def __get_identities(menu):
ids = []
lines = re.split(r"[\r\n]+", menu)
for l in lines:
l = l.strip()
m = re.match(r"^\[.*?\]\s+\((\d+)\).*<(.*?)>$", l)
if m:
if (is_email_address(m.group(2))):
ids.append((m.group(1), m.group(2)))
return ids
def __get_identities(menu):
ids = []
lines = re.split(r"[\r\n]+", menu)
for l in lines:
l = l.strip()
m = re.match(r"^\[.*?\]\s+\((\d+)\).*<(.*?)>$", l)
if m:
if (is_email_address(m.group(2))):
ids.append( (m.group(1), m.group(2)) )
return ids
def __get_raw_email_addr(addr):
addr = addr.strip()
matches = re.search(r"<([^>]+)>", addr)
if not matches:
return addr
result = matches.group(1).strip()
if is_email_address(result):
return result
else:
return addr
def __get_raw_email_addr(addr):
addr = addr.strip()
matches = re.search(r"<([^>]+)>", addr)
if not matches:
return addr
result = matches.group(1).strip()
if is_email_address(result):
return result
else:
return addr
def validate_mail(message):
# Step 1: Read the from address, so that we at least know where to
# send the error message to
from_addr = None
try:
# Get the one and only from address
(headers, body) = dkim.rfc822_parse(message)
from_addr = __get_raw_email_addr(__get_required_header(headers, "From"))
if not is_email_address(from_addr):
return (None, False, "'" + str(from_addr) + "' is not valid From: address")
except Exception, e:
return (None, False, e.__str__())
def validate_mail(message):
# Step 1: Read the from address, so that we at least know where to
# send the error message to
from_addr = None
try:
# Get the one and only from address
(headers, body) = dkim.rfc822_parse(message)
from_addr = __get_raw_email_addr(__get_required_header(
headers, "From"))
if not is_email_address(from_addr):
return (None, False,
"'" + str(from_addr) + "' is not valid From: address")
except Exception, e:
return (None, False, e.__str__())
def signkey(pubkey, email_addr, signing_key_fp):
session_logger = StringIO()
encrypted_key = None # The ultimate result
signing_key_fp = re.sub(r"\s+", "", signing_key_fp)
signing_key_fp_16 = signing_key_fp[-16:]
# Step 0: Sanity Check
####################################################
if not is_email_address(email_addr):
raise SignKeyException("'" + email_addr + "' does not appear to be a valid email address.", session_logger.getvalue())
# Step 1: Sniff the pubkey to make sure it looks ok
####################################################
proc = subprocess.Popen(['/usr/bin/gpg2', '--with-fingerprint', '-'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
proc.stdin.write(pubkey)
(sout,serr) = proc.communicate()
session_logger.write("Peeking at the key:\n" + sout + "\n\n")
# Make sure the email is in there
if not re.match(r"^pub", sout):
raise SignKeyException("Input does not appear to be a public key.", session_logger.getvalue())
# Make sure the email is in there
if not re.search(r"^(pub|uid).*?<(" + re.escape(email_addr) + r")>\s*$", sout, re.MULTILINE):
raise SignKeyException("Could not find email address '" + email_addr + "' in the public key.", session_logger.getvalue())
# Get the key fingerprint
m = re.search(r"^\s*Key fingerprint\s*=\s*((\s+[a-fA-F0-9]{4}){10})\s*$", sout, re.MULTILINE)
fingerprint = None
if m:
fingerprint = re.sub(r"\s+", "", m.group(1))
if fingerprint is None:
raise SignKeyException("Could not extract fingerprint from public key.", session_logger.getvalue())
# Step 2: Create a new temprary keyring to work from
#####################################################
# Read the keyring
fh = open(os.path.join(os.environ["HOME"], ".gnupg", "pubring.gpg"), "rb")
pub_keyring = fh.read()
fh.close()
# Write the existing keyring to our temp keyring
temp_keyring = tempfile.NamedTemporaryFile('rw+b')
try:
temp_keyring.write(pub_keyring)
temp_keyring.flush()
temp_keyring.seek(0)
# Step 3: Import the supplied key
#####################################################
# Import they key
proc = subprocess.Popen(['/usr/bin/gpg2', '--no-default-keyring', '--keyring', temp_keyring.name, '--import', '-'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
proc.stdin.write(pubkey)
(sout,serr) = proc.communicate()
session_logger.write("Importing the key:\n" + sout + "\n\n")
if not re.search(r"^.*: public key \".*\" imported\s*$", sout, re.MULTILINE):
raise SignKeyException("Could not import public key.", session_logger.getvalue())
# Step 4: Sign the key
#####################################################
session_logger.write("Signing the key:\n")
__do_sign_key(temp_keyring.name, fingerprint, email_addr, session_logger)
session_logger.write("\n\n")
# Step 5: Encrypt the signed key
#####################################################
# Check that the sig exists
proc = subprocess.Popen(['/usr/bin/gpg2', '--no-default-keyring', '--keyring', temp_keyring.name, '--list-sigs', fingerprint], stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
(sout,serr) = proc.communicate()
session_logger.write("Checking that the sig exists:\n" + sout + "\n\n")
# Export the key into ASCII
proc = subprocess.Popen(['/usr/bin/gpg2', '--no-default-keyring', '--keyring', temp_keyring.name, '--armor', '--export', fingerprint], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
(signed_key,serr) = proc.communicate()
session_logger.write("Exporting the key (blank means OK):\n" + serr + "\n\n")
# Sanity check that we've actually signed it
proc = subprocess.Popen(['/usr/bin/gpg2', '--list-packets', '-'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
proc.stdin.write(signed_key)
(sout,serr) = proc.communicate()
