From 49986a9f947f8b02f08e2ac8b3d893d3834691e2 Mon Sep 17 00:00:00 2001 From: drebs Date: Tue, 23 Oct 2012 14:21:19 -0200 Subject: Simple SMTP relay using Twisted API. --- src/leap/email/smtp/__init__.py | 0 src/leap/email/smtp/smtprelay.py | 126 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 126 insertions(+) create mode 100644 src/leap/email/smtp/__init__.py create mode 100644 src/leap/email/smtp/smtprelay.py diff --git a/src/leap/email/smtp/__init__.py b/src/leap/email/smtp/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/src/leap/email/smtp/smtprelay.py b/src/leap/email/smtp/smtprelay.py new file mode 100644 index 00000000..10020a54 --- /dev/null +++ b/src/leap/email/smtp/smtprelay.py @@ -0,0 +1,126 @@ +from zope.interface import implements +from twisted.mail import smtp +from twisted.internet.protocol import ServerFactory +from twisted.internet import reactor +from twisted.internet import defer +from email.Header import Header +from StringIO import StringIO + + +class SMTPFactory(ServerFactory): + """ + Factory for an SMTP server with encrypted relaying capabilities. + """ + + def buildProtocol(self, addr): + "Return a protocol suitable for the job." + smtpProtocol = smtp.SMTP(SMTPDelivery()) + smtpProtocol.factory = self + return smtpProtocol + + +class SMTPDelivery(object): + """ + Validate email addresses and handle message delivery. + """ + + implements(smtp.IMessageDelivery) + + def __init__(self): + self.gpgkey = '' + + def receivedHeader(self, helo, origin, recipients): + myHostname, clientIP = helo + headerValue = "by %s from %s with ESMTP ; %s" % ( + myHostname, clientIP, smtp.rfc822date( )) + # email.Header.Header used for automatic wrapping of long lines + return "Received: %s" % Header(headerValue) + + def validateTo(self, user): + """Assert existence of GPG public key for a recipient.""" + # for now just accept any receipient + print "Accepting mail for %s..." % user.dest + return lambda: EncryptedMessage(user, self.gpgkey) + + def validateFrom(self, helo, originAddress): + # accept mail from anywhere. To reject an address, raise + # smtp.SMTPBadSender here. + return originAddress + + +class EncryptedMessage(): + """ + Receive plaintext from client, encrypt it and send message to + recipients. + """ + implements(smtp.IMessage) + + SMTP_HOSTNAME = "mail.riseup.net" + SMTP_PORT = 25 + + def __init__(self, user, gpgkey): + self.user = user + self.gpgkey = gpgkey + self.getSMTPInfo() + self.lines = [] + + def lineReceived(self, line): + """Store email DATA lines as they arrive.""" + self.lines.append(line) + + def eomReceived(self): + """Encrypt and send message.""" + print "Message data complete." + self.lines.append('') # add a trailing newline + return self.sendMail() + + def connectionLost(self): + print "Connection lost unexpectedly!" + # unexpected loss of connection; don't save + del(self.lines) + + def sendSuccess(self, r): + print r + reactor.stop() + + def sendError(self, e): + print e + reactor.stop() + + def sendMail(self): + self.lines = [self.lines[0]] + \ + ["From: %s" % self.user.orig.addrstr] + \ + ["To: %s" % self.user.dest.addrstr] + \ + self.lines[1:] + msg = '\n'.join(self.lines) + d = defer.Deferred() + factory = smtp.ESMTPSenderFactory(self.smtp_username, + self.smtp_password, + self.smtp_username, + self.user.dest.addrstr, + StringIO(msg), + d) + # the next call is TSL-powered! + reactor.connectTCP(self.SMTP_HOSTNAME, self.SMTP_PORT, factory) + d.addCallback(self.sendSuccess) + d.addErrback(self.sendError) + #reactor.run() + return d + + + # this will be replaced by some other mechanism of obtaining credentials + # for SMTP server. + def getSMTPInfo(self): + f = open('/var/tmp/smtp-info.txt', 'r') + self.smtp_host = f.readline().rstrip() + self.smtp_port = f.readline().rstrip() + self.smtp_username = f.readline().rstrip() + self.smtp_password = f.readline().rstrip() + f.close() + + +# run server +if __name__ == "__main__": + import sys + reactor.listenTCP(25, SMTPFactory()) + reactor.run() -- cgit v1.2.3 From 148f81aa9214eeae6a870912e252c119a4c6472c Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 29 Oct 2012 11:49:15 -0200 Subject: send encrypted mail --- src/leap/email/smtp/smtprelay.py | 62 +++++++++++++++++++++++++++++----------- 1 file changed, 46 insertions(+), 16 deletions(-) diff --git a/src/leap/email/smtp/smtprelay.py b/src/leap/email/smtp/smtprelay.py index 10020a54..cbcff43a 100644 --- a/src/leap/email/smtp/smtprelay.py +++ b/src/leap/email/smtp/smtprelay.py @@ -5,6 +5,8 @@ from twisted.internet import reactor from twisted.internet import defer from email.Header import Header from StringIO import StringIO +import gnupg +import re class SMTPFactory(ServerFactory): @@ -26,9 +28,6 @@ class SMTPDelivery(object): implements(smtp.IMessageDelivery) - def __init__(self): - self.gpgkey = '' - def receivedHeader(self, helo, origin, recipients): myHostname, clientIP = helo headerValue = "by %s from %s with ESMTP ; %s" % ( @@ -40,7 +39,7 @@ class SMTPDelivery(object): """Assert existence of GPG public key for a recipient.""" # for now just accept any receipient print "Accepting mail for %s..." % user.dest - return lambda: EncryptedMessage(user, self.gpgkey) + return lambda: EncryptedMessage(user) def validateFrom(self, helo, originAddress): # accept mail from anywhere. To reject an address, raise @@ -50,19 +49,19 @@ class SMTPDelivery(object): class EncryptedMessage(): """ - Receive plaintext from client, encrypt it and send message to - recipients. + Receive plaintext from client, encrypt it and send message to a + recipient. """ implements(smtp.IMessage) SMTP_HOSTNAME = "mail.riseup.net" SMTP_PORT = 25 - def __init__(self, user, gpgkey): + def __init__(self, user): self.user = user - self.gpgkey = gpgkey self.getSMTPInfo() self.lines = [] + self.gpg = GPGWrapper() def lineReceived(self, line): """Store email DATA lines as they arrive.""" @@ -72,6 +71,9 @@ class EncryptedMessage(): """Encrypt and send message.""" print "Message data complete." self.lines.append('') # add a trailing newline + self.received = self.lines[0] + self.lines = self.lines[1:] + self.encrypt() return self.sendMail() def connectionLost(self): @@ -88,11 +90,11 @@ class EncryptedMessage(): reactor.stop() def sendMail(self): - self.lines = [self.lines[0]] + \ - ["From: %s" % self.user.orig.addrstr] + \ - ["To: %s" % self.user.dest.addrstr] + \ - self.lines[1:] - msg = '\n'.join(self.lines) + lines = [self.received] + \ + ["From: %s" % self.user.orig.addrstr] + \ + ["To: %s" % self.user.dest.addrstr] + \ + [self.cyphertext] + msg = '\n'.join(lines) d = defer.Deferred() factory = smtp.ESMTPSenderFactory(self.smtp_username, self.smtp_password, @@ -104,14 +106,16 @@ class EncryptedMessage(): reactor.connectTCP(self.SMTP_HOSTNAME, self.SMTP_PORT, factory) d.addCallback(self.sendSuccess) d.addErrback(self.sendError) - #reactor.run() return d + def encrypt(self): + fp = self.gpg.get_fingerprint(self.user.dest.addrstr) + self.cyphertext = str(self.gpg.encrypt('\n'.join(self.lines), [fp])) # this will be replaced by some other mechanism of obtaining credentials # for SMTP server. def getSMTPInfo(self): - f = open('/var/tmp/smtp-info.txt', 'r') + f = open('/media/smtp-info.txt', 'r') self.smtp_host = f.readline().rstrip() self.smtp_port = f.readline().rstrip() self.smtp_username = f.readline().rstrip() @@ -119,8 +123,34 @@ class EncryptedMessage(): f.close() +class GPGWrapper(): + """ + This is a temporary class for handling GPG requests, and should be + replaced by a more general class used throughout the project. + """ + + GNUPG_HOME = "~/.config/leap/gnupg" + GNUPG_BINARY = "/usr/bin/gpg" # this has to be changed based on OS + + def __init__(self): + self.gpg = gnupg.GPG(gnupghome=self.GNUPG_HOME, gpgbinary=self.GNUPG_BINARY) + + def get_fingerprint(self, email): + """ + Find user's fingerprint based on their email. + """ + for key in self.gpg.list_keys(): + for uid in