From b44b55f4cc508c1576870f3ff4b03bf0dab5513e Mon Sep 17 00:00:00 2001 From: J08nY Date: Mon, 17 Jul 2017 22:02:08 +0200 Subject: Add sig hashes to the db on posting. --- src/mailman_pgp/rules/encryption.py | 2 +- src/mailman_pgp/rules/signature.py | 40 +++++++++++++++++++++++++++---------- 2 files changed, 30 insertions(+), 12 deletions(-) (limited to 'src/mailman_pgp/rules') diff --git a/src/mailman_pgp/rules/encryption.py b/src/mailman_pgp/rules/encryption.py index 8e4840d..1a14b97 100644 --- a/src/mailman_pgp/rules/encryption.py +++ b/src/mailman_pgp/rules/encryption.py @@ -28,7 +28,7 @@ from zope.interface import implementer class Encryption: """The encryption moderation rule.""" - name = 'encryption' + name = 'pgp-encryption' description = _( "A rule which jumps to the moderation chain, " "when the incoming runner instructs it to.") diff --git a/src/mailman_pgp/rules/signature.py b/src/mailman_pgp/rules/signature.py index 395dd7d..dd90a9b 100644 --- a/src/mailman_pgp/rules/signature.py +++ b/src/mailman_pgp/rules/signature.py @@ -16,21 +16,24 @@ # this program. If not, see . """Signature checking rule for the pgp-posting-chain.""" -from email.utils import parseaddr from operator import attrgetter from mailman.core.i18n import _ from mailman.interfaces.action import Action +from mailman.interfaces.chain import AcceptEvent from mailman.interfaces.rules import IRule from mailman.interfaces.usermanager import IUserManager from public import public from zope.component import getUtility +from zope.event import classhandler from zope.interface import implementer +from mailman_pgp.database import transaction from mailman_pgp.model.address import PGPAddress from mailman_pgp.model.list import PGPMailingList from mailman_pgp.model.sighash import PGPSigHash from mailman_pgp.pgp.wrapper import PGPWrapper +from mailman_pgp.utils.email import get_email from mailman_pgp.utils.moderation import record_action from mailman_pgp.utils.pgp import hashes, verifies @@ -40,9 +43,9 @@ from mailman_pgp.utils.pgp import hashes, verifies class Signature: """The signature checking rule.""" - name = 'signature' + name = 'pgp-signature' description = _( - "A rule which enforces PGP enabled list signature configuration.") + 'A rule which enforces PGP enabled list signature configuration.') record = True def check(self, mlist, msg, msgdata): @@ -52,12 +55,7 @@ class Signature: if pgp_list is None: return False - # Find sender - display_name, email = parseaddr(msg['from']) - # Address could be None or the empty string. - if not email: - email = msg.sender - + email = get_email(msg) # Wrap the message to work with it. wrapped = PGPWrapper(msg) @@ -117,10 +115,30 @@ class Signature: record_action(msg, msgdata, action, email, 'Signature duplicate.') return True - - # TODO: add the sig hashes to the db. + msgdata['pgp_sig_hashes'] = sig_hashes # XXX: we need to track key revocation separately to use it here # TODO: check key revocation here return False + + +@classhandler.handler(AcceptEvent) +def on_message_posting(event): + """ + Add sig hashes to sighash table. + + :param event: + :type event: AcceptEvent + """ + pgp_list = PGPMailingList.for_list(event.mlist) + if pgp_list is None: + return + pgp_address = PGPAddress.for_email(get_email(event.msg)) + if pgp_address is None or pgp_address.key_fingerprint is None: + return + for sig_hash in event.msgdata['pgp_sig_hashes']: + with transaction() as t: + pgp_hash = PGPSigHash(hash=sig_hash, + fingerprint=pgp_address.key_fingerprint) + t.add(pgp_hash) -- cgit v1.2.3-70-g09d2