From 68acde0220c3f895300b5491f941ca611212a206 Mon Sep 17 00:00:00 2001 From: Bruno Wagner Date: Fri, 5 Jun 2015 17:16:26 -0300 Subject: Moved extensions to their own folder, so support has more meaning --- service/pixelated/config/initialize_leap.py | 16 ++--- service/pixelated/extensions/__init__.py | 0 .../pixelated/extensions/esmtp_sender_factory.py | 27 +++++++ .../extensions/incoming_decrypt_header.py | 35 +++++++++ .../pixelated/extensions/keymanager_fetch_key.py | 60 ++++++++++++++++ service/pixelated/extensions/protobuf_socket.py | 37 ++++++++++ service/pixelated/extensions/requests_urllib3.py | 82 ++++++++++++++++++++++ service/pixelated/extensions/shared_db.py | 16 +++++ .../pixelated/extensions/soledad_sync_exception.py | 22 ++++++ service/pixelated/extensions/sqlcipher_wal.py | 24 +++++++ .../pixelated/support/ext_esmtp_sender_factory.py | 27 ------- service/pixelated/support/ext_fetch.py | 35 --------- .../pixelated/support/ext_keymanager_fetch_key.py | 60 ---------------- service/pixelated/support/ext_protobuf.py | 37 ---------- service/pixelated/support/ext_requests_urllib3.py | 82 ---------------------- service/pixelated/support/ext_shared_db.py | 16 ----- service/pixelated/support/ext_sqlcipher.py | 24 ------- service/pixelated/support/ext_sync.py | 22 ------ service/pixelated/support/id_gen.py | 20 ------ .../unit/extensions/test_keymanager_fetch_key.py | 76 ++++++++++++++++++++ .../unit/support/test_ext_keymanager_fetch_key.py | 76 -------------------- 21 files changed, 387 insertions(+), 407 deletions(-) create mode 100644 service/pixelated/extensions/__init__.py create mode 100644 service/pixelated/extensions/esmtp_sender_factory.py create mode 100644 service/pixelated/extensions/incoming_decrypt_header.py create mode 100644 service/pixelated/extensions/keymanager_fetch_key.py create mode 100644 service/pixelated/extensions/protobuf_socket.py create mode 100644 service/pixelated/extensions/requests_urllib3.py create mode 100644 service/pixelated/extensions/shared_db.py create mode 100644 service/pixelated/extensions/soledad_sync_exception.py create mode 100644 service/pixelated/extensions/sqlcipher_wal.py delete mode 100644 service/pixelated/support/ext_esmtp_sender_factory.py delete mode 100644 service/pixelated/support/ext_fetch.py delete mode 100644 service/pixelated/support/ext_keymanager_fetch_key.py delete mode 100644 service/pixelated/support/ext_protobuf.py delete mode 100644 service/pixelated/support/ext_requests_urllib3.py delete mode 100644 service/pixelated/support/ext_shared_db.py delete mode 100644 service/pixelated/support/ext_sqlcipher.py delete mode 100644 service/pixelated/support/ext_sync.py delete mode 100644 service/pixelated/support/id_gen.py create mode 100644 service/test/unit/extensions/test_keymanager_fetch_key.py delete mode 100644 service/test/unit/support/test_ext_keymanager_fetch_key.py diff --git a/service/pixelated/config/initialize_leap.py b/service/pixelated/config/initialize_leap.py index 7b600bf8..1f8c5655 100644 --- a/service/pixelated/config/initialize_leap.py +++ b/service/pixelated/config/initialize_leap.py @@ -37,11 +37,11 @@ def init_leap_cert(leap_provider_cert, leap_provider_cert_fingerprint): def init_monkeypatches(): - import pixelated.support.ext_protobuf - import pixelated.support.ext_sqlcipher - import pixelated.support.ext_esmtp_sender_factory - import pixelated.support.ext_fetch - import pixelated.support.ext_sync - import pixelated.support.ext_keymanager_fetch_key - import pixelated.support.ext_requests_urllib3 - import pixelated.support.ext_shared_db + import pixelated.extensions.protobuf_socket + import pixelated.extensions.sqlcipher_wal + import pixelated.extensions.esmtp_sender_factory + import pixelated.extensions.incoming_decrypt_header + import pixelated.extensions.soledad_sync_exception + import pixelated.extensions.keymanager_fetch_key + import pixelated.extensions.requests_urllib3 + import pixelated.extensions.shared_db diff --git a/service/pixelated/extensions/__init__.py b/service/pixelated/extensions/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/service/pixelated/extensions/esmtp_sender_factory.py b/service/pixelated/extensions/esmtp_sender_factory.py new file mode 100644 index 00000000..59aa90c8 --- /dev/null +++ b/service/pixelated/extensions/esmtp_sender_factory.py @@ -0,0 +1,27 @@ +# +# Copyright (c) 2014 ThoughtWorks, Inc. +# +# Pixelated is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Pixelated is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with Pixelated. If not, see . + +from twisted.mail import smtp + + +def no_require_transport_security(f): + def wrapper(*args, **kwargs): + kwargs['requireTransportSecurity'] = False + return f(*args, **kwargs) + return wrapper + + +smtp.ESMTPSenderFactory = no_require_transport_security(smtp.ESMTPSenderFactory) diff --git a/service/pixelated/extensions/incoming_decrypt_header.py b/service/pixelated/extensions/incoming_decrypt_header.py new file mode 100644 index 00000000..2db5dd1d --- /dev/null +++ b/service/pixelated/extensions/incoming_decrypt_header.py @@ -0,0 +1,35 @@ +import leap.mail.imap.fetch as fetch + + +def mark_as_encrypted_inline(f): + + def w(*args, **kwargs): + msg, valid_sign = f(*args) + is_encrypted = fetch.PGP_BEGIN in args[1].as_string() and fetch.PGP_END in args[1].as_string() + decrypted_successfully = fetch.PGP_BEGIN not in msg.as_string() and fetch.PGP_END not in msg.as_string() + + if not is_encrypted: + encrypted = 'false' + else: + if decrypted_successfully: + encrypted = 'true' + else: + encrypted = 'fail' + + msg.add_header('X-Pixelated-encryption-status', encrypted) + return msg, valid_sign + + return w + + +def mark_as_encrypted_multipart(f): + + def w(*args, **kwargs): + msg, valid_sign = f(*args) + msg.add_header('X-Pixelated-encryption-status', 'true') + return msg, valid_sign + return w + + +fetch.LeapIncomingMail._maybe_decrypt_inline_encrypted_msg = mark_as_encrypted_inline(fetch.LeapIncomingMail._maybe_decrypt_inline_encrypted_msg) +fetch.LeapIncomingMail._decrypt_multipart_encrypted_msg = mark_as_encrypted_multipart(fetch.LeapIncomingMail._decrypt_multipart_encrypted_msg) diff --git a/service/pixelated/extensions/keymanager_fetch_key.py b/service/pixelated/extensions/keymanager_fetch_key.py new file mode 100644 index 00000000..d39d1f96 --- /dev/null +++ b/service/pixelated/extensions/keymanager_fetch_key.py @@ -0,0 +1,60 @@ +# +# Copyright (c) 2014 ThoughtWorks, Inc. +# +# Pixelated is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Pixelated is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with Pixelated. If not, see . +import leap.keymanager +import requests +import logging +from leap.keymanager.errors import KeyNotFound +from leap.keymanager.openpgp import OpenPGPKey + + +logger = logging.getLogger(__name__) + + +def patched_fetch_keys_from_server(self, address): + """ + Fetch keys bound to C{address} from nickserver and insert them in + local database. + + Instead of raising a KeyNotFound only for 404 responses, this implementation + raises a KeyNotFound exception for all problems. + + For original see: https://github.com/leapcode/keymanager/blob/develop/src/leap/keymanager/__init__.py + + :param address: The address bound to the keys. + :type address: str + + :raise KeyNotFound: If the key was not found on nickserver. + """ + # request keys from the nickserver + res = None + try: + res = self._get(self._nickserver_uri, {'address': address}) + res.raise_for_status() + server_keys = res.json() + # insert keys in local database + if self.OPENPGP_KEY in server_keys: + self._wrapper_map[OpenPGPKey].put_ascii_key( + server_keys['openpgp']) + except requests.exceptions.HTTPError as e: + logger.warning("HTTP error retrieving key: %r" % (e,)) + logger.warning("%s" % (res.content,)) + raise KeyNotFound(address) + except Exception as e: + logger.warning("Error retrieving key: %r" % (e,)) + raise KeyNotFound(address) + + +leap.keymanager.KeyManager._fetch_keys_from_server = patched_fetch_keys_from_server diff --git a/service/pixelated/extensions/protobuf_socket.py b/service/pixelated/extensions/protobuf_socket.py new file mode 100644 index 00000000..548f5fd6 --- /dev/null +++ b/service/pixelated/extensions/protobuf_socket.py @@ -0,0 +1,37 @@ +# +# Copyright (c) 2014 ThoughtWorks, Inc. +# +# Pixelated is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Pixelated is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with Pixelated. If not, see . + +from __future__ import print_function +from sys import platform as _platform + +import protobuf.socketrpc.server + +# protobuf throws a lot of 'Socket is not connected' exceptions on OSX but they are not an issue. +# refer too https://code.google.com/p/protobuf-socket-rpc/issues/detail?id=10 and +# or https://leap.se/code/issues/2187 +if _platform == 'darwin': + def try_except_decorator(func): + def wrapper(*args, **kwargs): + try: + func(*args, **kwargs) + pass + except: + pass + + return wrapper + + protobuf.socketrpc.server.SocketHandler.handle = try_except_decorator( + protobuf.socketrpc.server.SocketHandler.handle) diff --git a/service/pixelated/extensions/requests_urllib3.py b/service/pixelated/extensions/requests_urllib3.py new file mode 100644 index 00000000..c4ec2438 --- /dev/null +++ b/service/pixelated/extensions/requests_urllib3.py @@ -0,0 +1,82 @@ +# +# Copyright (c) 2014 ThoughtWorks, Inc. +# +# Pixelated is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Pixelated is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with Pixelated. If not, see . + +import requests + + +if requests.__version__ == '2.0.0': + try: + import requests.packages.urllib3.connectionpool + from socket import error as SocketError, timeout as SocketTimeout + from requests.packages.urllib3.packages.ssl_match_hostname import CertificateError, match_hostname + import socket + import ssl + + from requests.packages.urllib3.exceptions import ( + ClosedPoolError, + ConnectTimeoutError, + EmptyPoolError, + HostChangedError, + MaxRetryError, + SSLError, + ReadTimeoutError, + ProxyError, + ) + + from requests.packages.urllib3.util import ( + assert_fingerprint, + get_host, + is_connection_dropped, + resolve_cert_reqs, + resolve_ssl_version, + ssl_wrap_socket, + Timeout, + ) + + def patched_connect(self): + # Add certificate verification + try: + sock = socket.create_connection(address=(self.host, self.port), timeout=self.timeout) + except SocketTimeout: + raise ConnectTimeoutError(self, "Connection to %s timed out. (connect timeout=%s)" % (self.host, self.timeout)) + + resolved_cert_reqs = resolve_cert_reqs(self.cert_reqs) + resolved_ssl_version = resolve_ssl_version(self.ssl_version) + + if self._tunnel_host: + self.sock = sock + # Calls self._set_hostport(), so self.host is + # self._tunnel_host below. + self._tunnel() + + # Wrap socket using verification with the root certs in + # trusted_root_certs + self.sock = ssl_wrap_socket(sock, self.key_file, self.cert_file, + cert_reqs=resolved_cert_reqs, + ca_certs=self.ca_certs, + server_hostname=self.host, + ssl_version=resolved_ssl_version) + + if