gpg-lacre/register-handler.py

#!/usr/bin/python

from configparser import RawConfigParser
import email, os, smtplib, sys, traceback, markdown, syslog, requests
from M2Crypto import BIO, Rand, SMIME, X509

from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart

import logging

import lacre
import lacre.config as conf

def send_msg( message, from_addr, recipients = None ):
	if conf.config_item_set('relay', 'host') and conf.config_item_set('relay', 'enc_port'):
		relay = (conf.get_item('relay', 'host'), int(conf.get_item('relay', 'enc_port')))
		smtp = smtplib.SMTP(relay[0], relay[1])
		smtp.sendmail( from_addr, recipients, message.as_string() )
	else:
		LOG.info("Could not send mail due to wrong configuration")

if __name__ == "__main__":
#	try:
		conf.load_config()
		lacre.init_logging(conf.get_item('logging', 'config'))

		LOG = logging.getLogger(__name__)

		CERT_PATH = conf.get_item('smime', 'cert_path') + '/'

		# Read e-mail from stdin
		raw = sys.stdin.read()
		register_msg = email.message_from_string( raw )
		from_addr = email.utils.parseaddr(register_msg['From'])[1]

		sign_part = None
		for msg_part in register_msg.walk():
			if msg_part.get_content_type().lower() == "application/pkcs7-signature" or msg_part.get_content_type().lower() == "application/x-pkcs7-signature":
				sign_type = 'smime'
				sign_part = msg_part
				break
			# This may cause that a non ASCII-armored key will be seen as valid. Other solution is not that efficient though
			#elif msg_part.get_content_type().lower() == "application/pgp-keys":
			#	sign_type = 'pgp'
			#	sign_part = msg_part.get_payload()
			#	break
			elif "-----BEGIN PGP PUBLIC KEY BLOCK-----" in msg_part.get_payload() and "-----END PGP PUBLIC KEY BLOCK-----" in msg_part.get_payload():
				msg_content = msg_part.get_payload()
				start = msg_content.find("-----BEGIN PGP PUBLIC KEY BLOCK-----")
				end = msg_content.find("-----END PGP PUBLIC KEY BLOCK-----")
				sign_type = 'pgp'
				sign_part = msg_content[start:end + 34]
				break

		if sign_part == None:
			LOG.info("Unable to find PKCS7 signature or public PGP key in registration email")

			failure_msg = file( conf.get_item('mailregister', 'mail_templates') + "/registrationError.md").read()
			msg = MIMEMultipart("alternative")
			msg["From"] = conf.get_item('mailregister', 'register_email')
			msg["To"] = from_addr
			msg["Subject"] = "S/MIME / OpenPGP registration failed"

			msg.attach(MIMEText(failure_msg, 'plain'))
			msg.attach(MIMEText(markdown.markdown(failure_msg), 'html'))

			send_msg(msg, conf.get_item('mailregister', 'register_email'), [from_addr])
			sys.exit(0)
		
		if sign_type == 'smime':
			raw_sig = sign_part.get_payload().replace("\n", "")
			# re-wrap signature so that it fits base64 standards
			cooked_sig = '\n'.join(raw_sig[pos:pos+76] for pos in range(0, len(raw_sig), 76))
			
			# now, wrap the signature in a PKCS7 block
			sig = """
-----BEGIN PKCS7-----
%s
-----END PKCS7-----
		""" % cooked_sig

			# and load it into an SMIME p7 object through the BIO I/O buffer:
			buf = BIO.MemoryBuffer(sig)
			p7 = SMIME.load_pkcs7_bio(buf)

			sk = X509.X509_Stack()
			signers = p7.get0_signers(sk)
			signing_cert = signers[0]

			#Save certificate compatible to RFC 2821
			splitted_from_addr = from_addr.split('@')
			processed_from_addr = splitted_from_addr[0] + '@' + splitted_from_addr[1].lower()

			signing_cert.save(os.path.join(CERT_PATH, processed_from_addr))
					
