info("Found: %s %s", key.jid, key.fingerprint)
assert key.jid is not None
self.set_public_key(key.jid, key.fingerprint)
def _load_from_storage(self):
log.info("Load contacts from storage")
rows = self._storage.load_contacts()
if rows is None:
return
for row in rows:
log.info("Found: %s %s", row.jid, row.fingerprint)
try:
@@ -223,7 +230,9 @@ class PGPContacts:
else:
contact_data.add_from_db(row)
def process_keylist(self, jid, keylist):
def process_keylist(
self, jid: JID, keylist: list[PGPKeyMetadata] | None
) -> list[str]:
try:
contact_data = self._contacts[jid]
except KeyError:
@@ -235,7 +244,7 @@ class PGPContacts:
return missing_pub_keys
def set_public_key(self, jid, fingerprint):
def set_public_key(self, jid: JID, fingerprint: str) -> None:
try:
contact_data = self._contacts[jid]
except KeyError:
@@ -243,14 +252,14 @@ class PGPContacts:
else:
contact_data.set_public_key(fingerprint)
def get_keys(self, jid, only_trusted=True):
def get_keys(self, jid: JID, only_trusted: bool = True) -> list[KeyData]:
try:
contact_data = self._contacts[jid]
return contact_data.get_keys(only_trusted=only_trusted)
except KeyError:
return []
def get_trust(self, jid, fingerprint):
def get_trust(self, jid: JID, fingerprint: str) -> Trust:
contact_data = self._contacts.get(jid, None)
if contact_data is None:
return Trust.UNKNOWN

