summaryrefslogtreecommitdiff
path: root/src/leap/email/smtp/smtprelay.tac
diff options
context:
space:
mode:
authordrebs <drebs@leap.se>2012-11-05 12:03:34 -0200
committerdrebs <drebs@leap.se>2012-11-05 12:03:34 -0200
commit32a2c354c4cf1691446f91d5ee6b8ec036782956 (patch)
treee2bf17a78156427ec3747b8d5adce8c5428c1c95 /src/leap/email/smtp/smtprelay.tac
parent4d303f98650b1cbcfa102a6771a88a9f5c9884d5 (diff)
relay raises exception if recipient's key is not ultimatelly trusted
Diffstat (limited to 'src/leap/email/smtp/smtprelay.tac')
-rw-r--r--src/leap/email/smtp/smtprelay.tac15
1 files changed, 9 insertions, 6 deletions
diff --git a/src/leap/email/smtp/smtprelay.tac b/src/leap/email/smtp/smtprelay.tac
index 7d8e426d..2ee5ee4b 100644
--- a/src/leap/email/smtp/smtprelay.tac
+++ b/src/leap/email/smtp/smtprelay.tac
@@ -43,10 +43,13 @@ class SMTPDelivery(object):
"""Assert existence of and trust on recipient's GPG public key."""
# try to find recipient's public key
try:
- fp = self.gpg.get_fingerprint(user.dest.addrstr)
+ # this will raise an exception if key is not found
+ trust = self.gpg.find_key(user.dest.addrstr)['trust']
+ # verify if key is (u)ltimatelly trusted
+ if trust != 'u':
+ raise smtp.SMTPBadRcpt(user)
print "Accepting mail for %s..." % user.dest
return lambda: EncryptedMessage(user)
- # TODO: verify if key is trusted
except LookupError:
raise smtp.SMTPBadRcpt(user)
@@ -126,7 +129,7 @@ class EncryptedMessage():
return d
def encrypt(self):
- fp = self.gpg.get_fingerprint(self.user.dest.addrstr)
+ fp = self.gpg.find_key(self.user.dest.addrstr)['fingerprint']
print "Encrypting to %s" % fp
self.cyphertext = str(self.gpg.encrypt('\n'.join(self.body), [fp]))
@@ -153,14 +156,14 @@ class GPGWrapper():
def __init__(self, gpghome=GNUPG_HOME, gpgbinary=GNUPG_BINARY):
self.gpg = gnupg.GPG(gnupghome=gpghome, gpgbinary=gpgbinary)
- def get_fingerprint(self, email):
+ def find_key(self, email):
"""
- Find user's fingerprint based on their email.
+ Find user's key based on their email.
"""
for key in self.gpg.list_keys():
for uid in key['uids']:
if re.search(email, uid):
- return key['fingerprint']
+ return key
raise LookupError("GnuPG public key for %s not found!" % email)
def encrypt(self, data, recipient):