self.assert_fingerprint: + assert_fingerprint(self.sock.getpeercert(binary_form=True), + self.assert_fingerprint) + elif resolved_cert_reqs != ssl.CERT_NONE and self.assert_hostname is not False: + match_hostname(self.sock.getpeercert(), + self.assert_hostname or self.host) + + requests.packages.urllib3.connectionpool.VerifiedHTTPSConnection.connect = patched_connect + except ImportError: + pass # The patch is specific for the debian package. Ignore it if it can't be found diff --git a/service/pixelated/extensions/shared_db.py b/service/pixelated/extensions/shared_db.py new file mode 100644 index 00000000..3e8a978e --- /dev/null +++ b/service/pixelated/extensions/shared_db.py @@ -0,0 +1,16 @@ +from leap.soledad.client.auth import TokenBasedAuth +import base64 +from u1db import errors + + +def patched_sign_request(self, method, url_query, params): + if 'token' in self._creds: + uuid, token = self._creds['token'] + auth = '%s:%s' % (uuid, token) + return [('Authorization', 'Token %s' % base64.b64encode(auth))] + else: + raise errors.UnknownAuthMethod( + 'Wrong credentials: %s' % self._creds) + + +TokenBasedAuth._sign_request = patched_sign_request diff --git a/service/pixelated/extensions/soledad_sync_exception.py b/service/pixelated/extensions/soledad_sync_exception.py new file mode 100644 index 00000000..cb3204ad --- /dev/null +++ b/service/pixelated/extensions/soledad_sync_exception.py @@ -0,0 +1,22 @@ +import leap.soledad.client as client +import urlparse +from leap.soledad.client.events import ( + SOLEDAD_DONE_DATA_SYNC, + signal +) + + +def patched_sync(self, defer_decryption=True): + if self._db: + try: + local_gen = self._db.sync( + urlparse.urljoin(self.server_url, 'user-%s' % self._uuid), + creds=self._creds, autocreate=False, + defer_decryption=defer_decryption) + signal(SOLEDAD_DONE_DATA_SYNC, self._uuid) + return local_gen + except Exception as e: + client.logger.error("Soledad exception when syncing: %s - %s" % (e.__class__.__name__, e.message)) + + +client.Soledad.sync = patched_sync diff --git a/service/pixelated/extensions/sqlcipher_wal.py b/service/pixelated/extensions/sqlcipher_wal.py new file mode 100644 index 00000000..776087bf --- /dev/null +++ b/service/pixelated/extensions/sqlcipher_wal.py @@ -0,0 +1,24 @@ +# +# Copyright (c) 2014 ThoughtWorks, Inc. +# +# Pixelated is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Pixelated is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with Pixelated. If not, see . + +from sys import platform as _platform + +import leap.soledad.client.sqlcipher + +# WAL is breaking for the debian sqlcipher package so we need to disable it +# refer to https://leap.se/code/issues/5562 +if _platform == 'linux2': + leap.soledad.client.sqlcipher.SQLCipherDatabase._pragma_write_ahead_logging = lambda x, y: None diff --git a/service/pixelated/support/ext_esmtp_sender_factory.py b/service/pixelated/support/ext_esmtp_sender_factory.py deleted file mode 100644 index 59aa90c8..00000000 --- a/service/pixelated/support/ext_esmtp_sender_factory.py +++ /dev/null @@ -1,27 +0,0 @@ -# -# Copyright (c) 2014 ThoughtWorks, Inc. -# -# Pixelated is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Pixelated is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Pixelated. If not, see . - -from twisted.mail import smtp - - -def no_require_transport_security(f): - def wrapper(*args, **kwargs): - kwargs['requireTransportSecurity'] = False - return f(*args, **kwargs) - return wrapper - - -smtp.ESMTPSenderFactory = no_require_transport_security(smtp.ESMTPSenderFactory) diff --git a/service/pixelated/support/ext_fetch.py