Browse Source

added PGP email registration

people can send their public key as .asc extension to register@domain.tld to register
pull/33/head
kflux 9 years ago
parent
commit
b63cdc9235
  1. 39
      register-handler.py

39
register-handler.py

@ -1,7 +1,7 @@
#!/usr/bin/python
from ConfigParser import RawConfigParser
import email, os, smtplib, sys, traceback, markdown, syslog
import email, os, smtplib, sys, traceback, markdown, syslog, requests
from M2Crypto import BIO, Rand, SMIME, X509
from email.mime.text import MIMEText
@ -42,17 +42,22 @@ if __name__ == "__main__":
sign_part = None
for msg_part in register_msg.walk():
if msg_part.get_content_type().lower() == "application/pkcs7-signature":
sign_type = 'smime';
sign_part = msg_part
break
elif msg_part.get_content_type().lower() == "application/pgp-keys":
sign_type = 'pgp';
sign_part = msg_part
break
if sign_part == None:
log("Unable to find PKCS7 signature in registration email")
log("Unable to find PKCS7 signature or public PGP key in registration email")
failure_msg = file( cfg['smime']['mail_templates'] + "/registrationError.md").read()
msg = MIMEMultipart("alternative")
msg["From"] = cfg['smime']['register_email']
msg["To"] = from_addr
msg["Subject"] = "S/MIME registration failed"
msg["Subject"] = "S/MIME / OpenPGP registration failed"
msg.attach(MIMEText(failure_msg, 'plain'))
msg.attach(MIMEText(markdown.markdown(failure_msg), 'html'))
@ -63,22 +68,30 @@ if __name__ == "__main__":
raw_sig = sign_part.get_payload().replace("\n","")
# re-wrap signature so that it fits base64 standards
cooked_sig = '\n'.join(raw_sig[pos:pos+76] for pos in xrange(0, len(raw_sig), 76))
# now, wrap the signature in a PKCS7 block
sig = """
if sign_type == 'smime':
# now, wrap the signature in a PKCS7 block
sig = """
-----BEGIN PKCS7-----
%s
-----END PKCS7-----
""" % cooked_sig
# and load it into an SMIME p7 object through the BIO I/O buffer:
buf = BIO.MemoryBuffer(sig)
p7 = SMIME.load_pkcs7_bio(buf)
# and load it into an SMIME p7 object through the BIO I/O buffer:
buf = BIO.MemoryBuffer(sig)
p7 = SMIME.load_pkcs7_bio(buf)
sk = X509.X509_Stack()
signers = p7.get0_signers(sk)
signing_cert = signers[0]
sk = X509.X509_Stack()
signers = p7.get0_signers(sk)
signing_cert = signers[0]
signing_cert.save(os.path.join(CERT_PATH, from_addr))
signing_cert.save(os.path.join(CERT_PATH, from_addr))
elif sign_type == 'pgp':
# send POST to localost on port 11371 which points to our HTTP registration page
sig = cooked_sig
payload = {'email': from_addr, 'key': sig}
r = requests.post("http://127.0.0.1:11371", data=payload)
# format in user-specific data
success_msg = file(cfg['smime']['mail_templates']+"/registrationSuccess.md").read()
@ -87,7 +100,7 @@ if __name__ == "__main__":
msg = MIMEMultipart("alternative")
msg["From"] = cfg['smime']['register_email']
msg["To"] = from_addr
msg["Subject"] = "S/MIME key registration succeeded"
msg["Subject"] = "S/MIME / OpenPGP key registration succeeded"
msg.attach(MIMEText(success_msg, 'plain'))
msg.attach(MIMEText(markdown.markdown(success_msg), 'html'))

Loading…
Cancel
Save