Classes for manipulating and storing Bridges and their attributes.
Glossary Terms
torrc
file which should begin with the word "Bridge"
, and it is how
a client tells their Tor process that they would like to use a
particular bridge.Bases: exceptions.Exception
Raised when a Bridge
doesn’t have the requested
PluggableTransport
.
MalformedBridgeInfo
[source]¶Bases: exceptions.ValueError
Raised when some information about a bridge appears malformed.
MalformedPluggableTransport
[source]¶Bases: bridgedb.bridges.MalformedBridgeInfo
Raised when information used to initialise a PluggableTransport
appears malformed.
InvalidPluggableTransportIP
[source]¶Bases: bridgedb.bridges.MalformedBridgeInfo
Raised when a PluggableTransport
has an invalid address.
MissingServerDescriptorDigest
[source]¶Bases: bridgedb.bridges.MalformedBridgeInfo
Raised when the hash digest for an @type bridge-server-descriptor
(which should be in the corresponding @type bridge-networkstatus
document), was missing.
ServerDescriptorDigestMismatch
[source]¶Bases: bridgedb.bridges.MalformedBridgeInfo
Raised when the digest in an @type bridge-networkstatus
document
doesn’t match the hash digest of the @type bridge-server-descriptor
‘s
contents.
ServerDescriptorWithoutNetworkstatus
[source]¶Bases: bridgedb.bridges.MalformedBridgeInfo
Raised when we find a @type bridge-server-descriptor
which was not
mentioned in the latest @type bridge-networkstatus
document.
InvalidExtraInfoSignature
[source]¶Bases: bridgedb.bridges.MalformedBridgeInfo
Raised if the signature on an @type bridge-extrainfo
is invalid.
IBridge
[source]¶I am a (mostly) stub interface whose primary purpose is merely to allow
other classes to signify whether or not they can be treated like a
Bridge
.
fingerprint
¶The lowercased, hexadecimal-encoded, hash digest of this Bridge’s public identity key.
address
¶This Bridge’s primary public IP address.
port
¶The port which this Bridge is listening on.
Flags
[source]¶Bases: object
All the flags which a Bridge
may have.
fast
= False¶guard
= False¶running
= False¶stable
= False¶valid
= False¶update
(flags)[source]¶Update with flags taken from an @type networkstatus-bridge
‘s’-line.
Parameters: | flags (list) – A list of strings containing each of the flags parsed from the ‘s’-line. |
---|
BridgeAddressBase
[source]¶Bases: object
A base class for describing one of a Bridge
‘s or a
PluggableTransport
‘s location, including its identity key
fingerprint and IP address.
Variables: |
|
---|
fingerprint
¶Get this Bridge’s fingerprint.
Return type: | str |
---|---|
Returns: | A 40-character hexadecimal formatted string representation of the SHA-1 hash digest of the public half of this Bridge’s identity key. |
identity
¶Get this Bridge’s identity digest.
Return type: | bytes |
---|---|
Returns: | The binary-encoded SHA-1 hash digest of the public half of
this Bridge’s identity key, if available; otherwise, returns
None . |
address
¶Get this bridge’s address.
Return type: | IPv4Address or IPv6Address |
---|---|
Returns: | The bridge’s address. |
country
¶Get the two-letter GeoIP country code for the :ivar:`address`.
Return type: | str or None |
---|---|
Returns: | If :ivar:`address` is set, this returns a two-letter country
code for the geolocated region that :ivar:`address` is within;
otherwise, returns None . |
port
¶Get the port number which this Bridge
is listening
for incoming client connections on.
Return type: | int or None |
---|---|
Returns: | The port (as an int), if it is known and valid; otherwise,
returns None . |
PluggableTransport
(fingerprint=None, methodname=None, address=None, port=None, arguments=None)[source]¶Bases: bridgedb.bridges.BridgeAddressBase
A single instance of a Pluggable Transport (PT) offered by a
Bridge
.