b/service/pixelated/support/ext_fetch.py deleted file mode 100644 index 2db5dd1d..00000000 --- a/service/pixelated/support/ext_fetch.py +++ /dev/null @@ -1,35 +0,0 @@ -import leap.mail.imap.fetch as fetch - - -def mark_as_encrypted_inline(f): - - def w(*args, **kwargs): - msg, valid_sign = f(*args) - is_encrypted = fetch.PGP_BEGIN in args[1].as_string() and fetch.PGP_END in args[1].as_string() - decrypted_successfully = fetch.PGP_BEGIN not in msg.as_string() and fetch.PGP_END not in msg.as_string() - - if not is_encrypted: - encrypted = 'false' - else: - if decrypted_successfully: - encrypted = 'true' - else: - encrypted = 'fail' - - msg.add_header('X-Pixelated-encryption-status', encrypted) - return msg, valid_sign - - return w - - -def mark_as_encrypted_multipart(f): - - def w(*args, **kwargs): - msg, valid_sign = f(*args) - msg.add_header('X-Pixelated-encryption-status', 'true') - return msg, valid_sign - return w - - -fetch.LeapIncomingMail._maybe_decrypt_inline_encrypted_msg = mark_as_encrypted_inline(fetch.LeapIncomingMail._maybe_decrypt_inline_encrypted_msg) -fetch.LeapIncomingMail._decrypt_multipart_encrypted_msg = mark_as_encrypted_multipart(fetch.LeapIncomingMail._decrypt_multipart_encrypted_msg) diff --git a/service/pixelated/support/ext_keymanager_fetch_key.py b/service/pixelated/support/ext_keymanager_fetch_key.py deleted file mode 100644 index d39d1f96..00000000 --- a/service/pixelated/support/ext_keymanager_fetch_key.py +++ /dev/null @@ -1,60 +0,0 @@ -# -# Copyright (c) 2014 ThoughtWorks, Inc. -# -# Pixelated is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Pixelated is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Pixelated. If not, see . -import leap.keymanager -import requests -import logging -from leap.keymanager.errors import KeyNotFound -from leap.keymanager.openpgp import OpenPGPKey - - -logger = logging.getLogger(__name__) - - -def patched_fetch_keys_from_server(self, address): - """ - Fetch keys bound to C{address} from nickserver and insert them in - local database. - - Instead of raising a KeyNotFound only for 404 responses, this implementation - raises a KeyNotFound exception for all problems. - - For original see: https://github.com/leapcode/keymanager/blob/develop/src/leap/keymanager/__init__.py - - :param address: The address bound to the keys. - :type address: str - - :raise KeyNotFound: If the key was not found on nickserver. - """ - # request keys from the nickserver - res = None - try: - res = self._get(self._nickserver_uri, {'address': address}) - res.raise_for_status() - server_keys = res.json() - # insert keys in local database - if self.OPENPGP_KEY in server_keys: - self._wrapper_map[OpenPGPKey].put_ascii_key( - server_keys['openpgp']) - except requests.exceptions.HTTPError as e: - logger.warning("HTTP error retrieving key: %r" % (e,)) - logger.warning("%s" % (res.content,)) - raise KeyNotFound(address) - except Exception as e: - logger.warning("Error retrieving key: %r" % (e,)) - raise KeyNotFound(address) - - -leap.keymanager.KeyManager._fetch_keys_from_server = patched_fetch_keys_from_server diff --git a/service/pixelated/support/ext_protobuf.py b/service/pixelated/support/ext_protobuf.py deleted file mode 100644 index 548f5fd6..00000000 --- a/service/pixelated/support/ext_protobuf.py +++ /dev/null @@ -1,37 +0,0 @@ -# -# Copyright (c) 2014 ThoughtWorks, Inc. -# -# Pixelated is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Pixelated is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Pixelated. If not, see . - -from __future__ import print_function -from sys import platform as _platform - -import protobuf.socketrpc.server - -# protobuf