![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c28424f)
raw | patch | inline | side by side (parent: c28424f)
| author | schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
| Thu, 6 Oct 2011 21:02:09 +0000 (21:02 +0000) | ||
| committer | schlatterbeck <schlatterbeck@57a73879-2fb5-44c3-a270-3262357dd7e2> | |
| Thu, 6 Oct 2011 21:02:09 +0000 (21:02 +0000) |
this worked (API is now better). Add regression-test for PGP support
(this isn't run if pyme isn't installed). We're testing only reception
of a signed message for now.
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4653 57a73879-2fb5-44c3-a270-3262357dd7e2
(this isn't run if pyme isn't installed). We're testing only reception
of a signed message for now.
git-svn-id: http://svn.roundup-tracker.org/svnroot/roundup/roundup/trunk@4653 57a73879-2fb5-44c3-a270-3262357dd7e2
| roundup/mailgw.py | patch | blob | history | |
| test/test_mailgw.py | patch | blob | history |
diff --git a/roundup/mailgw.py b/roundup/mailgw.py
index d2890e0c196bbb4ac24051becc0cc0b311d7bcda..d269554f8783216a05f51de73ed062c15fa28ca3 100644 (file)
--- a/roundup/mailgw.py
+++ b/roundup/mailgw.py
from roundup.hyperdb import iter_roles
try:
- import pyme, pyme.core, pyme.gpgme
+ import pyme, pyme.core, pyme.constants, pyme.constants.sigsum
except ImportError:
pyme = None
''' return list of given attribute for all uids in
a key
'''
- u = key.uids
- while u:
+ for u in key.uids:
yield getattr(u, attr)
- u = u.next
-def gpgh_sigs(sig):
- ''' more pythonic iteration over GPG signatures '''
- while sig:
- yield sig
- sig = sig.next
-
-def check_pgp_sigs(sig, gpgctx, author):
+def check_pgp_sigs(sigs, gpgctx, author):
''' Theoretically a PGP message can have several signatures. GPGME
- returns status on all signatures in a linked list. Walk that
- linked list looking for the author's signature
+ returns status on all signatures in a list. Walk that list
+ looking for the author's signature
'''
- for sig in gpgh_sigs(sig):
+ for sig in sigs:
key = gpgctx.get_key(sig.fpr, False)
# we really only care about the signature of the user who
# submitted the email
if key and (author in gpgh_key_getall(key, 'email')):
- if sig.summary & pyme.gpgme.GPGME_SIGSUM_VALID:
+ if sig.summary & pyme.constants.sigsum.VALID:
return True
else:
# try to narrow down the actual problem to give a more useful
# message in our bounce
- if sig.summary & pyme.gpgme.GPGME_SIGSUM_KEY_MISSING:
+ if sig.summary & pyme.constants.sigsum.KEY_MISSING:
raise MailUsageError, \
_("Message signed with unknown key: %s") % sig.fpr
- elif sig.summary & pyme.gpgme.GPGME_SIGSUM_KEY_EXPIRED:
+ elif sig.summary & pyme.constants.sigsum.KEY_EXPIRED:
raise MailUsageError, \
_("Message signed with an expired key: %s") % sig.fpr
- elif sig.summary & pyme.gpgme.GPGME_SIGSUM_KEY_REVOKED:
+ elif sig.summary & pyme.constants.sigsum.KEY_REVOKED:
raise MailUsageError, \
_("Message signed with a revoked key: %s") % sig.fpr
else:
raise MailUsageError, \
_("No PGP signature found in message.")
- context = pyme.core.Context()
# msg.getbody() is skipping over some headers that are
# required to be present for verification to succeed so
# we'll do this by hand
msg_data = pyme.core.Data(canonical_msg)
sig_data = pyme.core.Data(sig.getbody())
+ context = pyme.core.Context()
context.op_verify(sig_data, msg_data, None)
# check all signatures for validity
"""
if self.config.PGP_ROLES:
return self.db.user.has_role(self.author,
- iter_roles(self.config.PGP_ROLES))
+ *iter_roles(self.config.PGP_ROLES))
else:
return True
diff --git a/test/test_mailgw.py b/test/test_mailgw.py
index 6b64a30caae047aa1bfa85d54617ea632f614726..ea1a53a67c9906abaafba1c2bbf40dcfc4b4fafe 100644 (file)
--- a/test/test_mailgw.py
+++ b/test/test_mailgw.py
import unittest, tempfile, os, shutil, errno, imp, sys, difflib, rfc822, time
+
+try:
+ import pyme, pyme.core
+except ImportError:
+ pyme = None
+
+
from cStringIO import StringIO
if not os.environ.has_key('SENDMAILDEBUG'):
return res
-class MailgwTestCase(unittest.TestCase, DiffHelper):
+class MailgwTestAbstractBase(unittest.TestCase, DiffHelper):
count = 0
schema = 'classic'
def setUp(self):
self.old_translate_ = mailgw._
roundupdb._ = mailgw._ = i18n.get_translation(language='C').gettext
- MailgwTestCase.count = MailgwTestCase.count + 1
+ self.__class__.count = self.__class__.count + 1
# and open the database / "instance"
self.db = memorydb.create('admin')
finally:
f.close()
+ # Normal test-case used for both non-pgp test and a test while pgp
+ # is enabled, so this test is run in both test suites.
def testEmptyMessage(self):
nodeid = self._handle_mail('''Content-Type: text/plain;
charset="iso-8859-1"
assert not os.path.exists(SENDMAILDEBUG)
self.assertEqual(self.db.issue.get(nodeid, 'title'), 'Testing...')
+
+class MailgwTestCase(MailgwTestAbstractBase):
+
def testMessageWithFromInIt(self):
nodeid = self._handle_mail('''Content-Type: text/plain;
charset="iso-8859-1"
""")
assert not body_diff, body_diff
else:
- raise AssertionError, "Unathorized not raised when handling mail"
+ raise AssertionError, "Unauthorized not raised when handling mail"
# Make sure list of users is the same as before.
m = self.db.user.list()
fileid = self.db.msg.get(msgid, 'files')[0]
self.assertEqual(self.db.file.get(fileid, 'type'), 'message/rfc822')
+pgp_test_key = """
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+lQOYBE6NqtsBCADG3UUMYxjwUOpDDVvr0Y8qkvKsgdF79en1zfHtRYlmZc+EJxg8
+53CCFGReQWJwOjyP3/SLJwJqfiPR7MAYAqJsm/4U2lxF7sIlEnlrRpFuvB625KOQ
+oedCkI4nLa+4QAXHxVX2qLx7es3r2JAoitZLX7ZtUB7qGSRh98DmdAgCY3CFN7iZ
+w6xpvIU+LNbsHSo1sf8VP6z7NHQFacgrVvLyRJ4C5lTPU42iM5E6HKxYFExNV3Rn
++2G0bsuiifHV6nJQD73onjwcC6tU97W779dllHlhG3SSP0KlnwmCCvPMlQvROk0A
+rLyzKWcUpZwK1aLRYByjFMH9WYXRkhf08bkDABEBAAEAB/9dcmSb6YUyiBNM5t4m
+9hZcXykBvw79PRVvmBLy+BYUtArLgsN0+xx3Q7XWRMtJCVSkFw0GxpHwEM4sOyAZ
+KEPC3ZqLmgB6LDO2z/OWYVa9vlCAiPgDYtEVCnCCIInN/ue4dBZtDeVj8NUK2n0D
+UBpa2OMUgu3D+4SJNK7EnAmXdOaP6yfe6SXwcQfti8UoSFMJRkQkbY1rm/6iPfON
+t2RBAc7jW4eRzdciWCfvJfMSj9cqxTBQWz5vVadeY9Bm/IKw1HiKNBrJratq2v+D
+VGr0EkE9oOa5zbgZt2CFvknE4YhGmv81xFdK5GXr8L7nluZrePMblWbkI2ICTbV0
+RKLhBADYLvyDFX3cCoFzWmCl5L32G6LLfTt0yU0eUHcAzXd7QjOZN289HWYEmdVi
+kpxQPDxhWz+m8qt0HJGFl2+BKpZJBaT/L5AcqTBODxarxCSBTIVhCjD/46XvLY0h
+b2ZnG8HSLyFdRj07vk+qTvcF58qUuYFSLIF2t2imTCR/PwR/LwQA632vn2/7KIHj
+DR0O+G9eccTtAfX4TN4Q4Ua3WByClLZu/LSAenCLZ1CHVABEH6dwwjEARLeNUdLi
+Xy5KKlpr2vkoh96fnw0r2yg7dlBXq4yQKjJBXwNaKpuvqgzd8en0zJGLXxzt0NT3
+H+QNIP2WZMJSDQcDh3HhQrH0IeNdDm0D/iyJgSMXvqjm+KhYIa3xiloQsCRlDNm+
+XC7Eo5hsjvBaIKba6o9oL9oEiSVUFryPWKWIpi0P7/F5voJL6KFSZTor3x3o9CcC
+qHyqMHfNL23EAVJulySfPYLC7S3QB+tCBLXmKxb/YXCSLVi/UDzVgvWN6KIknZg2
+6uDLUzPbzDGjOZ20K1JvdW5kdXAgVGVzdGtleSA8cm91bmR1cC1hZG1pbkBleGFt
+cGxlLmNvbT6JATgEEwECACIFAk6NqtsCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
+AheAAAoJEFrc/VYxw4dBG7oIAMCU9sRjK0dS7z/IGJ8KcCOQNN674AooJLn+J9Ew
+BT6/WxMY13nm/iK0uX2sOGnnXdg1PJ15IvD8zB5wXLbe25t6oRl5G58vmeKEyjc8
+QTB43/c8EsqY1ob7EVcuhrJCSS/JM8ApzQyXrh2QNmS+mBCJcx74MeipE6mNVT9j
+VscizixdFjqvJLkbW1kGac3Wj+c3ICNUIp0lbwb+Ve2rXlU+iXHEDqaVJDMEppme
+gDiZl+bKYrqljhZkH9Slv55uqqXUSg1SmTm/2orHUdAmDc6Y6azKNqQEqD2B0JyT
+jTJQJVMl5Oln63aZDCTxHkoqn8q06OjLJRD4on7jlanZEladA5gETo2q2wEIALEF
+poVkZrnqme2M8FObrQyVB+ZYT2mox56WLyInbxVFDg20qqIvQfVE0P69Yuf1OXkj
+q7bNI03Jvo+uzxpztOKPDo7tnbQ7bXbOmq3n4wUoN29NMrYNg6tF1ubEv1WwYUMw
+7LfF4BLMETXpT0JElV1+awfP9rrGiyWkH4enG612HT+1OoA0R0nNH0kslD6OhdoR
+VDqkyiCmdY9x176EhzhL3vCoN6ywRVTfFbAJiMv9UDzxs0SStmVOK/l5XLfWQO6f
+9boAHihpnxEfPIJhsD+FpVKVf3g85qWAjh2BfuzdW79vjLBdTHJQxg4HdhliWbXg
+PjjrVEgWEFVc+NDlNb0AEQEAAQAH/A1a6sbniI8q3DVoIP19zN7FI5UaQSuB2Jrl
++Q+vlUQv3dvk2cwQmqj2vyRo2gcRS3u7LYpGDGLNqfshv22JyzId2YWo9vE7sTTP
+E4EJRz8CsLlMmVsoxoVBE0cnvXOpMef6z0ZyFEdMGVmi4iA9bQi3r+V6qBehQQA0
+U034VTCPN4yvWyq6TWsABesOx48nkQ5TlduIq2ZGNCR8Vd1fe6vGM7YXyQWxy5ke
+guqmph73H2bOB6hSuUnyBFKtinrF9MbCGA0PqheUVqy0p7og6x/pEoAVkKBJ9Ki+
+ePuQtBl5h9e3SbiN+r7aa6T0Ygx/7igl4eWPfvJYIXYXc4aKiwEEANEa5rBoN7Ta
+ED+R47Rg9w/EW3VDQ6R3Szy1rvIKjC6JlDyKlGgTeWEFjDeTwCB4xU7YtxVpt6bk
+b7RBtDkRck2+DwnscutA7Uxn267UxzNUd1IxhUccRFRfRS7OEnmlVmaLUnOeHHwe
+OrZyRSiNVnh0QABEJnwNjX4m139v6YD9BADYuM5XCawI63pYa3/l7UX9H5EH95OZ
+G9Hw7pXQ/YJYerSxRx+2q0+koRcdoby1TVaRrdDC+kOm3PI7e66S5rnaZ1FZeYQP
+nVYzyGqNnsvncs24kYBL8DYaDDfdm7vfzSEqia0VNqZ4TMbwJLk5f5Ys4WOF791G
+LPJgrAPG1jgDwQQAovKbw0u6blIUKsUYOLsviaLCyFC9DwaHqIZwjy8omnh7MaKE
+7+MXxJpfcVqFifj3CmqMdSmTfkgbKQPAI46Q1OKWvkvUxEvi7WATo4taEXupRFL5
+jnL8c4h46z8UpMX2CMwWU0k1Et/zlBoYy7gNON7tF2/uuN18zWFBlD72HuM9HIkB
+HwQYAQIACQUCTo2q2wIbDAAKCRBa3P1WMcOHQYI+CACDXJf1e695LpcsrVxKgiQr
+9fTbNJYB+tjbnd9vas92Gz1wZcQV9RjLkYQeEbOpWQud/1UeLRsFECMj7kbgAEqz
+7fIO4SeN8hFEvvZ+lI0AoBi4XvuUcCm5kvAodvmF8M9kQiUzF1gm+R9QQeJFDLpW
+8Gg7J3V3qM+N0FuXrypYcsEv7n/RJ1n+lhTW5hFzKBlNL4WrAhY/QsXEbmdsa478
+tzuHlETtjMm4g4DgppUdlCMegcpjjC9zKsN5xFOQmNMTO/6rPFUqk3k3T6I0LV4O
+zm4xNC+wwAA69ibnbrY1NR019et7RYW+qBudGbpJB1ABzkf/NsaCj6aTaubt7PZP
+=3uFZ
+-----END PGP PRIVATE KEY BLOCK-----
+"""
+
+john_doe_key = """
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+lQHYBE6NwvABBACxg7QqV2qHywwM3wae6HAHJVEo7EeYA6Lv0pZlW3Aw4CCCnpgJ
+jA7CekGFcmGmoCaN9ezuVAPTgUlK4yt8a7P6cT0vw1q341Om9IEKAu59RpNZN/H9
+6GfZ95bU51W/hdTFysH1DRwbCR3MowvLeA6Pk4cZlPsYHD0SD3De2i1BewARAQAB
+AAP+IRi4L6jKwPS3k3LFrj0SHhL0Fdgv5QTQjTxLNCyfN02iYhglqqoFWncm3jWc
+RU/YwGEYwrrBV97kBmVihzkhfgFRsxynE9PMGKKEAuRcAl21RPJDFA6Dlnp6M2No
+rR6eoAhrlZ8+KsK9JaXSMalzO/Yh4u3mOinq3f3XL96wAEkCAMAxeZMF5pnXARNR
+Y7u2clhNNnLuf+BzpENCFMaWzWPyTcvbf4xNK7ZHPxFVZpX5/qAPJ8rnTaOTHxnN
+5PgqbO8CAOxyrTw/muakTJLg+FXdn8BgxZGJXMT7KmkU9SReefjo7c1WlnZxKIAy
+6vLIG8WMGpdfCFDve0YLr/GGyDtOjDUB/RN3gn6qnAJThBnVk2wESZVx41fihbIF
+ACCKc9heFskzwurtvvp+bunM3quwrSH1hWvxiWJlDmGSn8zQFypGChifgLQZSm9o
+biBEb2UgPGpvaG5AdGVzdC50ZXN0Poi4BBMBAgAiBQJOjcLwAhsDBgsJCAcDAgYV
+CAIJCgsEFgIDAQIeAQIXgAAKCRC/z7qg+FujnPWiA/9T5SOGraRNIVVIyvJvYwkG
+OTAfQ0K3QMlLoQMPmaEbx9Q+isF15M9sOMcl1XGO4UNWuCPIIN8z/y/OLgAB0ZuL
+GlnAPPOOZ+MlaUXiMYo8oi416QZrMDf2H/Nkc10csiXm+zMl8RqeIQBEeljNyJ+t
+MG1EWn/PHTwFTd/VePuQdJ0B2AROjcLwAQQApw+72jKy0/wqg5SAtnVSkA1F3Jna
+/OG+ufz5dX57jkMFRvFoksWIWqHmiCjdE5QV8j+XTnjElhLsmrgjl7aAFveb30R6
+ImmcpKMN31vAp4RZlnyYbYUCY4IXFuz3n1CaUL+mRx5yNJykrZNfpWNf2pwozkZq
+lcDI69ymIW5acXUAEQEAAQAD/R7Jdf98l1scngMYo228ikYUxBqm2eX/fiQNXDWM
+ZR2u+TJ9O53MvFejfXX7Pd6lTDQUBwDFncjgXO0YYSrMzabhqpqoKLqOIpZmBuWC
+Hh1lvcFoIYoDR2LkiJ9EPBUEVUBDsUO8ajkILEE3G+DDpCaf9Vo82lCVyhDESqyt
+v4lxAgDOLpoq1Whv5Ejr6FifTWytCiQjH2P1SmePlQmy6oEJRUYA1t4zYrzCJUX8
+VAvPjh9JXilP6mhDbyQArWllewV9AgDPbVOf75ktRwfhje26tZsukqWYJCc1XvoH
+3PTzA7vH1HZZq7dvxa87PiSnkOLEsIAsI+4jpeMxpPlQRxUvHf1ZAf9rK3v3HMJ/
+2xVzwK24Oaj+g2O7D/fdqtLFGe5S5JobnTyp9xArDAhaZ/AKfDMYjUIKMP+bdNAf
+y8fQUtuawFltm1GInwQYAQIACQUCTo3C8AIbDAAKCRC/z7qg+FujnDzYA/9EU6Pv
+Ci1+DCtxjnq7IOvOjqExhFNGvN9Dw17Tl8HcyW3if9v5RxeSWYKl0DhzVdzMQgH/
+78q4F4W1q2IkB7SCpXizHLIc3eh8iZkbWZE+CGPvTpqyF03Yi16qhxpAbkGs2Yhq
+jTx5oJ4CL5fybBOZLg+BTlK4HIee6xEcbNoq+A==
+=ZKBW
+-----END PGP PRIVATE KEY BLOCK-----
+"""
+
+ownertrust = """
+723762CD5A5FECB76DC72DF85ADCFD5631C38741:6:
+2940C247A1FBAD508A1AF24BBFCFBAA0F85BA39C:6:
+"""
+
+class MailgwPGPTestCase(MailgwTestAbstractBase):
+ pgphome = 'pgp-test-home'
+ def setUp(self):
+ MailgwTestAbstractBase.setUp(self)
+ self.db.security.addRole (name = 'pgp', description = 'PGP Role')
+ self.instance.config['PGP_HOMEDIR'] = self.pgphome
+ self.instance.config['PGP_ROLES'] = 'pgp'
+ self.instance.config['PGP_ENABLE'] = True
+ self.db.user.set(self.john_id, roles='User,pgp')
+ os.mkdir(self.pgphome)
+ os.environ['GNUPGHOME'] = self.pgphome