session_logger.write("Listing the packets:\n" + sout + "\n\n")
if "\n:signature packet: algo 1, keyid " + signing_key_fp_16 + "\n" not in sout:
raise SignKeyException("Could not find the signature packet. Something went wrong.", session_logger.getvalue())
# Encrypt the signed key, to be opened only by the correct owner
proc = subprocess.Popen(['/usr/bin/gpg2', '--no-default-keyring', '--keyring', temp_keyring.name, '--armor', '--recipient', fingerprint, '--trust-model', 'always', '--encrypt', '-'], stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
proc.stdin.write(signed_key)
(encrypted_key,serr) = proc.communicate()
session_logger.write("Exporting the key (blank means OK):\n" + serr + "\n\n")
except Exception, e:
temp_keyring.close()
if isinstance(e, SignKeyException):
raise e
else:
session_logger.write("Uncaught Python error:\n" + traceback.format_exc() + "\n\n")
raise SignKeyException(str(e), session_logger.getvalue())
def signkey(pubkey, email_addr, signing_key_fp):
session_logger = StringIO()
encrypted_key = None # The ultimate result
signing_key_fp = re.sub(r"\s+", "", signing_key_fp)
signing_key_fp_16 = signing_key_fp[-16:]
# Step 0: Sanity Check
####################################################
if not is_email_address(email_addr):
raise SignKeyException(
"'" + email_addr +
"' does not appear to be a valid email address.",
session_logger.getvalue())
# Step 1: Sniff the pubkey to make sure it looks ok
####################################################
proc = subprocess.Popen(['/usr/bin/gpg2', '--with-fingerprint', '-'],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
proc.stdin.write(pubkey)
(sout, serr) = proc.communicate()
session_logger.write("Peeking at the key:\n" + sout + "\n\n")
# Make sure the email is in there
if not re.match(r"^pub", sout):
raise SignKeyException("Input does not appear to be a public key.",
session_logger.getvalue())
# Make sure the email is in there
if not re.search(r"^(pub|uid).*?<(" + re.escape(email_addr) + r")>\s*$",
sout, re.MULTILINE):
raise SignKeyException(
"Could not find email address '" + email_addr +
"' in the public key.", session_logger.getvalue())
# Get the key fingerprint
m = re.search(r"^\s*Key fingerprint\s*=\s*((\s+[a-fA-F0-9]{4}){10})\s*$",
sout, re.MULTILINE)
fingerprint = None
if m:
fingerprint = re.sub(r"\s+", "", m.group(1))
if fingerprint is None:
raise SignKeyException(
"Could not extract fingerprint from public key.",
session_logger.getvalue())
# Step 2: Create a new temprary keyring to work from
#####################################################
# Read the keyring
fh = open(os.path.join(os.environ["HOME"], ".gnupg", "pubring.gpg"), "rb")
pub_keyring = fh.read()
fh.close()
# Write the existing keyring to our temp keyring
temp_keyring = tempfile.NamedTemporaryFile('rw+b')
try:
temp_keyring.write(pub_keyring)
temp_keyring.flush()
temp_keyring.seek(0)
# Step 3: Import the supplied key
#####################################################
# Import they key
proc = subprocess.Popen([
'/usr/bin/gpg2', '--no-default-keyring', '--keyring',
temp_keyring.name, '--import', '-'
],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
proc.stdin.write(pubkey)
(sout, serr) = proc.communicate()
session_logger.write("Importing the key:\n" + sout + "\n\n")
if not re.search(r"^.*: public key \".*\" imported\s*$", sout,
re.MULTILINE):
raise SignKeyException("Could not import public key.",
session_logger.getvalue())
# Step 4: Sign the key
#####################################################
session_logger.write("Signing the key:\n")
__do_sign_key(temp_keyring.name, fingerprint, email_addr,
session_logger)
session_logger.write("\n\n")
# Step 5: Encrypt the signed key
#####################################################
# Check that the sig exists
proc = subprocess.Popen([
'/usr/bin/gpg2', '--no-default-keyring', '--keyring',
temp_keyring.name, '--list-sigs', fingerprint
],
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
(sout, serr) = proc.communicate()
session_logger.write("Checking that the sig exists:\n" + sout + "\n\n")
# Export the key into ASCII
proc = subprocess.Popen([
'/usr/bin/gpg2', '--no-default-keyring', '--keyring',
temp_keyring.name, '--armor', '--export', fingerprint
],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
(signed_key, serr) = proc.communicate()
session_logger.write("Exporting the key (blank means OK):\n" + serr +
"\n\n")
# Sanity check that we've actually signed it
proc = subprocess.Popen(['/usr/bin/gpg2', '--list-packets', '-'],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.STDOUT)
proc.stdin.write(signed_key)
(sout, serr) = proc.communicate()
session_logger.write("Listing the packets:\n" + sout + "\n\n")
if "\n:signature packet: algo 1, keyid " + signing_key_fp_16 + "\n" not in sout:
raise SignKeyException(
"Could not find the signature packet. Something went wrong.",
session_logger.getvalue())
# Encrypt the signed key, to be opened only by the correct owner
proc = subprocess.Popen([
'/usr/bin/gpg2', '--no-default-keyring', '--keyring',
temp_keyring.name, '--armor', '--recipient', fingerprint,
'--trust-model', 'always', '--encrypt', '-'
],
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
proc.stdin.write(signed_key)
(encrypted_key, serr) = proc.communicate()
session_logger.write("Exporting the key (blank means OK):\n" + serr +
"\n\n")
except Exception, e:
temp_keyring.close()
if isinstance(e, SignKeyException):
raise e
else:
session_logger.write("Uncaught Python error:\n" +
traceback.format_exc() + "\n\n")
raise SignKeyException(str(e), session_logger.getvalue())