diff options
| author | mathieui <mathieui@mathieui.net> | 2012-03-08 22:39:30 +0100 |
|---|---|---|
| committer | mathieui <mathieui@mathieui.net> | 2012-03-08 22:39:30 +0100 |
| commit | 9d42ebdf2e5d770ca66a0b7f95adbe36bfd7083e (patch) | |
| tree | 9146fcf67fa626191c36b49e4a7a94065d470f7e /src/core.py | |
| parent | 13a269d6b211d571486d223bba71bd4230c82838 (diff) | |
| download | poezio-9d42ebdf2e5d770ca66a0b7f95adbe36bfd7083e.tar.gz poezio-9d42ebdf2e5d770ca66a0b7f95adbe36bfd7083e.tar.bz2 poezio-9d42ebdf2e5d770ca66a0b7f95adbe36bfd7083e.tar.xz poezio-9d42ebdf2e5d770ca66a0b7f95adbe36bfd7083e.zip | |
Validate the SSL cert using the TOFU (Trust On First Use) model
Diffstat (limited to 'src/core.py')
| -rw-r--r-- | src/core.py | 51 |
1 files changed, 47 insertions, 4 deletions
diff --git a/src/core.py b/src/core.py index 8a4fc7de..91bd0372 100644 --- a/src/core.py +++ b/src/core.py @@ -11,14 +11,12 @@ import os import sys import time import curses -import threading -import traceback +import ssl +from hashlib import sha1 from datetime import datetime from xml.etree import cElementTree as ET -from inspect import getargspec - import common import theming import logging @@ -94,6 +92,7 @@ class Core(object): self.events = events.EventHandler() self.xmpp = singleton.Singleton(connection.Connection) self.xmpp.core = self + self.paused = False self.remote_fifo = None # a unique buffer used to store global informations # that are displayed in almost all tabs, in an @@ -202,6 +201,7 @@ class Core(object): self.xmpp.add_event_handler("chatstate_gone", self.on_chatstate_gone) self.xmpp.add_event_handler("chatstate_inactive", self.on_chatstate_inactive) self.xmpp.add_event_handler("attention", self.on_attention) + self.xmpp.add_event_handler("ssl_cert", self.validate_ssl) self.all_stanzas = Callback('custom matcher', connection.MatchAll(None), self.incoming_stanza) self.xmpp.register_handler(self.all_stanzas) @@ -218,6 +218,44 @@ class Core(object): for plugin in plugins.split(): self.plugin_manager.load(plugin) + def validate_ssl(self, pem): + """ + Check the server certificate using the sleekxmpp ssl_cert event + """ + if config.get('ignore_certificate', 'false').lower() == 'true': + return + cert = config.get('certificate', '') + der = ssl.PEM_cert_to_DER_cert(pem) + found_cert = sha1(der).hexdigest() + if cert: + if found_cert == cert: + log.debug('Cert %s OK', found_cert) + return + else: + saved_input = self.current_tab().input + log.debug('\nWARNING: CERTIFICATE CHANGED old: %s, new: %s\n', cert, found_cert) + input = windows.YesNoInput(text="WARNING! Certificate hash changed to %s. Accept? (y/n)" % found_cert) + self.current_tab().input = input + input.resize(1, self.current_tab().width, self.current_tab().height-1, 0) + input.refresh() + self.doupdate() + self.paused = True + while input.value is None: + pass + self.current_tab().input = saved_input + self.paused = False + if input.value: + self.information('Setting new certificate: old: %s, new: %s' % (cert, found_cert), 'Info') + log.debug('Setting certificate to %s', found_cert) + config.set_and_save('certificate', found_cert) + else: + self.information('You refused to validate the certificate. You are now disconnected', 'Info') + self.xmpp.disconnect() + else: + log.debug('First time. Setting certificate to %s', found_cert) + config.set_and_save('certificate', found_cert) + + def start(self): """ Init curses, create the first tab, etc @@ -965,8 +1003,13 @@ class Core(object): return '\n' return key while self.running: + if self.paused: continue char_list = [common.replace_key_with_bound(key)\ for key in self.read_keyboard()] + if self.paused: + self.current_tab().input.do_command(char_list[0]) + self.current_tab().input.prompt() + continue # Special case for M-x where x is a number if len(char_list) == 1: char = char_list[0] |