Mercurial Repository: p/roundup/code: roundup/mailgw.py comparison

comparison roundup/mailgw.py @ 4540:bf67fed13ef9

Fix PGP implementation The pyme API has changed significantly since this worked (API is now better). Add regression-test for PGP support (this isn't run if pyme isn't installed). We're testing only reception of a signed message for now.

author	Ralf Schlatterbeck <schlatterbeck@users.sourceforge.net>
date	Thu, 06 Oct 2011 21:02:09 +0000
parents	c246f176e7bb
children	62239a524beb

comparison

equal deleted inserted replaced

-:c246f176e7bb
+:bf67fed13ef9
 from roundup.mailer import Mailer, MessageSendError
 from roundup.i18n import _
 from roundup.hyperdb import iter_roles
 try:
-import pyme, pyme.core, pyme.gpgme
+import pyme, pyme.core, pyme.constants, pyme.constants.sigsum
 except ImportError:
 pyme = None
 SENDMAILDEBUG = os.environ.get('SENDMAILDEBUG', '')
 def gpgh_key_getall(key, attr):
 ''' return list of given attribute for all uids in
 a key
 '''
-u = key.uids
+for u in key.uids:
-while u:
 yield getattr(u, attr)
-u = u.next
+def check_pgp_sigs(sigs, gpgctx, author):
-def gpgh_sigs(sig):
-''' more pythonic iteration over GPG signatures '''
-while sig:
-yield sig
-sig = sig.next
-def check_pgp_sigs(sig, gpgctx, author):
 ''' Theoretically a PGP message can have several signatures. GPGME
-returns status on all signatures in a linked list. Walk that
+returns status on all signatures in a list. Walk that list
-linked list looking for the author's signature
+looking for the author's signature
 '''
-for sig in gpgh_sigs(sig):
+for sig in sigs:
 key = gpgctx.get_key(sig.fpr, False)
 # we really only care about the signature of the user who
 # submitted the email
 if key and (author in gpgh_key_getall(key, 'email')):
-if sig.summary & pyme.gpgme.GPGME_SIGSUM_VALID:
+if sig.summary & pyme.constants.sigsum.VALID:
 return True
 else:
 # try to narrow down the actual problem to give a more useful
 # message in our bounce
-if sig.summary & pyme.gpgme.GPGME_SIGSUM_KEY_MISSING:
+if sig.summary & pyme.constants.sigsum.KEY_MISSING:
 raise MailUsageError, \
 _("Message signed with unknown key: %s") % sig.fpr
-elif sig.summary & pyme.gpgme.GPGME_SIGSUM_KEY_EXPIRED:
+elif sig.summary & pyme.constants.sigsum.KEY_EXPIRED:
 raise MailUsageError, \
 _("Message signed with an expired key: %s") % sig.fpr
-elif sig.summary & pyme.gpgme.GPGME_SIGSUM_KEY_REVOKED:
+elif sig.summary & pyme.constants.sigsum.KEY_REVOKED:
 raise MailUsageError, \
 _("Message signed with a revoked key: %s") % sig.fpr
 else:
 raise MailUsageError, \
 _("Invalid PGP signature detected.")
 if sig.gettype() != 'application/pgp-signature':
 raise MailUsageError, \
 _("No PGP signature found in message.")
-context = pyme.core.Context()
 # msg.getbody() is skipping over some headers that are
 # required to be present for verification to succeed so
 # we'll do this by hand
 msg.fp.seek(0)
 # according to rfc 3156 the data "MUST first be converted
 # TODO: what about character set conversion?
 canonical_msg = re.sub('(?<!\r)\n', '\r\n', msg.fp.read())
 msg_data = pyme.core.Data(canonical_msg)
 sig_data = pyme.core.Data(sig.getbody())
+context = pyme.core.Context()
 context.op_verify(sig_data, msg_data, None)
 # check all signatures for validity
 result = context.op_verify_result()
 check_pgp_sigs(result.signatures, context, author)
 """ if PGP_ROLES is specified the user must have a Role in the list
 or we will skip PGP processing
 """
 if self.config.PGP_ROLES:
 return self.db.user.has_role(self.author,
-iter_roles(self.config.PGP_ROLES))
+*iter_roles(self.config.PGP_ROLES))
 else:
 return True
 if self.config.PGP_ENABLE and pgp_role():
 assert pyme, 'pyme is not installed'

Mercurial > p > roundup > code

comparison roundup/mailgw.py @ 4540:bf67fed13ef9