115
openpgp/modules/openpgp.py
View File

@@ -14,37 +14,47 @@
# You should have received a copy of the GNU General Public License
# along with OpenPGP Gajim Plugin. If not, see <http://www.gnu.org/licenses/>.
from typing import Any
from typing import cast
import logging
import sys
import time
from collections.abc import Callable
from pathlib import Path
from nbxmpp import Node
from nbxmpp import StanzaMalformed
from nbxmpp.client import Client as nbxmppClient
from nbxmpp.errors import MalformedStanzaError
from nbxmpp.errors import StanzaError
from nbxmpp.exceptions import StanzaDecrypted
from nbxmpp.modules.openpgp import create_message_stanza
from nbxmpp.modules.openpgp import create_signcrypt_node
from nbxmpp.modules.openpgp import parse_signcrypt
from nbxmpp.modules.openpgp import PGPKeyMetadata
from nbxmpp.namespaces import Namespace
from nbxmpp.protocol import JID
from nbxmpp.protocol import Message
from nbxmpp.structs import EncryptionData
from nbxmpp.structs import MessageProperties
from nbxmpp.structs import PGPKeyMetadata
from nbxmpp.structs import PGPPublicKey
from nbxmpp.structs import StanzaHandler
from nbxmpp.task import Task
from gajim.common import app
from gajim.common import configpaths
from gajim.common.client import Client
from gajim.common.events import MessageNotSent
from gajim.common.modules.base import BaseModule
from gajim.common.modules.util import event_node
from gajim.common.structs import OutgoingMessage
from openpgp.backend.sql import Storage
from openpgp.modules.key_store import KeyData
from openpgp.modules.key_store import PGPContacts
from openpgp.modules.util import DecryptionFailed
from openpgp.modules.util import ENCRYPTION_NAME
from openpgp.modules.util import Key
from openpgp.modules.util import NOT_ENCRYPTED_TAGS
from openpgp.modules.util import prepare_stanza
from openpgp.modules.util import Trust
@@ -52,7 +62,7 @@ from openpgp.modules.util import Trust
if sys.platform == "win32":
from openpgp.backend.pygpg import PythonGnuPG as PGPBackend
else:
from openpgp.backend.gpgme import GPGME as PGPBackend
from openpgp.backend.gpgme import GPGMe as PGPBackend
log = logging.getLogger("gajim.p.openpgp")
@@ -75,7 +85,7 @@ class OpenPGP(BaseModule):
"request_secret_key",
]
def __init__(self, client):
def __init__(self, client: Client):
BaseModule.__init__(self, client)
self.handlers = [
@@ -103,67 +113,88 @@ class OpenPGP(BaseModule):
log.info("Own Fingerprint at start: %s", self._fingerprint)
@property
def secret_key_available(self):
def secret_key_available(self) -> bool:
return self._fingerprint is not None
def get_own_key_details(self):
def get_own_key_details(self) -> tuple[str | None, int | None]:
self._fingerprint, self._date = self._pgp.get_own_key_details()
return self._fingerprint, self._date
def generate_key(self):
def generate_key(self) -> None:
self._pgp.generate_key()
def set_public_key(self):
def set_public_key(self) -> None:
log.info("%s => Publish public key", self._account)
assert self._fingerprint is not None
assert self._date is not None
key = self._pgp.export_key(self._fingerprint)
assert key is not None
self._nbxmpp("OpenPGP").set_public_key(key, self._fingerprint, self._date)
def request_public_key(self, jid, fingerprint):
def request_public_key(self, jid: JID, fingerprint: str) -> None:
log.info("%s => Request public key %s - %s", self._account, fingerprint, jid)
self._nbxmpp("OpenPGP").request_public_key(
jid, fingerprint, callback=self._public_key_received, user_data=fingerprint
)
def _public_key_received(self, task):
def _public_key_received(self, task: Task) -> None:
fingerprint = task.get_user_data()
try:
result = task.finish()
result = cast(PGPPublicKey | None, task.finish())
except (StanzaError, MalformedStanzaError) as error:
log.error("%s => Public Key not found: %s", self._account, error)
return
if result is None:
log.error("%s => Public Key Node is empty", self._account)
return
imported_key = self._pgp.import_key(result.key, result.jid)
if imported_key is not None:
self._contacts.set_public_key(result.jid, fingerprint)
def set_keylist(self, keylist=None):
def set_keylist(self, keylist: list[PGPKeyMetadata] | None = None) -> None:
if keylist is None:
keylist = [PGPKeyMetadata(None, self._fingerprint, self._date)]
assert self._fingerprint is not None
assert self._date is not None
keylist = [PGPKeyMetadata(self.own_jid, self._fingerprint, self._date)]
log.info("%s => Publish keylist", self._account)
self._nbxmpp("OpenPGP").set_keylist(keylist)
@event_node(Namespace.OPENPGP_PK)
def _keylist_notification_received(self, _con, _stanza, properties):
