diff options
| author | J08nY | 2017-08-21 17:20:29 +0200 |
|---|---|---|
| committer | J08nY | 2017-08-21 17:20:29 +0200 |
| commit | c74e96f813542d94592bf80c24afdec5d6988b2a (patch) | |
| tree | e4d8374afd9fcd985a12de636771a9e4203ab96d /src/mailman_pgp/rules | |
| parent | 54ad58f448f23cd26bbfad6abcfe5e4ca9b686ee (diff) | |
| download | mailman-pgp-c74e96f813542d94592bf80c24afdec5d6988b2a.tar.gz mailman-pgp-c74e96f813542d94592bf80c24afdec5d6988b2a.tar.zst mailman-pgp-c74e96f813542d94592bf80c24afdec5d6988b2a.zip | |
Diffstat (limited to 'src/mailman_pgp/rules')
| -rw-r--r-- | src/mailman_pgp/rules/signature.py | 11 | ||||
| -rw-r--r-- | src/mailman_pgp/rules/tests/test_signature.py | 21 |
2 files changed, 31 insertions, 1 deletions
diff --git a/src/mailman_pgp/rules/signature.py b/src/mailman_pgp/rules/signature.py index 998e9c3..b7d4b5c 100644 --- a/src/mailman_pgp/rules/signature.py +++ b/src/mailman_pgp/rules/signature.py @@ -35,7 +35,7 @@ from mailman_pgp.model.sighash import PGPSigHash from mailman_pgp.pgp.wrapper import PGPWrapper from mailman_pgp.utils.email import get_email from mailman_pgp.utils.moderation import record_action -from mailman_pgp.utils.pgp import hashes, verifies +from mailman_pgp.utils.pgp import hashes, verifies, expired @public @@ -96,6 +96,15 @@ class Signature: return True verifications = list(wrapped.verify(key)) + # verifications is a list of SignatureVerification, only contains + # sigs that appear to be by the pgp_address.key + + if expired(verifications): + action = pgp_list.expired_sig_action + if action != Action.defer: + record_action(msg, msgdata, action, email, + 'Signature is expired.') + return True # Take the `invalid_sig_action` if the verification failed. if not verifies(verifications): diff --git a/src/mailman_pgp/rules/tests/test_signature.py b/src/mailman_pgp/rules/tests/test_signature.py index ff9b9c4..72f2c70 100644 --- a/src/mailman_pgp/rules/tests/test_signature.py +++ b/src/mailman_pgp/rules/tests/test_signature.py @@ -16,6 +16,8 @@ # this program. If not, see <http://www.gnu.org/licenses/>. """""" +import time +from datetime import timedelta from unittest import TestCase from mailman.app.lifecycle import create_list @@ -35,6 +37,7 @@ from mailman_pgp.database import mm_transaction, transaction from mailman_pgp.model.address import PGPAddress from mailman_pgp.model.list import PGPMailingList from mailman_pgp.model.sighash import PGPSigHash +from mailman_pgp.pgp.mime import MIMEWrapper from mailman_pgp.pgp.wrapper import PGPWrapper from mailman_pgp.rules.signature import Signature from mailman_pgp.testing.layers import PGPConfigLayer @@ -160,6 +163,24 @@ To: test@example.com matches = self.rule.check(self.mlist, self.msg_mime_signed, msgdata) self.assertFalse(matches) + def test_expired_sig_action(self): + with transaction(): + self.pgp_list.unsigned_msg_action = Action.defer + self.pgp_list.inline_pgp_action = Action.defer + self.pgp_list.expired_sig_action = Action.hold + self.pgp_list.invalid_sig_action = Action.defer + self.pgp_list.revoked_sig_action = Action.defer + self.pgp_list.duplicate_sig_action = Action.defer + + msgdata = {} + wrapped = MIMEWrapper(self.msg_clear) + msg = wrapped.sign(self.sender_key, expires=timedelta(seconds=1)) + time.sleep(2) + matches = self.rule.check(self.mlist, msg, msgdata) + + self.assertTrue(matches) + self.assertAction(msgdata, Action.hold, ['Signature is expired.']) + def test_invalid_sig_action(self): with transaction(): self.pgp_list.unsigned_msg_action = Action.defer |