src/mailman_pgp/workflows/base.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136

# Copyright (C) 2017 Jan Jancar
#
# This file is a part of the Mailman PGP plugin.
#
# This program is free software; you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
# more details.
#
# You should have received a copy of the GNU General Public License along with
# this program.  If not, see <http://www.gnu.org/licenses/>.

""""""
from mailman.email.message import UserNotification
from mailman.interfaces.subscriptions import TokenOwner
from mailman.workflows.common import WhichSubscriber
from pgpy import PGPKey

from mailman_pgp.model.address import PGPAddress
from mailman_pgp.model.list import PGPMailingList
from mailman_pgp.pgp.utils import copy_headers
from mailman_pgp.pgp.wrapper import PGPWrapper

KEY_REQUEST = """\
----------
TODO: this is a pgp enabled list.
We need your pubkey.
Reply to this message with it as a PGP/MIME(preferred) or inline.
----------"""

CONFIRM_REQUEST = """\
----------
TODO: this is a pgp enabled list.
Reply to this message with this whole text
signed with your supplied key, either inline or PGP/MIME.

Fingerprint: {}
Token: {}
----------
"""


class PubkeyMixin:
    def __init__(self, pubkey=None, pre_confirmed=False):
        self.pubkey = pubkey
        self.pubkey_confirmed = pre_confirmed

    @property
    def pubkey_key(self):
        if self.pubkey is None:
            return None
        return str(self.pubkey)

    @pubkey_key.setter
    def pubkey_key(self, value):
        if value is not None:
            self.pubkey, _ = PGPKey.from_blob(value)
        else:
            self.pubkey = None

    def _step_pubkey_checks(self):
        self.push('restore_subscriber')

        pgp_address = PGPAddress.for_address(self.address)

        if pgp_address is not None:
            if not pgp_address.key:
                self.push('send_key_request')
            else:
                if not pgp_address.key_confirmed:
                    self.push('send_key_confirm_request')
        else:
            if not self.pubkey:
                self.push('send_key_request')
            else:
                if not self.pubkey_confirmed:
                    self.push('send_key_confirm_request')

    def _step_send_key_request(self):
        self._set_token(TokenOwner.subscriber)
        self.push('receive_key')
        self.save()
        request_address = self.mlist.request_address
        email_address = self.address.email
        msg = UserNotification(email_address, request_address,
                               'key set {}'.format(self.token),
                               KEY_REQUEST)
        msg.send(self.mlist, add_precedence=False)
        # Now we wait for the confirmation.
        raise StopIteration

    def _step_receive_key(self):
        pgp_address = PGPAddress.for_address(self.address)
        if pgp_address is None or pgp_address.key is None:
            # The workflow was confirmed but we still dont have an address
            # or the pubkey. So resend request and wait.
            self.push('send_key_request')
        else:
            self.pubkey = pgp_address.key
            if not self.pubkey_confirmed:
                self.push('send_key_confirm_request')

    def _step_send_key_confirm_request(self):
        self._set_token(TokenOwner.subscriber)
        self.push('receive_key_confirmation')
        self.save()
        request_address = self.mlist.request_address
        email_address = self.address.email
        msg = UserNotification(email_address, request_address,
                               'key confirm {}'.format(self.token),
                               CONFIRM_REQUEST.format(self.pubkey.fingerprint,
                                                      self.token))
        pgp_list = PGPMailingList.for_list(self.mlist)
        wrapped = PGPWrapper(msg)
        encrypted = wrapped.sign_encrypt(pgp_list.key, self.pubkey,
                                         pgp_list.pubkey)

        msg.set_payload(encrypted.get_payload())
        copy_headers(encrypted, msg, True)
        msg.send(self.mlist)
        raise StopIteration

    def _step_receive_key_confirmation(self):
        self._set_token(TokenOwner.no_one)

    def _step_restore_subscriber(self):
        if self.which is WhichSubscriber.address:
            self.subscriber = self.address
        else:
            assert self.which is WhichSubscriber.user
            self.subscriber = self.user