def _keylist_notification_received(
self, _client: nbxmppClient, _stanza: Node, properties: MessageProperties
) -> None:
assert properties.pubsub_event is not None
if properties.pubsub_event.retracted:
return
keylist = properties.pubsub_event.data or []
assert properties.jid is not None
keylist: list[PGPKeyMetadata] = []
if properties.pubsub_event.data:
keylist = cast(list[PGPKeyMetadata], properties.pubsub_event.data)
self._process_keylist(keylist, properties.jid)
def request_keylist(self, jid=None):
def request_keylist(self, jid: JID | None = None) -> None:
if jid is None:
jid = self.own_jid
log.info("%s => Fetch keylist %s", self._account, jid)
self._nbxmpp("OpenPGP").request_keylist(
jid, callback=self._keylist_received, user_data=jid
)
def _keylist_received(self, task):
jid = task.get_user_data()
def _keylist_received(self, task: Task) -> None:
jid = cast(JID, task.get_user_data())
try:
keylist = task.finish()
keylist = cast(list[PGPKeyMetadata] | None, task.finish())
except (StanzaError, MalformedStanzaError) as error:
log.error("%s => Keylist query failed: %s", self._account, error)
if self.own_jid.bare_match(jid) and self._fingerprint is not None:
@@ -173,7 +204,9 @@ class OpenPGP(BaseModule):
log.info("Keylist received from %s", jid)
self._process_keylist(keylist, jid)
def _process_keylist(self, keylist, from_jid):
def _process_keylist(
self, keylist: list[PGPKeyMetadata] | None, from_jid: JID
) -> None:
if not keylist:
log.warning("%s => Empty keylist received from %s", self._account, from_jid)
self._contacts.process_keylist(self.own_jid, keylist)
@@ -185,14 +218,19 @@ class OpenPGP(BaseModule):
log.info("Received own keylist")
for key in keylist:
log.info(key.fingerprint)
for key in keylist:
# Check if own fingerprint is published
if key.fingerprint == self._fingerprint:
log.info("Own key found in keys list")
return
log.info("Own key not published")
if self._fingerprint is not None:
keylist.append(Key(self._fingerprint, self._date))
assert self._date is not None
keylist.append(
PGPKeyMetadata(self.own_jid, self._fingerprint, self._date)
)
self.set_keylist(keylist)
return
@@ -204,10 +242,14 @@ class OpenPGP(BaseModule):
for fingerprint in missing_pub_keys:
self.request_public_key(from_jid, fingerprint)
def decrypt_message(self, _con, stanza, properties: MessageProperties):
def decrypt_message(
self, _client: nbxmppClient, stanza: Message, properties: MessageProperties
) -> None:
if not properties.is_openpgp:
return
assert properties.openpgp is not None
remote_jid = properties.remote_jid
assert remote_jid is not None
@@ -249,7 +291,9 @@ class OpenPGP(BaseModule):
raise StanzaDecrypted
def encrypt_message(self, message: OutgoingMessage, callback):
def encrypt_message(
self, message: OutgoingMessage, callback: Callable[[OutgoingMessage], None]
) -> None:
remote_jid = message.contact.jid
keys = self._contacts.get_keys(remote_jid)
@@ -257,12 +301,17 @@ class OpenPGP(BaseModule):
log.error("Dropping stanza to %s, because we have no key", remote_jid)
return
assert self._fingerprint is not None
keys += self._contacts.get_keys(self.own_jid)
keys += [Key(self._fingerprint, None)]
keys += [
KeyData(None, self._fingerprint, True, Trust.VERIFIED, 0) # pyright: ignore
]
payload = create_signcrypt_node(
message.get_stanza(), [remote_jid], NOT_ENCRYPTED_TAGS
)
payload = str(payload).encode("utf8")
encrypted_payload, error = self._pgp.encrypt(payload, keys)
if error:
@@ -279,6 +328,8 @@ class OpenPGP(BaseModule):
)
return
assert encrypted_payload is not None
create_message_stanza(
message.get_stanza(), encrypted_payload, bool(message.get_text())
)
@@ -292,7 +343,7 @@ class OpenPGP(BaseModule):
callback(message)
@staticmethod
def print_msg_to_log(stanza):
def print_msg_to_log(stanza: Node) -> None:
"""Prints a stanza in a fancy way to the log"""
log.debug("-" * 15)
stanzastr = "\n" + stanza.__str__(fancy=True)
@@ -300,19 +351,21 @@ class OpenPGP(BaseModule):
log.debug(stanzastr)
log.debug("-" * 15)
def get_keys(self, jid=None, only_trusted=True):
def get_keys(
self, jid: JID | None = None, only_trusted: bool = True
) -> list[KeyData]:
if jid is None:
jid = self.own_jid
return self._contacts.get_keys(jid, only_trusted=only_trusted)
def clear_fingerprints(self):
def clear_fingerprints(self) -> None:
self.set_keylist()
def cleanup(self):
def cleanup(self) -> None:
self._storage.cleanup()
self._pgp = None
self._contacts = None
del self._pgp
del self._contacts
def get_instance(*args, **kwargs):
def get_instance(*args: Any, **kwargs: Any) -> tuple[Any, str]:
return OpenPGP(*args, **kwargs), "OpenPGP"

