added PGP email registration
people can send their public key as .asc extension to register@domain.tld to register
This commit is contained in:
kflux
parent
9b8028a030
commit
b63cdc9235
|
|
@ -1,7 +1,7 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
from ConfigParser import RawConfigParser
|
||||
import email, os, smtplib, sys, traceback, markdown, syslog
|
||||
import email, os, smtplib, sys, traceback, markdown, syslog, requests
|
||||
from M2Crypto import BIO, Rand, SMIME, X509
|
||||
|
||||
from email.mime.text import MIMEText
|
||||
|
|
@ -42,17 +42,22 @@ if __name__ == "__main__":
|
|||
sign_part = None
|
||||
for msg_part in register_msg.walk():
|
||||
if msg_part.get_content_type().lower() == "application/pkcs7-signature":
|
||||
sign_type = 'smime';
|
||||
sign_part = msg_part
|
||||
break
|
||||
elif msg_part.get_content_type().lower() == "application/pgp-keys":
|
||||
sign_type = 'pgp';
|
||||
sign_part = msg_part
|
||||
break
|
||||
|
||||
if sign_part == None:
|
||||
log("Unable to find PKCS7 signature in registration email")
|
||||
log("Unable to find PKCS7 signature or public PGP key in registration email")
|
||||
|
||||
failure_msg = file( cfg['smime']['mail_templates'] + "/registrationError.md").read()
|
||||
msg = MIMEMultipart("alternative")
|
||||
msg["From"] = cfg['smime']['register_email']
|
||||
msg["To"] = from_addr
|
||||
msg["Subject"] = "S/MIME registration failed"
|
||||
msg["Subject"] = "S/MIME / OpenPGP registration failed"
|
||||
|
||||
msg.attach(MIMEText(failure_msg, 'plain'))
|
||||
msg.attach(MIMEText(markdown.markdown(failure_msg), 'html'))
|
||||
|
|
@ -63,22 +68,30 @@ if __name__ == "__main__":
|
|||
raw_sig = sign_part.get_payload().replace("\n","")
|
||||
# re-wrap signature so that it fits base64 standards
|
||||
cooked_sig = '\n'.join(raw_sig[pos:pos+76] for pos in xrange(0, len(raw_sig), 76))
|
||||
# now, wrap the signature in a PKCS7 block
|
||||
sig = """
|
||||
|
||||
if sign_type == 'smime':
|
||||
# now, wrap the signature in a PKCS7 block
|
||||
sig = """
|
||||
-----BEGIN PKCS7-----
|
||||
%s
|
||||
-----END PKCS7-----
|
||||
""" % cooked_sig
|
||||
|
||||
# and load it into an SMIME p7 object through the BIO I/O buffer:
|
||||
buf = BIO.MemoryBuffer(sig)
|
||||
p7 = SMIME.load_pkcs7_bio(buf)
|
||||
# and load it into an SMIME p7 object through the BIO I/O buffer:
|
||||
buf = BIO.MemoryBuffer(sig)
|
||||
p7 = SMIME.load_pkcs7_bio(buf)
|
||||
|
||||
sk = X509.X509_Stack()
|
||||
signers = p7.get0_signers(sk)
|
||||
signing_cert = signers[0]
|
||||
sk = X509.X509_Stack()
|
||||
signers = p7.get0_signers(sk)
|
||||
signing_cert = signers[0]
|
||||
|
||||
signing_cert.save(os.path.join(CERT_PATH, from_addr))
|
||||
signing_cert.save(os.path.join(CERT_PATH, from_addr))
|
||||
|
||||
elif sign_type == 'pgp':
|
||||
# send POST to localost on port 11371 which points to our HTTP registration page
|
||||
sig = cooked_sig
|
||||
payload = {'email': from_addr, 'key': sig}
|
||||
r = requests.post("http://127.0.0.1:11371", data=payload)
|
||||
|
||||
# format in user-specific data
|
||||
success_msg = file(cfg['smime']['mail_templates']+"/registrationSuccess.md").read()
|
||||
|
|
@ -87,7 +100,7 @@ if __name__ == "__main__":
|
|||
msg = MIMEMultipart("alternative")
|
||||
msg["From"] = cfg['smime']['register_email']
|
||||
msg["To"] = from_addr
|
||||
msg["Subject"] = "S/MIME key registration succeeded"
|
||||
msg["Subject"] = "S/MIME / OpenPGP key registration succeeded"
|
||||
|
||||
msg.attach(MIMEText(success_msg, 'plain'))
|
||||
msg.attach(MIMEText(markdown.markdown(success_msg), 'html'))
|
||||
|
|
|
|||
Loading…
Reference in New Issue