+ ctx = pyme.core.Context()
+ key = pyme.core.Data(pgp_test_key)
+ ctx.op_import(key)
+ key = pyme.core.Data(john_doe_key)
+ ctx.op_import(key)
+ # trust-modelling with pyme isn't working in 0.8.1
+ # based on libgpgme11 1.2.0, also tried in C -- same thing.
+ otrust = os.popen ('gpg --import-ownertrust 2> /dev/null', 'w')
+ otrust.write(ownertrust)
+ otrust.close()
+
+ def tearDown(self):
+ MailgwTestAbstractBase.tearDown(self)
+ if os.path.exists(self.pgphome):
+ shutil.rmtree(self.pgphome)
+
+ def testUnsignedMessage(self):
+ self.assertRaises(MailUsageError, self._handle_mail,
+ '''Content-Type: text/plain;
+ charset="iso-8859-1"
+From: John Doe <john@test.test>
+To: issue_tracker@your.tracker.email.domain.example
+Message-Id: <dummy_test_message_id>
+Subject: [issue] Testing non-signed message...
+
+This is no pgp signed message.
+''')
+
+ def testSignedMessage(self):
+ nodeid = self._handle_mail('''Content-Disposition: inline
+From: John Doe <john@test.test>
+To: issue_tracker@your.tracker.email.domain.example
+Subject: [issue] Testing signed message...
+Content-Type: multipart/signed; micalg=pgp-sha1;
+ protocol="application/pgp-signature"; boundary="cWoXeonUoKmBZSoM"
+
+
+--cWoXeonUoKmBZSoM
+Content-Type: text/plain; charset=us-ascii
+Content-Disposition: inline
+
+This is a pgp signed message.
+
+--cWoXeonUoKmBZSoM
+Content-Type: application/pgp-signature; name="signature.asc"
+Content-Description: Digital signature
+Content-Disposition: inline
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+iJwEAQECAAYFAk6N4A4ACgkQv8+6oPhbo5x5nAP/d7R7SxTvLoVESI+1r7eDXp1J
+LvBVU2EF3YFYKBHMLcWmjG92fNjnHX6NENTEhTeBynba5IPEwUfITC+7PmgPmQkA
+VXnFZnwraHxsYgyFsVFN1kkTSbwRUlWl9+nTEsr0yBLTpZN0QSIDcwu+i/xVcg+t
+ZQ4K6R3m3AOw7BLdvZs=
+=wpYk
+-----END PGP SIGNATURE-----
+
+--cWoXeonUoKmBZSoM--
+''')
+ m = self.db.issue.get (nodeid, 'messages') [0]
+ self.assertEqual(self.db.msg.get(m, 'content'),
+ 'This is a pgp signed message.')
+
def test_suite():
suite = unittest.TestSuite()
suite.addTest(unittest.makeSuite(MailgwTestCase))
+ if pyme is not None:
+ suite.addTest(unittest.makeSuite(MailgwPGPTestCase))
+ else:
+ print "Skipping PGP tests"
return suite
if __name__ == '__main__':
unittest.main(testRunner=runner)
# vim: set filetype=python sts=4 sw=4 et si :
-
-
-
-