AlaK4X
Linux lhjmq-records 5.15.0-118-generic #128-Ubuntu SMP Fri Jul 5 09:28:59 UTC 2024 x86_64



Your IP : 3.141.45.90


Current Path : /usr/lib/python3/dist-packages/secretstorage/
Upload File :
Current File : //usr/lib/python3/dist-packages/secretstorage/util.py

# SecretStorage module for Python
# Access passwords using the SecretService DBus API
# Author: Dmitry Shachnev, 2013-2018
# License: 3-clause BSD, see LICENSE file

"""This module provides some utility functions, but these shouldn't
normally be used by external applications."""

import os
from typing import Any, List, Tuple

from jeepney import (
	DBusAddress, DBusErrorResponse, MatchRule, Message, MessageType,
	new_method_call, Properties,
)
from jeepney.io.blocking import DBusConnection
from secretstorage.defines import DBUS_UNKNOWN_METHOD, DBUS_NO_SUCH_OBJECT, \
 DBUS_SERVICE_UNKNOWN, DBUS_NO_REPLY, DBUS_NOT_SUPPORTED, DBUS_EXEC_FAILED, \
 SS_PATH, SS_PREFIX, ALGORITHM_DH, ALGORITHM_PLAIN
from secretstorage.dhcrypto import Session, int_to_bytes
from secretstorage.exceptions import ItemNotFoundException, \
 SecretServiceNotAvailableException
from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
from cryptography.hazmat.backends import default_backend

BUS_NAME = 'org.freedesktop.secrets'
SERVICE_IFACE = SS_PREFIX + 'Service'
PROMPT_IFACE = SS_PREFIX + 'Prompt'


class DBusAddressWrapper(DBusAddress):  # type: ignore
	"""A wrapper class around :class:`jeepney.wrappers.DBusAddress`
	that adds some additional methods for calling and working with
	properties, and converts error responses to SecretStorage
	exceptions.

	.. versionadded:: 3.0
	"""
	def __init__(self, path: str, interface: str,
	             connection: DBusConnection) -> None:
		DBusAddress.__init__(self, path, BUS_NAME, interface)
		self._connection = connection

	def send_and_get_reply(self, msg: Message) -> Any:
		try:
			return self._connection.send_and_get_reply(msg, unwrap=True)
		except DBusErrorResponse as resp:
			if resp.name in (DBUS_UNKNOWN_METHOD, DBUS_NO_SUCH_OBJECT):
				raise ItemNotFoundException('Item does not exist!') from resp
			elif resp.name in (DBUS_SERVICE_UNKNOWN, DBUS_EXEC_FAILED,
			                   DBUS_NO_REPLY):
				data = resp.data
				if isinstance(data, tuple):
					data = data[0]
				raise SecretServiceNotAvailableException(data) from resp
			raise

	def call(self, method: str, signature: str, *body: Any) -> Any:
		msg = new_method_call(self, method, signature, body)
		return self.send_and_get_reply(msg)

	def get_property(self, name: str) -> Any:
		msg = Properties(self).get(name)
		(signature, value), = self.send_and_get_reply(msg)
		return value

	def set_property(self, name: str, signature: str, value: Any) -> None:
		msg = Properties(self).set(name, signature, value)
		self.send_and_get_reply(msg)


def open_session(connection: DBusConnection) -> Session:
	"""Returns a new Secret Service session."""
	service = DBusAddressWrapper(SS_PATH, SERVICE_IFACE, connection)
	session = Session()
	try:
		output, result = service.call('OpenSession', 'sv',
			ALGORITHM_DH,
			('ay', int_to_bytes(session.my_public_key)))
	except DBusErrorResponse as resp:
		if resp.name != DBUS_NOT_SUPPORTED:
			raise
		output, result = service.call('OpenSession', 'sv',
			ALGORITHM_PLAIN,
			('s', ''))
		session.encrypted = False
	else:
		signature, value = output
		assert signature == 'ay'
		key = int.from_bytes(value, 'big')
		session.set_server_public_key(key)
	session.object_path = result
	return session

def format_secret(session: Session, secret: bytes,
                  content_type: str) -> Tuple[str, bytes, bytes, str]:
	"""Formats `secret` to make possible to pass it to the
	Secret Service API."""
	if isinstance(secret, str):
		secret = secret.encode('utf-8')
	elif not isinstance(secret, bytes):
		raise TypeError('secret must be bytes')
	assert session.object_path is not None
	if not session.encrypted:
		return (session.object_path, b'', secret, content_type)
	assert session.aes_key is not None
	# PKCS-7 style padding
	padding = 0x10 - (len(secret) & 0xf)
	secret += bytes((padding,) * padding)
	aes_iv = os.urandom(0x10)
	aes = algorithms.AES(session.aes_key)
	encryptor = Cipher(aes, modes.CBC(aes_iv), default_backend()).encryptor()
	encrypted_secret = encryptor.update(secret) + encryptor.finalize()
	return (
		session.object_path,
		aes_iv,
		encrypted_secret,
		content_type
	)


def exec_prompt(connection: DBusConnection,
	        prompt_path: str) -> Tuple[bool, List[str]]:
	"""Executes the prompt in a blocking mode.

	:returns: a tuple; the first element is a boolean value showing
	          whether the operation was dismissed, the second element
	          is a list of unlocked object paths
	"""
	prompt = DBusAddressWrapper(prompt_path, PROMPT_IFACE, connection)
	rule = MatchRule(
		path=prompt_path,
		interface=PROMPT_IFACE,
		member='Completed',
		type=MessageType.signal,
	)
	with connection.filter(rule) as signals:
		prompt.call('Prompt', 's', '')
		dismissed, result = connection.recv_until_filtered(signals).body
	assert dismissed is not None
	assert result is not None
	return dismissed, result


def unlock_objects(connection: DBusConnection, paths: List[str]) -> bool:
	"""Requests unlocking objects specified in `paths`.
	Returns a boolean representing whether the operation was dismissed.

	.. versionadded:: 2.1.2"""
	service = DBusAddressWrapper(SS_PATH, SERVICE_IFACE, connection)
	unlocked_paths, prompt = service.call('Unlock', 'ao', paths)
	if len(prompt) > 1:
		dismissed, (signature, unlocked) = exec_prompt(connection, prompt)
		assert signature == 'ao'
		return dismissed
	return False


def add_match_rules(connection: DBusConnection) -> None:
	"""Adds match rules for the given connection.

	Currently it matches all messages from the Prompt interface, as the
	mock service (unlike GNOME Keyring) does not specify the signal
	destination.

	.. versionadded:: 3.1
	"""
	rule = MatchRule(sender=BUS_NAME, interface=PROMPT_IFACE)
	dbus = DBusAddressWrapper(path='/org/freedesktop/DBus',
	                          interface='org.freedesktop.DBus',
	                          connection=connection)
	dbus.bus_name = 'org.freedesktop.DBus'
	dbus.call('AddMatch', 's', rule.serialise())