key['uids']: + if re.search(email, uid): + return key['fingerprint'] + + def encrypt(self, data, recipient): + return self.gpg.encrypt(data, recipient) + + + # run server if __name__ == "__main__": import sys - reactor.listenTCP(25, SMTPFactory()) + reactor.listenTCP(2500, SMTPFactory()) reactor.run() -- cgit v1.2.3 From 196ec0e1eefbd50860771de0c8d2b488c30c6506 Mon Sep 17 00:00:00 2001 From: drebs Date: Wed, 31 Oct 2012 11:57:08 -0200 Subject: relay loops forever with twistd --- src/leap/email/smtp/smtprelay.py | 156 ------------------------------------- src/leap/email/smtp/smtprelay.tac | 159 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 159 insertions(+), 156 deletions(-) delete mode 100644 src/leap/email/smtp/smtprelay.py create mode 100644 src/leap/email/smtp/smtprelay.tac diff --git a/src/leap/email/smtp/smtprelay.py b/src/leap/email/smtp/smtprelay.py deleted file mode 100644 index cbcff43a..00000000 --- a/src/leap/email/smtp/smtprelay.py +++ /dev/null @@ -1,156 +0,0 @@ -from zope.interface import implements -from twisted.mail import smtp -from twisted.internet.protocol import ServerFactory -from twisted.internet import reactor -from twisted.internet import defer -from email.Header import Header -from StringIO import StringIO -import gnupg -import re - - -class SMTPFactory(ServerFactory): - """ - Factory for an SMTP server with encrypted relaying capabilities. - """ - - def buildProtocol(self, addr): - "Return a protocol suitable for the job." - smtpProtocol = smtp.SMTP(SMTPDelivery()) - smtpProtocol.factory = self - return smtpProtocol - - -class SMTPDelivery(object): - """ - Validate email addresses and handle message delivery. - """ - - implements(smtp.IMessageDelivery) - - def receivedHeader(self, helo, origin, recipients): - myHostname, clientIP = helo - headerValue = "by %s from %s with ESMTP ; %s" % ( - myHostname, clientIP, smtp.rfc822date( )) - # email.Header.Header used for automatic wrapping of long lines - return "Received: %s" % Header(headerValue) - - def validateTo(self, user): - """Assert existence of GPG public key for a recipient.""" - # for now just accept any receipient - print "Accepting mail for %s..." % user.dest - return lambda: EncryptedMessage(user) - - def validateFrom(self, helo, originAddress): - # accept mail from anywhere. To reject an address, raise - # smtp.SMTPBadSender here. - return originAddress - - -class EncryptedMessage(): - """ - Receive plaintext from client, encrypt it and send message to a - recipient. - """ - implements(smtp.IMessage) - - SMTP_HOSTNAME = "mail.riseup.net" - SMTP_PORT = 25 - - def __init__(self, user): - self.user = user - self.getSMTPInfo() - self.lines = [] - self.gpg = GPGWrapper() - - def lineReceived(self, line): - """Store email DATA lines as they arrive.""" - self.lines.append(line) - - def eomReceived(self): - """Encrypt and send message.""" - print "Message data complete." - self.lines.append('') # add a trailing newline - self.received = self.lines[0] - self.lines = self.lines[1:] - self.encrypt() - return self.sendMail() - - def connectionLost(self): - print "Connection lost unexpectedly!" - # unexpected loss of connection; don't save - del(self.lines) - - def sendSuccess(self, r): - print r - reactor.stop() - - def sendError(self, e): - print e - reactor.stop() - - def sendMail(self): - lines = [self.received] + \ - ["From: %s" % self.user.orig.addrstr] + \ - ["To: %s" % self.user.dest.addrstr] + \ - [self.cyphertext] - msg = '\n'.join(lines) - d = defer.Deferred() - factory = smtp.ESMTPSenderFactory(self.smtp_username, - self.smtp_password, - self.smtp_username, - self.user.dest.addrstr, - StringIO(msg), - d) - # the next call is TSL-powered! - reactor.connectTCP(self.SMTP_HOSTNAME, self.SMTP_PORT, factory) - d.addCallback(self.sendSuccess) - d.addErrback(self.sendError) - return d - - def encrypt(self): - fp = self.gpg.get_fingerprint(self.user.dest.addrstr) - self.cyphertext = str(self.gpg.encrypt('\n'.join(self.lines), [fp])) - - # this will be replaced by some other mechanism of obtaining credentials - # for SMTP server. - def getSMTPInfo(self): - f = open('/media/smtp-info.txt', 'r') - self.smtp_host = f.readline().rstrip() - self.smtp_port = f.readline().rstrip() - self.smtp_username = f.readline().rstrip() - self.smtp_password = f.readline().rstrip() - f.close() - - -class GPGWrapper(): - """ - This is a temporary class for handling GPG requests, and should be - replaced by a more general class used throughout the project. - """ - - GNUPG_HOME = "~/.config/leap/gnupg" - GNUPG_BINARY = "/usr/bin/gpg" # this has to be changed based on OS - - def __init__(self): - self.gpg = gnupg.GPG(gnupghome=self.GNUPG_HOME, gpgbinary=self.GNUPG_BINARY) - - def get_fingerprint(self, email): - """ - Find user's fingerprint based on their email. - """ - for key in self.gpg.list_keys(): - for uid in key['uids']: - if re.search(email, uid): - return key['fingerprint'] - - def encrypt(self, data, recipient): - return self.gpg.encrypt(data, recipient) - - - -# run server -if __name__ == "__main__": - import sys - reactor.listenTCP(2500, SMTPFactory()) - reactor.run() diff --git a/src/leap/email/smtp/smtprelay.tac b/src/leap/email/smtp/smtprelay.tac new file mode 100644 index 00000000..b05edb7f --- /dev/null +++ b/src/leap/email/smtp/smtprelay.tac @@ -0,0 +1,159 @@ +import re +import gnupg +from zope.interface import implements +from StringIO import StringIO +from twisted.mail import smtp +from twisted.internet.protocol import ServerFactory +from twisted.internet import reactor +from twisted.internet import defer +from twisted.application import internet, service +from email.Header import Header + + +class SMTPFactory(ServerFactory): + """ + Factory for an SMTP server with encrypted relaying capabilities. + """ + + def buildProtocol(self, addr): + "Return a protocol suitable for the job." + smtpProtocol = smtp.SMTP(SMTPDelivery()) + smtpProtocol.factory = self + return smtpProtocol + + +class SMTPDelivery(object): + """ + Validate email addresses and handle message delivery. + """ + + implements(smtp.IMessageDelivery) + + def receivedHeader(self, helo, origin, recipients): + myHostname, clientIP = helo + headerValue = "by %s from %s with ESMTP ; %s" % ( + myHostname, clientIP, smtp.rfc822date( )) + # email.Header.Header used for automatic wrapping of long lines + return "Received: %s" % Header(headerValue) + + def validateTo(self, user): + """Assert existence of GPG public key for a recipient.""" + # for now just accept any receipient + print "Accepting mail for %s..." % user.dest + return lambda: EncryptedMessage(user) + + def validateFrom(self, helo, originAddress): + # accept mail from anywhere. To reject an address, raise + # smtp.SMTPBadSender here. + return originAddress + + +class EncryptedMessage(): + """ + Receive plaintext from client, encrypt it and send message to a + recipient. + """ + implements(smtp.IMessage) + + SMTP_HOSTNAME = "mail.riseup.net" + SMTP_PORT = 25 + + def __init__(self, user): + self.user = user + self.getSMTPInfo() + self.lines = [] + self.gpg = GPGWrapper() + + def lineReceived(self, line): + """Store email DATA lines as they arrive.""" + self.lines.append(line) + + def eomReceived(self): + """Encrypt and send message.""" + print "Message data complete." + self.lines.append('') # add a trailing newline + self.received = self.lines[0] + self.lines = self.lines[1:] + self.encrypt() + return self.sendMail() + + def connectionLost(self): + print "Connection lost unexpectedly!" + # unexpected loss of connection; don't save + self.lines = [] + + def sendSuccess(self, r): + print r + + def sendError(self, e): + print e + + def sendMail(self): + lines = [self.received, + "From: %s" % self.user.orig.addrstr, + "To: %s" % self.user.dest.addrstr, + self.cyphertext] + msg = '\n'.join(lines) + d = defer.Deferred() + factory = smtp.ESMTPSenderFactory(self.smtp_username, + self.smtp_password, + self.smtp_username, + self.user.dest.addrstr, + StringIO(msg), + d) + # the