summaryrefslogtreecommitdiff
path: root/sleekxmpp/plugins/xep_0027/gpg.py
blob: ccc7c4000e955a569e76e6d6dd762d6081eca013 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
"""
    SleekXMPP: The Sleek XMPP Library
    Copyright (C) 2012 Nathanael C. Fritz, Lance J.T. Stout
    This file is part of SleekXMPP.

    See the file LICENSE for copying permission.
"""

from sleekxmpp.thirdparty import GPG

from sleekxmpp.stanza import Presence, Message
from sleekxmpp.plugins.base import BasePlugin, register_plugin
from sleekxmpp.xmlstream import ElementBase, register_stanza_plugin
from sleekxmpp.xmlstream.handler import Callback
from sleekxmpp.xmlstream.matcher import StanzaPath
from sleekxmpp.plugins.xep_0027 import stanza, Signed, Encrypted


def _extract_data(data, kind):
    stripped = []
    begin_headers = False
    begin_data = False
    for line in data.split('\n'):
        if not begin_headers and 'BEGIN PGP %s' % kind in line:
            begin_headers = True
            continue
        if begin_headers and line == '':
            begin_data = True
            continue
        if 'END PGP %s' % kind in line:
            return '\n'.join(stripped)
        if begin_data:
            stripped.append(line)
    return ''


class XEP_0027(BasePlugin):

    name = 'xep_0027'
    description = 'XEP-0027: Current Jabber OpenPGP Usage'
    dependencies = set()
    stanza = stanza

    def plugin_init(self):
        self.gpg_binary = self.config.get('gpg_binary', 'gpg')
        self.gpg_home = self.config.get('gpg_home', '')
        self.use_agent = self.config.get('use_agent', True)
        self.keyring = self.config.get('keyring', None)
        self.key_server = self.config.get('key_server', 'pgp.mit.edu')

        self.gpg = GPG(gnupghome=self.gpg_home,
                       gpgbinary=self.gpg_binary,
                       use_agent=self.use_agent,
                       keyring=self.keyring)

        self.xmpp.add_filter('out', self._sign_presence)

        self._keyids = {}

        self.api.register(self._set_keyid, 'set_keyid', default=True)
        self.api.register(self._get_keyid, 'get_keyid', default=True)
        self.api.register(self._del_keyid, 'del_keyid', default=True)
        self.api.register(self._get_keyids, 'get_keyids', default=True)

        register_stanza_plugin(Presence, Signed)
        register_stanza_plugin(Message, Encrypted)

        self.xmpp.add_event_handler('unverified_signed_presence',
                self._handle_unverified_signed_presence,
                threaded=True)

        self.xmpp.register_handler(
                Callback('Signed Presence',
                    StanzaPath('presence/signed'),
                    self._handle_signed_presence))

        self.xmpp.register_handler(
                Callback('Encrypted Message',
                    StanzaPath('message/encrypted'),
                    self._handle_encrypted_message))

    def _sign_presence(self, stanza):
        if isinstance(stanza, Presence):
            if stanza['type'] == 'available' or stanza['type'] in Presence.showtypes:
                stanza['signed'] = stanza['status']
        return stanza

    def sign(self, data, jid=None):
        keyid = self.get_keyid(jid)
        if keyid:
            signed = self.gpg.sign(data, keyid=keyid)
            return _extract_data(signed.data, 'SIGNATURE')

    def encrypt(self, data, jid=None):
        keyid = self.get_keyid(jid)
        if keyid:
            enc = self.gpg.encrypt(data, keyid)
            return _extract_data(enc.data, 'MESSAGE')

    def decrypt(self, data, jid=None):
        template = '-----BEGIN PGP MESSAGE-----\n' + \
                   '\n' + \
                   '%s\n' + \
                   '-----END PGP MESSAGE-----\n'
        dec = self.gpg.decrypt(template % data)
        return dec.data

    def verify(self, data, sig, jid=None):
        template = '-----BEGIN PGP SIGNED MESSAGE-----\n' + \
                   'Hash: SHA1\n' + \
                   '\n' + \
                   '%s\n' + \
                   '-----BEGIN PGP SIGNATURE-----\n' + \
                   '\n' + \
                   '%s\n' + \
                   '-----END PGP SIGNATURE-----\n'
        v = self.gpg.verify(template % (data, sig))
        return v

    def set_keyid(self, jid=None, keyid=None):
        self.api['set_keyid'](jid, args=keyid)

    def get_keyid(self, jid=None):
        return self.api['get_keyid'](jid)

    def del_keyid(self, jid=None):
        self.api['del_keyid'](jid)

    def get_keyids(self):
        return self.api['get_keyids']()

    def _handle_signed_presence(self, pres):
        self.xmpp.event('unverified_signed_presence', pres)

    def _handle_unverified_signed_presence(self, pres):
        verified = self.verify(pres['status'], pres['signed'])
        if verified.key_id:
            if not self.get_keyid(pres['from']):
                known_keyids = [e['keyid'] for e in self.gpg.list_keys()]
                if verified.key_id not in known_keyids:
                    self.gpg.recv_keys(self.key_server, verified.key_id)
                self.set_keyid(jid=pres['from'], keyid=verified.key_id)
            self.xmpp.event('signed_presence', pres)

    def _handle_encrypted_message(self, msg):
        self.xmpp.event('encrypted_message', msg)

    # =================================================================

    def _set_keyid(self, jid, node, ifrom, keyid):
        self._keyids[jid] = keyid

    def _get_keyid(self, jid, node, ifrom, keyid):
        return self._keyids.get(jid, None)

    def _del_keyid(self, jid, node, ifrom, keyid):
        if jid in self._keyids:
            del self._keyids[jid]

    def _get_keyids(self, jid, node, ifrom, data):
        return self._keyids