22
openpgp/modules/util.py
View File

@@ -14,9 +14,9 @@
# You should have received a copy of the GNU General Public License
# along with OpenPGP Gajim Plugin. If not, see <http://www.gnu.org/licenses/>.
from collections import namedtuple
from enum import IntEnum
from nbxmpp import Node
from nbxmpp.namespaces import Namespace
ENCRYPTION_NAME = "OpenPGP"
@@ -27,11 +27,9 @@ NOT_ENCRYPTED_TAGS = [
("no-copy", Namespace.HINTS),
("no-permanent-store", Namespace.HINTS),
("origin-id", Namespace.SID),
("thread", None),
("thread", ""),
]
Key = namedtuple("Key", "fingerprint date")
class Trust(IntEnum):
NOT_TRUSTED = 0
@@ -40,19 +38,23 @@ class Trust(IntEnum):
VERIFIED = 3
def prepare_stanza(stanza, payload):
def prepare_stanza(stanza: Node, payload: list[Node | str]) -> None:
delete_nodes(stanza, "openpgp", Namespace.OPENPGP)
delete_nodes(stanza, "body")
nodes = [(node.getName(), node.getNamespace()) for node in payload]
for name, namespace in nodes:
delete_nodes(stanza, name, namespace)
nodes: list[Node] = []
for node in payload:
if isinstance(node, str):
continue
name, namespace = node.getName(), node.getNamespace()
delete_nodes(stanza, name, namespace)
nodes.append(node)
for node in nodes:
stanza.addChild(node=node)
def delete_nodes(stanza, name, namespace=None):
def delete_nodes(stanza: Node, name: str, namespace: str | None = None) -> None:
attrs = None
if namespace is not None:
attrs = {"xmlns": Namespace.OPENPGP}