Pluggable transports are described within a bridge’s
@type bridge-extrainfo
descriptor, see the
Specifications: Client behavior
section and the
TOR_PT_SERVER_TRANSPORT_OPTIONS
description in pt-spec.txt for
additional specification.
Variables: |
|
---|
Create a PluggableTransport
describing a PT running on a bridge.
Parameters: |
|
---|
_parseArgumentsIntoDict
(argumentList)[source]¶Convert a list of Pluggable Transport arguments into a dictionary
suitable for arguments
.
Parameters: | argumentList (list) – A list of Pluggable Transport
arguments. There might be multiple, comma-separated K=V
Pluggable Transport arguments in a single item in the
argumentList, or each item might be its own K=V ; we don’t
care and we should be able to parse it either way. |
---|---|
Return type: | dict |
Returns: | A dictionary of all the K=V Pluggable Transport
arguments. |
_runChecks
()[source]¶Validate that we were initialised with acceptable parameters.
We currently check that:
port
is an integer, and that it is between the values
of 0
and 65535
(inclusive).arguments
is a dictionary.arguments
do not contain non-ASCII or control
characters or double quotes or backslashes, in keys or
in values.Raises MalformedPluggableTransport: | |
---|---|
if any of the above checks fails. |
_checkArguments
()[source]¶This method is a temporary fix for PTs with missing arguments (see ticket #13202).
methodname
¶Get this PluggableTransport
‘s methodname.
Return type: | str |
---|---|
Returns: | The (lowercased) methodname of this PluggableTransport ,
i.e. "obfs3" , "scramblesuit" , etc. |
getTransportLine
(includeFingerprint=True, bridgePrefix=False)[source]¶Get a Bridge Line for this PluggableTransport
.
Note
If bridgePrefix is False
, this method does not
return lines which are prefixed with the word 'bridge'
, as they
would be in a torrc file. Instead, lines returned look like:
obfs3 245.102.100.252:23619 59ca743e89b508e16b8c7c6d2290efdfd14eea98
This was made configurable to fix Vidalia being a brain-damaged piece of shit (ticket #5851). TorLaucher replaced Vidalia soon after, and TorLauncher is intelligent enough to understand :term:`Bridge Line`s regardless of whether or not they are prefixed with the word “Bridge”.
Parameters: | |
---|---|
Return type: | |
Returns: | A configuration line for adding this Pluggable Transport
into a |
updateFromStemTransport
(fingerprint, methodname, kitchenSink)[source]¶Update this PluggableTransport
from the data structure
which Stem uses.
Stem’s
stem.descriptor.extrainfo_descriptor.BridgeExtraInfoDescriptor
parses extrainfo transport
lines into a dictionary with the
following structure:
{u'obfs2': (u'34.230.223.87', 37339, []),
u'obfs3': (u'34.230.223.87', 37338, []),
u'obfs4': (u'34.230.223.87', 37341, [
(u'iat-mode=0,'
u'node-id=2a79f14120945873482b7823caabe2fcde848722,'
u'public-key=0a5b046d07f6f971b7776de682f57c5b9cdc8fa060db7ef59de82e721c8098f4')]),
u'scramblesuit': (u'34.230.223.87', 37340, [
u'password=ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'])}
This method will initialise this class from the dictionary key (methodname) and its tuple of values (kitchenSink).
Parameters: |
|
---|
BridgeBase
[source]¶Bases: bridgedb.bridges.BridgeAddressBase
The base class for all bridge implementations.
BridgeBackwardsCompatibility
(nickname=None, ip=None, orport=None, fingerprint=None, id_digest=None, or_addresses=None)[source]¶Bases: bridgedb.bridges.BridgeBase
Backwards compatibility methods for the old Bridge class.
Create a Bridge
which is
backwards compatible with the legacy Bridge class implementation.
