def test_gateway_accepts_valid_email(self):
"""
Test if SMTP server responds correctly for valid interaction.
"""
SMTP_ANSWERS = ['220 ' + IP_OR_HOST_REGEX +
' NO UCE NO UBE NO RELAY PROBES',
'250 ' + IP_OR_HOST_REGEX + ' Hello ' +
IP_OR_HOST_REGEX + ', nice to meet you',
'250 Sender address accepted',
'250 Recipient address accepted',
'354 Continue']
# XXX this bit can be refactored away in a helper
# method...
proto = SMTPFactory(
u'*****@*****.**',
self._km,
self._config['encrypted_only'],
outgoing_mail=Mock()).buildProtocol(('127.0.0.1', 0))
# snip...
transport = proto_helpers.StringTransport()
proto.makeConnection(transport)
reply = ""
for i, line in enumerate(self.EMAIL_DATA):
reply += yield self.getReply(line + '\r\n', proto, transport)
self.assertMatch(reply, '\r\n'.join(SMTP_ANSWERS),
'Did not get expected answer from gateway.')
proto.setTimeout(None)
def test_missing_key_accepts_address(self):
"""
Test if server accepts to send unencrypted when 'encrypted_only' is
False.
"""
# remove key from key manager
pubkey = yield self._km.get_key(ADDRESS, openpgp.OpenPGPKey)
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.GPG_BINARY_PATH)
yield pgp.delete_key(pubkey)
# mock the key fetching
self._km._fetch_keys_from_server = Mock(
return_value=fail(errors.KeyNotFound()))
# prepare the SMTP factory with encrypted only equal to false
proto = SMTPFactory(
u'*****@*****.**',
self._km,
False, outgoing_mail=Mock()).buildProtocol(('127.0.0.1', 0))
transport = proto_helpers.StringTransport()
proto.makeConnection(transport)
yield self.getReply(self.EMAIL_DATA[0] + '\r\n', proto, transport)
yield self.getReply(self.EMAIL_DATA[1] + '\r\n', proto, transport)
reply = yield self.getReply(self.EMAIL_DATA[2] + '\r\n',
proto, transport)
# ensure the address was accepted
self.assertEqual(
'250 Recipient address accepted\r\n',
reply,
'Address should have been accepted with appropriate message.')
proto.setTimeout(None)
def test_gateway_accepts_valid_email(self):
"""
Test if SMTP server responds correctly for valid interaction.
"""
SMTP_ANSWERS = [
'220 ' + IP_OR_HOST_REGEX + ' NO UCE NO UBE NO RELAY PROBES',
'250 ' + IP_OR_HOST_REGEX + ' Hello ' + IP_OR_HOST_REGEX +
', nice to meet you', '250 Sender address accepted',
'250 Recipient address accepted', '354 Continue'
]
# XXX this bit can be refactored away in a helper
# method...
proto = SMTPFactory(u'*****@*****.**', self._km,
self._config['host'], self._config['port'],
self._config['cert'], self._config['key'],
self._config['encrypted_only']).buildProtocol(
('127.0.0.1', 0))
# snip...
transport = proto_helpers.StringTransport()
proto.makeConnection(transport)
for i, line in enumerate(self.EMAIL_DATA):
proto.lineReceived(line + '\r\n')
self.assertMatch(transport.value(),
'\r\n'.join(SMTP_ANSWERS[0:i + 1]),
'Did not get expected answer from gateway.')
proto.setTimeout(None)
def test_missing_key_accepts_address(self):
"""
Test if server accepts to send unencrypted when 'encrypted_only' is
False.
"""
# remove key from key manager
pubkey = self._km.get_key(ADDRESS, openpgp.OpenPGPKey)
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.GPG_BINARY_PATH)
pgp.delete_key(pubkey)
# mock the key fetching
self._km.fetch_keys_from_server = Mock(return_value=[])
# prepare the SMTP factory with encrypted only equal to false
proto = SMTPFactory(u'*****@*****.**', self._km,
self._config['host'], self._config['port'],
self._config['cert'], self._config['key'],
False).buildProtocol(('127.0.0.1', 0))
transport = proto_helpers.StringTransport()
proto.makeConnection(transport)
proto.lineReceived(self.EMAIL_DATA[0] + '\r\n')
proto.lineReceived(self.EMAIL_DATA[1] + '\r\n')
proto.lineReceived(self.EMAIL_DATA[2] + '\r\n')
# ensure the address was accepted
lines = transport.value().rstrip().split('\n')
self.assertEqual(
'250 Recipient address accepted', lines[-1],
'Address should have been accepted with appropriate message.')
def test_missing_key_accepts_address(self):
"""
Test if server accepts to send unencrypted when 'encrypted_only' is
False.
