mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-05-27 10:44:33 +00:00
Moved a few FIXMEs and reorganized the verify methods.
This commit is contained in:
Nick Daly
parent
4399b579ca
commit
db44fe60e6
@ -325,36 +325,22 @@ class SimpleSantiago(object):
|
|||||||
are the only folks who must trust the inner signature. Proxiers must
|
are the only folks who must trust the inner signature. Proxiers must
|
||||||
only verify that signature.
|
only verify that signature.
|
||||||
|
|
||||||
FIXME: If we duplicate any keys in the signed message (for addressing)
|
:FIXME: If we duplicate any keys in the signed message (for addressing)
|
||||||
they must be ignored.
|
they must be ignored.
|
||||||
|
|
||||||
|
:FIXME: Handle weird requests. what if the client isn't the encrypter??
|
||||||
|
in that case, it must be ignored.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
request = PgpUnwrapper(str(kwargs["request"]), gpg=self.gpg)
|
request = PgpUnwrapper(str(kwargs["request"]), gpg=self.gpg)
|
||||||
|
|
||||||
proxied_request = self.verify_sender(request)
|
proxied_request = self.verify_sender(request.next())
|
||||||
encrypted_body = dict(self.verify_client(request))
|
encrypted_body = dict(self.verify_client(request.next()))
|
||||||
|
request_body = dict(self.decrypt_client(request.next()))
|
||||||
if not encrypted_body:
|
|
||||||
return
|
|
||||||
|
|
||||||
if not self.i_am(encrypted_body["to"]):
|
|
||||||
self.proxy(proxied_request)
|
|
||||||
return
|
|
||||||
|
|
||||||
request_body = dict(self.decrypt_client(request))
|
|
||||||
|
|
||||||
if not request_body:
|
|
||||||
return
|
|
||||||
|
|
||||||
# we could proxy misdirected requests here, but I'm not.
|
|
||||||
if not (self.i_am(request_body["to"]) and
|
|
||||||
self.i_am(request_body["host"])):
|
|
||||||
# self.proxy(proxied_request)
|
|
||||||
return
|
|
||||||
|
|
||||||
return request_body
|
return request_body
|
||||||
|
|
||||||
def verify_sender(self, request):
|
def verify_sender(self, request_body):
|
||||||
"""Verify the signature of the message's sender.
|
"""Verify the signature of the message's sender.
|
||||||
|
|
||||||
This is part (A) in the message diagram.
|
This is part (A) in the message diagram.
|
||||||
@ -371,8 +357,6 @@ class SimpleSantiago(object):
|
|||||||
allowed to send us messages.
|
allowed to send us messages.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
proxied_request = request.next()
|
|
||||||
|
|
||||||
if not request.gpg.valid:
|
if not request.gpg.valid:
|
||||||
raise InvalidSignatureError()
|
raise InvalidSignatureError()
|
||||||
|
|
||||||
@ -380,9 +364,9 @@ class SimpleSantiago(object):
|
|||||||
raise UnwillingHostError(
|
raise UnwillingHostError(
|
||||||
"{0} is not a Santiago client.".format(request.gpg.fingerprint))
|
"{0} is not a Santiago client.".format(request.gpg.fingerprint))
|
||||||
|
|
||||||
return proxied_request
|
return request_body
|
||||||
|
|
||||||
def verify_client(self, request):
|
def verify_client(self, request_body, proxied_request):
|
||||||
"""Verify the signature of the message's source.
|
"""Verify the signature of the message's source.
|
||||||
|
|
||||||
This is part (B) in the message diagram.
|
This is part (B) in the message diagram.
|
||||||
@ -395,39 +379,33 @@ class SimpleSantiago(object):
|
|||||||
We shouldn't verify the Santiago client here, it the request goes to
|
We shouldn't verify the Santiago client here, it the request goes to
|
||||||
somebody else.
|
somebody else.
|
||||||
|
|
||||||
:FIXME: Handle weird requests. what if the client isn't the encrypter??
|
|
||||||
|
|
||||||
"""
|
"""
|
||||||
encrypted_body = request.next()
|
self.verify_client(request_body)
|
||||||
|
|
||||||
if not request.gpg.valid:
|
if not request_body:
|
||||||
raise InvalidSignatureError()
|
return
|
||||||
|
|
||||||
if not self.get_host_locations(request.gpg.fingerprint, "santiago"):
|
if not self.i_am(request_body["to"]):
|
||||||
raise UnwillingHostError(
|
self.proxy(proxied_request)
|
||||||
"{0} is not a Santiago client.".format(request.gpg.fingerprint))
|
return
|
||||||
|
|
||||||
return encrypted_body
|
return request_body
|
||||||
|
|
||||||
def decrypt_client(self, request):
|
def decrypt_client(self, request_body):
|
||||||
"""Decrypt the message and validates the encrypted signature.
|
"""Decrypt the message and validates the encrypted signature.
|
||||||
|
|
||||||
This is part (C) in the message diagram.
|
This is part (C) in the message diagram.
|
||||||
|
|
||||||
TODO Raises an InvalidSignature error when the signature is incorrect.
|
Raises an InvalidSignature error when the signature is incorrect.
|
||||||
|
|
||||||
TODO Raises an UnwillingHost error when the signer is not a client
|
Raises an UnwillingHost error when the signer is not a client authorized
|
||||||
authorized to send us Santiago messages.
|
to send us Santiago messages.
|
||||||
|
|
||||||
"""
|
"""
|
||||||
request_body = dict(request.next())
|
self.verify_client(request_body)
|
||||||
|
|
||||||
if not request.gpg.valid:
|
if not self.i_am(request_body["host"]):
|
||||||
raise InvalidSignatureError()
|
return
|
||||||
|
|
||||||
if not self.get_host_locations(request.gpg.fingerprint, "santiago"):
|
|
||||||
raise UnwillingHostError(
|
|
||||||
"{0} is not a Santiago client.".format(request.gpg.fingerprint))
|
|
||||||
|
|
||||||
return request_body
|
return request_body
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user