Commit bf5d4b06 authored by Markus Kötter's avatar Markus Kötter
Browse files

add +debug to subject

parent 9a26722f
......@@ -30,7 +30,7 @@ import smtplib
log = logging.getLogger()
log.setLevel(logging.INFO)
log.setLevel(logging.DEBUG)
logging.config.dictConfig({
'version': 1,
......@@ -188,7 +188,7 @@ def verify_chain(certs, cert_pem):
log.exception(e)
return False
def render(p7, data, micalg, digest):
def render(p7, data, micalg, digest, debug=False, tplname='default.tpl'):
"""
render signature details
......@@ -200,7 +200,7 @@ def render(p7, data, micalg, digest):
"""
loader = FileSystemLoader(os.path.abspath(os.path.normpath(os.path.join('.','tpl'))))
env = Environment(loader=loader, extensions=['jinja2.ext.loopcontrols'])
template = env.get_template('default.tpl')
template = env.get_template(tplname)
# endesive had some ideas how to
# https://github.com/m32/endesive/blob/master/endesive/verifier.py#L41
......@@ -252,7 +252,7 @@ def render(p7, data, micalg, digest):
# chain = getchain(M2Crypto.SMIME.load_pkcs7_bio_der(M2Crypto.BIO.MemoryBuffer(p7)), digest)
return template.render(hashok=hashok, hash={'micalg':algo.upper(), 'digest':mdData}, signatureok=signatureok, certok=min([c[1] for c in rcerts]), cert=sigcert, certs=rcerts, cms=cms)
return template.render(hashok=hashok, hash={'micalg':algo.upper(), 'digest':mdData}, signatureok=signatureok, certok=min([c[1] for c in rcerts]), cert=sigcert, certs=rcerts, cms=cms, debug=debug)
g_chain = []
......@@ -336,7 +336,7 @@ def respond(cfg, body, old):
s.sendmail(old['To'], [old['From']], msg.as_string())
def process(cfg, m, msgids, action, moveto=None):
def process(cfg, m, msgids, action, moveto=None, debug=False):
for msgid in filter(lambda x: x != '', msgids[0].decode('utf-8').split(' ')[::-1]):
try:
typ, msg = m.fetch(msgid, '(RFC822)')
......@@ -348,14 +348,18 @@ def process(cfg, m, msgids, action, moveto=None):
for part in msg:
if not isinstance(part, tuple):
continue
# FIXME python3.6 + will have EmailMessage and require policy=email.policy.compat32 …
mail = email.message_from_bytes(part[1])
HEADERS = frozenset(['From', 'To', 'Date', 'Subject'])
if len(set(mail.keys()) & HEADERS) != 4:
log.warning("missing header {}".format(HEADERS - set(mail.keys())))
continue
date = email.utils.parsedate_to_datetime(mail['Date'])
Subject = mail['Subject']
if '+debug' in Subject:
debug = True
log.info('Processing {date} "{From}" "{To}" "{Subject}"'.format(date=date, **mail))
# valid is 3 state
# True False None, None is error
try:
......@@ -365,8 +369,8 @@ def process(cfg, m, msgids, action, moveto=None):
valid = None
else:
try:
response = render(p7, data, micalg, digest)
# respond(cfg, response, mail)
response = render(p7, data, micalg, digest, debug=debug)
respond(cfg, response, mail)
except Exception as e:
log.exception(e)
valid = None
......@@ -482,7 +486,7 @@ def main():
except Exception as e:
log.exception(e)
return
response = render(p7, data, micalg, digest)
response = render(p7, data, micalg, digest, debug=True, tplname='debug.tpl')
print(response)
cmd.set_defaults(func=cmd_debug)
......
{%- macro dn(c) -%}
{%- for (a,b) in c.get_components() -%}
{{a.decode('utf-8')}}={{b.decode('utf-8')}}{%- if not loop.last -%}/{%- endif -%}
{%- endfor -%}
{%- endmacro -%}
{%- macro isok(v) -%}
{%- if v -%}
✔️ {# grüner haken '\u2714' #}
{%- else -%}
{# rotes kreuz '\u274c' #}
{%- endif -%}
{%- endmacro -%}
hash {{isok(hashok)}}
{%- if not hashok %}
alg:{{hash['micalg']}}
digest:{{hash['digest']}}
{%- endif %}
signature {{isok(signatureok)}}
cert {{isok(certok)}}
{%- if not certok or True %}
Signaturgeber:
S: {{ dn(cert.get_subject()) }}
I: {{ dn(cert.get_issuer()) }}
In der Signatur beinhaltete Zertifikate:
{%- for (c,ok) in certs %}
{{{True:'verankert',False:'unvollständig'}[ok]}}
S: {{ dn(c.get_subject()) }}
I: {{ dn(c.get_issuer()) }}
{{c.get_notBefore()}}-{{c.get_notAfter()}}
{{c.get_signature_algorithm()}}
{% endfor %}
{%- endif %}
https://gitlab.uni-hannover.de/koetter/mailsignaturevalidator
......@@ -13,7 +13,7 @@
{%- endmacro -%}
hash {{isok(hashok)}}
{%- if not hashok %}
{%- if debug or not hashok %}
alg:{{hash['micalg']}}
digest:{{hash['digest']}}
{%- endif %}
......@@ -21,7 +21,7 @@ hash {{isok(hashok)}}
signature {{isok(signatureok)}}
cert {{isok(certok)}}
{%- if not certok %}
{%- if debug or not certok %}
Signaturgeber:
S: {{ dn(cert.get_subject()) }}
I: {{ dn(cert.get_issuer()) }}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment