search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
More updates to support Python 3
[zeroinstall.git] / zeroinstall / injector / trust.py
blob0cbf82c81789dbbabb2ff3ef2f42c7488f92f65e
1 """
2 Records who we trust to sign feeds.
3
4 Trust is divided up into domains, so that it is possible to trust a key
5 in some cases and not others.
6
7 @var trust_db: Singleton trust database instance.
8 """
9
10 # Copyright (C) 2009, Thomas Leonard
11 # See the README file for details, or visit http://0install.net.
12
13 from zeroinstall import _, SafeException
14 import os
15 from logging import info
16
17 from zeroinstall import support
18 from zeroinstall.support import basedir, tasks
19 from .namespaces import config_site, config_prog, XMLNS_TRUST
20
21 KEY_INFO_TIMEOUT = 10 # Maximum time to wait for response from key-info-server
22
23 class TrustDB(object):
24 """A database of trusted keys.
25 @ivar keys: maps trusted key fingerprints to a set of domains for which where it is trusted
26 @type keys: {str: set(str)}
27 @ivar watchers: callbacks invoked by L{notify}
28 @see: L{trust_db} - the singleton instance of this class"""
29 __slots__ = ['keys', 'watchers']
30
31 def __init__(self):
32 self.keys = None
33 self.watchers = []
34
35 def is_trusted(self, fingerprint, domain = None):
36 self.ensure_uptodate()
37
38 domains = self.keys.get(fingerprint, None)
39 if not domains: return False # Unknown key
40
41 if domain is None:
42 return True # Deprecated
43
44 return domain in domains or '*' in domains
45
46 def get_trust_domains(self, fingerprint):
47 """Return the set of domains in which this key is trusted.
48 If the list includes '*' then the key is trusted everywhere.
49 @since: 0.27
50 """
51 self.ensure_uptodate()
52 return self.keys.get(fingerprint, set())
53
54 def get_keys_for_domain(self, domain):
55 """Return the set of keys trusted for this domain.
56 @since: 0.27"""
57 self.ensure_uptodate()
58 return set([fp for fp in self.keys
59 if domain in self.keys[fp]])
60
61 def trust_key(self, fingerprint, domain = '*'):
62 """Add key to the list of trusted fingerprints.
63 @param fingerprint: base 16 fingerprint without any spaces
64 @type fingerprint: str
65 @param domain: domain in which key is to be trusted
66 @type domain: str
67 @note: call L{notify} after trusting one or more new keys"""
68 if self.is_trusted(fingerprint, domain): return
69
70 int(fingerprint, 16) # Ensure fingerprint is valid
71
72 if fingerprint not in self.keys:
73 self.keys[fingerprint] = set()
74
75 #if domain == '*':
76 # warn("Calling trust_key() without a domain is deprecated")
77
78 self.keys[fingerprint].add(domain)
79 self.save()
80
81 def untrust_key(self, key, domain = '*'):
82 self.ensure_uptodate()
83 self.keys[key].remove(domain)
84
85 if not self.keys[key]:
86 # No more domains for this key
87 del self.keys[key]
88
89 self.save()
90
91 def save(self):
92 from xml.dom import minidom
93 import tempfile
94
95 doc = minidom.Document()
96 root = doc.createElementNS(XMLNS_TRUST, 'trusted-keys')
97 root.setAttribute('xmlns', XMLNS_TRUST)
98 doc.appendChild(root)
99
100 for fingerprint in self.keys:
101 keyelem = doc.createElementNS(XMLNS_TRUST, 'key')
102 root.appendChild(keyelem)
103 keyelem.setAttribute('fingerprint', fingerprint)
104 for domain in self.keys[fingerprint]:
105 domainelem = doc.createElementNS(XMLNS_TRUST, 'domain')
106 domainelem.setAttribute('value', domain)
107 keyelem.appendChild(domainelem)
108
109 d = basedir.save_config_path(config_site, config_prog)
110 fd, tmpname = tempfile.mkstemp(dir = d, prefix = 'trust-')
111 tmp = os.fdopen(fd, 'wb')
112 doc.writexml(tmp, indent = "", addindent = " ", newl = "\n")
113 tmp.close()
114
115 support.portable_rename(tmpname, os.path.join(d, 'trustdb.xml'))
116
117 def notify(self):
118 """Call all watcher callbacks.
119 This should be called after trusting or untrusting one or more new keys.
120 @since: 0.25"""
121 for w in self.watchers: w()
122
123 def ensure_uptodate(self):
124 from xml.dom import minidom
125
126 # This is a bit inefficient... (could cache things)
127 self.keys = {}
128
129 trust = basedir.load_first_config(config_site, config_prog, 'trustdb.xml')
130 if trust:
131 keys = minidom.parse(trust).documentElement
132 for key in keys.getElementsByTagNameNS(XMLNS_TRUST, 'key'):
133 domains = set()
134 self.keys[key.getAttribute('fingerprint')] = domains
135 for domain in key.getElementsByTagNameNS(XMLNS_TRUST, 'domain'):
136 domains.add(domain.getAttribute('value'))
137 else:
138 # Convert old database to XML format
139 trust = basedir.load_first_config(config_site, config_prog, 'trust')
140 if trust:
141 #print "Loading trust from", trust_db
142 for key in open(trust).read().split('\n'):
143 if key:
144 self.keys[key] = set(['*'])
145 else:
146 # No trust database found.