97
openpgp/pgpplugin.py
View File

@@ -14,10 +14,17 @@
# You should have received a copy of the GNU General Public License
# along with OpenPGP Gajim Plugin. If not, see <http://www.gnu.org/licenses/>.
from __future__ import annotations
from typing import Any
from typing import TYPE_CHECKING
import logging
from collections.abc import Callable
from pathlib import Path
from gi.repository import Gdk
from gi.repository import GLib
from gi.repository import Gtk
from nbxmpp import JID
from nbxmpp.namespaces import Namespace
@@ -25,7 +32,11 @@ from nbxmpp.namespaces import Namespace
from gajim.common import app
from gajim.common import configpaths
from gajim.common import ged
from gajim.common.client import Client
from gajim.common.const import CSSPriority
from gajim.common.events import SignedIn
from gajim.common.structs import OutgoingMessage
from gajim.gtk.control import ChatControl
from gajim.gtk.dialogs import SimpleDialog
from gajim.plugins import GajimPlugin
from gajim.plugins.plugins_i18n import _
@@ -35,18 +46,21 @@ from openpgp.modules.util import ENCRYPTION_NAME
try:
from openpgp.modules import openpgp
except (ImportError, OSError) as e:
ERROR_MSG = str(e)
error_msg = str(e)
else:
ERROR_MSG = None
error_msg = None
if TYPE_CHECKING:
from openpgp.modules.openpgp import OpenPGP
log = logging.getLogger("gajim.p.openpgp")
class OpenPGPPlugin(GajimPlugin):
def init(self):
if ERROR_MSG:
if error_msg:
self.activatable = False
self.available_text = ERROR_MSG
self.available_text = error_msg
self.config_dialog = None
return
@@ -76,7 +90,11 @@ class OpenPGPPlugin(GajimPlugin):
self._create_paths()
self._load_css()
def _load_css(self):
@staticmethod
def get_openpgp_module(account: str) -> OpenPGP:
return app.get_client(account).get_module("OpenPGP") # pyright: ignore
def _load_css(self) -> None:
path = Path(__file__).parent / "gtk" / "style.css"
try:
with path.open("r") as f:
@@ -85,59 +103,63 @@ class OpenPGPPlugin(GajimPlugin):
log.error("Error loading css: %s", exc)
return
display = Gdk.Display.get_default()
assert display is not None
try:
provider = Gtk.CssProvider()
provider.load_from_data(bytes(css.encode("utf-8")))
Gtk.StyleContext.add_provider_for_screen(
Gdk.Screen.get_default(), provider, CSSPriority.DEFAULT_THEME
provider.load_from_bytes(GLib.Bytes.new(css.encode("utf-8")))
Gtk.StyleContext.add_provider_for_display(
display, provider, CSSPriority.DEFAULT_THEME
)
except Exception:
log.exception("Error loading application css")
@staticmethod
def _create_paths():
def _create_paths() -> None:
keyring_path = Path(configpaths.get("MY_DATA")) / "openpgp"
if not keyring_path.exists():
keyring_path.mkdir()
def signed_in(self, event):
client = app.get_client(event.account)
if client.get_module("OpenPGP").secret_key_available:
def signed_in(self, event: SignedIn) -> None:
openpgp = self.get_openpgp_module(event.account)
if openpgp.secret_key_available:
log.info(
"%s => Publish keylist and public key after sign in", event.account
)
client.get_module("OpenPGP").request_keylist()
client.get_module("OpenPGP").set_public_key()
openpgp.request_keylist()
openpgp.set_public_key()
def activate(self):
def activate(self) -> None:
for account in app.settings.get_active_accounts():
client = app.get_client(account)
client.get_module("Caps").update_caps()
if app.account_is_connected(account):
if client.get_module("OpenPGP").secret_key_available:
openpgp = self.get_openpgp_module(account)
if openpgp.secret_key_available:
log.info(
"%s => Publish keylist and public key "
"after plugin activation",
account,
)
client.get_module("OpenPGP").request_keylist()
client.get_module("OpenPGP").set_public_key()
openpgp.request_keylist()
openpgp.set_public_key()
def deactivate(self):
def deactivate(self) -> None:
pass
@staticmethod
def _update_caps(_account, features):
def _update_caps(_account: str, features: list[str]) -> None:
features.append("%s+notify" % Namespace.OPENPGP_PK)
def activate_encryption(self, chat_control):
def activate_encryption(self, chat_control: ChatControl) -> bool:
account = chat_control.account
jid = chat_control.contact.jid
client = app.get_client(account)
if client.get_module("OpenPGP").secret_key_available:
keys = client.get_module("OpenPGP").get_keys(jid, only_trusted=False)
openpgp = self.get_openpgp_module(account)
if openpgp.secret_key_available:
keys = openpgp.get_keys(jid, only_trusted=False)
if not keys:
client.get_module("OpenPGP").request_keylist(JID.from_string(jid))
openpgp.request_keylist(JID.from_string(jid))
return True
from openpgp.gtk.wizard import KeyWizard
@@ -146,12 +168,12 @@ class OpenPGPPlugin(GajimPlugin):
return False
@staticmethod
def encryption_state(_chat_control, state):
def encryption_state(_chat_control: ChatControl, state: dict[str, Any]) -> None:
state["authenticated"] = True
state["visible"] = True
@staticmethod
def on_encryption_button_clicked(chat_control):
def on_encryption_button_clicked(chat_control: ChatControl) -> None:
account = chat_control.account
jid = chat_control.contact.jid
@@ -159,26 +181,31 @@ class OpenPGPPlugin(GajimPlugin):
KeyDialog(account, jid, app.window)
def _before_sendmessage(self, chat_control):
def _before_sendmessage(self, chat_control: ChatControl) -> None:
account = chat_control.account
jid = chat_control.contact.jid
client = app.get_client(account)
openpgp = self.get_openpgp_module(account)
if not client.get_module("OpenPGP").secret_key_available:
if not openpgp.secret_key_available:
from openpgp.gtk.wizard import KeyWizard
KeyWizard(self, account, chat_control)
return
keys = client.get_module("OpenPGP").get_keys(jid)
keys = openpgp.get_keys(jid)
if not keys:
SimpleDialog(
_("Not Trusted"), _("There was no trusted and active key found")
)
chat_control.sendmessage = False
@staticmethod
def _encrypt_message(client, obj, callback):
if not client.get_module("OpenPGP").secret_key_available:
def _encrypt_message(
self,
client: Client,
message: OutgoingMessage,
callback: Callable[[OutgoingMessage], None],
) -> None:
openpgp = self.get_openpgp_module(client.account)
if not openpgp.secret_key_available:
return
client.get_module("OpenPGP").encrypt_message(obj, callback)
openpgp.encrypt_message(message, callback)

1
pyproject.toml
View File

@@ -20,7 +20,6 @@ exclude = [
"**/__pycache__",
".git",
".venv",
"openpgp/*",
]
[tool.ruff]

863
typings/gnupg/__init__.pyi
View File

File diff suppressed because it is too large Load Diff

1
typings/gpg/__init__.py Normal file
View File

@@ -0,0 +1 @@
from .core import Context # noqa: F401

67
typings/gpg/core.pyi Normal file
View File

@@ -0,0 +1,67 @@
from typing import Any
from collections.abc import Iterator
from gpg.results import EncryptResult
from gpg.results import SignResult
class GpgmeWrapper(object): ...
class Context(GpgmeWrapper):
def __init__(
self,
armor: bool = ...,
textmode: bool = ...,
offline: bool = ...,
signers: list[str] = [],
pinentry_mode: str = ...,
protocol: str = ...,
wrapped: Any | None = ...,
home_dir: str | None = ...,
) -> None: ...
def __enter__(self) -> Context: ...
def __exit__(self, type: Any, value: Any, tb: Any) -> bool: ...
def encrypt(
self,
plaintext: bytes,
recipients: list[str] = [],
sign: bool = ...,
sink: Any | None = ...,
passphrase: str | None = ...,
always_trust: bool = ...,
add_encrypt_to: bool = ...,
prepare: bool = ...,
expect_sign: bool = ...,
compress: bool = ...,
) -> tuple[bytes, EncryptResult, SignResult]: ...
def decrypt(
self,
ciphertext: bytes,
sink: Any | None = ...,
passphrase: str | None = ...,
verify: bool = ...,
filter_signatures: bool = ...,
) -> tuple[bytes, str, str]: ...
def key_import(self, data: bytes) -> str: ...
def key_export_minimal(self, pattern: Any | None = ...) -> bytes | None: ...
def keylist(
self,
pattern: Any | None = ...,
secret: bool = ...,
mode: str = ...,
source: Any | None = None,
) -> Iterator[Any]: ...
def create_key(
self,
userid: str,
algorithm: str | None = ...,
expires_in: int = ...,
expires: bool = ...,
sign: bool = ...,
encrypt: bool = ...,
certify: bool = ...,
authenticate: bool = ...,
passphrase: str | None = ...,
force: bool = ...,
) -> str: ...
def get_key(self, fpr: str, secret: bool = ...) -> Any | None: ...

36
typings/gpg/errors.pyi Normal file
View File

@@ -0,0 +1,36 @@
from typing import Any
class GpgError(Exception):
error: Any | None
context: str | None
result: Any | None
@property
def code(self) -> int: ...
@property
def code_str(self) -> str: ...
@property
def source(self) -> int: ...
@property
def source_str(self) -> str: ...
class GPGMEError(GpgError):
@property
def message(self) -> str: ...
def getstring(self) -> str: ...
def getcode(self) -> int: ...
def getsource(self) -> int: ...
class KeyNotFound(GPGMEError, KeyError):
keystr: str
class EncryptionError(GpgError): ...
class InvalidRecipients(EncryptionError): ...
class DecryptionError(GpgError): ...
class UnsupportedAlgorithm(DecryptionError): ...
class SigningError(GpgError): ...
class InvalidSigners(SigningError): ...
class VerificationError(GpgError): ...
class BadSignatures(VerificationError): ...
class MissingSignatures(VerificationError): ...

41
typings/gpg/results.pyi Normal file
View File

@@ -0,0 +1,41 @@
from typing import Any
class Result(object): ...
class InvalidKey(Result): ...
class EncryptResult(Result):
invalid_recipients: list[Any]
class Recipient(Result): ...
class DecryptResult(Result):
recipients: Recipient
class NewSignature(Result): ...
class SignResult(Result):
invalid_signers: InvalidKey
signatures: NewSignature
class Notation(Result): ...
class Signature(Result):
_type = dict(wrong_key_usage=bool, chain_model=bool, is_de_vs=bool)
notations: Notation
class VerifyResult(Result):
signatures: Signature
class ImportStatus(Result): ...
class ImportResult(Result):
imports: ImportStatus
class GenkeyResult(Result):
_type = dict(primary=bool, sub=bool)
class KeylistResult(Result):
_type = dict(truncated=bool)
class VFSMountResult(Result): ...
class EngineInfo(Result): ...