throws a lot of 'Socket is not connected' exceptions on OSX but they are not an issue. -# refer too https://code.google.com/p/protobuf-socket-rpc/issues/detail?id=10 and -# or https://leap.se/code/issues/2187 -if _platform == 'darwin': - def try_except_decorator(func): - def wrapper(*args, **kwargs): - try: - func(*args, **kwargs) - pass - except: - pass - - return wrapper - - protobuf.socketrpc.server.SocketHandler.handle = try_except_decorator( - protobuf.socketrpc.server.SocketHandler.handle) diff --git a/service/pixelated/support/ext_requests_urllib3.py b/service/pixelated/support/ext_requests_urllib3.py deleted file mode 100644 index c4ec2438..00000000 --- a/service/pixelated/support/ext_requests_urllib3.py +++ /dev/null @@ -1,82 +0,0 @@ -# -# Copyright (c) 2014 ThoughtWorks, Inc. -# -# Pixelated is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Pixelated is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Pixelated. If not, see . - -import requests - - -if requests.__version__ == '2.0.0': - try: - import requests.packages.urllib3.connectionpool - from socket import error as SocketError, timeout as SocketTimeout - from requests.packages.urllib3.packages.ssl_match_hostname import CertificateError, match_hostname - import socket - import ssl - - from requests.packages.urllib3.exceptions import ( - ClosedPoolError, - ConnectTimeoutError, - EmptyPoolError, - HostChangedError, - MaxRetryError, - SSLError, - ReadTimeoutError, - ProxyError, - ) - - from requests.packages.urllib3.util import ( - assert_fingerprint, - get_host, - is_connection_dropped, - resolve_cert_reqs, - resolve_ssl_version, - ssl_wrap_socket, - Timeout, - ) - - def patched_connect(self): - # Add certificate verification - try: - sock = socket.create_connection(address=(self.host, self.port), timeout=self.timeout) - except SocketTimeout: - raise ConnectTimeoutError(self, "Connection to %s timed out. (connect timeout=%s)" % (self.host, self.timeout)) - - resolved_cert_reqs = resolve_cert_reqs(self.cert_reqs) - resolved_ssl_version = resolve_ssl_version(self.ssl_version) - - if self._tunnel_host: - self.sock = sock - # Calls self._set_hostport(), so self.host is - # self._tunnel_host below. - self._tunnel() - - # Wrap socket using verification with the root certs in - # trusted_root_certs - self.sock = ssl_wrap_socket(sock, self.key_file, self.cert_file, - cert_reqs=resolved_cert_reqs, - ca_certs=self.ca_certs, - server_hostname=self.host, - ssl_version=resolved_ssl_version) - - if self.assert_fingerprint: - assert_fingerprint(self.sock.getpeercert(binary_form=True), - self.assert_fingerprint) - elif resolved_cert_reqs != ssl.CERT_NONE and self.assert_hostname is not False: - match_hostname(self.sock.getpeercert(), - self.assert_hostname or self.host) - - requests.packages.urllib3.connectionpool.VerifiedHTTPSConnection.connect = patched_connect - except ImportError: - pass # The patch is specific for the debian package. Ignore it if it can't be found diff --git a/service/pixelated/support/ext_shared_db.py b/service/pixelated/support/ext_shared_db.py deleted file mode 100644 index 3e8a978e..00000000 --- a/service/pixelated/support/ext_shared_db.py +++ /dev/null @@ -1,16 +0,0 @@ -from leap.soledad.client.auth import TokenBasedAuth -import base64 -from u1db import errors - - -def patched_sign_request(self, method, url_query, params): - if 'token' in self._creds: - uuid, token = self._creds['token'] - auth = '%s:%s' % (uuid, token) - return [('Authorization', 'Token %s' % base64.b64encode(auth))] - else: - raise errors.UnknownAuthMethod( - 'Wrong credentials: %s' % self._creds) - - -TokenBasedAuth._sign_request = patched_sign_request diff --git