diff options
author | lovetox <philipp@hoerist.com> | 2020-09-10 23:32:48 +0300 |
---|---|---|
committer | lovetox <philipp@hoerist.com> | 2020-09-10 23:35:24 +0300 |
commit | 74ed329171b476e132680dbb8ce86e25859f2155 (patch) | |
tree | d66d2bda1e521df8c74bd6e445595068149e1f37 /pgp | |
parent | 2cc719be9b3ce0f2f01d20cfe781327808ddfbe4 (diff) |
[pgp] Don’t assign keys automatically
Fixes #519
Diffstat (limited to 'pgp')
-rw-r--r-- | pgp/modules/pgp_legacy.py | 40 |
1 files changed, 22 insertions, 18 deletions
diff --git a/pgp/modules/pgp_legacy.py b/pgp/modules/pgp_legacy.py index 22a2261..8710ebc 100644 --- a/pgp/modules/pgp_legacy.py +++ b/pgp/modules/pgp_legacy.py @@ -78,7 +78,7 @@ class PGPLegacy(BaseModule): self._store = KeyStore(self._account, self.own_jid, self._log, self._pgp.list_keys) self._always_trust = [] - self._presence_key_id_store = {} + self._presence_fingerprint_store = {} @property def pgp_backend(self): @@ -101,39 +101,43 @@ class PGPLegacy(BaseModule): if key_data is None: return False key_id = key_data['key_id'] - announced_key_id = self._presence_key_id_store.get(jid) - if announced_key_id is None: + + announced_fingerprint = self._presence_fingerprint_store.get(jid) + if announced_fingerprint is None: return True - if announced_key_id == key_id: + + if announced_fingerprint == key_id: return True - raise KeyMismatch(announced_key_id) + + raise KeyMismatch(announced_fingerprint) def _on_presence_received(self, _con, _stanza, properties): if properties.signed is None: return jid = properties.jid.getBare() - key_id = self._pgp.verify(properties.status, properties.signed) - self._log.info('Presence from %s was signed with key-id: %s', - jid, key_id) - if key_id is None: + fingerprint = self._pgp.verify(properties.status, properties.signed) + if fingerprint is None: + self._log.info('Presence from %s was signed but no corresponding ' + 'key was found', jid) return - self._presence_key_id_store[jid] = key_id + self._presence_fingerprint_store[jid] = fingerprint + self._log.info('Presence from %s was verified successfully, ' + 'fingerprint: %s', jid, fingerprint) key_data = self.get_contact_key_data(jid) - if key_data is not None: + if key_data is None: + self._log.info('No key assigned for contact: %s', jid) return - key = self._pgp.get_key(key_id) - if not key: - self._log.info('Key-id %s not found in keyring, cant assign to %s', - key_id, jid) + if key_data['key_id'] != fingerprint: + self._log.warning('Fingerprint mismatch, ' + 'Presence was signed with fingerprint: %s, ' + 'Assigned key fingerprint: %s', + fingerprint, key_data['key_id']) return - self._log.info('Assign key-id: %s to %s', key_id, jid) - self.set_contact_key_data(jid, (key_id, key[0]['uids'][0])) - def _message_received(self, _con, stanza, properties): if not properties.is_pgp_legacy or properties.from_muc: return |