From 62297fe9169f8f130fddcedfd0086535aa4d437f Mon Sep 17 00:00:00 2001 From: "W. Trevor King" Date: Thu, 20 Sep 2012 10:29:42 -0400 Subject: [PATCH] mailpipe: convert to pgp-mime's new Signature verification. This brings us up to date with the following pgp-mime commit: commit 7d4ff835519e6a8fa4273c364b571c2874bd31d5 Author: W. Trevor King Date: Thu Sep 20 10:12:38 2012 -0400 signature: add Signature class for more Pythonic verification. Now verify_bytes() returns a list of `Signature`s instead of XML. This should be much easier for callers to handle, and it provides a layer of insulation between the gpgme-tool output and Python code. --- pygrader/mailpipe.py | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/pygrader/mailpipe.py b/pygrader/mailpipe.py index 6ebe25e..845c2d0 100644 --- a/pygrader/mailpipe.py +++ b/pygrader/mailpipe.py @@ -26,7 +26,6 @@ import re as _re import sys as _sys import pgp_mime as _pgp_mime -from lxml import etree as _etree from . import LOG as _LOG from .email import construct_email as _construct_email @@ -77,15 +76,16 @@ class AmbiguousAddress (_InvalidMessage): class WrongSignatureMessage (_InsecureMessage): - def __init__(self, pgp_key=None, fingerprints=None, decrypted=None, + def __init__(self, pgp_key=None, signatures=None, decrypted=None, **kwargs): if 'error' not in kwargs: kwargs['error'] = 'not signed by the expected key' super(WrongSignatureMessage, self).__init__(**kwargs) self.pgp_key = pgp_key - self.fingerprints = fingerprints + self.signatures = signatures self.decrypted = decrypted + class UnverifiedSignatureMessage (_InsecureMessage): def __init__(self, signature=None, decrypted=None, **kwargs): if 'error' not in kwargs: @@ -933,26 +933,20 @@ def _get_verified_message(message, pgp_key): """ mid = message['message-id'] try: - decrypted,verified,result = _pgp_mime.verify(message=message) + decrypted,verified,signatures = _pgp_mime.verify(message=message) except (ValueError, AssertionError) as error: raise _UnsignedMessage(message=message) from error - _LOG.debug(str(result, 'utf-8')) - tree = _etree.fromstring(result.replace(b'\x00', b'')) + for signature in signatures: + _LOG.debug(signature.dumps()) match = None - fingerprints = [] - for signature in tree.findall('.//signature'): - for fingerprint in signature.iterchildren('fpr'): - fingerprints.append(fingerprint) - matches = [f for f in fingerprints if f.text.endswith(pgp_key)] + matches = [s for s in signatures if s.fingerprint.endswith(pgp_key)] if len(matches) == 0: raise WrongSignatureMessage( - message=message, pgp_key=pgp_key, fingerprints=fingerprints, + message=message, pgp_key=pgp_key, signatures=signatures, decrypted=decrypted) - match = matches[0] + signature = matches[0] if not verified: - sumhex = list(signature.iterchildren('summary'))[0].get('value') - summary = int(sumhex, 16) - if summary != 0: + if signature.get_summary() != 0: raise UnverifiedSignatureMessage( message=message, signature=signature, decrypted=decrypted) # otherwise, we may have an untrusted key. We'll count that -- 2.26.2