147 # Trust Thomas Leonard's key for 0install.net by default.
148 # Avoids distracting confirmation box on first run when we check
149 # for updates to the GUI.
150 self.keys['92429807C9853C0744A68B9AAE07828059A53CC1'] = set(['0install.net'])
151
152 def domain_from_url(url):
153 """Extract the trust domain for a URL.
154 @param url: the feed's URL
155 @type url: str
156 @return: the trust domain
157 @rtype: str
158 @since: 0.27
159 @raise SafeException: the URL can't be parsed"""
160 import urlparse
161 if os.path.isabs(url):
162 raise SafeException(_("Can't get domain from a local path: '%s'") % url)
163 domain = urlparse.urlparse(url)[1]
164 if domain and domain != '*':
165 return domain
166 raise SafeException(_("Can't extract domain from URL '%s'") % url)
167
168 trust_db = TrustDB()
169
170 class TrustMgr(object):
171 """A TrustMgr handles the process of deciding whether to trust new keys
172 (contacting the key information server, prompting the user, accepting automatically, etc)
173 @since: 0.53"""
174
175 __slots__ = ['config', '_current_confirm']
176
177 def __init__(self, config):
178 self.config = config
179 self._current_confirm = None # (a lock to prevent asking the user multiple questions at once)
180
181 @tasks.async
182 def confirm_keys(self, pending):
183 """We don't trust any of the signatures yet. Collect information about them and add the keys to the
184 trusted list, possibly after confirming with the user (via config.handler).
185 Updates the L{trust} database, and then calls L{trust.TrustDB.notify}.
186 @since: 0.53
187 @arg pending: an object holding details of the updated feed
188 @type pending: L{PendingFeed}
189 @return: A blocker that triggers when the user has chosen, or None if already done.
190 @rtype: None | L{Blocker}"""
191
192 assert pending.sigs
193
194 from zeroinstall.injector import gpg
195 valid_sigs = [s for s in pending.sigs if isinstance(s, gpg.ValidSig)]
196 if not valid_sigs:
197 def format_sig(sig):
198 msg = str(sig)
199 if sig.messages:
200 msg += "\nMessages from GPG:\n" + sig.messages
201 return msg
202 raise SafeException(_('No valid signatures found on "%(url)s". Signatures:%(signatures)s') %
203 {'url': pending.url, 'signatures': ''.join(['\n- ' + format_sig(s) for s in pending.sigs])})
204
205 # Start downloading information about the keys...
206 fetcher = self.config.fetcher
207 kfs = {}
208 for sig in valid_sigs:
209 kfs[sig] = fetcher.fetch_key_info(sig.fingerprint)
210
211 # Wait up to KEY_INFO_TIMEOUT seconds for key information to arrive. Avoids having the dialog
212 # box update while the user is looking at it, and may allow it to be skipped completely in some
213 # cases.
214 timeout = tasks.TimeoutBlocker(KEY_INFO_TIMEOUT, "key info timeout")
215 while True:
216 key_info_blockers = [sig_info.blocker for sig_info in kfs.values() if sig_info.blocker is not None]
217 if not key_info_blockers:
218 break
219 info("Waiting for response from key-info server: %s", key_info_blockers)
220 yield [timeout] + key_info_blockers
221 if timeout.happened:
222 info("Timeout waiting for key info response")
223 break
224
225 # If we're already confirming something else, wait for that to finish...
226 while self._current_confirm is not None:
227 info("Waiting for previous key confirmations to finish")
228 yield self._current_confirm
229
230 domain = domain_from_url(pending.url)
231
232 if self.config.auto_approve_keys:
233 existing_feed = self.config.iface_cache.get_feed(pending.url)
234 if not existing_feed:
235 changes = False
236 for sig, kf in kfs.items():
237 for key_info in kf.info:
238 if key_info.getAttribute("vote") == "good":
239 info(_("Automatically approving key for new feed %s based on response from key info server"), pending.url)
240 trust_db.trust_key(sig.fingerprint, domain)
241 changes = True
242 if changes:
243 trust_db.notify()
244
245 # Check whether we still need to confirm. The user may have
246 # already approved one of the keys while dealing with another
247 # feed, or we may have just auto-approved it.
248 for sig in kfs:
249 is_trusted = trust_db.is_trusted(sig.fingerprint, domain)
250 if is_trusted:
251 return
252
253 # Take the lock and confirm this feed
254 self._current_confirm = lock = tasks.Blocker('confirm key lock')
255 try:
256 done = self.config.handler.confirm_import_feed(pending, kfs)
257 if done is not None:
258 yield done
259 tasks.check(done)
260 finally:
261 self._current_confirm = None
262 lock.trigger()
MOVED TO GITHUB: https://github.com/0install/0install