_backwardsCompatible
(nickname=None, address=None, orPort=None, fingerprint=None, idDigest=None, orAddresses=None)[source]¶Functionality for maintaining backwards compatibility with the older
version of this class (see bridgedb.test.deprecated.Bridge
).
getID
()[source]¶Get the binary encoded form of this Bridge
‘s fingerprint
.
This method is provided for backwards compatibility and should not be relied upon.
setDescriptorDigest
(digest)[source]¶Set this Bridge
‘s server-descriptor digest.
This method is provided for backwards compatibility and should not be relied upon.
setExtraInfoDigest
(digest)[source]¶Set this Bridge
‘s extrainfo digest.
This method is provided for backwards compatibility and should not be relied upon.
setStatus
(running=None, stable=None)[source]¶Set this Bridge
‘s “Running” and “Stable” flags.
This method is provided for backwards compatibility and should not be relied upon.
getConfigLine
(includeFingerprint=False, addressClass=None, request=None, transport=None)[source]¶Get a vanilla bridge line for this Bridge
.
This method is provided for backwards compatibility and should not be relied upon.
The old bridgedb.Bridges.Bridge.getConfigLine()
method didn’t know
about BridgeRequestBase
for
getBridgeLine()
. The default parameters are the same as they
were in the old bridgedb.Bridges.Bridge
class.
Parameters: |
|
---|
familiar
¶A bridge is “familiar” if 1/8 of all active bridges have appeared more recently than it, or if it has been around for a Weighted Time of eight days.
wfu
¶Weighted Fractional Uptime
weightedTime
¶Weighted Time
wmtbac
¶Weighted Mean Time Between Address Change
tosa
¶The Time On Same Address (TOSA)
weightedUptime
¶Weighted Uptime
Bridge
(*args, **kwargs)[source]¶Bases: bridgedb.bridges.BridgeBackwardsCompatibility
A single bridge, and all the information we have for it.
Variables: |
|
---|
Create and store information for a new Bridge
.
_checkServerDescriptorSignature
= True¶(bool
) If True
, check that the signature of the bridge’s
@type bridge-server-descriptor
is valid and that the signature was
created with the signing-key
contained in that descriptor.
descriptorDigest
= None¶The hash digest of this bridge’s @type bridge-server-descriptor
,
as signed (but not including the signature). This is found in the
‘r’-line of this bridge’s @type bride-networkstatus
document,
however it is stored here re-encoded from base64 into hexadecimal,
and converted to uppercase.
_constructBridgeLine
(addrport, includeFingerprint=True, bridgePrefix=False)[source]¶Construct a Bridge Line from an (address, port) tuple.
Parameters: |
|
---|---|
Return type: | |
Returns: | A bridge line suitable for adding into a |
_getBlockKey
(address, port)[source]¶Format an address:port pair appropriately for use as a key
in the _blockedIn
dictionary.
Parameters: |
|
---|---|
Return type: | |
Returns: | A string in the form |
_getTransportForRequest
(bridgeRequest)[source]¶If a transport was requested, return the correlated Bridge Line based upon the client identifier in the bridgeRequest.
Warning
If this bridge doesn’t have any of the requested
pluggable transport type (optionally, not blocked in whichever
countries the user doesn’t want their bridges to be blocked in),
then this method returns None
. This should only happen
rarely, because the bridges are filtered into the client’s
hashring based on the bridgeRequest options.
Parameters: | bridgeRequest (bridgedb.bridgerequest.BridgeRequestBase ) – A BridgeRequest which stores all of the
client-specified options for which type of bridge they want to
receive. |
---|---|
Raises PluggableTransportUnavailable: | |
if this bridge doesn’t have any of the requested pluggable transport type. This shouldn’t happen because the bridges are filtered into the client’s hashring based on the bridgeRequest options, however, this is useful in the unlikely event that it does happen, so that the calling function can fetch an additional bridge from the hashring as recompense for what would’ve otherwise been a missing Bridge Line. | |
Return type: | str or None |
Returns: | If no transports were requested, return None , otherwise
return a Bridge Line for the requested pluggable transport
type. |
_getVanillaForRequest
(bridgeRequest)[source]¶If vanilla bridges were requested, return the assigned Bridge Line based upon the client identifier in the bridgeRequest.