next call is TSL-powered! + reactor.connectTCP(self.SMTP_HOSTNAME, self.SMTP_PORT, factory) + d.addCallback(self.sendSuccess) + d.addErrback(self.sendError) + return d + + def encrypt(self): + fp = self.gpg.get_fingerprint(self.user.dest.addrstr) + print "Encrypting to %s" % fp + self.cyphertext = str(self.gpg.encrypt('\n'.join(self.lines), [fp])) + + # this will be replaced by some other mechanism of obtaining credentials + # for SMTP server. + def getSMTPInfo(self): + f = open('/media/smtp-info.txt', 'r') + self.smtp_host = f.readline().rstrip() + self.smtp_port = f.readline().rstrip() + self.smtp_username = f.readline().rstrip() + self.smtp_password = f.readline().rstrip() + f.close() + + +class GPGWrapper(): + """ + This is a temporary class for handling GPG requests, and should be + replaced by a more general class used throughout the project. + """ + + GNUPG_HOME = "~/.config/leap/gnupg" + GNUPG_BINARY = "/usr/bin/gpg" # this has to be changed based on OS + + def __init__(self): + self.gpg = gnupg.GPG(gnupghome=self.GNUPG_HOME, gpgbinary=self.GNUPG_BINARY) + + def get_fingerprint(self, email): + """ + Find user's fingerprint based on their email. + """ + for key in self.gpg.list_keys(): + for uid in key['uids']: + if re.search(email, uid): + return key['fingerprint'] + + def encrypt(self, data, recipient): + return self.gpg.encrypt(data, recipient) + + +# service configuration +port = 25 +factory = SMTPFactory() + +# this enables the use of this application with twistd +application = service.Application("LEAP SMTP Relay") # create the Application +service = internet.TCPServer(port, factory) # create the service +# add the service to the application +service.setServiceParent(application) -- cgit v1.2.3 From f21c3ee5f5480fae3ad9323d4b6dec5e380c2cdd Mon Sep 17 00:00:00 2001 From: drebs Date: Wed, 31 Oct 2012 13:56:35 -0200 Subject: add README file --- src/leap/email/smtp/README | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 src/leap/email/smtp/README diff --git a/src/leap/email/smtp/README b/src/leap/email/smtp/README new file mode 100644 index 00000000..dc440d3d --- /dev/null +++ b/src/leap/email/smtp/README @@ -0,0 +1,3 @@ +To launch the SMTP relay, run the following command: + + twistd -y smtprelay.tac -- cgit v1.2.3 From be9265fc7c15cd6e135fc31a788b2d9233e2f83e Mon Sep 17 00:00:00 2001 From: drebs Date: Wed, 31 Oct 2012 14:54:38 -0200 Subject: email header is not encrypted --- src/leap/email/smtp/smtprelay.tac | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/src/leap/email/smtp/smtprelay.tac b/src/leap/email/smtp/smtprelay.tac index b05edb7f..1b89a32c 100644 --- a/src/leap/email/smtp/smtprelay.tac +++ b/src/leap/email/smtp/smtprelay.tac @@ -72,10 +72,15 @@ class EncryptedMessage(): """Encrypt and send message.""" print "Message data complete." self.lines.append('') # add a trailing newline - self.received = self.lines[0] - self.lines = self.lines[1:] + self.parseMessage() self.encrypt() - return self.sendMail() + return self.sendMessage() + + def parseMessage(self): + """Separate message headers from body.""" + sep = self.lines.index('') + self.header = self.lines[:sep] + self.body = self.lines[sep+1:] def connectionLost(self): print "Connection lost unexpectedly!" @@ -88,12 +93,14 @@ class EncryptedMessage(): def sendError(self, e): print e - def sendMail(self): - lines = [self.received, - "From: %s" % self.user.orig.addrstr, - "To: %s" % self.user.dest.addrstr, - self.cyphertext] - msg = '\n'.join(lines) + def prepareHeader(self): + self.header.insert(1, "From: %s" % self.user.orig.addrstr) + self.header.insert(2, "To: %s" % self.user.dest.addrstr) + self.header.append('') + + def sendMessage(self): + self.prepareHeader() + msg = '\n'.join(self.header+[self.cyphertext]) d = defer.Deferred() factory = smtp.ESMTPSenderFactory(self.smtp_username, self.smtp_password, @@ -110,7 +117,7 @@ class EncryptedMessage(): def encrypt(self): fp = self.gpg.get_fingerprint(self.user.dest.addrstr) print "Encrypting to %s" % fp - self.cyphertext = str(self.gpg.encrypt('\n'.join(self.lines), [fp])) + self.cyphertext = str(self.gpg.encrypt('\n'.join(self.body), [fp])) # this will be replaced by some other mechanism of obtaining credentials # for SMTP server. -- cgit v1.2.3 From 728eef32a7eab7d90db4a9b72d74cc7ecd1b6265 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 5 Nov 2012 10:29:24 -0200 Subject: gpg wrapper is configurable --- src/leap/email/smtp/smtprelay.tac | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/leap/email/smtp/smtprelay.tac b/src/leap/email/smtp/smtprelay.tac index 1b89a32c..8226bf3d 100644 --- a/src/leap/email/smtp/smtprelay.tac +++ b/src/leap/email/smtp/smtprelay.tac @@ -139,8 +139,8 @@ class GPGWrapper(): GNUPG_HOME = "~/.config/leap/gnupg" GNUPG_BINARY = "/usr/bin/gpg" # this has to be changed based on OS - def __init__(self): - self.gpg = gnupg.GPG(gnupghome=self.GNUPG_HOME, gpgbinary=self.GNUPG_BINARY) + def __init__(self, gpghome=GNUPG_HOME, gpgbinary=GNUPG_BINARY): + self.gpg = gnupg.GPG(gnupghome=gpghome, gpgbinary=gpgbinary) def get_fingerprint(self, email): """ @@ -154,6 +154,9 @@ class GPGWrapper(): def encrypt(self, data, recipient): return self.gpg.encrypt(data, recipient) + def import_keys(self, data): + return self.gpg.import_keys(data) + # service configuration port = 25 -- cgit v1.2.3 From 4d303f98650b1cbcfa102a6771a88a9f5c9884d5 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 5 Nov 2012 11:01:20 -0200 Subject: relay raises exception if recipient's key is not found --- src/leap/email/smtp/smtprelay.tac | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/src/leap/email/smtp/smtprelay.tac b/src/leap/email/smtp/smtprelay.tac index 8226bf3d..7d8e426d 100644 --- a/src/leap/email/smtp/smtprelay.tac +++ b/src/leap/email/smtp/smtprelay.tac @@ -28,6 +28,9 @@ class SMTPDelivery(object): """ implements(smtp.IMessageDelivery) + + def __init__(self): + self.gpg = GPGWrapper() def receivedHeader(self, helo, origin, recipients): myHostname, clientIP = helo @@ -37,10 +40,15 @@ class SMTPDelivery(object): return "Received: %s" % Header(headerValue) def validateTo(self, user): - """Assert existence of GPG public key for a recipient.""" - # for now just accept any receipient - print "Accepting mail for %s..." % user.dest - return lambda: EncryptedMessage(user) + """Assert existence of and trust on recipient's GPG public key.""" + # try to find recipient's public key + try: + fp = self.gpg.get_fingerprint(user.dest.addrstr) + print "Accepting mail for %s..." % user.dest + return lambda: EncryptedMessage(user) + # TODO: verify if key is trusted + except LookupError: + raise smtp.SMTPBadRcpt(user) def validateFrom(self, helo, originAddress): # accept mail from anywhere. To reject an address, raise @@ -73,8 +81,11 @@ class EncryptedMessage(): print "Message data complete." self.lines.append('') # add a trailing newline self.parseMessage() - self.encrypt() - return self.sendMessage() + try: + self.encrypt() + return self.sendMessage() + except LookupError: + return None def parseMessage(self): """Separate message headers from body.""" @@ -150,6 +161,7 @@ class GPGWrapper(): for uid in key['uids']: if re.search(email, uid): return key['fingerprint'] + raise LookupError("GnuPG public key for %s not found!" % email) def encrypt(self, data, recipient): return self.gpg.encrypt(data, recipient) -- cgit v1.2.3 From 32a2c354c4cf1691446f91d5ee6b8ec036782956 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 5 Nov 2012 12:03:34 -0200 Subject: relay raises exception if recipient's key is not ultimatelly trusted --- src/leap/email/smtp/smtprelay.tac | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/leap/email/smtp/smtprelay.tac b/src/leap/email/smtp/smtprelay.tac index 7d8e426d..2ee5ee4b 100644 --- a/src/leap/email/smtp/smtprelay.tac +++ b/src/leap/email/smtp/smtprelay.tac @@ -43,10 +43,13 @@ class SMTPDelivery(object): """Assert existence of and trust on recipient's GPG public key.""" # try to find recipient's public key try: - fp = self.gpg.get_fingerprint(user.dest.addrstr) + # this will raise an exception if key is not found + trust = self.gpg.find_key(user.dest.addrstr)['trust'] + # verify if key is (u)ltimatelly trusted + if trust != 'u': + raise smtp.SMTPBadRcpt(user) print "Accepting mail for %s..." % user.dest return lambda: EncryptedMessage(user) - # TODO: verify if key is trusted except LookupError: raise smtp.SMTPBadRcpt(user) @@ -126,7 +129,7 @@ class EncryptedMessage(): return d def encrypt(self): - fp = self.gpg.get_fingerprint(self.user.dest.addrstr) + fp = self.gpg.find_key(self.user.dest.addrstr)['fingerprint'] print "Encrypting to %s" % fp self.cyphertext = str(self.gpg.encrypt('\n'.join(self.body), [fp])) @@ -153,14 +156,14 @@ class GPGWrapper(): def __init__(self, gpghome=GNUPG_HOME, gpgbinary=GNUPG_BINARY): self.gpg = gnupg.GPG(gnupghome=gpghome, gpgbinary=gpgbinary) - def get_fingerprint(self, email): + def find_key(self, email): """ - Find user's fingerprint based on their email. + Find user's key based on their email. """ for key in self.gpg.list_keys(): for uid in key['uids']: if re.search(email, uid): - return key['fingerprint'] + return key raise LookupError("GnuPG public key for %s not found!" % email) def encrypt(self, data, recipient): -- cgit v1.2.3 From 4539d448f2537a7221a4658a2d9771d2e2db4120 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 12 Nov 2012 09:43:16 -0200 Subject: small refactoring --- src/leap/email/smtp/smtprelay.tac | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/leap/email/smtp/smtprelay.tac b/src/leap/email/smtp/smtprelay.tac index 2ee5ee4b..cb302389 100644 --- a/src/leap/email/smtp/smtprelay.tac +++ b/src/leap/email/smtp/smtprelay.tac @@ -45,7 +45,8 @@ class SMTPDelivery(object): try: # this will raise an exception if key is not found trust = self.gpg.find_key(user.dest.addrstr)['trust'] - # verify if key is (u)ltimatelly trusted + # if key is not ultimatelly trusted, then the message will not + # be encrypted. So, we check for this below if trust != 'u': raise smtp.SMTPBadRcpt(user) print "Accepting mail for %s..." % user.dest @@ -93,7 +94,7 @@ class EncryptedMessage(): def parseMessage(self): """Separate message headers from body.""" sep = self.lines.index('') - self.header = self.lines[:sep] + self.headers = self.lines[:sep] self.body = self.lines[sep+1:] def connectionLost(self): @@ -108,13 +109,13 @@ class EncryptedMessage(): print e def prepareHeader(self): - self.header.insert(1, "From: %s" % self.user.orig.addrstr) - self.header.insert(2, "To: %s" % self.user.dest.addrstr) - self.header.append('') + self.headers.insert(1, "From: %s" % self.user.orig.addrstr) + self.headers.insert(2, "To: %s" % self.user.dest.addrstr) + self.headers.append('') def sendMessage(self): self.prepareHeader() - msg = '\n'.join(self.header+[self.cyphertext]) + msg = '\n'.join(self.headers+[self.cyphertext]) d = defer.Deferred() factory = smtp.ESMTPSenderFactory(self.smtp_username, self.smtp_password, @@ -177,8 +178,7 @@ class GPGWrapper(): port = 25 factory = SMTPFactory() -# this enables the use of this application with twistd -application = service.Application("LEAP SMTP Relay") # create the Application -service = internet.TCPServer(port, factory) # create the service -# add the service to the application +# these enable the use of this service with twistd +application = service.Application("LEAP SMTP Relay") +service = internet.TCPServer(port, factory) service.setServiceParent(application) -- cgit v1.2.3 From a59886ce1727162ad8992fdabcc38137760a8ab4 Mon Sep 17 00:00:00 2001 From: drebs Date: Wed, 28 Nov 2012 19:29:10 -0200 Subject: creating test files (no tests yet) --- src/leap/email/smtp/test_all.py | 10 ++++ src/leap/email/smtp/tests/185CA770.key | 79 +++++++++++++++++++++++++++++++ src/leap/email/smtp/tests/185CA770.pub | 52 ++++++++++++++++++++ src/leap/email/smtp/tests/__init__.py | 11 +++++ src/leap/email/smtp/tests/mail.txt | 10 ++++ src/leap/email/smtp/tests/test_encrypt.py | 25 ++++++++++ src/leap/email/smtp/tests/util.py | 34 +++++++++++++ 7 files changed, 221 insertions(+) create mode 100644 src/leap/email/smtp/test_all.py create mode 100644 src/leap/email/smtp/tests/185CA770.key create mode 100644 src/leap/email/smtp/tests/185CA770.pub create mode 100644 src/leap/email/smtp/tests/__init__.py create mode 100644 src/leap/email/smtp/tests/mail.txt create mode 100644 src/leap/email/smtp/tests/test_encrypt.py create mode 100644 src/leap/email/smtp/tests/util.py diff --git a/src/leap/email/smtp/test_all.py b/src/leap/email/smtp/test_all.py new file mode 100644 index 00000000..a760ba53 --- /dev/null +++ b/src/leap/email/smtp/test_all.py @@ -0,0 +1,10 @@ +import sys +import unittest + +import tests + +def test_suite(): + return tests.test_suite() + +if __name__ == '__main__': + unittest.main(defaultTest='test_suite') diff --git a/src/leap/email/smtp/tests/185CA770.key b/src/leap/email/smtp/tests/185CA770.key new file mode 100644 index 00000000..587b4164 --- /dev/null +++ b/src/leap/email/smtp/tests/185CA770.key @@ -0,0 +1,79 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v1.4.10 (GNU/Linux) + +lQIVBFCJNL4BEADFsI1TCD4yq7ZqL7VhdVviTuX6JUps8/mVEhRVOZhojLcTYaqQ +gs6T6WabRxcK7ymOnf4K8NhYdz6HFoJN46BT87etokx7J/Sl2OhpiqBQEY+jW8Rp ++3MSGrGmvFw0s1lGrz/cXzM7UNgWSTOnYZ5nJS1veMhy0jseZOUK7ekp2oEDjGZh +pzgd3zICCR2SvlpLIXB2Nr/CUcuRWTcc5LlKmbjMybu0E/uuY14st3JL+7qI6QX0 +atFm0VhFVpagOl0vWKxakUx4hC7j1wH2ADlCvSZPG0StSLUyHkJx3UPsmYxOZFao +ATED3Okjwga6E7PJEbzyqAkvzw/M973kaZCUSH75ZV0cQnpdgXV3DK1gSa3d3gug +W1lE0V7pwnN2NTOYfBMi+WloCs/bp4iZSr4QP1duZ3IqKraeBDCk7MoFo4A9Wk07 +kvqPwF9IBgatu62WVEZIzwyViN+asFUGfgp+8D7gtnlWAw0V6y/lSTzyl+dnLP98 +Hfr2eLBylFs+Kl3Pivpg2uHw09LLCrjeLEN3dj9SfBbA9jDIo9Zhs1voiIK/7Shx +E0BRJaBgG3C4QaytYEu7RFFOKuvBai9w2Y5OfsKFo8rA7v4dxFFDvzKGujCtNnwf +oyaGlZmMBU5MUmHUNiG8ON21COZBtK5oMScuY1VC9CQonj3OClg3IbU9SQARAQAB +/gNlAkdOVQG0JGRyZWJzIChncGcgdGVzdCBrZXkpIDxkcmVic0BsZWFwLnNlPokC +OAQTAQIAIgUCUIk0vgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQty9e +xhhcp3Bdhw//bdPUNbp6rgIjRRuwYvGJ6IuiFuFWJQ0m3iAuuAoZo5GHAPqZAuGk +dMVYu0dtCtZ68MJ/QpjBCT9RRL+mgIgfLfUSj2ZknP4nb6baiG5u28l0KId/e5IC +iQKBnIsjxKxhLBVHSzRaS1P+vZeF2C2R9XyNy0eCnAwyCMcD0R8TVROGQ7i4ZQsM +bMj1LPpOwhV/EGp23nD+upWOVbn/wQHOYV2kMiA/8fizmWRIWsV4/68uMA+WDP4L +40AnJ0fcs04f9deM9P6pjlm00VD7qklYEGw6Mpr2g/M73kGh1nlAv+ImQBGlLMle +RXyzHY3WAhzmRKWO4koFuKeR9Q0EMzk2R4/kuagdWEpM+bhwE4xPV1tPZhn9qFTz +pQD4p/VT4qNQKOD0+aTFWre65Rt2cFFMLI7UmEHNLi0NB9JCIAi4+l+b9WQNlmaO +C8EhOGwRzmehUyHmXM3BNW28MnyKFJ7bBFMd7uJz+vAPOrr6OzuNvVCv2I2ICkTs +ihIj/zw5GXxkPO7YbMu9rKG0nKF1N3JB1gUJ78DHmhbjeaGSvHw85sPD0/1dPZK4 +8Gig8i62aCxf8OlJPlt8ZhBBolzs6ITUNa75Rw9fJsj3UWuv2VFaIuR57bFWmY3s +A9KPgdf7jVQlAZKlVyli7IkyaZmxDZNFQoTdIC9uo0aggIDP8zKv0n2dBz4EUIk0 +vgEQAOO8BAR7sBdqj2RRMRNeWSA4S9GuHfV3YQARnqYsbITs1jRgAo7jx9Z5C80c +ZOxOUVK7CJjtTqU0JB9QP/zwV9hk5i6y6aQTysclQyTNN10aXu/3zJla5Duhz+Cs ++5UcVAmNJX9FgTMVvhKDEIY/LNmb9MoBLMut1CkDx+WPCV45WOIBCDdj2HpIjie4 +phs0/65SWjPiVg3WsFZljVxpJCGXP48Eet2bf8afYH1lx3sQMcNbyJACIPtz+YKz +c7jIKwKSWzg1VyYikbk9eWCxcz6VKNJKi94YH9c7U8X3TdZ8G0kGYUldjYDvesyl +nuQlcGCtSGKOAhrN/Bu2R0gpFgYl247u79CmjotefMdv8BGUDW6u9/Sep9xN3dW8 +S87h6M/tvs0ChlkDDpJedzCd7ThdikGvFRJfW/8sT/+qoTKskySQaDIeNJnxZuyK +wELLMBvCZGpamwmnkEGhvuZWq0h/DwyTs4QAE8OVHXJSM3UN7hM4lJIUh+sRKJ1F +AXXTdSY4cUNaS+OKtj2LJ85zFqhfAZ4pFwLCgYbJtU5hej2LnMJNbYcSkjxbk+c5 +IjkoZRF+ExjZlc0VLYNT57ZriwZ/pX42ofjOyMR/dkHQuFik/4K7v1ZemfaTdm07 +SEMBknR6OZsy/5+viEtXiih3ptTMaT9row+g+cFoxdXkisKvABEBAAH+AwMCIlVK +Xs3x0Slgwx03cTNIoWXmishkPCJlEEdcjldz2VyQF9hjdp1VIe+npI26chKwCZqm +U8yYbJh4UBrugUUzKKd4EfnmKfu+/BsJciFRVKwBtiolIiUImzcHPWktYLwo9yzX +W42teShXXVgWmsJN1/6FqJdsLg8dxWesXMKoaNF4n1P7zx6vKBmDHTRz7PToaI/d +5/nKrjED7ZT1h+qR5i9UUgbvF0ySp8mlqk/KNqHUSLDB9kf/JDg4XVtPHGGd9Ik/ +60UJ7aDfohi4Z0VgwWmfLBwcQ3It+ENtnPFufH3WHW8c1UA4wVku9tOTqyrRG6tP +TZGiRfuwsv7Hq3pWT6rntbDkTiVgESM4C1fiZblc98iWUKGXSHqm+te1TwXOUCci +J/gryXcjQFM8A0rwA/m+EvsoWuzoqIl3x++p3/3/mGux6UD4O7OhJNRVRz+8Mhq1 +ksrR9XkQzpq3Yv3ulTHz7l+WCRRXxw5+XWAkRHHF47Vf/na38NJQHcsCBbRIuLYR +wBzS48cYzYkF6VejKThdQmdYJ0/fUrlUBCAJWgrfqCihFLDa1s4jJ16/fqi8a97Y +4raVy2hrF2vFc/wet13hsaddVn4rPRAMDEGdgEmJX7MmU1emT/yaIG9lvjMpI2c5 +ADXGF2yYYa7H8zPIFyHU1RSavlT0S/K9yzIZvv+jA5KbNeGp+WWFT8MLZs0IhoCZ +d1EgLUYAt7LPUSm2lBy1w/IL+VtYuyn/UVFo2xWiHd1ABiNWl1ji3X9Ki5613QqH +bvn4z46voCzdZ02rYkAwrdqDr92fiBR8ctwA0AudaG6nf2ztmFKtM3E/RPMkPgKF +8NHYc7QxS2jruJxXBtjRBMtoIaZ0+AXUO6WuEJrDLDHWaM08WKByQMm808xNCbRr +CpiK8qyR3SwkfaOMCp22mqViirQ2KfuVvBpBT2pBYlgDKs50nE+stDjUMv+FDKAo +5NtiyPfNtaBOYnXAEQb/hjjW5bKq7JxHSxIWAYKbNKIWgftJ3ACZAsBMHfaOCFNH ++XLojAoxOI+0zbN6FtjN+YMU1XrLd6K49v7GEiJQZVQSfLCecVDhDU9paNROA/Xq +/3nDCTKhd3stTPnc8ymLAwhTP0bSoFh/KtU96D9ZMC2cu9XZ+UcSQYES/ncZWcLw +wTKrt+VwBG1z3DbV2O0ruUiXTLcZMsrwbUSDx1RVhmKZ0i42AttMdauFQ9JaX2CS +2ddqFBS1b4X6+VCy44KkpdXsmp0NWMgm/PM3PTisCxrha7bI5/LqfXG0b+GuIFb4 +h/lEA0Ae0gMgkzm3ePAPPVlRj7kFl5Osjxm3YVRW23WWGDRF5ywIROlBjbdozA0a +MyMgXlG9hhJseIpFveoiwqenNE5Wxg0yQbnhMUTKeCQ0xskG82P+c9bvDsevAQUR +uv1JAGGxDd1/4nk0M5m9/Gf4Bn0uLAz29LdMg0FFUvAm2ol3U3uChm7OISU8dqFy +JdCFACKBMzAREiXfgH2TrTxAhpy5uVcUSQV8x5J8qJ/mUoTF1WE3meXEm9CIvIAF +Mz49KKebLS3zGFixMcKLAOKA+s/tUWO7ZZoJyQjvQVerLyDo6UixVb11LQUJQOXb +ZIuSKV7deCgBDQ26C42SpF3rHfEQa7XH7j7tl1IIW/9DfYJYVQHaz1NTq6zcjWS2 +e+cUexBPhxbadGn0zelXr6DLJqQT7kaVeYOHlkYUHkZXdHE4CWoHqOboeB02uM/A +e7nge1rDi57ySrsF4AVl59QJYBPR43AOVbCJAh8EGAECAAkFAlCJNL4CGwwACgkQ +ty9exhhcp3DetA/8D/IscSBlWY3TjCD2P7t3+X34USK8EFD3QJse9dnCWOLcskFQ +IoIfhRM752evFu2W9owEvxSQdG+otQAOqL72k1EH2g7LsADuV8I4LOYOnLyeIE9I +b+CFPBkmzTEzrdYp6ITUU7qqgkhcgnltKGHoektIjxE8gtxCKEdyxkzazum6nCQQ +kSBZOXVU3ezm+A2QHHP6XT1GEbdKbJ0tIuJR8ADu08pBx2c/LDBBreVStrrt1Dbz +uR+U8MJsfLVcYX/Rw3V+KA24oLRzg91y3cfi3sNU/kmd5Cw42Tj00B+FXQny51Mq +s4KyqHobj62II68eL5HRB2pcGsoaedQyxu2cYSeVyarBOiUPNYkoGDJoKdDyZRIB +NNK0W+ASTf0zeHhrY/okt1ybTVtvbt6wkTEbKVePUaYmNmhre1cAj4uNwFzYjkzJ +cm+8XWftD+TV8cE5DyVdnF00SPDuPzodRAPXaGpQUMLkE4RPr1TAwcuoPH9aFHZ/ +se6rw6TQHLd0vMk0U/DocikXpSJ1N6caE3lRwI/+nGfXNiCr8MIdofgkBeO86+G7 +k0UXS4v5FKk1nwTyt4PkFJDvAJX6rZPxIZ9NmtA5ao5vyu1DT5IhoXgDzwurAe8+ +R+y6gtA324hXIweFNt7SzYPfI4SAjunlmm8PIBf3owBrk3j+w6EQoaCreK4= +=6HcJ +-----END PGP PRIVATE KEY BLOCK----- diff --git a/src/leap/email/smtp/tests/185CA770.pub b/src/leap/email/smtp/tests/185CA770.pub new file mode 100644 index 00000000..38af19f8 --- /dev/null +++ b/src/leap/email/smtp/tests/185CA770.pub @@ -0,0 +1,52 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.10 (GNU/Linux) + +mQINBFCJNL4BEADFsI1TCD4yq7ZqL7VhdVviTuX6JUps8/mVEhRVOZhojLcTYaqQ +gs6T6WabRxcK7ymOnf4K8NhYdz6HFoJN46BT87etokx7J/Sl2OhpiqBQEY+jW8Rp ++3MSGrGmvFw0s1lGrz/cXzM7UNgWSTOnYZ5nJS1veMhy0jseZOUK7ekp2oEDjGZh +pzgd3zICCR2SvlpLIXB2Nr/CUcuRWTcc5LlKmbjMybu0E/uuY14st3JL+7qI6QX0 +atFm0VhFVpagOl0vWKxakUx4hC7j1wH2ADlCvSZPG0StSLUyHkJx3UPsmYxOZFao +ATED3Okjwga6E7PJEbzyqAkvzw/M973kaZCUSH75ZV0cQnpdgXV3DK1gSa3d3gug +W1lE0V7pwnN2NTOYfBMi+WloCs/bp4iZSr4QP1duZ3IqKraeBDCk7MoFo4A9Wk07 +kvqPwF9IBgatu62WVEZIzwyViN+asFUGfgp+8D7gtnlWAw0V6y/lSTzyl+dnLP98 +Hfr2eLBylFs+Kl3Pivpg2uHw09LLCrjeLEN3dj9SfBbA9jDIo9Zhs1voiIK/7Shx +E0BRJaBgG3C4QaytYEu7RFFOKuvBai9w2Y5OfsKFo8rA7v4dxFFDvzKGujCtNnwf +oyaGlZmMBU5MUmHUNiG8ON21COZBtK5oMScuY1VC9CQonj3OClg3IbU9SQARAQAB +tCRkcmVicyAoZ3BnIHRlc3Qga2V5KSA8ZHJlYnNAbGVhcC5zZT6JAjgEEwECACIF +AlCJNL4CGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELcvXsYYXKdwXYcP +/23T1DW6eq4CI0UbsGLxieiLohbhViUNJt4gLrgKGaORhwD6mQLhpHTFWLtHbQrW +evDCf0KYwQk/UUS/poCIHy31Eo9mZJz+J2+m2ohubtvJdCiHf3uSAokCgZyLI8Ss +YSwVR0s0WktT/r2XhdgtkfV8jctHgpwMMgjHA9EfE1UThkO4uGULDGzI9Sz6TsIV +fxBqdt5w/rqVjlW5/8EBzmFdpDIgP/H4s5lkSFrFeP+vLjAPlgz+C+NAJydH3LNO +H/XXjPT+qY5ZtNFQ+6pJWBBsOjKa9oPzO95BodZ5QL/iJkARpSzJXkV8sx2N1gIc +5kSljuJKBbinkfUNBDM5NkeP5LmoHVhKTPm4cBOMT1dbT2YZ/ahU86UA+Kf1U+Kj +UCjg9PmkxVq3uuUbdnBRTCyO1JhBzS4tDQfSQiAIuPpfm/VkDZZmjgvBIThsEc5n +oVMh5lzNwTVtvDJ8ihSe2wRTHe7ic/rwDzq6+js7jb1Qr9iNiApE7IoSI/88ORl8 +ZDzu2GzLvayhtJyhdTdyQdYFCe/Ax5oW43mhkrx8PObDw9P9XT2SuPBooPIutmgs +X/DpST5bfGYQQaJc7OiE1DWu+UcPXybI91Frr9lRWiLkee2xVpmN7APSj4HX+41U +JQGSpVcpYuyJMmmZsQ2TRUKE3SAvbqNGoICAz/Myr9J9uQINBFCJNL4BEADjvAQE +e7AXao9kUTETXlkgOEvRrh31d2EAEZ6mLGyE7NY0YAKO48fWeQvNHGTsTlFSuwiY +7U6lNCQfUD/88FfYZOYusumkE8rHJUMkzTddGl7v98yZWuQ7oc/grPuVHFQJjSV/ +RYEzFb4SgxCGPyzZm/TKASzLrdQpA8fljwleOVjiAQg3Y9h6SI4nuKYbNP+uUloz +4lYN1rBWZY1caSQhlz+PBHrdm3/Gn2B9Zcd7EDHDW8iQAiD7c/mCs3O4yCsCkls4 +NVcmIpG5PXlgsXM+lSjSSoveGB/XO1PF903WfBtJBmFJXY2A73rMpZ7kJXBgrUhi +jgIazfwbtkdIKRYGJduO7u/Qpo6LXnzHb/ARlA1urvf0nqfcTd3VvEvO4ejP7b7N +AoZZAw6SXncwne04XYpBrxUSX1v/LE//qqEyrJMkkGgyHjSZ8WbsisBCyzAbwmRq +WpsJp5BBob7mVqtIfw8Mk7OEABPDlR1yUjN1De4TOJSSFIfrESidRQF103UmOHFD +WkvjirY9iyfOcxaoXwGeKRcCwoGGybVOYXo9i5zCTW2HEpI8W5PnOSI5KGURfhMY +2ZXNFS2DU+e2a4sGf6V+NqH4zsjEf3ZB0LhYpP+Cu79WXpn2k3ZtO0hDAZJ0ejmb +Mv+fr4hLV4ood6bUzGk/a6MPoPnBaMXV5IrCrwARAQABiQIfBBgBAgAJBQJQiTS+ +AhsMAAoJELcvXsYYXKdw3rQP/A/yLHEgZVmN04wg9j+7d/l9+FEivBBQ90CbHvXZ +wlji3LJBUCKCH4UTO+dnrxbtlvaMBL8UkHRvqLUADqi+9pNRB9oOy7AA7lfCOCzm +Dpy8niBPSG/ghTwZJs0xM63WKeiE1FO6qoJIXIJ5bShh6HpLSI8RPILcQihHcsZM +2s7pupwkEJEgWTl1VN3s5vgNkBxz+l09RhG3SmydLSLiUfAA7tPKQcdnPywwQa3l +Ura67dQ287kflPDCbHy1XGF/0cN1figNuKC0c4Pdct3H4t7DVP5JneQsONk49NAf +hV0J8udTKrOCsqh6G4+tiCOvHi+R0QdqXBrKGnnUMsbtnGEnlcmqwTolDzWJKBgy +aCnQ8mUSATTStFvgEk39M3h4a2P6JLdcm01bb27esJExGylXj1GmJjZoa3tXAI+L +jcBc2I5MyXJvvF1n7Q/k1fHBOQ8lXZxdNEjw7j86HUQD12hqUFDC5BOET69UwMHL +qDx/WhR2f7Huq8Ok0By3dLzJNFPw6HIpF6UidTenGhN5UcCP/pxn1zYgq/DCHaH4 +JAXjvOvhu5NFF0uL+RSpNZ8E8reD5BSQ7wCV+q2T8SGfTZrQOWqOb8rtQ0+SIaF4 +A88LqwHvPkfsuoLQN9uIVyMHhTbe0s2D3yOEgI7p5ZpvDyAX96MAa5N4/sOhEKGg +q3iu +=RChS +-----END PGP PUBLIC KEY BLOCK----- diff --git a/src/leap/email/smtp/tests/__init__.py b/src/leap/email/smtp/tests/__init__.py new file mode 100644 index 00000000..adb28414 --- /dev/null +++ b/src/leap/email/smtp/tests/__init__.py @@ -0,0 +1,11 @@ +import unittest + +def test_suite(): + import tests.test_send + + suite = unittest.TestSuite() + + suite.addTest(tests.test_send.test_suite()) + + return suite + diff --git a/src/leap/email/smtp/tests/mail.txt b/src/leap/email/smtp/tests/mail.txt new file mode 100644 index 00000000..95420470 --- /dev/null +++ b/src/leap/email/smtp/tests/mail.txt @@ -0,0 +1,10 @@ +HELO drebs@riseup.net +MAIL FROM: drebs@riseup.net +RCPT TO: drebs@riseup.net +RCPT TO: drebs@leap.se +DATA +Subject: leap test + +Hello world! +. +QUIT diff --git a/src/leap/email/smtp/tests/test_encrypt.py b/src/leap/email/smtp/tests/test_encrypt.py new file mode 100644 index 00000000..1051b587 --- /dev/null +++ b/src/leap/email/smtp/tests/test_encrypt.py @@ -0,0 +1,25 @@ +import os +import unittest +import gnupg + +class EncryptMessageTestCase(unittest.TestCase): + + def test_encrypt_to_signonly(self): + plaintext = BytesIO(b'Hello World\n') + ciphertext = BytesIO() + ctx = gpgme.Context() + recipient = ctx.get_key('15E7CE9BF1771A4ABC550B31F540A569CB935A42') + try: + ctx.encrypt([recipient], gpgme.ENCRYPT_ALWAYS_TRUST, + plaintext, ciphertext) + except gpgme.GpgmeError as exc: + self.assertEqual(exc.args[0], gpgme.ERR_SOURCE_UNKNOWN) + self.assertEqual(exc.args[1], gpgme.ERR_GENERAL) + else: + self.fail('gpgme.GpgmeError not raised') + + +def test_suite(): + loader = unittest.TestLoader() + return loader.loadTestsFromName(__name__) + diff --git a/src/leap/email/smtp/tests/util.py b/src/leap/email/smtp/tests/util.py new file mode 100644 index 00000000..b62cb731 --- /dev/null +++ b/src/leap/email/smtp/tests/util.py @@ -0,0 +1,34 @@ +# copied from pygpgme's tests +import os +import shutil +import tempfile +import unittest + +import gpgme + +import smtprelay + +__all__ = ['GpgHomeTestCase'] + +keydir = os.path.join(os.path.dirname(__file__), 'keys') + +class GpgHomeTestCase(unittest.TestCase): + + gpg_conf_contents = '' + import_keys = [] + + def keyfile(self, key): + return open(os.path.join(keydir, key), 'rb') + + def setUp(self): + self._gpghome = tempfile.mkdtemp(prefix='tmp.gpghome') + + # import