def UnwrapMimeCrypto(part, si=None, ei=None):
"""
This method will replace encrypted and signed parts with their
contents and set part attributes describing the security properties
instead.
"""
part.signature_info = si or SignatureInfo()
part.encryption_info = ei or EncryptionInfo()
mimetype = part.get_content_type()
if part.is_multipart():
# FIXME: Check the protocol. PGP? Something else?
# FIXME: This is where we add hooks for other MIME encryption
# schemes, so route to callbacks by protocol.
if mimetype == "multipart/signed":
gpg = GnuPG()
boundary = part.get_boundary()
payload, signature = part.get_payload()
# The Python get_payload() method likes to rewrite headers,
# which breaks signature verification. So we manually parse
# out the raw payload here.
head, raw_payload, junk = part.as_string().replace("\r\n", "\n").split("\n--%s\n" % boundary, 2)
part.signature_info = gpg.verify(gpg.pgpmime_normalize(raw_payload), signature.get_payload())
# Reparent the contents up, removing the signature wrapper
part.set_payload(payload.get_payload())
for h in payload.keys():
del part[h]
for h, v in payload.items():
part.add_header(h, v)
elif mimetype == "multipart/encrypted":
gpg = GnuPG()
preamble, payload = part.get_payload()
(part.signature_info, part.encryption_info, decrypted) = gpg.decrypt(payload.as_string())
if part.encryption_info["status"] == "decrypted":
newpart = email.parser.Parser().parse(StringIO.StringIO(decrypted))
# Reparent the contents up, removing the encryption wrapper
part.set_payload(newpart.get_payload())
for h in newpart.keys():
del part[h]
for h, v in newpart.items():
part.add_header(h, v)
# If we are still multipart after the above shenanigans, recurse
# into our subparts and unwrap them too.
if part.is_multipart():
for subpart in part.get_payload():
UnwrapMimeCrypto(subpart, si=part.signature_info, ei=part.encryption_info)
else:
# FIXME: This is where we would handle cryptoschemes that don't
# appear as multipart/...
pass
def evaluate_pgp(self, tree, check_sigs=True, decrypt=False):
if 'text_parts' not in tree:
return tree
pgpdata = []
for part in tree['text_parts']:
if 'crypto' not in part:
part['crypto'] = {}
ei = si = None
if check_sigs:
if part['type'] == 'pgpbeginsigned':
pgpdata = [part]
elif part['type'] == 'pgpsignedtext':
pgpdata.append(part)
elif part['type'] == 'pgpsignature':
pgpdata.append(part)
try:
gpg = GnuPG()
message = ''.join([p['data'].encode(p['charset'])
for p in pgpdata])
si = pgpdata[1]['crypto']['signature'
] = gpg.verify(message)
pgpdata[0]['data'] = ''
pgpdata[2]['data'] = ''
except Exception, e:
print e
if decrypt:
if part['type'] in ('pgpbegin', 'pgptext'):
pgpdata.append(part)
elif part['type'] == 'pgpend':
pgpdata.append(part)
gpg = GnuPG()
(signature_info, encryption_info, text
) = gpg.decrypt(''.join([p['data'] for p in pgpdata]))
ei = pgpdata[1]['crypto']['encryption'] = encryption_info
si = pgpdata[1]['crypto']['signature'] = signature_info
if encryption_info["status"] == "decrypted":
pgpdata[1]['data'] = text
pgpdata[0]['data'] = ""
pgpdata[2]['data'] = ""
# Bubbling up!
if (si or ei) and 'crypto' not in tree:
tree['crypto'] = {'signature': SignatureInfo(),
'encryption': EncryptionInfo()}
if si:
tree['crypto']['signature'].mix(si)
if ei:
tree['crypto']['encryption'].mix(ei)
def evaluate_pgp(self, tree, check_sigs=True, decrypt=False):
if 'text_parts' not in tree:
return tree
pgpdata = []
for part in tree['text_parts']:
# Handle signed messages
if 'signature_info' not in part:
part['signature_info'] = SignatureInfo()
if check_sigs:
if part['type'] == 'pgpbeginsigned':
pgpdata = [part]
elif part['type'] == 'pgpsignedtext':
pgpdata.append(part)
elif part['type'] == 'pgpsignature':
pgpdata.append(part)
try:
gpg = GnuPG()
message = ''.join([p['data'].encode(p['charset'])
for p in pgpdata])
pgpdata[1]['signature_info'] = gpg.verify(message)
pgpdata[0]['data'] = ''
pgpdata[2]['data'] = ''
except Exception, e:
print e
if "encryption_info" not in part:
part['encryption_info'] = EncryptionInfo()
if decrypt:
if part['type'] in ('pgpbegin', 'pgptext'):
pgpdata.append(part)
elif part['type'] == 'pgpend':
pgpdata.append(part)
message = ''.join([p['data'] for p in pgpdata])
gpg = GnuPG()
encryption_info, text = gpg.decrypt(message)
pgpdata[1]['encryption_info'] = encryption_info
if encryption_info["status"] == "decrypted":
pgpdata[1]['data'] = text
pgpdata[0]['data'] = ""
pgpdata[2]['data'] = ""
def evaluate_pgp(self, tree, check_sigs=True, decrypt=False):
if "text_parts" not in tree:
return tree
pgpdata = []
for part in tree["text_parts"]:
# Handle signed messages
if "signature_info" not in part:
part["signature_info"] = SignatureInfo()
if check_sigs:
if part["type"] == "pgpbeginsigned":
pgpdata = [part]
elif part["type"] == "pgpsignedtext":
pgpdata.append(part)
elif part["type"] == "pgpsignature":
pgpdata.append(part)
try:
gpg = GnuPG()
message = "".join([p["data"].encode(p["charset"]) for p in pgpdata])
pgpdata[1]["signature_info"] = gpg.verify(message)
pgpdata[0]["data"] = ""
pgpdata[2]["data"] = ""
except Exception, e:
print e
if "encryption_info" not in part:
part["encryption_info"] = EncryptionInfo()
if decrypt:
if part["type"] in ("pgpbegin", "pgptext"):
pgpdata.append(part)
elif part["type"] == "pgpend":
pgpdata.append(part)
message = "".join([p["data"] for p in pgpdata])
gpg = GnuPG()
si, encryption_info, text = gpg.decrypt(message)
pgpdata[1]["encryption_info"] = encryption_info
if encryption_info["status"] == "decrypted":
pgpdata[1]["data"] = text
pgpdata[0]["data"] = ""
pgpdata[2]["data"] = ""