a/service/pixelated/support/ext_sqlcipher.py b/service/pixelated/support/ext_sqlcipher.py deleted file mode 100644 index 776087bf..00000000 --- a/service/pixelated/support/ext_sqlcipher.py +++ /dev/null @@ -1,24 +0,0 @@ -# -# Copyright (c) 2014 ThoughtWorks, Inc. -# -# Pixelated is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Pixelated is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Pixelated. If not, see . - -from sys import platform as _platform - -import leap.soledad.client.sqlcipher - -# WAL is breaking for the debian sqlcipher package so we need to disable it -# refer to https://leap.se/code/issues/5562 -if _platform == 'linux2': - leap.soledad.client.sqlcipher.SQLCipherDatabase._pragma_write_ahead_logging = lambda x, y: None diff --git a/service/pixelated/support/ext_sync.py b/service/pixelated/support/ext_sync.py deleted file mode 100644 index cb3204ad..00000000 --- a/service/pixelated/support/ext_sync.py +++ /dev/null @@ -1,22 +0,0 @@ -import leap.soledad.client as client -import urlparse -from leap.soledad.client.events import ( - SOLEDAD_DONE_DATA_SYNC, - signal -) - - -def patched_sync(self, defer_decryption=True): - if self._db: - try: - local_gen = self._db.sync( - urlparse.urljoin(self.server_url, 'user-%s' % self._uuid), - creds=self._creds, autocreate=False, - defer_decryption=defer_decryption) - signal(SOLEDAD_DONE_DATA_SYNC, self._uuid) - return local_gen - except Exception as e: - client.logger.error("Soledad exception when syncing: %s - %s" % (e.__class__.__name__, e.message)) - - -client.Soledad.sync = patched_sync diff --git a/service/pixelated/support/id_gen.py b/service/pixelated/support/id_gen.py deleted file mode 100644 index 6cac7523..00000000 --- a/service/pixelated/support/id_gen.py +++ /dev/null @@ -1,20 +0,0 @@ -# -# Copyright (c) 2014 ThoughtWorks, Inc. -# -# Pixelated is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Pixelated is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Pixelated. If not, see . -import hashlib - - -def gen_pixelated_uid(mbox, leap_message_uid): - return hashlib.md5(mbox + str(leap_message_uid)).hexdigest() diff --git a/service/test/unit/extensions/test_keymanager_fetch_key.py b/service/test/unit/extensions/test_keymanager_fetch_key.py new file mode 100644 index 00000000..8998198d --- /dev/null +++ b/service/test/unit/extensions/test_keymanager_fetch_key.py @@ -0,0 +1,76 @@ +# +# Copyright (c) 2014 ThoughtWorks, Inc. +# +# Pixelated is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Pixelated is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with Pixelated. If not, see . +import unittest +from mock import MagicMock, patch + +from leap.keymanager import KeyManager +from leap.keymanager.keys import KEY_ADDRESS_KEY, KEY_TYPE_KEY, KEY_ID_KEY, KEY_FINGERPRINT_KEY, KEY_DATA_KEY, KEY_PRIVATE_KEY, KEY_LENGTH_KEY, KEY_EXPIRY_DATE_KEY, KEY_FIRST_SEEN_AT_KEY, KEY_LAST_AUDITED_AT_KEY, KEY_VALIDATION_KEY, KEY_TAGS_KEY +from leap.keymanager.openpgp import OpenPGPKey +from leap.keymanager.errors import KeyNotFound +import pixelated.support.ext_keymanager_fetch_key +from requests.exceptions import HTTPError + + +class TestDoc(object): + def __init__(self, encryption_key): + self.content = encryption_key + +sample_key = { + KEY_ADDRESS_KEY: 'foo@bar.de', + KEY_TYPE_KEY: 'type', + KEY_ID_KEY: 'key_id', + KEY_FINGERPRINT_KEY: 'fingerprint', + KEY_DATA_KEY: 'key_data', + KEY_PRIVATE_KEY: None, + KEY_LENGTH_KEY: 'length', + KEY_EXPIRY_DATE_KEY: 'expiry_date', + KEY_FIRST_SEEN_AT_KEY: 'first_seen_at', + KEY_LAST_AUDITED_AT_KEY: 'last_audited_at', + KEY_VALIDATION_KEY: 'validation', + KEY_TAGS_KEY: 'tags', +} + + +class