Parameters: | bridgeRequest (bridgedb.bridgerequest.BridgeRequestBase ) – A BridgeRequest which stores all of the
client-specified options for which type of bridge they want to
receive. |
---|---|
Return type: | str or None |
Returns: | If no transports were requested, return None , otherwise
return a Bridge Line for the requested pluggable transport
type. |
_updateORAddresses
(orAddresses)[source]¶Update this Bridge
‘s orAddresses
attribute from a
3-tuple (i.e. as Stem creates when parsing descriptors).
Parameters: | orAddresses (tuple) – A 3-tuple of: an IP address, a port number,
and a boolean (False if IPv4, True if IPv6). |
---|---|
Raises FutureWarning: | |
if any IPv4 addresses are found. As of tor-0.2.5, only IPv6 addresses should be found in a descriptor’s ORAddress line. |
allVanillaAddresses
¶Get all valid, non-PT address:port pairs for this bridge.
Return type: | list |
---|---|
Returns: | All of this bridge’s ORAddresses, as well as its ORPort IP address and port. |
assertOK
()[source]¶Perform some additional validation on this bridge’s info.
We require that:
orAddresses
are valid,
according to isValidIP()
.orAddresses
are between 1
and 65535
(inclusive).orAddresses
are either
4
or 6
.Todo
This should probably be reimplemented as a property that
automatically sanitises the values for each ORAddress, as is done
for bridgedb.bridges.BridgeAddressBase.address
and
bridgedb.bridges.BridgeBase.orPort
.
Raises MalformedBridgeInfo: | |
---|---|
if something was found to be malformed or invalid. |
getBridgeLine
(bridgeRequest, includeFingerprint=True, bridgePrefix=False)[source]¶Return a valid Bridge Line for a client to give to Tor
Launcher or paste directly into their torrc
.
This is a helper method to call either _getTransportForRequest()
or _getVanillaForRequest()
depending on whether or not a
PluggableTransport
was requested in the
bridgeRequest
, and
then construct the Bridge Line accordingly.
Parameters: |
|
---|
_addBlockByKey
(key, countryCode)[source]¶Create or append to the list of blocked countries for a key.
Parameters: |
|
---|
addressIsBlockedIn
(countryCode, address, port)[source]¶Determine if a specific (address, port) tuple is blocked in countryCode.
Parameters: | |
---|---|
Return type: | |
Returns: |
|
transportIsBlockedIn
(countryCode, methodname)[source]¶Determine if any of a specific type of pluggable transport which this bridge might be running is blocked in a specific country.
Parameters: | |
---|---|
Return type: | |
Returns: |
|
isBlockedIn
(countryCode)[source]¶Determine, according to our stored bridge reachability reports, if
any of the address:port pairs used by this Bridge
or it’s
transports
are blocked in countryCode.
Parameters: | countryCode (str) – A two-character country code specifier. |
---|---|
Return type: | bool |
Returns: | True if at least one address:port pair used by this
bridge is blocked in countryCode; False otherwise. |
setBlockedIn
(countryCode, address=None, port=None, methodname=None)[source]¶Mark this Bridge
as being blocked in countryCode.
By default, if called with no parameters other than a countryCode,
we’ll mark all this Bridge
‘s allVanillaAddresses
and
transports
as being blocked.
Otherwise, we’ll filter on any and all parameters given.
If only a methodname is given, then we assume that all
transports
with that methodname are blocked in
countryCode. If the methodname is "vanilla"
, then we assume
each address in data:allVanillaAddresses is blocked.
Parameters: |
|
---|
getDescriptorLastPublished
()[source]¶Get the timestamp for when this bridge’s last known server descriptor was published.