			# format in user-specific data
			# sending success mail only for S/MIME as GPGMW handles this on its own
			success_msg = file(conf.get_item('mailregister', 'mail_templates')+"/registrationSuccess.md").read()
			success_msg = success_msg.replace("[:FROMADDRESS:]", from_addr)
			
			msg = MIMEMultipart("alternative")
			msg["From"] = conf.get_item('mailregister', 'register_email')
			msg["To"] = from_addr
			msg["Subject"] = "S/MIME certificate registration succeeded"

			msg.attach(MIMEText(success_msg, 'plain'))
			msg.attach(MIMEText(markdown.markdown(success_msg), 'html'))
			
			send_msg(msg, conf.get_item('mailregister', 'register_email'), [from_addr])
			
			LOG.info("S/MIME Registration succeeded")
		elif sign_type == 'pgp':
			# send POST to gpg-mailgate webpanel
			sig = sign_part
			payload = {'email': from_addr, 'key': sig}
			r = requests.post(conf.get_item('mailregister', 'webpanel_url'), data=payload)

			if r.status_code != 200:
				LOG.info("Could not hand registration over to GPGMW. Error: %s" % r.status_code)
				error_msg = open(conf.get_item('mailregister', 'mail_templates')+"/gpgmwFailed.md").read()
				error_msg = error_msg.replace("[:FROMADDRESS:]", from_addr)
			
				msg = MIMEMultipart("alternative")
				msg["From"] = conf.get_item('mailregister', 'register_email')
				msg["To"] = from_addr
				msg["Subject"] = "PGP key registration failed"

				msg.attach(MIMEText(error_msg, 'plain'))
				msg.attach(MIMEText(markdown.markdown(error_msg), 'html'))
			
				send_msg(msg, conf.get_item('mailregister', 'register_email'), [from_addr])
			else:
				LOG.info("PGP registration is handed over to GPGMW")
#	except:
#		LOG.info("Registration exception")
#		sys.exit(0)
S/MIME Email registration 2014-02-26 01:50:18 +01:00			`#!/usr/bin/python`

Perform automatic migration to Python 3.x Use lib2to3 automatic migration tool provided by Python 2.x to convert codebase to new idioms. Command line: find . -type f -name '*.py' \ -exec python2.7 -m lib2to3 \ -f all -f idioms -f buffer -f set_literal -f ws_comma -w \ '{}' '+' 2022-01-08 14:06:18 +01:00			`from configparser import RawConfigParser`
added PGP email registration people can send their public key as .asc extension to register@domain.tld to register 2014-03-02 14:28:37 +01:00			`import email, os, smtplib, sys, traceback, markdown, syslog, requests`
S/MIME Email registration 2014-02-26 01:50:18 +01:00			`from M2Crypto import BIO, Rand, SMIME, X509`

			`from email.mime.text import MIMEText`
			`from email.mime.multipart import MIMEMultipart`

Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`import logging`

			`import lacre`
			`import lacre.config as conf`
S/MIME Email registration 2014-02-26 01:50:18 +01:00
			`def send_msg( message, from_addr, recipients = None ):`
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`if conf.config_item_set('relay', 'host') and conf.config_item_set('relay', 'enc_port'):`
			`relay = (conf.get_item('relay', 'host'), int(conf.get_item('relay', 'enc_port')))`
Making it possible to configure mailserver for register-handler and use the encryption port for sending messages. 2015-06-04 20:14:00 +02:00			`smtp = smtplib.SMTP(relay[0], relay[1])`
			`smtp.sendmail( from_addr, recipients, message.as_string() )`
			`else:`
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`LOG.info("Could not send mail due to wrong configuration")`
S/MIME Email registration 2014-02-26 01:50:18 +01:00
			`if __name__ == "__main__":`
			`# try:`
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`conf.load_config()`
			`lacre.init_logging(conf.get_item('logging', 'config'))`

			`LOG = logging.getLogger(__name__)`

			`CERT_PATH = conf.get_item('smime', 'cert_path') + '/'`

S/MIME Email registration 2014-02-26 01:50:18 +01:00			`# Read e-mail from stdin`
			`raw = sys.stdin.read()`
			`register_msg = email.message_from_string( raw )`
			`from_addr = email.utils.parseaddr(register_msg['From'])[1]`

			`sign_part = None`
			`for msg_part in register_msg.walk():`
Update register-handler.py added "application/x-pkcs7-signature" type 2014-09-21 00:37:17 +02:00			`if msg_part.get_content_type().lower() == "application/pkcs7-signature" or msg_part.get_content_type().lower() == "application/x-pkcs7-signature":`
Now GPG keys are not only determined by attachment MIME type. Even inline GPG keys work now. 2015-01-18 19:54:08 +01:00			`sign_type = 'smime'`
added PGP email registration people can send their public key as .asc extension to register@domain.tld to register 2014-03-02 14:28:37 +01:00			`sign_part = msg_part`
			`break`
Changes to cron, register-handler, settings and templates: - Cron now notifies user what happened (key successfully added/deleted or error) - More options to customize templates - Separating concepts in settings (S/MIME, templates) - Register-handler now only informs on failed PGP submissions (reduce mails to user and false positive mails) 2015-01-31 16:08:12 +01:00			`# This may cause that a non ASCII-armored key will be seen as valid. Other solution is not that efficient though`
			`#elif msg_part.get_content_type().lower() == "application/pgp-keys":`
			`# sign_type = 'pgp'`
			`# sign_part = msg_part.get_payload()`
			`# break`
Now GPG keys are not only determined by attachment MIME type. Even inline GPG keys work now. 2015-01-18 19:54:08 +01:00			`elif "-----BEGIN PGP PUBLIC KEY BLOCK-----" in msg_part.get_payload() and "-----END PGP PUBLIC KEY BLOCK-----" in msg_part.get_payload():`
			`msg_content = msg_part.get_payload()`
			`start = msg_content.find("-----BEGIN PGP PUBLIC KEY BLOCK-----")`
			`end = msg_content.find("-----END PGP PUBLIC KEY BLOCK-----")`
			`sign_type = 'pgp'`
			`sign_part = msg_content[start:end + 34]`
S/MIME Email registration 2014-02-26 01:50:18 +01:00			`break`

			`if sign_part == None:`
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`LOG.info("Unable to find PKCS7 signature or public PGP key in registration email")`
S/MIME Email registration 2014-02-26 01:50:18 +01:00
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`failure_msg = file( conf.get_item('mailregister', 'mail_templates') + "/registrationError.md").read()`
S/MIME Email registration 2014-02-26 01:50:18 +01:00			`msg = MIMEMultipart("alternative")`
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`msg["From"] = conf.get_item('mailregister', 'register_email')`
S/MIME Email registration 2014-02-26 01:50:18 +01:00			`msg["To"] = from_addr`
added PGP email registration people can send their public key as .asc extension to register@domain.tld to register 2014-03-02 14:28:37 +01:00			`msg["Subject"] = "S/MIME / OpenPGP registration failed"`
S/MIME Email registration 2014-02-26 01:50:18 +01:00
			`msg.attach(MIMEText(failure_msg, 'plain'))`
			`msg.attach(MIMEText(markdown.markdown(failure_msg), 'html'))`

Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`send_msg(msg, conf.get_item('mailregister', 'register_email'), [from_addr])`
S/MIME Email registration 2014-02-26 01:50:18 +01:00			`sys.exit(0)`
added PGP email registration people can send their public key as .asc extension to register@domain.tld to register 2014-03-02 14:28:37 +01:00
			`if sign_type == 'smime':`
Perform automatic migration to Python 3.x Use lib2to3 automatic migration tool provided by Python 2.x to convert codebase to new idioms. Command line: find . -type f -name '*.py' \ -exec python2.7 -m lib2to3 \ -f all -f idioms -f buffer -f set_literal -f ws_comma -w \ '{}' '+' 2022-01-08 14:06:18 +01:00			`raw_sig = sign_part.get_payload().replace("\n", "")`
Now GPG keys could be verified by cron job without problems (did not for me without this fix) 2015-01-18 15:45:14 +01:00			`# re-wrap signature so that it fits base64 standards`
Perform automatic migration to Python 3.x Use lib2to3 automatic migration tool provided by Python 2.x to convert codebase to new idioms. Command line: find . -type f -name '*.py' \ -exec python2.7 -m lib2to3 \ -f all -f idioms -f buffer -f set_literal -f ws_comma -w \ '{}' '+' 2022-01-08 14:06:18 +01:00			`cooked_sig = '\n'.join(raw_sig[pos:pos+76] for pos in range(0, len(raw_sig), 76))`
Now GPG keys could be verified by cron job without problems (did not for me without this fix) 2015-01-18 15:45:14 +01:00
added PGP email registration people can send their public key as .asc extension to register@domain.tld to register 2014-03-02 14:28:37 +01:00			`# now, wrap the signature in a PKCS7 block`
			`sig = """`
S/MIME Email registration 2014-02-26 01:50:18 +01:00			`-----BEGIN PKCS7-----`
			`%s`
			`-----END PKCS7-----`
			`""" % cooked_sig`

added PGP email registration people can send their public key as .asc extension to register@domain.tld to register 2014-03-02 14:28:37 +01:00			`# and load it into an SMIME p7 object through the BIO I/O buffer:`
			`buf = BIO.MemoryBuffer(sig)`
			`p7 = SMIME.load_pkcs7_bio(buf)`
S/MIME Email registration 2014-02-26 01:50:18 +01:00
added PGP email registration people can send their public key as .asc extension to register@domain.tld to register 2014-03-02 14:28:37 +01:00			`sk = X509.X509_Stack()`
			`signers = p7.get0_signers(sk)`
			`signing_cert = signers[0]`
S/MIME Email registration 2014-02-26 01:50:18 +01:00
Making GPG-Mailgate compatible with RFC 2821 (Simple Mail Transfer Protocol). The previous reverted commits made the gateway incompatible with the RFC. However, compatibility has to be activated in the settings. Most mail servers ignore the case sensitivity of the mail addresses, so this should not be a big issue. A quick solution to make the S/MIME functionality compatible with the RFC was not found so this needs to be fixed later. 2015-02-14 19:34:26 +01:00			`#Save certificate compatible to RFC 2821`
			`splitted_from_addr = from_addr.split('@')`
			`processed_from_addr = splitted_from_addr[0] + '@' + splitted_from_addr[1].lower()`

			`signing_cert.save(os.path.join(CERT_PATH, processed_from_addr))`
Changes to cron, register-handler, settings and templates: - Cron now notifies user what happened (key successfully added/deleted or error) - More options to customize templates - Separating concepts in settings (S/MIME, templates) - Register-handler now only informs on failed PGP submissions (reduce mails to user and false positive mails) 2015-01-31 16:08:12 +01:00
			`# format in user-specific data`
			`# sending success mail only for S/MIME as GPGMW handles this on its own`
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`success_msg = file(conf.get_item('mailregister', 'mail_templates')+"/registrationSuccess.md").read()`
Perform automatic migration to Python 3.x Use lib2to3 automatic migration tool provided by Python 2.x to convert codebase to new idioms. Command line: find . -type f -name '*.py' \ -exec python2.7 -m lib2to3 \ -f all -f idioms -f buffer -f set_literal -f ws_comma -w \ '{}' '+' 2022-01-08 14:06:18 +01:00			`success_msg = success_msg.replace("[:FROMADDRESS:]", from_addr)`
Changes to cron, register-handler, settings and templates: - Cron now notifies user what happened (key successfully added/deleted or error) - More options to customize templates - Separating concepts in settings (S/MIME, templates) - Register-handler now only informs on failed PGP submissions (reduce mails to user and false positive mails) 2015-01-31 16:08:12 +01:00
			`msg = MIMEMultipart("alternative")`
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`msg["From"] = conf.get_item('mailregister', 'register_email')`
Changes to cron, register-handler, settings and templates: - Cron now notifies user what happened (key successfully added/deleted or error) - More options to customize templates - Separating concepts in settings (S/MIME, templates) - Register-handler now only informs on failed PGP submissions (reduce mails to user and false positive mails) 2015-01-31 16:08:12 +01:00			`msg["To"] = from_addr`
			`msg["Subject"] = "S/MIME certificate registration succeeded"`

			`msg.attach(MIMEText(success_msg, 'plain'))`
			`msg.attach(MIMEText(markdown.markdown(success_msg), 'html'))`
added PGP email registration people can send their public key as .asc extension to register@domain.tld to register 2014-03-02 14:28:37 +01:00
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`send_msg(msg, conf.get_item('mailregister', 'register_email'), [from_addr])`
Changes to cron, register-handler, settings and templates: - Cron now notifies user what happened (key successfully added/deleted or error) - More options to customize templates - Separating concepts in settings (S/MIME, templates) - Register-handler now only informs on failed PGP submissions (reduce mails to user and false positive mails) 2015-01-31 16:08:12 +01:00
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`LOG.info("S/MIME Registration succeeded")`
added PGP email registration people can send their public key as .asc extension to register@domain.tld to register 2014-03-02 14:28:37 +01:00			`elif sign_type == 'pgp':`
Changes to cron, register-handler, settings and templates: - Cron now notifies user what happened (key successfully added/deleted or error) - More options to customize templates - Separating concepts in settings (S/MIME, templates) - Register-handler now only informs on failed PGP submissions (reduce mails to user and false positive mails) 2015-01-31 16:08:12 +01:00			`# send POST to gpg-mailgate webpanel`
Now GPG keys are not only determined by attachment MIME type. Even inline GPG keys work now. 2015-01-18 19:54:08 +01:00			`sig = sign_part`
added PGP email registration people can send their public key as .asc extension to register@domain.tld to register 2014-03-02 14:28:37 +01:00			`payload = {'email': from_addr, 'key': sig}`
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`r = requests.post(conf.get_item('mailregister', 'webpanel_url'), data=payload)`
Inform the user if registration failed because GPG-Mailgate-Web could not be reached. 2015-06-04 21:52:39 +02:00
			`if r.status_code != 200:`
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`LOG.info("Could not hand registration over to GPGMW. Error: %s" % r.status_code)`
			`error_msg = open(conf.get_item('mailregister', 'mail_templates')+"/gpgmwFailed.md").read()`
Perform automatic migration to Python 3.x Use lib2to3 automatic migration tool provided by Python 2.x to convert codebase to new idioms. Command line: find . -type f -name '*.py' \ -exec python2.7 -m lib2to3 \ -f all -f idioms -f buffer -f set_literal -f ws_comma -w \ '{}' '+' 2022-01-08 14:06:18 +01:00			`error_msg = error_msg.replace("[:FROMADDRESS:]", from_addr)`
Inform the user if registration failed because GPG-Mailgate-Web could not be reached. 2015-06-04 21:52:39 +02:00
			`msg = MIMEMultipart("alternative")`
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`msg["From"] = conf.get_item('mailregister', 'register_email')`
Inform the user if registration failed because GPG-Mailgate-Web could not be reached. 2015-06-04 21:52:39 +02:00			`msg["To"] = from_addr`
			`msg["Subject"] = "PGP key registration failed"`

			`msg.attach(MIMEText(error_msg, 'plain'))`
			`msg.attach(MIMEText(markdown.markdown(error_msg), 'html'))`
Changes to cron, register-handler, settings and templates: - Cron now notifies user what happened (key successfully added/deleted or error) - More options to customize templates - Separating concepts in settings (S/MIME, templates) - Register-handler now only informs on failed PGP submissions (reduce mails to user and false positive mails) 2015-01-31 16:08:12 +01:00
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`send_msg(msg, conf.get_item('mailregister', 'register_email'), [from_addr])`
Inform the user if registration failed because GPG-Mailgate-Web could not be reached. 2015-06-04 21:52:39 +02:00			`else:`
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`LOG.info("PGP registration is handed over to GPGMW")`
S/MIME Email registration 2014-02-26 01:50:18 +01:00			`# except:`
Use Lacre logging and configuration in register-handler 2022-04-24 22:29:08 +02:00			`# LOG.info("Registration exception")`
S/MIME Email registration 2014-02-26 01:50:18 +01:00			`# sys.exit(0)`