Annotate

mod_cloud_notify_encrypted/mod_cloud_notify_encrypted.lua @ 4804:a7c0c70e64b6

mod_ping_muc: Yet another attempt to improve MUC reliability This time by moving XEP-0410 to the server. Will this save the users from the s2s timeouts? What horrifying unintentional side-effects will this have? Tune in next week to find out!
author Kim Alvefur <zash@zash.se>
date Thu, 02 Dec 2021 23:43:11 +0100
parent 4651:8231774f5bfd
child 5054:62480053c87b
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
1 local array = require "util.array";
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 local base64 = require "util.encodings".base64;
4651
8231774f5bfd mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents: 4650
diff changeset
3 local valid_utf8 = require "util.encodings".utf8.valid;
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 local ciphers = require "openssl.cipher";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 local jid = require "util.jid";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 local json = require "util.json";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 local random = require "util.random";
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
8 local set = require "util.set";
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 local st = require "util.stanza";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 local xmlns_jmi = "urn:xmpp:jingle-message:0";
4465
2a7a76712e71 mod_cloud_notify_encrypted: Fix expected namespace of JMI description element
Matthew Wild <mwild1@gmail.com>
parents: 4457
diff changeset
12 local xmlns_jingle_apps_rtp = "urn:xmpp:jingle:apps:rtp:1";
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 local xmlns_push = "urn:xmpp:push:0";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
14 local xmlns_push_encrypt = "tigase:push:encrypt:0";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
15 local xmlns_push_encrypt_aes_128_gcm = "tigase:push:encrypt:aes-128-gcm";
4467
6d595857164a mod_cloud_notify_encrypted: Advertise support for JMI push notifications
Matthew Wild <mwild1@gmail.com>
parents: 4466
diff changeset
16 local xmlns_push_jingle = "tigase:push:jingle:0";
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
17
4650
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
18 local function detect_stanza_encryption(stanza)
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
19 local eme = stanza:get_child("encryption", "urn:xmpp:eme:0");
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
20 if eme then return eme.attr.namespace or ""; end
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
21 -- Fallback for legacy OMEMO clients without EME
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
22 local omemo = stanza:get_child("encrypted", "eu.siacs.conversations.axolotl");
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
23 if omemo then return "eu.siacs.conversations.axolotl"; end
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
24 end
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
25
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
26 -- https://xeps.tigase.net//docs/push-notifications/encrypt/#41-discovering-support
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
27 local function account_disco_info(event)
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
28 event.reply:tag("feature", {var=xmlns_push_encrypt}):up();
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
29 event.reply:tag("feature", {var=xmlns_push_encrypt_aes_128_gcm}):up();
4467
6d595857164a mod_cloud_notify_encrypted: Advertise support for JMI push notifications
Matthew Wild <mwild1@gmail.com>
parents: 4466
diff changeset
30 event.reply:tag("feature", {var=xmlns_push_jingle}):up();
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
31 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 module:hook("account-disco-info", account_disco_info);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 function handle_register(event)
4329
2a5164162708 mod_cloud_notify_encrypted: Fix the location of the <encrypt> element in push registrations
Matthew Wild <mwild1@gmail.com>
parents: 4327
diff changeset
35 local encrypt = event.stanza:get_child("enable", xmlns_push):get_child("encrypt", xmlns_push_encrypt);
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 if not encrypt then return; end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 local algorithm = encrypt.attr.alg;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 if algorithm ~= "aes-128-gcm" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 event.origin.send(st.error_reply(
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 event.stanza, "modify", "feature-not-implemented", "Unknown encryption algorithm"
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 ));
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 return false;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 local key_base64 = encrypt:get_text();
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 local key_binary = base64.decode(key_base64);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 if not key_binary or #key_binary ~= 16 then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 event.origin.send(st.error_reply(
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 event.stanza, "modify", "bad-request", "Invalid encryption key"
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 ));
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 return false;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 event.push_info.encryption = {
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56 algorithm = algorithm;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 key_base64 = key_base64;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58 };
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 function handle_push(event)
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62 local encryption = event.push_info.encryption;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 if not encryption then return; end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 if encryption.algorithm ~= "aes-128-gcm" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66 event.reason = "Unsupported encryption algorithm: "..tostring(encryption.algorithm);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67 return true;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70 local push_summary = event.push_summary;
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 local original_stanza = event.original_stanza;
4650
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
73 local is_encrypted_msg = detect_stanza_encryption(original_stanza);
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
74 local body;
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
75 if is_encrypted_msg then
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
76 -- TODO: localization
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