Return type: | :type:`datetime.datetime` or None |
---|---|
Returns: | A datetime object representing the timestamp of when the
last known @type bridge-server-descriptor was published, or
None if we have never seen a server descriptor for this
bridge. |
getExtrainfoLastPublished
()[source]¶Get the timestamp for when this bridge’s last known extrainfo descriptor was published.
Return type: | :type:`datetime.datetime` or None |
---|---|
Returns: | A datetime object representing the timestamp of when the
last known @type bridge-extrainfo descriptor was published, or
None if we have never seen an extrainfo descriptor for this
bridge. |
getNetworkstatusLastPublished
()[source]¶Get the timestamp for when this bridge’s last known networkstatus descriptor was published.
Return type: | :type:`datetime.datetime` or None |
---|---|
Returns: | A datetime object representing the timestamp of when the
last known @type networkstatus-bridge document was published,
or None if we have never seen a networkstatus document for
this bridge. |
supportedTransportTypes
¶A deduplicated list of all the :data:`PluggableTranport.methodname`s which this bridge supports.
updateFromNetworkStatus
(descriptor, ignoreNetworkstatus=False)[source]¶Update this bridge’s attributes from a parsed networkstatus document.
Parameters: |
|
---|
updateFromServerDescriptor
(descriptor, ignoreNetworkstatus=False)[source]¶Update this bridge’s info from an @type bridge-server-descriptor
.
Note
If parseServerDescriptorFile()
is
called with validate=True
, then Stem will handle checking that
the signing-key
hashes to the fingerprint
. Stem will also
check that the router-signature
on the descriptor is valid,
was created with the signing-key
, and is a signature of the
correct digest of the descriptor document (it recalculates the
digest for the descriptor to ensure that the signed one and the
actual digest match).
Parameters: | descriptor (stem.descriptor.server_descriptor.RelayDescriptor ) – The bridge’s server descriptor to gather data from. |
---|---|
Raises MalformedBridgeInfo: | |
If this Bridge has no corresponding networkstatus entry, or its descriptor digest didn’t match the expected digest (from the networkstatus entry). |
_verifyExtraInfoSignature
(descriptor)[source]¶Verify the signature on the contents of this Bridge
‘s
@type bridge-extrainfo
descriptor.
Parameters: | descriptor (stem.descriptor.extrainfo_descriptor.RelayExtraInfoDescriptor ) – An @type bridge-extrainfo descriptor for this
Bridge , parsed with Stem. |
---|---|
Raises InvalidExtraInfoSignature: | |
if the signature was invalid, missing, malformed, or couldn’t be verified successfully. | |
Returns: | None if the signature was valid and verifiable. |
updateFromExtraInfoDescriptor
(descriptor, verify=True)[source]¶Update this bridge’s information from an extrainfo descriptor.
Stem’s
stem.descriptor.extrainfo_descriptor.BridgeExtraInfoDescriptor
parses extrainfo transport
lines into a dictionary with the
following structure:
{u'obfs2': (u'34.230.223.87', 37339, []),
u'obfs3': (u'34.230.223.87', 37338, []),
u'obfs4': (u'34.230.223.87', 37341, [
(u'iat-mode=0,'
u'node-id=2a79f14120945873482b7823caabe2fcde848722,'
u'public-key=0a5b046d07f6f971b7776de682f57c5b9cdc8fa060db7ef59de82e721c8098f4')]),
u'scramblesuit': (u'34.230.223.87', 37340, [
u'password=ABCDEFGHIJKLMNOPQRSTUVWXYZ234567'])}
Todo
The transport
attribute of Stem’s
BridgeExtraInfoDescriptor
class is a dictionary that uses the
Pluggable Transport’s type as the keys… meaning that if a bridge
were to offer four instances of obfs3
, only one of them would
get to us through Stem. This might pose a problem someday.
Parameters: |
|
---|