TestExtKeyManagerFetchKey(unittest.TestCase): + + @patch('leap.keymanager.requests') + def test_retrieves_key(self, requests_mock): + nickserver_url = 'http://some/nickserver/uri' + soledad = MagicMock() + soledad.get_from_index.side_effect = [[], [TestDoc(sample_key)]] + + km = KeyManager('me@bar.de', nickserver_url, soledad, ca_cert_path='some path') + + result = km.get_key('foo@bar.de', OpenPGPKey) + + self.assertEqual(str(OpenPGPKey('foo@bar.de', key_id='key_id')), str(result)) + + @patch('leap.keymanager.requests') + def test_http_error_500(self, requests_mock): + def do_request(one, data=None, verify=None): + response = MagicMock() + response.raise_for_status = MagicMock() + response.raise_for_status.side_effect = HTTPError + return response + + nickserver_url = 'http://some/nickserver/uri' + soledad = MagicMock() + soledad.get_from_index.side_effect = [[], []] + requests_mock.get.side_effect = do_request + + km = KeyManager('me@bar.de', nickserver_url, soledad, ca_cert_path='some path') + + self.assertRaises(KeyNotFound, km.get_key, 'foo@bar.de', OpenPGPKey) diff --git a/service/test/unit/support/test_ext_keymanager_fetch_key.py b/service/test/unit/support/test_ext_keymanager_fetch_key.py deleted file mode 100644 index 8998198d..00000000 --- a/service/test/unit/support/test_ext_keymanager_fetch_key.py +++ /dev/null @@ -1,76 +0,0 @@ -# -# Copyright (c) 2014 ThoughtWorks, Inc. -# -# Pixelated is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Pixelated is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Pixelated. If not, see . -import unittest -from mock import MagicMock, patch - -from leap.keymanager import KeyManager -from leap.keymanager.keys import KEY_ADDRESS_KEY, KEY_TYPE_KEY, KEY_ID_KEY, KEY_FINGERPRINT_KEY, KEY_DATA_KEY, KEY_PRIVATE_KEY, KEY_LENGTH_KEY, KEY_EXPIRY_DATE_KEY, KEY_FIRST_SEEN_AT_KEY, KEY_LAST_AUDITED_AT_KEY, KEY_VALIDATION_KEY, KEY_TAGS_KEY -from leap.keymanager.openpgp import OpenPGPKey -from leap.keymanager.errors import KeyNotFound -import pixelated.support.ext_keymanager_fetch_key -from requests.exceptions import HTTPError - - -class TestDoc(object): - def __init__(self, encryption_key): - self.content = encryption_key - -sample_key = { - KEY_ADDRESS_KEY: 'foo@bar.de', - KEY_TYPE_KEY: 'type', - KEY_ID_KEY: 'key_id', - KEY_FINGERPRINT_KEY: 'fingerprint', - KEY_DATA_KEY: 'key_data', - KEY_PRIVATE_KEY: None, - KEY_LENGTH_KEY: 'length', - KEY_EXPIRY_DATE_KEY: 'expiry_date', - KEY_FIRST_SEEN_AT_KEY: 'first_seen_at', - KEY_LAST_AUDITED_AT_KEY: 'last_audited_at', - KEY_VALIDATION_KEY: 'validation', - KEY_TAGS_KEY: 'tags', -} - - -class TestExtKeyManagerFetchKey(unittest.TestCase): - - @patch('leap.keymanager.requests') - def test_retrieves_key(self, requests_mock): - nickserver_url = 'http://some/nickserver/uri' - soledad = MagicMock() - soledad.get_from_index.side_effect = [[], [TestDoc(sample_key)]] - - km = KeyManager('me@bar.de', nickserver_url, soledad, ca_cert_path='some path') - - result = km.get_key('foo@bar.de', OpenPGPKey) - - self.assertEqual(str(OpenPGPKey('foo@bar.de', key_id='key_id')), str(result)) - - @patch('leap.keymanager.requests') - def test_http_error_500(self, requests_mock): - def do_request(one, data=None, verify=None): - response = MagicMock() - response.raise_for_status = MagicMock() - response.raise_for_status.side_effect = HTTPError - return response - - nickserver_url = 'http://some/nickserver/uri' - soledad = MagicMock() - soledad.get_from_index.side_effect = [[], []] - requests_mock.get.side_effect = do_request - - km = KeyManager('me@bar.de', nickserver_url, soledad, ca_cert_path='some path') - - self.assertRaises(KeyNotFound, km.get_key, 'foo@bar.de', OpenPGPKey) -- cgit v1.2.3