"""
# remove key from key manager
pubkey = self._km.get_key(ADDRESS, openpgp.OpenPGPKey)
pgp = openpgp.OpenPGPScheme(
self._soledad, gpgbinary=self.GPG_BINARY_PATH)
pgp.delete_key(pubkey)
# mock the key fetching
self._km.fetch_keys_from_server = Mock(return_value=[])
# prepare the SMTP factory with encrypted only equal to false
proto = SMTPFactory(
u'*****@*****.**',
self._km, self._config['host'],
self._config['port'],
self._config['cert'], self._config['key'],
False).buildProtocol(('127.0.0.1', 0))
transport = proto_helpers.StringTransport()
proto.makeConnection(transport)
proto.lineReceived(self.EMAIL_DATA[0] + '\r\n')
proto.lineReceived(self.EMAIL_DATA[1] + '\r\n')
proto.lineReceived(self.EMAIL_DATA[2] + '\r\n')
# ensure the address was accepted
lines = transport.value().rstrip().split('\n')
self.assertEqual(
'250 Recipient address accepted',
lines[-1],
'Address should have been accepted with appropriate message.')
def test_message_sign(self):
"""
Test if message is signed with sender key.
"""
# mock the key fetching
self._km.fetch_keys_from_server = Mock(return_value=[])
proto = SMTPFactory(u'*****@*****.**', self._km,
self._config['host'], self._config['port'],
self._config['cert'], self._config['key'],
self._config['encrypted_only']).buildProtocol(
('127.0.0.1', 0))
user = User('*****@*****.**', 'gateway.leap.se', proto,
ADDRESS)
fromAddr = Address(ADDRESS_2)
m = EncryptedMessage(fromAddr, user, self._km, self._config['host'],
self._config['port'], self._config['cert'],
self._config['key'])
for line in self.EMAIL_DATA[4:12]:
m.lineReceived(line)
# trigger signing
#m.eomReceived() # this includes a defer, so we avoid calling it here
m.lines.append('') # add a trailing newline
# we need to call the following explicitelly because it was deferred
# inside the previous method
m._maybe_encrypt_and_sign()
# assert structure of signed message
self.assertTrue('Content-Type' in m._msg)
self.assertEqual('multipart/signed', m._msg.get_content_type())
self.assertEqual('application/pgp-signature',
m._msg.get_param('protocol'))
self.assertEqual('pgp-sha512', m._msg.get_param('micalg'))
# assert content of message
self.assertEqual(
'\r\n'.join(self.EMAIL_DATA[9:13]) + '\r\n--\r\n' +
'I prefer encrypted email - https://leap.se/key/anotheruser\r\n',
m._msg.get_payload(0).get_payload(decode=True))
# assert content of signature
self.assertTrue(
m._msg.get_payload(1).get_payload().startswith(
'-----BEGIN PGP SIGNATURE-----\n'),
'Message does not start with signature header.')
self.assertTrue(
m._msg.get_payload(1).get_payload().endswith(
'-----END PGP SIGNATURE-----\n'),
'Message does not end with signature footer.')
# assert signature is valid
pubkey = self._km.get_key(ADDRESS_2, openpgp.OpenPGPKey)
# replace EOL before verifying (according to rfc3156)
signed_text = re.sub('\r?\n', '\r\n',
m._msg.get_payload(0).as_string())
self.assertTrue(
self._km.verify(signed_text,
pubkey,
detached_sig=m._msg.get_payload(1).get_payload()),
'Signature could not be verified.')
def init_outgoing_and_proto(_):
self.outgoing_mail = OutgoingMail(self.fromAddr, self._km,
self._config['cert'],
self._config['key'],
self._config['host'],
self._config['port'])
self.proto = SMTPFactory(u'*****@*****.**', self._km,
self._config['encrypted_only'],
self.outgoing_mail).buildProtocol(
('127.0.0.1', 0))
self.dest = User(ADDRESS, 'gateway.leap.se', self.proto, ADDRESS_2)
def test_missing_key_rejects_address(self):
"""
Test if server rejects to send unencrypted when 'encrypted_only' is
True.
