RISCI_ATOM
/
sydent
mirror of https://github.com/matrix-org/sydent.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193
							# -*- coding: utf-8 -*-

# Copyright 2016 OpenMarket Ltd
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

import json
import logging

from StringIO import StringIO
from twisted.internet import defer, reactor, ssl
from twisted.internet.endpoints import HostnameEndpoint, wrapClientTLS
from twisted.internet._sslverify import _defaultCurveName, ClientTLSOptions
from twisted.web.client import FileBodyProducer, Agent, readBody
from twisted.web.http_headers import Headers
import twisted.names.client
from twisted.names.error import DNSNameError
from OpenSSL import SSL, crypto

logger = logging.getLogger(__name__)

class SimpleHttpClient(object):
    """
    A simple, no-frills HTTP client based on the class of the same name
    from synapse
    """
    def __init__(self, sydent, endpoint_factory=None):
        self.sydent = sydent
        if endpoint_factory is None:
            # The default endpoint factory in Twisted 14.0.0 (which we require) uses the
            # BrowserLikePolicyForHTTPS context factory which will do regular cert validation
            # 'like a browser'
            self.agent = Agent(
                reactor,
                connectTimeout=15,
            )
        else:
            self.agent = Agent.usingEndpointFactory(
                reactor,
                endpoint_factory,
            )

    @defer.inlineCallbacks
    def get_json(self, uri):
        logger.debug("HTTP GET %s", uri)

        response = yield self.agent.request(
            "GET",
            uri.encode("ascii"),
        )
        body = yield readBody(response)
        defer.returnValue(json.loads(body))

    @defer.inlineCallbacks
    def post_json_get_nothing(self, uri, post_json, opts):
        json_str = json.dumps(post_json)

        headers = opts.get('headers', Headers({
            b"Content-Type": [b"application/json"],
        }))

        logger.debug("HTTP POST %s -> %s", json_str, uri)

        response = yield self.agent.request(
            "POST",
            uri.encode("ascii"),
            headers,
            bodyProducer=FileBodyProducer(StringIO(json_str))
        )
        defer.returnValue(response)

class SRVClientEndpoint(object):
    def __init__(self, reactor, service, domain, protocol="tcp",
                 default_port=None, endpoint=HostnameEndpoint,
                 endpoint_kw_args={}):
        self.reactor = reactor
        self.domain = domain

        self.endpoint = endpoint
        self.endpoint_kw_args = endpoint_kw_args

    @defer.inlineCallbacks
    def lookup_server(self):
        service_name = "%s.%s.%s" % ('_matrix', '_tcp', self.domain)

        default = self.domain, 8448

        try:
            answers, _, _ = yield twisted.names.client.lookupService(service_name)
        except DNSNameError:
            logger.info("DNSNameError doing SRV lookup for %s - using default", service_name)
            defer.returnValue(default)

        for answer in answers:
            if answer.type != twisted.names.dns.SRV or not answer.payload:
                continue

            # XXX we just use the first
            logger.info("Got SRV answer: %r / %d for %s", str(answer.payload.target), answer.payload.port, service_name)
            defer.returnValue((str(answer.payload.target), answer.payload.port))

        logger.info("No valid answers found in response from %s (%r)", self.domain, answers)
        defer.returnValue(default)

    @defer.inlineCallbacks
    def connect(self, protocolFactory):
        server = yield self.lookup_server()
        logger.info("Connecting to %s:%s", server[0], server[1])
        endpoint = self.endpoint(
            self.reactor, server[0], server[1], **self.endpoint_kw_args
        )
        connection = yield endpoint.connect(protocolFactory)
        defer.returnValue(connection)

def matrix_federation_endpoint(reactor, destination, ssl_context_factory=None,
                               timeout=None):
    """Construct an endpoint for the given matrix destination.

    :param reactor: Twisted reactor.
    :param destination: The name of the server to connect to.
    :type destination: bytes
    :param ssl_context_factory: Factory which generates SSL contexts to use for TLS.
    :type ssl_context_factory: twisted.internet.ssl.ContextFactory
    :param timeout (int): connection timeout in seconds
    :type timeout: int
    """

    domain_port = destination.split(":")
    domain = domain_port[0]
    port = int(domain_port[1]) if domain_port[1:] else None

    endpoint_kw_args = {}

    if timeout is not None:
        endpoint_kw_args.update(timeout=timeout)

    if ssl_context_factory is None:
        transport_endpoint = HostnameEndpoint
        default_port = 8008
    else:
        def transport_endpoint(reactor, host, port, timeout):
            return wrapClientTLS(
                ssl_context_factory,
                HostnameEndpoint(reactor, host, port, timeout=timeout))
        default_port = 8448

    if port is None:
        return SRVClientEndpoint(
            reactor, "matrix", domain, protocol="tcp",
            default_port=default_port, endpoint=transport_endpoint,
            endpoint_kw_args=endpoint_kw_args
        )
    else:
        return transport_endpoint(
            reactor, domain, port, **endpoint_kw_args
        )

class FederationEndpointFactory(object):
    def endpointForURI(self, uri):
        destination = uri.netloc
        context_factory = FederationContextFactory()

        return matrix_federation_endpoint(
            reactor, destination, timeout=10,
            ssl_context_factory=context_factory,
        )

class FederationContextFactory(object):
    def getContext(self):
        context = SSL.Context(SSL.SSLv23_METHOD)
        try:
            _ecCurve = crypto.get_elliptic_curve(_defaultCurveName)
            context.set_tmp_ecdh(_ecCurve)
        except Exception:
            logger.exception("Failed to enable elliptic curve for TLS")
        context.set_options(SSL.OP_NO_SSLv2 | SSL.OP_NO_SSLv3)

        context.set_cipher_list("!ADH:HIGH+kEDH:!AECDH:HIGH+kEECDH")
        return context

class FederationHttpClient(SimpleHttpClient):
    def __init__(self, sydent):
        super(FederationHttpClient, self).__init__(sydent, FederationEndpointFactory())