Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Markus Kötter
mailsignaturevalidator
Commits
bf5d4b06
Commit
bf5d4b06
authored
Apr 01, 2021
by
Markus Kötter
Browse files
add +debug to subject
parent
9a26722f
Changes
3
Hide whitespace changes
Inline
Side-by-side
mailsignaturevalidator.py
View file @
bf5d4b06
...
...
@@ -30,7 +30,7 @@ import smtplib
log
=
logging
.
getLogger
()
log
.
setLevel
(
logging
.
INFO
)
log
.
setLevel
(
logging
.
DEBUG
)
logging
.
config
.
dictConfig
({
'version'
:
1
,
...
...
@@ -188,7 +188,7 @@ def verify_chain(certs, cert_pem):
log
.
exception
(
e
)
return
False
def
render
(
p7
,
data
,
micalg
,
digest
):
def
render
(
p7
,
data
,
micalg
,
digest
,
debug
=
False
,
tplname
=
'default.tpl'
):
"""
render signature details
...
...
@@ -200,7 +200,7 @@ def render(p7, data, micalg, digest):
"""
loader
=
FileSystemLoader
(
os
.
path
.
abspath
(
os
.
path
.
normpath
(
os
.
path
.
join
(
'.'
,
'tpl'
))))
env
=
Environment
(
loader
=
loader
,
extensions
=
[
'jinja2.ext.loopcontrols'
])
template
=
env
.
get_template
(
'default.tpl'
)
template
=
env
.
get_template
(
tplname
)
# endesive had some ideas how to
# https://github.com/m32/endesive/blob/master/endesive/verifier.py#L41
...
...
@@ -252,7 +252,7 @@ def render(p7, data, micalg, digest):
# chain = getchain(M2Crypto.SMIME.load_pkcs7_bio_der(M2Crypto.BIO.MemoryBuffer(p7)), digest)
return
template
.
render
(
hashok
=
hashok
,
hash
=
{
'micalg'
:
algo
.
upper
(),
'digest'
:
mdData
},
signatureok
=
signatureok
,
certok
=
min
([
c
[
1
]
for
c
in
rcerts
]),
cert
=
sigcert
,
certs
=
rcerts
,
cms
=
cms
)
return
template
.
render
(
hashok
=
hashok
,
hash
=
{
'micalg'
:
algo
.
upper
(),
'digest'
:
mdData
},
signatureok
=
signatureok
,
certok
=
min
([
c
[
1
]
for
c
in
rcerts
]),
cert
=
sigcert
,
certs
=
rcerts
,
cms
=
cms
,
debug
=
debug
)
g_chain
=
[]
...
...
@@ -336,7 +336,7 @@ def respond(cfg, body, old):
s
.
sendmail
(
old
[
'To'
],
[
old
[
'From'
]],
msg
.
as_string
())
def
process
(
cfg
,
m
,
msgids
,
action
,
moveto
=
None
):
def
process
(
cfg
,
m
,
msgids
,
action
,
moveto
=
None
,
debug
=
False
):
for
msgid
in
filter
(
lambda
x
:
x
!=
''
,
msgids
[
0
].
decode
(
'utf-8'
).
split
(
' '
)[::
-
1
]):
try
:
typ
,
msg
=
m
.
fetch
(
msgid
,
'(RFC822)'
)
...
...
@@ -348,14 +348,18 @@ def process(cfg, m, msgids, action, moveto=None):
for
part
in
msg
:
if
not
isinstance
(
part
,
tuple
):
continue
# FIXME python3.6 + will have EmailMessage and require policy=email.policy.compat32 …
mail
=
email
.
message_from_bytes
(
part
[
1
])
HEADERS
=
frozenset
([
'From'
,
'To'
,
'Date'
,
'Subject'
])
if
len
(
set
(
mail
.
keys
())
&
HEADERS
)
!=
4
:
log
.
warning
(
"missing header {}"
.
format
(
HEADERS
-
set
(
mail
.
keys
())))
continue
date
=
email
.
utils
.
parsedate_to_datetime
(
mail
[
'Date'
])
Subject
=
mail
[
'Subject'
]
if
'+debug'
in
Subject
:
debug
=
True
log
.
info
(
'Processing {date} "{From}" "{To}" "{Subject}"'
.
format
(
date
=
date
,
**
mail
))
# valid is 3 state
# True False None, None is error
try
:
...
