relay raises exception if recipient's key is not ultimatelly trusted

author: drebs <drebs@leap.se> 2012-11-05 12:03:34 -0200
committer: drebs <drebs@leap.se> 2012-11-05 12:03:34 -0200
commit: 32a2c354c4cf1691446f91d5ee6b8ec036782956 (patch)
tree: e2bf17a78156427ec3747b8d5adce8c5428c1c95 /src
parent: 4d303f98650b1cbcfa102a6771a88a9f5c9884d5 (diff)
1 files changed, 9 insertions, 6 deletions
diff --git a/src/leap/email/smtp/smtprelay.tac b/src/leap/email/smtp/smtprelay.tac
index 7d8e426d..2ee5ee4b 100644
--- a/src/leap/email/smtp/smtprelay.tac
+++ b/src/leap/email/smtp/smtprelay.tac
@@ -43,10 +43,13 @@ class SMTPDelivery(object):
         """Assert existence of and trust on recipient's GPG public key."""
         # try to find recipient's public key
         try:
-            fp = self.gpg.get_fingerprint(user.dest.addrstr)
+            # this will raise an exception if key is not found
+            trust = self.gpg.find_key(user.dest.addrstr)['trust']
+            # verify if key is (u)ltimatelly trusted
+            if trust != 'u':
+                raise smtp.SMTPBadRcpt(user)
             print "Accepting mail for %s..." % user.dest
             return lambda: EncryptedMessage(user)
-            # TODO: verify if key is trusted
         except LookupError:
             raise smtp.SMTPBadRcpt(user)
 
@@ -126,7 +129,7 @@ class EncryptedMessage():
         return d
 
     def encrypt(self):
-        fp = self.gpg.get_fingerprint(self.user.dest.addrstr)
+        fp = self.gpg.find_key(self.user.dest.addrstr)['fingerprint']
         print "Encrypting to %s" % fp
         self.cyphertext = str(self.gpg.encrypt('\n'.join(self.body), [fp]))
     
@@ -153,14 +156,14 @@ class GPGWrapper():
     def __init__(self, gpghome=GNUPG_HOME, gpgbinary=GNUPG_BINARY):
         self.gpg = gnupg.GPG(gnupghome=gpghome, gpgbinary=gpgbinary)
 
-    def get_fingerprint(self, email):
+    def find_key(self, email):
         """
-        Find user's fingerprint based on their email.
+        Find user's key based on their email.
         """
         for key in self.gpg.list_keys():
             for uid in key['uids']:
                 if re.search(email, uid):
-                    return key['fingerprint']
+                    return key
         raise LookupError("GnuPG public key for %s not found!" % email)
 
     def encrypt(self, data, recipient):
author	drebs <drebs@leap.se>	2012-11-05 12:03:34 -0200
committer	drebs <drebs@leap.se>	2012-11-05 12:03:34 -0200
commit	32a2c354c4cf1691446f91d5ee6b8ec036782956 (patch)
tree	e2bf17a78156427ec3747b8d5adce8c5428c1c95 /src
parent	4d303f98650b1cbcfa102a6771a88a9f5c9884d5 (diff)