add +debug to subject

mailsignaturevalidator.py

@@ -30,7 +30,7 @@ import smtplib
 
 
 log = logging.getLogger()
-log.setLevel(logging.INFO)
+log.setLevel(logging.DEBUG)
 
 logging.config.dictConfig({
         'version': 1,
@@ -188,7 +188,7 @@ def verify_chain(certs, cert_pem):
 		log.exception(e)
 		return False
 
-def render(p7, data, micalg, digest):
+def render(p7, data, micalg, digest, debug=False, tplname='default.tpl'):
 	"""
 	render signature details
 
@@ -200,7 +200,7 @@ def render(p7, data, micalg, digest):
 	"""
 	loader = FileSystemLoader(os.path.abspath(os.path.normpath(os.path.join('.','tpl'))))
 	env = Environment(loader=loader, extensions=['jinja2.ext.loopcontrols'])
-	template = env.get_template('default.tpl')
+	template = env.get_template(tplname)
 
 	# endesive had some ideas how to
 	# https://github.com/m32/endesive/blob/master/endesive/verifier.py#L41
@@ -252,7 +252,7 @@ def render(p7, data, micalg, digest):
 
 #	chain = getchain(M2Crypto.SMIME.load_pkcs7_bio_der(M2Crypto.BIO.MemoryBuffer(p7)), digest)
 
-	return template.render(hashok=hashok, hash={'micalg':algo.upper(), 'digest':mdData}, signatureok=signatureok, certok=min([c[1] for c in rcerts]), cert=sigcert, certs=rcerts, cms=cms)
+	return template.render(hashok=hashok, hash={'micalg':algo.upper(), 'digest':mdData}, signatureok=signatureok, certok=min([c[1] for c in rcerts]), cert=sigcert, certs=rcerts, cms=cms, debug=debug)
 
 g_chain = []
 
@@ -336,7 +336,7 @@ def respond(cfg, body, old):
 	s.sendmail(old['To'], [old['From']], msg.as_string())
 
 
-def process(cfg, m, msgids, action, moveto=None):
+def process(cfg, m, msgids, action, moveto=None, debug=False):
 	for msgid in filter(lambda x: x != '', msgids[0].decode('utf-8').split(' ')[::-1]):
 		try:
 			typ, msg = m.fetch(msgid, '(RFC822)')
@@ -348,14 +348,18 @@ def process(cfg, m, msgids, action, moveto=None):
 		for part in msg:
 			if not isinstance(part, tuple):
 				continue
+			# FIXME python3.6 + will have EmailMessage and require policy=email.policy.compat32 …
 			mail = email.message_from_bytes(part[1])
+
 			HEADERS = frozenset(['From', 'To', 'Date', 'Subject'])
 			if len(set(mail.keys()) & HEADERS) != 4:
 				log.warning("missing header {}".format(HEADERS - set(mail.keys())))
 				continue
 			date = email.utils.parsedate_to_datetime(mail['Date'])
+			Subject = mail['Subject']
+			if '+debug' in Subject:
+				debug = True
 			log.info('Processing {date} "{From}" "{To}" "{Subject}"'.format(date=date, **mail))
-
 			# valid is 3 state
 			# True False None, None is error
 			try:
@@ -365,8 +369,8 @@ def process(cfg, m, msgids, action, moveto=None):
 				valid = None
 			else:
 				try:
-					response = render(p7, data, micalg, digest)
-#					respond(cfg, response, mail)
+					response = render(p7, data, micalg, digest, debug=debug)
+					respond(cfg, response, mail)
 				except Exception as e:
 					log.exception(e)
 					valid = None
@@ -482,7 +486,7 @@ def main():
 		except Exception as e:
 			log.exception(e)
 			return
-		response = render(p7, data, micalg, digest)
+		response = render(p7, data, micalg, digest, debug=True, tplname='debug.tpl')
 		print(response)
 	cmd.set_defaults(func=cmd_debug)
 

tpl/debug.tpl

+{%- macro dn(c) -%}
+{%- for (a,b) in c.get_components() -%}
+{{a.decode('utf-8')}}={{b.decode('utf-8')}}{%- if not loop.last -%}/{%- endif -%}
+{%- endfor -%}
+{%- endmacro -%}
+
+{%- macro isok(v) -%}
+{%- if v -%}
+✔️ {# grüner haken '\u2714' #}
+{%- else -%}
+❌ {# rotes kreuz '\u274c' #}
+{%- endif -%}
+{%- endmacro -%}
+
+hash {{isok(hashok)}}
+{%- if not hashok %}
+    alg:{{hash['micalg']}}
+    digest:{{hash['digest']}}
+{%- endif %}
+
+signature {{isok(signatureok)}}
+
+cert {{isok(certok)}}
+{%- if not certok or True %}
+    Signaturgeber:
+            S: {{ dn(cert.get_subject()) }}
+            I: {{ dn(cert.get_issuer()) }}
+
+    In der Signatur beinhaltete Zertifikate:
+{%- for (c,ok) in certs %}
+        {{{True:'verankert',False:'unvollständig'}[ok]}}
+            S: {{ dn(c.get_subject()) }}
+            I: {{ dn(c.get_issuer()) }}
+              {{c.get_notBefore()}}-{{c.get_notAfter()}}
+              {{c.get_signature_algorithm()}}
+{% endfor %}
+
+{%- endif %}
+
+https://gitlab.uni-hannover.de/koetter/mailsignaturevalidator

tpl/default.tpl

@@ -13,7 +13,7 @@
 {%- endmacro -%}
 
 hash {{isok(hashok)}}
-{%- if not hashok %}
+{%- if debug or not hashok %}
     alg:{{hash['micalg']}}
     digest:{{hash['digest']}}
 {%- endif %}
@@ -21,7 +21,7 @@ hash {{isok(hashok)}}
 signature {{isok(signatureok)}}
 
 cert {{isok(certok)}}
-{%- if not certok %}
+{%- if debug or not certok %}
     Signaturgeber:
             S: {{ dn(cert.get_subject()) }}
             I: {{ dn(cert.get_issuer()) }}