...
@@ -365,8 +369,8 @@ def process(cfg, m, msgids, action, moveto=None):
valid
=
None
else
:
try
:
response
=
render
(
p7
,
data
,
micalg
,
digest
)
#
respond(cfg, response, mail)
response
=
render
(
p7
,
data
,
micalg
,
digest
,
debug
=
debug
)
respond
(
cfg
,
response
,
mail
)
except
Exception
as
e
:
log
.
exception
(
e
)
valid
=
None
...
...
@@ -482,7 +486,7 @@ def main():
except
Exception
as
e
:
log
.
exception
(
e
)
return
response
=
render
(
p7
,
data
,
micalg
,
digest
)
response
=
render
(
p7
,
data
,
micalg
,
digest
,
debug
=
True
,
tplname
=
'debug.tpl'
)
print
(
response
)
cmd
.
set_defaults
(
func
=
cmd_debug
)
...
...
tpl/debug.tpl
0 → 100644
View file @
bf5d4b06
{
%-
macro
dn
(
c
)
-%
}
{%- for (a,b) in c.get_components() -%}
{
{
a
.
decode
(
'utf-8'
)
}
}={
{
b
.
decode
(
'utf-8'
)
}
}{%- if not loop.last -%}/{%- endif -%}
{%- endfor -%}
{%- endmacro -%}
{%- macro isok(v) -%}
{%- if v -%}
✔️
{
#
gr
ü
ner
haken
'\u2714'
#
}
{%- else -%}
❌
{
#
rotes
kreuz
'\u274c'
#
}
{%- endif -%}
{%- endmacro -%}
hash {
{
isok
(
hashok
)
}
}
{%- if not hashok %}
alg:{
{
hash
[
'micalg'
]
}
}
digest:{
{
hash
[
'digest'
]
}
}
{%- endif %}
signature {
{
isok
(
signatureok
)
}
}
cert {
{
isok
(
certok
)
}
}
{%- if not certok or True %}
Signaturgeber:
S: {{ dn(cert.get_subject()) }}
I: {{ dn(cert.get_issuer()) }}
In der Signatur beinhaltete Zertifikate:
{%- for (c,ok) in certs %}
{{
{
True
:
'verankert'
,
False
:
'unvollständig'
}
[ok]}}
S: {{ dn(c.get_subject()) }}
I: {{ dn(c.get_issuer()) }}
{
{
c
.
get_notBefore
()
}
}-{
{
c
.
get_notAfter
()
}
}
{
{
c
.
get_signature_algorithm
()
}
}
{% endfor %}
{%- endif %}
https://gitlab.uni-hannover.de/koetter/mailsignaturevalidator
tpl/default.tpl
View file @
bf5d4b06
...
...
@@ -13,7 +13,7 @@
{%- endmacro -%}
hash {
{
isok
(
hashok
)
}
}
{%- if not hashok %}
{%- if
debug or
not hashok %}
alg:{
{
hash
[
'micalg'
]
}
}
digest:{
{
hash
[
'digest'
]
}
}
{%- endif %}
...
...
@@ -21,7 +21,7 @@ hash {{isok(hashok)}}
signature {
{
isok
(
signatureok
)
}
}
cert {
{
isok
(
certok
)
}
}
{%- if not certok %}
{%- if
debug or
not certok %}
Signaturgeber:
S: {{ dn(cert.get_subject()) }}
I: {{ dn(cert.get_issuer()) }}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment