added PGP email registration
people can send their public key as .asc extension to register@domain.tld to register
This commit is contained in:
parent
9b8028a030
commit
b63cdc9235
|
@ -1,7 +1,7 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
|
|
||||||
from ConfigParser import RawConfigParser
|
from ConfigParser import RawConfigParser
|
||||||
import email, os, smtplib, sys, traceback, markdown, syslog
|
import email, os, smtplib, sys, traceback, markdown, syslog, requests
|
||||||
from M2Crypto import BIO, Rand, SMIME, X509
|
from M2Crypto import BIO, Rand, SMIME, X509
|
||||||
|
|
||||||
from email.mime.text import MIMEText
|
from email.mime.text import MIMEText
|
||||||
|
@ -42,17 +42,22 @@ if __name__ == "__main__":
|
||||||
sign_part = None
|
sign_part = None
|
||||||
for msg_part in register_msg.walk():
|
for msg_part in register_msg.walk():
|
||||||
if msg_part.get_content_type().lower() == "application/pkcs7-signature":
|
if msg_part.get_content_type().lower() == "application/pkcs7-signature":
|
||||||
|
sign_type = 'smime';
|
||||||
|
sign_part = msg_part
|
||||||
|
break
|
||||||
|
elif msg_part.get_content_type().lower() == "application/pgp-keys":
|
||||||
|
sign_type = 'pgp';
|
||||||
sign_part = msg_part
|
sign_part = msg_part
|
||||||
break
|
break
|
||||||
|
|
||||||
if sign_part == None:
|
if sign_part == None:
|
||||||
log("Unable to find PKCS7 signature in registration email")
|
log("Unable to find PKCS7 signature or public PGP key in registration email")
|
||||||
|
|
||||||
failure_msg = file( cfg['smime']['mail_templates'] + "/registrationError.md").read()
|
failure_msg = file( cfg['smime']['mail_templates'] + "/registrationError.md").read()
|
||||||
msg = MIMEMultipart("alternative")
|
msg = MIMEMultipart("alternative")
|
||||||
msg["From"] = cfg['smime']['register_email']
|
msg["From"] = cfg['smime']['register_email']
|
||||||
msg["To"] = from_addr
|
msg["To"] = from_addr
|
||||||
msg["Subject"] = "S/MIME registration failed"
|
msg["Subject"] = "S/MIME / OpenPGP registration failed"
|
||||||
|
|
||||||
msg.attach(MIMEText(failure_msg, 'plain'))
|
msg.attach(MIMEText(failure_msg, 'plain'))
|
||||||
msg.attach(MIMEText(markdown.markdown(failure_msg), 'html'))
|
msg.attach(MIMEText(markdown.markdown(failure_msg), 'html'))
|
||||||
|
@ -63,22 +68,30 @@ if __name__ == "__main__":
|
||||||
raw_sig = sign_part.get_payload().replace("\n","")
|
raw_sig = sign_part.get_payload().replace("\n","")
|
||||||
# re-wrap signature so that it fits base64 standards
|
# re-wrap signature so that it fits base64 standards
|
||||||
cooked_sig = '\n'.join(raw_sig[pos:pos+76] for pos in xrange(0, len(raw_sig), 76))
|
cooked_sig = '\n'.join(raw_sig[pos:pos+76] for pos in xrange(0, len(raw_sig), 76))
|
||||||
# now, wrap the signature in a PKCS7 block
|
|
||||||
sig = """
|
if sign_type == 'smime':
|
||||||
|
# now, wrap the signature in a PKCS7 block
|
||||||
|
sig = """
|
||||||
-----BEGIN PKCS7-----
|
-----BEGIN PKCS7-----
|
||||||
%s
|
%s
|
||||||
-----END PKCS7-----
|
-----END PKCS7-----
|
||||||
""" % cooked_sig
|
""" % cooked_sig
|
||||||
|
|
||||||
# and load it into an SMIME p7 object through the BIO I/O buffer:
|
# and load it into an SMIME p7 object through the BIO I/O buffer:
|
||||||
buf = BIO.MemoryBuffer(sig)
|
buf = BIO.MemoryBuffer(sig)
|
||||||
p7 = SMIME.load_pkcs7_bio(buf)
|
p7 = SMIME.load_pkcs7_bio(buf)
|
||||||
|
|
||||||
sk = X509.X509_Stack()
|
sk = X509.X509_Stack()
|
||||||
signers = p7.get0_signers(sk)
|
signers = p7.get0_signers(sk)
|
||||||
signing_cert = signers[0]
|
signing_cert = signers[0]
|
||||||
|
|
||||||
signing_cert.save(os.path.join(CERT_PATH, from_addr))
|
signing_cert.save(os.path.join(CERT_PATH, from_addr))
|
||||||
|
|
||||||
|
elif sign_type == 'pgp':
|
||||||
|
# send POST to localost on port 11371 which points to our HTTP registration page
|
||||||
|
sig = cooked_sig
|
||||||
|
payload = {'email': from_addr, 'key': sig}
|
||||||
|
r = requests.post("http://127.0.0.1:11371", data=payload)
|
||||||
|
|
||||||
# format in user-specific data
|
# format in user-specific data
|
||||||
success_msg = file(cfg['smime']['mail_templates']+"/registrationSuccess.md").read()
|
success_msg = file(cfg['smime']['mail_templates']+"/registrationSuccess.md").read()
|
||||||
|
@ -87,7 +100,7 @@ if __name__ == "__main__":
|
||||||
msg = MIMEMultipart("alternative")
|
msg = MIMEMultipart("alternative")
|
||||||
msg["From"] = cfg['smime']['register_email']
|
msg["From"] = cfg['smime']['register_email']
|
||||||
msg["To"] = from_addr
|
msg["To"] = from_addr
|
||||||
msg["Subject"] = "S/MIME key registration succeeded"
|
msg["Subject"] = "S/MIME / OpenPGP key registration succeeded"
|
||||||
|
|
||||||
msg.attach(MIMEText(success_msg, 'plain'))
|
msg.attach(MIMEText(success_msg, 'plain'))
|
||||||
msg.attach(MIMEText(markdown.markdown(success_msg), 'html'))
|
msg.attach(MIMEText(markdown.markdown(success_msg), 'html'))
|
||||||
|
|
Loading…
Reference in New Issue