"""
# remove key from key manager
pubkey = yield self._km.get_key(ADDRESS, openpgp.OpenPGPKey)
pgp = openpgp.OpenPGPScheme(self._soledad,
gpgbinary=self.GPG_BINARY_PATH)
yield pgp.delete_key(pubkey)
# mock the key fetching
self._km._fetch_keys_from_server = Mock(
return_value=fail(errors.KeyNotFound()))
# prepare the SMTP factory
proto = SMTPFactory(u'*****@*****.**',
self._km,
self._config['encrypted_only'],
outgoing_mail=Mock()).buildProtocol(
('127.0.0.1', 0))
transport = proto_helpers.StringTransport()
proto.makeConnection(transport)
yield self.getReply(self.EMAIL_DATA[0] + '\r\n', proto, transport)
yield self.getReply(self.EMAIL_DATA[1] + '\r\n', proto, transport)
reply = yield self.getReply(self.EMAIL_DATA[2] + '\r\n', proto,
transport)
# ensure the address was rejected
self.assertEqual(
'550 Cannot receive for specified address\r\n', reply,
'Address should have been rejecetd with appropriate message.')
proto.setTimeout(None)
def setup_smtp_gateway(port, userid, keymanager, smtp_host, smtp_port,
smtp_cert, smtp_key, encrypted_only):
"""
Setup SMTP gateway to run with Twisted.
This function sets up the SMTP gateway configuration and the Twisted
reactor.
:param port: The port in which to run the server.
:type port: int
:param userid: The user currently logged in
:type userid: str
:param keymanager: A Key Manager from where to get recipients' public
keys.
:type keymanager: leap.common.keymanager.KeyManager
:param smtp_host: The hostname of the remote SMTP server.
:type smtp_host: str
:param smtp_port: The port of the remote SMTP server.
:type smtp_port: int
:param smtp_cert: The client certificate for authentication.
:type smtp_cert: str
:param smtp_key: The client key for authentication.
:type smtp_key: str
:param encrypted_only: Whether the SMTP gateway should send unencrypted
mail or not.
:type encrypted_only: bool
:returns: tuple of SMTPFactory, twisted.internet.tcp.Port
"""
# configure the use of this service with twistd
outgoing_mail = OutgoingMail(userid, keymanager, smtp_cert, smtp_key,
smtp_host, smtp_port)
factory = SMTPFactory(userid, keymanager, encrypted_only, outgoing_mail)
try:
tport = reactor.listenTCP(port, factory, interface="localhost")
emit(catalog.SMTP_SERVICE_STARTED, str(port))
return factory, tport
except CannotListenError:
logger.error("STMP Service failed to start: "
"cannot listen in port %s" % port)
emit(catalog.SMTP_SERVICE_FAILED_TO_START, str(port))
except Exception as exc:
logger.error("Unhandled error while launching smtp gateway service")
logger.exception(exc)
def test_message_encrypt_sign(self):
"""
Test if message gets encrypted to destination email and signed with
sender key.
"""
proto = SMTPFactory(u'*****@*****.**', self._km,
self._config['host'], self._config['port'],
self._config['cert'], self._config['key'],
self._config['encrypted_only']).buildProtocol(
('127.0.0.1', 0))
user = User(ADDRESS, 'gateway.leap.se', proto, ADDRESS)
fromAddr = Address(ADDRESS_2)
m = EncryptedMessage(fromAddr, user, self._km, self._config['host'],
self._config['port'], self._config['cert'],
self._config['key'])
for line in self.EMAIL_DATA[4:12]:
m.lineReceived(line)
# trigger encryption and signing
#m.eomReceived() # this includes a defer, so we avoid calling it here
m.lines.append('') # add a trailing newline
# we need to call the following explicitelly because it was deferred
# inside the previous method
m._maybe_encrypt_and_sign()
# assert structure of encrypted message
self.assertTrue('Content-Type' in m._msg)
self.assertEqual('multipart/encrypted', m._msg.get_content_type())
self.assertEqual('application/pgp-encrypted',
m._msg.get_param('protocol'))
self.assertEqual(2, len(m._msg.get_payload()))
self.assertEqual('application/pgp-encrypted',
m._msg.get_payload(0).get_content_type())
self.assertEqual('application/octet-stream',
m._msg.get_payload(1).get_content_type())
# decrypt and verify
privkey = self._km.get_key(ADDRESS, openpgp.OpenPGPKey, private=True)
pubkey = self._km.get_key(ADDRESS_2, openpgp.OpenPGPKey)
decrypted = self._km.decrypt(m._msg.get_payload(1).get_payload(),
privkey,
verify=pubkey)
self.assertEqual(
'\n' + '\r\n'.join(self.EMAIL_DATA[9:12]) + '\r\n\r\n--\r\n' +
'I prefer encrypted email - https://leap.se/key/anotheruser\r\n',
decrypted, 'Decrypted text differs from plaintext.')
