add code to send/request certificates
This commit is contained in:
Zhenchao Li
parent
048d875b3b
commit
91a68d30be
4 changed files with 63 additions and 1 deletions
|
|
@ -2245,9 +2245,14 @@ ConnectionCaps, ConnectionHandlersBase, ConnectionJingle):
|
||||||
|
|
||||||
def _PubkeyGetCB(self, con, obj):
|
def _PubkeyGetCB(self, con, obj):
|
||||||
log.info('PubkeyGetCB')
|
log.info('PubkeyGetCB')
|
||||||
|
jid_from = unicode(obj.getAttr('from'))
|
||||||
|
sid = obj.getAttr('id')
|
||||||
|
self.dispatch('PUBKEY_REQUEST', (con, obj, jid_from, sid))
|
||||||
|
|
||||||
def _PubkeyResultCB(self, con, obj):
|
def _PubkeyResultCB(self, con, obj):
|
||||||
log.info('PubkeyResultCB')
|
log.info('PubkeyResultCB')
|
||||||
|
jid_from = unicode(obj.getAttr('from'))
|
||||||
|
self.dispatch('PUBKEY_RESULT', (con, obj, jid_from));
|
||||||
|
|
||||||
def _StreamCB(self, con, obj):
|
def _StreamCB(self, con, obj):
|
||||||
if obj.getTag('conflict'):
|
if obj.getTag('conflict'):
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,8 @@
|
||||||
import os
|
import os
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
|
import common
|
||||||
|
import gajim
|
||||||
log = logging.getLogger('gajim.c.jingle_xtls')
|
log = logging.getLogger('gajim.c.jingle_xtls')
|
||||||
|
|
||||||
PYOPENSSL_PRESENT = False
|
PYOPENSSL_PRESENT = False
|
||||||
|
|
@ -92,6 +94,48 @@ def get_context(fingerprint, verify_cb=None):
|
||||||
load_cert_file(os.path.join(os.path.expanduser(CERTIFICATE_DIR), f), store)
|
load_cert_file(os.path.join(os.path.expanduser(CERTIFICATE_DIR), f), store)
|
||||||
return ctx
|
return ctx
|
||||||
|
|
||||||
|
def send_cert(con, jid_from, sid):
|
||||||
|
certpath = os.path.expanduser(CERTIFICATE_DIR + SELF_SIGNED_CERTIFICATE + '.cert')
|
||||||
|
certfile = open(certpath, 'r')
|
||||||
|
certificate = ''
|
||||||
|
for line in certfile.readlines():
|
||||||
|
if not line.startswith('-'):
|
||||||
|
certificate += line
|
||||||
|
iq = common.xmpp.Iq('result', to=jid_from);
|
||||||
|
iq.setAttr('id', sid)
|
||||||
|
|
||||||
|
pubkey = iq.setTag('pubkeys')
|
||||||
|
pubkey.setNamespace(common.xmpp.NS_PUBKEY_PUBKEY)
|
||||||
|
|
||||||
|
keyinfo = pubkey.setTag('keyinfo')
|
||||||
|
name = keyinfo.setTag('name')
|
||||||
|
name.setData('CertificateHash')
|
||||||
|
cert = keyinfo.setTag('x509cert')
|
||||||
|
cert.setData(certificate)
|
||||||
|
|
||||||
|
con.send(iq)
|
||||||
|
|
||||||
|
def handle_new_cert(con, obj, jid_from):
|
||||||
|
jid = gajim.get_jid_without_resource(jid_from)
|
||||||
|
certpath = os.path.join(os.path.expanduser(CERTIFICATE_DIR), jid)
|
||||||
|
certpath += '.cert'
|
||||||
|
|
||||||
|
x509cert = obj.getTag('pubkeys').getTag('keyinfo').getTag('x509cert')
|
||||||
|
|
||||||
|
cert = x509cert.getData()
|
||||||
|
|
||||||
|
f = open(certpath, 'w')
|
||||||
|
f.write('-----BEGIN CERTIFICATE-----\n')
|
||||||
|
f.write(cert)
|
||||||
|
f.write('-----END CERTIFICATE-----\n')
|
||||||
|
|
||||||
|
def send_cert_request(con, to_jid):
|
||||||
|
iq = common.xmpp.Iq('get', to=to_jid)
|
||||||
|
iq.setAttr('id', con.connection.getAnID())
|
||||||
|
pubkey = iq.setTag('pubkeys')
|
||||||
|
pubkey.setNamespace(common.xmpp.NS_PUBKEY_PUBKEY)
|
||||||
|
con.connection.send(iq)
|
||||||
|
|
||||||
# the following code is partly due to pyopenssl examples
|
# the following code is partly due to pyopenssl examples
|
||||||
|
|
||||||
TYPE_RSA = crypto.TYPE_RSA
|
TYPE_RSA = crypto.TYPE_RSA
|
||||||
|
|
|
||||||
|
|
@ -34,6 +34,7 @@ from common import xmpp
|
||||||
from common import gajim
|
from common import gajim
|
||||||
from common import helpers
|
from common import helpers
|
||||||
from common import dataforms
|
from common import dataforms
|
||||||
|
from common import jingle_xtls
|
||||||
|
|
||||||
from common.socks5 import Socks5Receiver
|
from common.socks5 import Socks5Receiver
|
||||||
|
|
||||||
|
|
@ -139,6 +140,8 @@ class ConnectionBytestream:
|
||||||
gajim.socks5queue.add_file_props(self.name, file_props)
|
gajim.socks5queue.add_file_props(self.name, file_props)
|
||||||
|
|
||||||
if not session.accepted:
|
if not session.accepted:
|
||||||
|
if session.get_content('file').use_security:
|
||||||
|
jingle_xtls.send_cert_request(self, file_props['receiver'])
|
||||||
session.approve_session()
|
session.approve_session()
|
||||||
session.approve_content('file')
|
session.approve_content('file')
|
||||||
return
|
return
|
||||||
|
|
|
||||||
|
|
@ -2112,6 +2112,14 @@ class Interface:
|
||||||
if pm_ctrl and hasattr(pm_ctrl, "update_contact"):
|
if pm_ctrl and hasattr(pm_ctrl, "update_contact"):
|
||||||
pm_ctrl.update_contact()
|
pm_ctrl.update_contact()
|
||||||
|
|
||||||
|
def handle_event_pubkey_request(self, account, data):
|
||||||
|
con, obj, jid_from, sid = data
|
||||||
|
common.jingle_xtls.send_cert(con, jid_from, sid)
|
||||||
|
|
||||||
|
def handle_event_pubkey_result(self, account, data):
|
||||||
|
con, obj, jid_from = data
|
||||||
|
common.jingle_xtls.handle_new_cert(con, obj, jid_from)
|
||||||
|
|
||||||
def create_core_handlers_list(self):
|
def create_core_handlers_list(self):
|
||||||
self.handlers = {
|
self.handlers = {
|
||||||
'ROSTER': [self.handle_event_roster],
|
'ROSTER': [self.handle_event_roster],
|
||||||
|
|
@ -2203,7 +2211,9 @@ class Interface:
|
||||||
'JINGLE_DISCONNECTED': [self.handle_event_jingle_disconnected],
|
'JINGLE_DISCONNECTED': [self.handle_event_jingle_disconnected],
|
||||||
'JINGLE_ERROR': [self.handle_event_jingle_error],
|
'JINGLE_ERROR': [self.handle_event_jingle_error],
|
||||||
'PEP_RECEIVED': [self.handle_event_pep_received],
|
'PEP_RECEIVED': [self.handle_event_pep_received],
|
||||||
'CAPS_RECEIVED': [self.handle_event_caps_received]
|
'CAPS_RECEIVED': [self.handle_event_caps_received],
|
||||||
|
'PUBKEY_REQUEST': [self.handle_event_pubkey_request],
|
||||||
|
'PUBKEY_RESULT': [self.handle_event_pubkey_result],
|
||||||
}
|
}
|
||||||
|
|
||||||
def register_core_handlers(self):
|
def register_core_handlers(self):
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue