S/MIME Email registration
kflux
parent
fc4dcb55fe
commit
803babc49d
|
|
@ -0,0 +1,99 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
from ConfigParser import RawConfigParser
|
||||
import email, os, smtplib, sys, traceback, markdown, syslog
|
||||
from M2Crypto import BIO, Rand, SMIME, X509
|
||||
|
||||
from email.mime.text import MIMEText
|
||||
from email.mime.multipart import MIMEMultipart
|
||||
|
||||
# Read configuration from /etc/gpg-mailgate.conf
|
||||
_cfg = RawConfigParser()
|
||||
_cfg.read('/etc/gpg-mailgate.conf')
|
||||
cfg = dict()
|
||||
for sect in _cfg.sections():
|
||||
cfg[sect] = dict()
|
||||
for (name, value) in _cfg.items(sect):
|
||||
cfg[sect][name] = value
|
||||
|
||||
def log(msg):
|
||||
if cfg.has_key('logging') and cfg['logging'].has_key('file'):
|
||||
if cfg['logging']['file'] == "syslog":
|
||||
syslog.syslog(syslog.LOG_INFO | syslog.LOG_MAIL, msg)
|
||||
else:
|
||||
logfile = open(cfg['logging']['file'], 'a')
|
||||
logfile.write(msg + "\n")
|
||||
logfile.close()
|
||||
|
||||
CERT_PATH = cfg['smime']['cert_path']+"/"
|
||||
|
||||
def send_msg( message, from_addr, recipients = None ):
|
||||
relay = ("127.0.0.1", 10028)
|
||||
smtp = smtplib.SMTP(relay[0], relay[1])
|
||||
smtp.sendmail( from_addr, recipients, message.as_string() )
|
||||
|
||||
if __name__ == "__main__":
|
||||
# try:
|
||||
# Read e-mail from stdin
|
||||
raw = sys.stdin.read()
|
||||
register_msg = email.message_from_string( raw )
|
||||
from_addr = email.utils.parseaddr(register_msg['From'])[1]
|
||||
|
||||
sign_part = None
|
||||
for msg_part in register_msg.walk():
|
||||
if msg_part.get_content_type().lower() == "application/pkcs7-signature":
|
||||
sign_part = msg_part
|
||||
break
|
||||
|
||||
if sign_part == None:
|
||||
log("Unable to find PKCS7 signature in registration email")
|
||||
|
||||
failure_msg = file( cfg['smime']['mail_templates'] + "/registrationError.md").read()
|
||||
msg = MIMEMultipart("alternative")
|
||||
msg["From"] = cfg['smime']['register_email']
|
||||
msg["To"] = from_addr
|
||||
msg["Subject"] = "S/MIME registration failed"
|
||||
|
||||
msg.attach(MIMEText(failure_msg, 'plain'))
|
||||
msg.attach(MIMEText(markdown.markdown(failure_msg), 'html'))
|
||||
|
||||
send_msg(msg, cfg['smime']['register_email'], [from_addr])
|
||||
sys.exit(0)
|
||||
|
||||
raw_sig = sign_part.get_payload().replace("\n","")
|
||||
# re-wrap signature so that it fits base64 standards
|
||||
cooked_sig = '\n'.join(raw_sig[pos:pos+76] for pos in xrange(0, len(raw_sig), 76))
|
||||
# now, wrap the signature in a PKCS7 block
|
||||
sig = """
|
||||
-----BEGIN PKCS7-----
|
||||
%s
|
||||
-----END PKCS7-----
|
||||
""" % cooked_sig
|
||||
|
||||
# and load it into an SMIME p7 object through the BIO I/O buffer:
|
||||
buf = BIO.MemoryBuffer(sig)
|
||||
p7 = SMIME.load_pkcs7_bio(buf)
|
||||
|
||||
sk = X509.X509_Stack()
|
||||
signers = p7.get0_signers(sk)
|
||||
signing_cert = signers[0]
|
||||
|
||||
signing_cert.save(os.path.join(CERT_PATH, from_addr))
|
||||
|
||||
# format in user-specific data
|
||||
success_msg = file(cfg['smime']['mail_templates']+"/registrationSuccess.md").read()
|
||||
success_msg = success_msg.replace("[:FROMADDRESS:]",from_addr)
|
||||
|
||||
msg = MIMEMultipart("alternative")
|
||||
msg["From"] = cfg['smime']['register_email']
|
||||
msg["To"] = from_addr
|
||||
msg["Subject"] = "S/MIME key registration succeeded"
|
||||
|
||||
msg.attach(MIMEText(success_msg, 'plain'))
|
||||
msg.attach(MIMEText(markdown.markdown(success_msg), 'html'))
|
||||
|
||||
log("Registration succeeded")
|
||||
send_msg(msg, cfg['smime']['register_email'], [from_addr])
|
||||
# except:
|
||||
# log("Registration exception")
|
||||
# sys.exit(0)
|
||||
Loading…
Reference in New Issue