77 body = "You have received an encrypted message";
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
78 else
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
79 body = original_stanza:get_child_text("body");
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
80 if body and #body > 255 then
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
81 body = body:sub(1, 255);
4651
8231774f5bfd mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents: 4650
diff changeset
82 if not valid_utf8(body) then
8231774f5bfd mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents: 4650
diff changeset
83 body = body:gsub("[\194-\244][\128-\191]*$", "");
8231774f5bfd mod_cloud_notify_encrypted: Ensure body substring remains valid UTF-8
Kim Alvefur <zash@zash.se>
parents: 4650
diff changeset
84 end
4650
44af84178cea mod_cloud_notify_encrypted: For encrypted messages, push a friendly message instead of fallback body
Matthew Wild <mwild1@gmail.com>
parents: 4467
diff changeset
85 end
4331
2e355540f8c8 mod_cloud_notify_encrypted: Truncate message body to 255 characters
Matthew Wild <mwild1@gmail.com>
parents: 4330
diff changeset
86 end
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88 local push_payload = {
4330
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
89 unread = tonumber(push_summary["message-count"]) or 1;
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
90 sender = jid.bare(original_stanza.attr.from);
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
91 message = body;
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 };
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
93
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
94 if original_stanza.name == "message" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
95 if original_stanza.attr.type == "groupchat" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
96 push_payload.type = "groupchat";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
97 push_payload.nickname = jid.resource(original_stanza.attr.from);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98 elseif original_stanza.attr.type ~= "error" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99 local jmi_propose = original_stanza:get_child("propose", xmlns_jmi);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 if jmi_propose then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 push_payload.type = "call";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 push_payload.sid = jmi_propose.attr.id;
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
103 local media_types = set.new();
4465
2a7a76712e71 mod_cloud_notify_encrypted: Fix expected namespace of JMI description element
Matthew Wild <mwild1@gmail.com>
parents: 4457
diff changeset
104 for description in jmi_propose:childtags("description", xmlns_jingle_apps_rtp) do
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
105 local media_type = description.attr.media;
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
106 if media_type then
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
107 media_types:add(media_type);
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
108 end
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
109 end
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
110 push_payload.media = array.collect(media_types:items());
4466
38bd4d557413 mod_cloud_notify_encrypted: Include full JID of sender with call notifications, per spec
Matthew Wild <mwild1@gmail.com>
parents: 4465
diff changeset
111 push_payload.sender = original_stanza.attr.from;
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
112 else
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
113 push_payload.type = "chat";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
114 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
115 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
116 elseif original_stanza.name == "presence"
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
117 and original_stanza.attr.type == "subscribe" then
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
118 push_payload.type = "subscribe";
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
119 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
120
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
121 local iv = random.bytes(12);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
122 local key_binary = base64.decode(encryption.key_base64);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
123 local push_json = json.encode(push_payload);
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
124
4330
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
125 -- FIXME: luaossl does not expose the EVP_CTRL_GCM_GET_TAG API, so we append 16 NUL bytes
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
126 -- Siskin does not validate the tag anyway.
e655581173be mod_cloud_notify_encrypted: Fixes to the push notification syntax and payload
Matthew Wild <mwild1@gmail.com>
parents: 4329
diff changeset
127 local encrypted_payload = base64.encode(ciphers.new("AES-128-GCM"):encrypt(key_binary, iv):final(push_json)..string.rep("\0", 16));
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
128 local encrypted_element = st.stanza("encrypted", { xmlns = xmlns_push_encrypt, iv = base64.encode(iv) })
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
129 :text(encrypted_payload);
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
130 if push_payload.type == "call" then
4457
091d06c7d724 mod_cloud_notify_encrypted: Fix traceback (incorrect variable name)
Matthew Wild <mwild1@gmail.com>
parents: 4456
diff changeset
131 encrypted_element.attr.type = "voip";
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
132 event.important = true;
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
133 end
4333
97f369745ec7 mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents: 4331
diff changeset
134 -- Replace the unencrypted notification data with the encrypted one
97f369745ec7 mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents: 4331
diff changeset
135 event.notification_payload
97f369745ec7 mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents: 4331
diff changeset
136 :remove_children("x", "jabber:x:data")
97f369745ec7 mod_cloud_notify_encrypted: Use new direct access to notification element
Matthew Wild <mwild1@gmail.com>
parents: 4331
diff changeset
137 :add_child(encrypted_element);
4327
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
138 end
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
139
beb3342f1137 mod_cloud_notify_encrypted: New module for Encrypted Push Notifications
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
140 module:hook("cloud_notify/registration", handle_register);
4456
8ed1989e99f9 mod_cloud_notify_encrypted: Update to latest spec, fixes unreliable call notifications
Matthew Wild <mwild1@gmail.com>
parents: 4373
diff changeset
141 module:hook("cloud_notify/push", handle_push, 1);