requested keys into the keyring + ctx = gpgme.Context() + for key in self.import_keys: + with self.keyfile(key) as fp: + ctx.import_(fp) + + def tearDown(self): + del os.environ['GNUPGHOME'] + shutil.rmtree(self._gpghome, ignore_errors=True) -- cgit v1.2.3 From 9509a4e68af74737cf96460dc5af9e1cbb836e66 Mon Sep 17 00:00:00 2001 From: drebs Date: Tue, 22 Jan 2013 12:14:02 -0200 Subject: Clean up tests and add basic GPG infrastructure. --- src/leap/email/smtp/README | 38 ++++++ src/leap/email/smtp/test_all.py | 10 -- src/leap/email/smtp/tests/__init__.py | 195 +++++++++++++++++++++++++++++- src/leap/email/smtp/tests/test_encrypt.py | 25 ---- src/leap/email/smtp/tests/util.py | 34 ------ 5 files changed, 228 insertions(+), 74 deletions(-) delete mode 100644 src/leap/email/smtp/test_all.py delete mode 100644 src/leap/email/smtp/tests/test_encrypt.py delete mode 100644 src/leap/email/smtp/tests/util.py diff --git a/src/leap/email/smtp/README b/src/leap/email/smtp/README index dc440d3d..a351dcec 100644 --- a/src/leap/email/smtp/README +++ b/src/leap/email/smtp/README @@ -1,3 +1,41 @@ +Leap SMTP Relay +=============== + +Outgoing mail workflow: + + * LEAP client runs a thin SMTP proxy on the user's device, bound to + localhost. + * User's MUA is configured outgoing SMTP to localhost + * When SMTP proxy receives an email from MUA + * SMTP proxy queries Key Manager for the user's private key and public + keys of all recipients + * Message is signed by sender and encrypted to recipients. + * If recipient's key is missing, email goes out in cleartext (unless + user has configured option to send only encrypted email) + * Finally, message is relayed to provider's SMTP relay + + +Dependencies +------------ + +Leap SMTP Relay depends on the following python libraries: + + * Twisted 12.3.0 [1] + +[1] http://pypi.python.org/pypi/Twisted/12.3.0 + + +How to run +---------- + To launch the SMTP relay, run the following command: twistd -y smtprelay.tac + + +Running tests +------------- + +Tests are run using Twisted's Trial API, like this: + + trial leap.email.smtp.tests diff --git a/src/leap/email/smtp/test_all.py b/src/leap/email/smtp/test_all.py deleted file mode 100644 index a760ba53..00000000 --- a/src/leap/email/smtp/test_all.py +++ /dev/null @@ -1,10 +0,0 @@ -import sys -import unittest - -import tests - -def test_suite(): - return tests.test_suite() - -if __name__ == '__main__': - unittest.main(defaultTest='test_suite') diff --git a/src/leap/email/smtp/tests/__init__.py b/src/leap/email/smtp/tests/__init__.py index adb28414..3d72377e 100644 --- a/src/leap/email/smtp/tests/__init__.py +++ b/src/leap/email/smtp/tests/__init__.py @@ -1,11 +1,196 @@ import unittest +import gnupg +import shutil +import ipdb -def test_suite(): - import tests.test_send +class OpenPGPTestCase(unittest.TestCase): - suite = unittest.TestSuite() + PREFIX = "/var/tmp" + GNUPG_HOME = "%s/gnupg" % PREFIX + EMAIL = 'leap@leap.se' - suite.addTest(tests.test_send.test_suite()) + def setUp(self): + self._gpg = gnupg.GPG(gnupghome=self.GNUPG_HOME) + + self.assertEqual(self._gpg.import_keys(PUBLIC_KEY).summary(), + '1 imported', "error importing public key") + self.assertEqual(self._gpg.import_keys(PRIVATE_KEY).summary(), + # note that gnupg does not return a successful import + # for private keys. Bug? + '0 imported', "error importing private key") - return suite + def tearDown(self): + shutil.rmtree(self.GNUPG_HOME) + def test_encrypt_decrypt(self): + text = "simple raw text" + encrypted = str(self._gpg.encrypt(text, KEY_FINGERPRINT, + always_trust=True)) + self.assertNotEqual(text, encrypted, "failed encrypting text") + decrypted = str(self._gpg.decrypt(encrypted)) + self.assertEqual(text, decrypted, "failed decrypting text") + + + +# Key material for testing +KEY_FINGERPRINT = "E36E738D69173C13D709E44F2F455E2824D18DDF" +PUBLIC_KEY = """ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.10 (GNU/Linux) + +mQINBFC9+dkBEADNRfwV23TWEoGc/x0wWH1P7PlXt8MnC2Z1kKaKKmfnglVrpOiz +iLWoiU58sfZ0L5vHkzXHXCBf6Eiy/EtUIvdiWAn+yASJ1mk5jZTBKO/WMAHD8wTO +zpMsFmWyg3xc4DkmFa9KQ5EVU0o/nqPeyQxNMQN7px5pPwrJtJFmPxnxm+aDkPYx +irDmz/4DeDNqXliazGJKw7efqBdlwTHkl9Akw2gwy178pmsKwHHEMOBOFFvX61AT +huKqHYmlCGSliwbrJppTG7jc1/ls3itrK+CWTg4txREkSpEVmfcASvw/ZqLbjgfs +d/INMwXnR9U81O8+7LT6yw/ca4ppcFoJD7/XJbkRiML6+bJ4Dakiy6i727BzV17g +wI1zqNvm5rAhtALKfACha6YO43aJzairO4II1wxVHvRDHZn2IuKDDephQ3Ii7/vb +hUOf6XCSmchkAcpKXUOvbxm1yfB1LRa64mMc2RcZxf4mW7KQkulBsdV5QG2276lv +U2UUy2IutXcGP5nXC+f6sJJGJeEToKJ57yiO/VWJFjKN8SvP+7AYsQSqINUuEf6H +T5gCPCraGMkTUTPXrREvu7NOohU78q6zZNaL3GW8ai7eSeANSuQ8Vzffx7Wd8Y7i +Pw9sYj0SMFs1UgjbuL6pO5ueHh+qyumbtAq2K0Bci0kqOcU4E9fNtdiovQARAQAB +tBxMZWFwIFRlc3QgS2V5IDxsZWFwQGxlYXAuc2U+iQI3BBMBCAAhBQJQvfnZAhsD +BQsJCAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEC9FXigk0Y3fT7EQAKH3IuRniOpb +T/DDIgwwjz3oxB/W0DDMyPXowlhSOuM0rgGfntBpBb3boezEXwL86NPQxNGGruF5 +hkmecSiuPSvOmQlqlS95NGQp6hNG0YaKColh+Q5NTspFXCAkFch9oqUje0LdxfSP +QfV9UpeEvGyPmk1I9EJV/YDmZ4+Djge1d7qhVZInz4Rx1NrSyF/Tc2EC0VpjQFsU +Y9Kb2YBBR7ivG6DBc8ty0jJXi7B4WjkFcUEJviQpMF2dCLdonCehYs1PqsN1N7j+ +eFjQd+hqVMJgYuSGKjvuAEfClM6MQw7+FmFwMyLgK/Ew/DttHEDCri77SPSkOGSI +txCzhTg6798f6mJr7WcXmHX1w1Vcib5FfZ8vTDFVhz/XgAgArdhPo9V6/1dgSSiB +KPQ/spsco6u5imdOhckERE0lnAYvVT6KE81TKuhF/b23u7x+Wdew6kK0EQhYA7wy +7LmlaNXc7rMBQJ9Z60CJ4JDtatBWZ0kNrt2VfdDHVdqBTOpl0CraNUjWE5YMDasr +K2dF5IX8D3uuYtpZnxqg0KzyLg0tzL0tvOL1C2iudgZUISZNPKbS0z0v+afuAAnx +2pTC3uezbh2Jt8SWTLhll4i0P4Ps5kZ6HQUO56O+/Z1cWovX+mQekYFmERySDR9n +3k1uAwLilJmRmepGmvYbB8HloV8HqwgguQINBFC9+dkBEAC0I/xn1uborMgDvBtf +H0sEhwnXBC849/32zic6udB6/3Efk9nzbSpL3FSOuXITZsZgCHPkKarnoQ2ztMcS +sh1ke1C5gQGms75UVmM/nS+2YI4vY8OX/GC/on2vUyncqdH+bR6xH5hx4NbWpfTs +iQHmz5C6zzS/kuabGdZyKRaZHt23WQ7JX/4zpjqbC99DjHcP9BSk7tJ8wI4bkMYD +uFVQdT9O6HwyKGYwUU4sAQRAj7XCTGvVbT0dpgJwH4RmrEtJoHAx4Whg8mJ710E0 +GCmzf2jqkNuOw76ivgk27Kge+Hw00jmJjQhHY0yVbiaoJwcRrPKzaSjEVNgrpgP3 +lXPRGQArgESsIOTeVVHQ8fhK2YtTeCY9rIiO+L0OX2xo9HK7hfHZZWL6rqymXdyS +fhzh/f6IPyHFWnvj7Brl7DR8heMikygcJqv+ed2yx7iLyCUJ10g12I48+aEj1aLe +dP7lna32iY8/Z0SHQLNH6PXO9SlPcq2aFUgKqE75A/0FMk7CunzU1OWr2ZtTLNO1 +WT/13LfOhhuEq9jTyTosn0WxBjJKq18lnhzCXlaw6EAtbA7CUwsD3CTPR56aAXFK +3I7KXOVAqggrvMe5Tpdg5drfYpI8hZovL5aAgb+7Y5ta10TcJdUhS5K3kFAWe/td +U0cmWUMDP1UMSQ5Jg6JIQVWhSwARAQABiQIfBBgBCAAJBQJQvfnZAhsMAAoJEC9F +Xigk0Y3fRwsP/i0ElYCyxeLpWJTwo1iCLkMKz2yX1lFVa9nT1BVTPOQwr/IAc5OX +NdtbJ14fUsKL5pWgW8OmrXtwZm1y4euI1RPWWubG01ouzwnGzv26UcuHeqC5orZj +cOnKtL40y8VGMm8LoicVkRJH8blPORCnaLjdOtmA3rx/v2EXrJpSa3AhOy0ZSRXk +ZSrK68AVNwamHRoBSYyo0AtaXnkPX4+tmO8X8BPfj125IljubvwZPIW9VWR9UqCE +VPfDR1XKegVb6VStIywF7kmrknM1C5qUY28rdZYWgKorw01hBGV4jTW0cqde3N51 +XT1jnIAa+NoXUM9uQoGYMiwrL7vNsLlyyiW5ayDyV92H/rIuiqhFgbJsHTlsm7I8 +oGheR784BagAA1NIKD1qEO9T6Kz9lzlDaeWS5AUKeXrb7ZJLI1TTCIZx5/DxjLqM +Tt/RFBpVo9geZQrvLUqLAMwdaUvDXC2c6DaCPXTh65oCZj/hqzlJHH+RoTWWzKI+ +BjXxgUWF9EmZUBrg68DSmI+9wuDFsjZ51BcqvJwxyfxtTaWhdoYqH/UQS+D1FP3/ +diZHHlzwVwPICzM9ooNTgbrcDzyxRkIVqsVwBq7EtzcvgYUyX53yG25Giy6YQaQ2 +ZtQ/VymwFL3XdUWV6B/hU4PVAFvO3qlOtdJ6TpE+nEWgcWjCv5g7RjXX +=MuOY +-----END PGP PUBLIC KEY BLOCK----- +""" +PRIVATE_KEY = """ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v1.4.10 (GNU/Linux) + +lQcYBFC9+dkBEADNRfwV23TWEoGc/x0wWH1P7PlXt8MnC2Z1kKaKKmfnglVrpOiz +iLWoiU58sfZ0L5vHkzXHXCBf6Eiy/EtUIvdiWAn+yASJ1mk5jZTBKO/WMAHD8wTO +zpMsFmWyg3xc4DkmFa9KQ5EVU0o/nqPeyQxNMQN7px5pPwrJtJFmPxnxm+aDkPYx +irDmz/4DeDNqXliazGJKw7efqBdlwTHkl9Akw2gwy178pmsKwHHEMOBOFFvX61AT +huKqHYmlCGSliwbrJppTG7jc1/ls3itrK+CWTg4txREkSpEVmfcASvw/ZqLbjgfs +d/INMwXnR9U81O8+7LT6yw/ca4ppcFoJD7/XJbkRiML6+bJ4Dakiy6i727BzV17g +wI1zqNvm5rAhtALKfACha6YO43aJzairO4II1wxVHvRDHZn2IuKDDephQ3Ii7/vb +hUOf6XCSmchkAcpKXUOvbxm1yfB1LRa64mMc2RcZxf4mW7KQkulBsdV5QG2276lv +U2UUy2IutXcGP5nXC+f6sJJGJeEToKJ57yiO/VWJFjKN8SvP+7AYsQSqINUuEf6H +T5gCPCraGMkTUTPXrREvu7NOohU78q6zZNaL3GW8ai7eSeANSuQ8Vzffx7Wd8Y7i +Pw9sYj0SMFs1UgjbuL6pO5ueHh+qyumbtAq2K0Bci0kqOcU4E9fNtdiovQARAQAB +AA/+JHtlL39G1wsH9R6UEfUQJGXR9MiIiwZoKcnRB2o8+DS+OLjg0JOh8XehtuCs +E/8oGQKtQqa5bEIstX7IZoYmYFiUQi9LOzIblmp2vxOm+HKkxa4JszWci2/ZmC3t +KtaA4adl9XVnshoQ7pijuCMUKB3naBEOAxd8s9d/JeReGIYkJErdrnVfNk5N71Ds +FmH5Ll3XtEDvgBUQP3nkA6QFjpsaB94FHjL3gDwum/cxzj6pCglcvHOzEhfY0Ddb +J967FozQTaf2JW3O+w3LOqtcKWpq87B7+O61tVidQPSSuzPjCtFF0D2LC9R/Hpky +KTMQ6CaKja4MPhjwywd4QPcHGYSqjMpflvJqi+kYIt8psUK/YswWjnr3r4fbuqVY +VhtiHvnBHQjz135lUqWvEz4hM3Xpnxydx7aRlv5NlevK8+YIO5oFbWbGNTWsPZI5 +jpoFBpSsnR1Q5tnvtNHauvoWV+XN2qAOBTG+/nEbDYH6Ak3aaE9jrpTdYh0CotYF +q7csANsDy3JvkAzeU6WnYpsHHaAjqOGyiZGsLej1UcXPFMosE/aUo4WQhiS8Zx2c +zOVKOi/X5vQ2GdNT9Qolz8AriwzsvFR+bxPzyd8V6ALwDsoXvwEYinYBKK8j0OPv +OOihSR6HVsuP9NUZNU9ewiGzte/+/r6pNXHvR7wTQ8EWLcEIAN6Zyrb0bHZTIlxt +VWur/Ht2mIZrBaO50qmM5RD3T5oXzWXi/pjLrIpBMfeZR9DWfwQwjYzwqi7pxtYx +nJvbMuY505rfnMoYxb4J+cpRXV8MS7Dr1vjjLVUC9KiwSbM3gg6emfd2yuA93ihv +Pe3mffzLIiQa4mRE3wtGcioC43nWuV2K2e1KjxeFg07JhrezA/1Cak505ab/tmvP +4YmjR5c44+yL/YcQ3HdFgs4mV+nVbptRXvRcPpolJsgxPccGNdvHhsoR4gwXMS3F +RRPD2z6x8xeN73Q4KH3bm01swQdwFBZbWVfmUGLxvN7leCdfs9+iFJyqHiCIB6Iv +mQfp8F0IAOwSo8JhWN+V1dwML4EkIrM8wUb4yecNLkyR6TpPH/qXx4PxVMC+vy6x +sCtjeHIwKE+9vqnlhd5zOYh7qYXEJtYwdeDDmDbL8oks1LFfd+FyAuZXY33DLwn0 +cRYsr2OEZmaajqUB3NVmj3H4uJBN9+paFHyFSXrH68K1Fk2o3n+RSf2EiX+eICwI +L6rqoF5sSVUghBWdNegV7qfy4anwTQwrIMGjgU5S6PKW0Dr/3iO5z3qQpGPAj5OW +ATqPWkDICLbObPxD5cJlyyNE2wCA9VVc6/1d6w4EVwSq9h3/WTpATEreXXxTGptd +LNiTA1nmakBYNO2Iyo3djhaqBdWjk+EIAKtVEnJH9FAVwWOvaj1RoZMA5DnDMo7e +SnhrCXl8AL7Z1WInEaybasTJXn1uQ8xY52Ua4b8cbuEKRKzw/70NesFRoMLYoHTO +dyeszvhoDHberpGRTciVmpMu7Hyi33rM31K9epA4ib6QbbCHnxkWOZB+Bhgj1hJ8 +xb4RBYWiWpAYcg0+DAC3w9gfxQhtUlZPIbmbrBmrVkO2GVGUj8kH6k4UV6kUHEGY +HQWQR0HcbKcXW81ZXCCD0l7ROuEWQtTe5Jw7dJ4/QFuqZnPutXVRNOZqpl6eRShw +7X2/a29VXBpmHA95a88rSQsL+qm7Fb3prqRmuMCtrUZgFz7HLSTuUMR867QcTGVh +cCBUZXN0IEtleSA8bGVhcEBsZWFwLnNlPokCNwQTAQgAIQUCUL352QIbAwULCQgH +AwUVCgkICwUWAgMBAAIeAQIXgAAKCRAvRV4oJNGN30+xEACh9yLkZ4jqW0/wwyIM +MI896MQf1tAwzMj16MJYUjrjNK4Bn57QaQW926HsxF8C/OjT0MTRhq7heYZJnnEo +rj0rzpkJapUveTRkKeoTRtGGigqJYfkOTU7KRVwgJBXIfaKlI3tC3cX0j0H1fVKX +hLxsj5pNSPRCVf2A5mePg44HtXe6oVWSJ8+EcdTa0shf03NhAtFaY0BbFGPSm9mA +QUe4rxugwXPLctIyV4uweFo5BXFBCb4kKTBdnQi3aJwnoWLNT6rDdTe4/nhY0Hfo +alTCYGLkhio77gBHwpTOjEMO/hZhcDMi4CvxMPw7bRxAwq4u+0j0pDhkiLcQs4U4 +Ou/fH+pia+1nF5h19cNVXIm+RX2fL0wxVYc/14AIAK3YT6PVev9XYEkogSj0P7Kb +HKOruYpnToXJBERNJZwGL1U+ihPNUyroRf29t7u8flnXsOpCtBEIWAO8Muy5pWjV +3O6zAUCfWetAieCQ7WrQVmdJDa7dlX3Qx1XagUzqZdAq2jVI1hOWDA2rKytnReSF +/A97rmLaWZ8aoNCs8i4NLcy9Lbzi9QtornYGVCEmTTym0tM9L/mn7gAJ8dqUwt7n +s24dibfElky4ZZeItD+D7OZGeh0FDuejvv2dXFqL1/pkHpGBZhEckg0fZ95NbgMC +4pSZkZnqRpr2GwfB5aFfB6sIIJ0HGARQvfnZARAAtCP8Z9bm6KzIA7wbXx9LBIcJ +1wQvOPf99s4nOrnQev9xH5PZ820qS9xUjrlyE2bGYAhz5Cmq56ENs7THErIdZHtQ +uYEBprO+VFZjP50vtmCOL2PDl/xgv6J9r1Mp3KnR/m0esR+YceDW1qX07IkB5s+Q +us80v5LmmxnWcikWmR7dt1kOyV/+M6Y6mwvfQ4x3D/QUpO7SfMCOG5DGA7hVUHU/ +Tuh8MihmMFFOLAEEQI+1wkxr1W09HaYCcB+EZqxLSaBwMeFoYPJie9dBNBgps39o +6pDbjsO+or4JNuyoHvh8NNI5iY0IR2NMlW4mqCcHEazys2koxFTYK6YD95Vz0RkA +K4BErCDk3lVR0PH4StmLU3gmPayIjvi9Dl9saPRyu4Xx2WVi+q6spl3ckn4c4f3+ +iD8hxVp74+wa5ew0fIXjIpMoHCar/nndsse4i8glCddINdiOPPmhI9Wi3nT+5Z2t +9omPP2dEh0CzR+j1zvUpT3KtmhVICqhO+QP9BTJOwrp81NTlq9mbUyzTtVk/9dy3 +zoYbhKvY08k6LJ9FsQYySqtfJZ4cwl5WsOhALWwOwlMLA9wkz0eemgFxStyOylzl +QKoIK7zHuU6XYOXa32KSPIWaLy+WgIG/u2ObWtdE3CXVIUuSt5BQFnv7XVNHJllD +Az9VDEkOSYOiSEFVoUsAEQEAAQAP/1AagnZQZyzHDEgw4QELAspYHCWLXE5aZInX +wTUJhK31IgIXNn9bJ0hFiSpQR2xeMs9oYtRuPOu0P8oOFMn4/z374fkjZy8QVY3e +PlL+3EUeqYtkMwlGNmVw5a/NbNuNfm5Darb7pEfbYd1gPcni4MAYw7R2SG/57GbC +9gucvspHIfOSfBNLBthDzmK8xEKe1yD2eimfc2T7IRYb6hmkYfeds5GsqvGI6mwI +85h4uUHWRc5JOlhVM6yX8hSWx0L60Z3DZLChmc8maWnFXd7C8eQ6P1azJJbW71Ih +7CoK0XW4LE82vlQurSRFgTwfl7wFYszW2bOzCuhHDDtYnwH86Nsu0DC78ZVRnvxn +E8Ke/AJgrdhIOo4UAyR+aZD2+2mKd7/waOUTUrUtTzc7i8N3YXGi/EIaNReBXaq+ +ZNOp24BlFzRp+FCF/pptDW9HjPdiV09x0DgICmeZS4Gq/4vFFIahWctg52NGebT0 +Idxngjj+xDtLaZlLQoOz0n5ByjO/Wi0ANmMv1sMKCHhGvdaSws2/PbMR2r4caj8m +KXpIgdinM/wUzHJ5pZyF2U/qejsRj8Kw8KH/tfX4JCLhiaP/mgeTuWGDHeZQERAT +xPmRFHaLP9/ZhvGNh6okIYtrKjWTLGoXvKLHcrKNisBLSq+P2WeFrlme1vjvJMo/ +jPwLT5o9CADQmcbKZ+QQ1ZM9v99iDZol7SAMZX43JC019sx6GK0u6xouJBcLfeB4 +OXacTgmSYdTa9RM9fbfVpti01tJ84LV2SyL/VJq/enJF4XQPSynT/tFTn1PAor6o +tEAAd8fjKdJ6LnD5wb92SPHfQfXqI84rFEO8rUNIE/1ErT6DYifDzVCbfD2KZdoF +cOSp7TpD77sY1bs74ocBX5ejKtd+aH99D78bJSMM4pSDZsIEwnomkBHTziubPwJb +OwnATy0LmSMAWOw5rKbsh5nfwCiUTM20xp0t5JeXd+wPVWbpWqI2EnkCEN+RJr9i +7dp/ymDQ+Yt5wrsN3NwoyiexPOG91WQVCADdErHsnglVZZq9Z8Wx7KwecGCUurJ2 +H6lKudv5YOxPnAzqZS5HbpZd/nRTMZh2rdXCr5m2YOuewyYjvM757AkmUpM09zJX +MQ1S67/UX2y8/74TcRF97Ncx9HeELs92innBRXoFitnNguvcO6Esx4BTe1OdU6qR +ER3zAmVf22Le9ciXbu24DN4mleOH+OmBx7X2PqJSYW9GAMTsRB081R6EWKH7romQ +waxFrZ4DJzZ9ltyosEJn5F32StyLrFxpcrdLUoEaclZCv2qka7sZvi0EvovDVEBU +e10jOx9AOwf8Gj2ufhquQ6qgVYCzbP+YrodtkFrXRS3IsljIchj1M2ffB/0bfoUs +rtER9pLvYzCjBPg8IfGLw0o754Qbhh/ReplCRTusP/fQMybvCvfxreS3oyEriu/G +GufRomjewZ8EMHDIgUsLcYo2UHZsfF7tcazgxMGmMvazp4r8vpgrvW/8fIN/6Adu +tF+WjWDTvJLFJCe6O+BFJOWrssNrrra1zGtLC1s8s+Wfpe+bGPL5zpHeebGTwH1U +22eqgJArlEKxrfarz7W5+uHZJHSjF/K9ZvunLGD0n9GOPMpji3UO3zeM8IYoWn7E +/EWK1XbjnssNemeeTZ+sDh+qrD7BOi+vCX1IyBxbfqnQfJZvmcPWpruy1UsO+aIC +0GY8Jr3OL69dDQ21jueJAh8EGAEIAAkFAlC9+dkCGwwACgkQL0VeKCTRjd9HCw/+ +LQSVgLLF4ulYlPCjWIIuQwrPbJfWUVVr2dPUFVM85DCv8gBzk5c121snXh9Swovm +laBbw6ate3BmbXLh64jVE9Za5sbTWi7PCcbO/bpRy4d6oLmitmNw6cq0vjTLxUYy +bwuiJxWREkfxuU85EKdouN062YDevH+/YResmlJrcCE7LRlJFeRlKsrrwBU3BqYd +GgFJjKjQC1peeQ9fj62Y7xfwE9+PXbkiWO5u/Bk8hb1VZH1SoIRU98NHVcp6BVvp +VK0jLAXuSauSczULmpRjbyt1lhaAqivDTWEEZXiNNbRyp17c3nVdPWOcgBr42hdQ +z25CgZgyLCsvu82wuXLKJblrIPJX3Yf+si6KqEWBsmwdOWybsjygaF5HvzgFqAAD +U0goPWoQ71PorP2XOUNp5ZLkBQp5etvtkksjVNMIhnHn8PGMuoxO39EUGlWj2B5l +Cu8tSosAzB1pS8NcLZzoNoI9dOHrmgJmP+GrOUkcf5GhNZbMoj4GNfGBRYX0SZlQ +GuDrwNKYj73C4MWyNnnUFyq8nDHJ/G1NpaF2hiof9RBL4PUU/f92JkceXPBXA8gL +Mz2ig1OButwPPLFGQhWqxXAGrsS3Ny+BhTJfnfIbbkaLLphBpDZm1D9XKbAUvdd1 +RZXoH+FTg9UAW87eqU610npOkT6cRaBxaMK/mDtGNdc= +=JTFu +-----END PGP PRIVATE KEY BLOCK----- +""" diff --git a/src/leap/email/smtp/tests/test_encrypt.py b/src/leap/email/smtp/tests/test_encrypt.py deleted file mode 100644 index 1051b587..00000000 --- a/src/leap/email/smtp/tests/test_encrypt.py +++ /dev/null @@ -1,25 +0,0 @@ -import os -import unittest -import gnupg - -class EncryptMessageTestCase(unittest.TestCase): - - def test_encrypt_to_signonly(self): - plaintext = BytesIO(b'Hello World\n') - ciphertext = BytesIO() - ctx = gpgme.Context() - recipient = ctx.get_key('15E7CE9BF1771A4ABC550B31F540A569CB935A42') - try: - ctx.encrypt([recipient], gpgme.ENCRYPT_ALWAYS_TRUST, - plaintext, ciphertext) - except gpgme.GpgmeError as exc: - self.assertEqual(exc.args[0], gpgme.ERR_SOURCE_UNKNOWN) - self.assertEqual(exc.args[1], gpgme.ERR_GENERAL) - else: - self.fail('gpgme.GpgmeError not raised') - - -def test_suite(): - loader = unittest.TestLoader() - return loader.loadTestsFromName(__name__) - diff --git a/src/leap/email/smtp/tests/util.py b/src/leap/email/smtp/tests/util.py deleted file mode 100644 index b62cb731..00000000 --- a/src/leap/email/smtp/tests/util.py +++ /dev/null @@ -1,34 +0,0 @@ -# copied from pygpgme's tests -import os -import shutil -import tempfile -import unittest - -import gpgme - -import smtprelay - -__all__ = ['GpgHomeTestCase'] - -keydir = os.path.join(os.path.dirname(__file__), 'keys') - -class GpgHomeTestCase(unittest.TestCase): - - gpg_conf_contents = '' - import_keys = [] - - def keyfile(self, key): - return open(os.path.join(keydir, key), 'rb') - - def setUp(self): - self._gpghome = tempfile.mkdtemp(prefix='tmp.gpghome') - - # import requested keys into the keyring - ctx = gpgme.Context() - for key in self.import_keys: - with self.keyfile(key) as fp: - ctx.import_(fp) - - def tearDown(self): - del os.environ['GNUPGHOME'] - shutil.rmtree(self._gpghome, ignore_errors=True) -- cgit v1.2.3 From 727b46f4267a8b75f4f575953a293c90cd2e2661 Mon Sep 17 00:00:00 2001 From: drebs Date: Wed, 23 Jan 2013 16:26:17 -0200 Subject: Add test for basic email sending. --- .gitignore | 1 + src/leap/email/__init__.py | 0 src/leap/email/smtp/smtprelay.tac | 44 ++++++++++++------ src/leap/email/smtp/tests/__init__.py | 8 ++-- src/leap/email/smtp/tests/test_smtprelay.py | 70 +++++++++++++++++++++++++++++ 5 files changed, 105 insertions(+), 18 deletions(-) create mode 100644 src/leap/email/__init__.py create mode 100644 src/leap/email/smtp/tests/test_smtprelay.py diff --git a/.gitignore b/.gitignore index c577e14f..cf2bc6e5 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,4 @@ src/leap/_branding.py src/leap/certs/*.pem src/*.egg-info MANIFEST +_trial_temp* diff --git a/src/leap/email/__init__.py b/src/leap/email/__init__.py new file mode 100644 index 00000000..e69de29b diff --git a/src/leap/email/smtp/smtprelay.tac b/src/leap/email/smtp/smtprelay.tac index cb302389..f7074dfb 100644 --- a/src/leap/email/smtp/smtprelay.tac +++ b/src/leap/email/smtp/smtprelay.tac @@ -15,9 +15,13 @@ class SMTPFactory(ServerFactory): Factory for an SMTP server with encrypted relaying capabilities. """ + def __init__(self, gpg=None): + self._gpg = gpg + def buildProtocol(self, addr): "Return a protocol suitable for the job." - smtpProtocol = smtp.SMTP(SMTPDelivery()) + # TODO: use ESMTP here. + smtpProtocol = smtp.SMTP(SMTPDelivery(self._gpg)) smtpProtocol.factory = self return smtpProtocol @@ -29,8 +33,11 @@ class SMTPDelivery(object): implements(smtp.IMessageDelivery) - def __init__(self): - self.gpg = GPGWrapper() + def __init__(self, gpg=None): + if gpg: + self._gpg = gpg + else: + self._gpg = GPGWrapper() def receivedHeader(self, helo, origin, recipients): myHostname, clientIP = helo @@ -44,13 +51,13 @@ class SMTPDelivery(object): # try to find recipient's public key try: # this will raise an exception if key is not found - trust = self.gpg.find_key(user.dest.addrstr)['trust'] + trust = self._gpg.find_key(user.dest.addrstr)['trust'] # if key is not ultimatelly trusted, then the message will not # be encrypted. So, we check for this below - if trust != 'u': - raise smtp.SMTPBadRcpt(user) + #if trust != 'u': + # raise smtp.SMTPBadRcpt(user) print "Accepting mail for %s..." % user.dest - return lambda: EncryptedMessage(user) + return lambda: EncryptedMessage(user, gpg=self._gpg) except LookupError: raise smtp.SMTPBadRcpt(user) @@ -70,11 +77,14 @@ class EncryptedMessage(): SMTP_HOSTNAME = "mail.riseup.net" SMTP_PORT = 25 - def __init__(self, user): + def __init__(self, user, gpg=None): self.user = user self.getSMTPInfo() self.lines = [] - self.gpg = GPGWrapper() + if gpg: + self._gpg = gpg + else: + self._gpg = GPGWrapper() def lineReceived(self, line): """Store email DATA lines as they arrive.""" @@ -129,10 +139,12 @@ class EncryptedMessage(): d.addErrback(self.sendError) return d - def encrypt(self): - fp = self.gpg.find_key(self.user.dest.addrstr)['fingerprint'] + def encrypt(self, always_trust=True): + # TODO: do not "always trust" here. + fp = self._gpg.find_key(self.user.dest.addrstr)['fingerprint'] print "Encrypting to %s" % fp - self.cyphertext = str(self.gpg.encrypt('\n'.join(self.body), [fp])) + self.cyphertext = str(self._gpg.encrypt('\n'.join(self.body), [fp], + always_trust=always_trust)) # this will be replaced by some other mechanism of obtaining credentials # for SMTP server. @@ -167,8 +179,12 @@ class GPGWrapper(): return key raise LookupError("GnuPG public key for %s not found!" % email) - def encrypt(self, data, recipient): - return self.gpg.encrypt(data, recipient) + def encrypt(self, data, recipient, always_trust=True): + # TODO: do not 'always_trust'. + return self.gpg.encrypt(data, recipient, always_trust=always_trust) + + def decrypt(self, data): + return self.gpg.decrypt(data) def import_keys(self, data): return self.gpg.import_keys(data) diff --git a/src/leap/email/smtp/tests/__init__.py b/src/leap/email/smtp/tests/__init__.py index 3d72377e..1b2d8bd1 100644 --- a/src/leap/email/smtp/tests/__init__.py +++ b/src/leap/email/smtp/tests/__init__.py @@ -1,7 +1,6 @@ -import unittest -import gnupg +from leap.email.smtp.smtprelay import GPGWrapper import shutil -import ipdb +from twisted.trial import unittest class OpenPGPTestCase(unittest.TestCase): @@ -10,7 +9,7 @@ class OpenPGPTestCase(unittest.TestCase): EMAIL = 'leap@leap.se' def setUp(self): - self._gpg = gnupg.GPG(gnupghome=self.GNUPG_HOME) + self._gpg = GPGWrapper(gpghome=self.GNUPG_HOME) self.assertEqual(self._gpg.import_keys(PUBLIC_KEY).summary(), '1 imported', "error importing public key") @@ -25,6 +24,7 @@ class OpenPGPTestCase(unittest.TestCase): def test_encrypt_decrypt(self): text = "simple raw text" encrypted = str(self._gpg.encrypt(text, KEY_FINGERPRINT, + # TODO: handle always trust issue always_trust=True)) self.assertNotEqual(text, encrypted, "failed encrypting text") decrypted = str(self._gpg.decrypt(encrypted)) diff --git a/src/leap/email/smtp/tests/test_smtprelay.py b/src/leap/email/smtp/tests/test_smtprelay.py new file mode 100644 index 00000000..5410c75e --- /dev/null +++ b/src/leap/email/smtp/tests/test_smtprelay.py @@ -0,0 +1,70 @@ +from datetime import datetime +import re +from leap.email.smtp.smtprelay import ( + SMTPFactory, # a ServerFactory + #SMTPDelivery, # an object + #EncryptedMessage, +) +from leap.email.smtp import tests +from twisted.internet.error import ConnectionDone +from twisted.test import proto_helpers + + +class TestSmtpRelay(tests.OpenPGPTestCase): + + IP_REGEX = "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"; + HOSTNAME_REGEX = "(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])"; + IP_OR_HOST_REGEX = '(' + IP_REGEX + '|' + HOSTNAME_REGEX + ')' + + CRLF = '\r\n' + EMAIL_DATA = [ 'HELO relay.leap.se', + 'MAIL FROM: ', + 'RCPT TO: ', + 'DATA', + 'From: User ', + 'To: Leap ', + 'Date: ' + datetime.now().strftime('%c'), + 'Subject: test message', + '', + 'This is a secret message.', + 'Yours,', + 'A.', + '', + '.', + 'QUIT' ] + SMTP_ANSWERS = [ '220 ' + IP_OR_HOST_REGEX + ' NO UCE NO UBE NO RELAY PROBES', + '250 ' + IP_OR_HOST_REGEX + ' Hello ' + IP_OR_HOST_REGEX + ', nice to meet you', + '250 Sender address accepted', + '250 Recipient address accepted', + '354 Continue' ] + + + def setUp(self): + super(TestSmtpRelay, self).setUp() + self.proto = SMTPFactory(self._gpg).buildProtocol(('127.0.0.1',0)) + self.transport = proto_helpers.StringTransport() + self.proto.makeConnection(self.transport) + + + def tearDown(self): + self.proto.setTimeout(None) + super(TestSmtpRelay, self).tearDown() + + + def assertMatch(self, string, pattern, msg=None): + if not re.match(pattern, string): + msg = self._formatMessage(msg, '"%s" does not match pattern "%s".' + % (string, pattern)) + raise self.failureException(msg) + + + def test_send_email(self): + """ + If L{smtp.SMTP} receives an empty line, it responds with a 500 error + response code and a message about a syntax error. + """ + for i, line in enumerate(self.EMAIL_DATA): + self.proto.lineReceived(line+self.CRLF) + self.assertMatch(self.transport.value(), + self.CRLF.join(self.SMTP_ANSWERS[0:i+1])) + -- cgit v1.2.3 From c2af0a21cb1263ec354708b4623eca154a19d102 Mon Sep 17 00:00:00 2001 From: drebs Date: Wed, 23 Jan 2013 17:19:26 -0200 Subject: Add test for message encryption. --- src/leap/email/smtp/smtprelay.py | 203 ++++++++++++++++++++++++++++ src/leap/email/smtp/smtprelay.tac | 200 --------------------------- src/leap/email/smtp/tests/__init__.py | 2 +- src/leap/email/smtp/tests/test_smtprelay.py | 66 +++++---- 4 files changed, 240 insertions(+), 231 deletions(-) create mode 100644 src/leap/email/smtp/smtprelay.py delete mode 100644 src/leap/email/smtp/smtprelay.tac diff --git a/src/leap/email/smtp/smtprelay.py b/src/leap/email/smtp/smtprelay.py new file mode 100644 index 00000000..f44aeb6f --- /dev/null +++ b/src/leap/email/smtp/smtprelay.py @@ -0,0 +1,203 @@ +import re +import gnupg +from zope.interface import implements +from StringIO import StringIO +from twisted.mail import smtp +from twisted.internet.protocol import ServerFactory +from twisted.internet import reactor +from twisted.internet import defer +from twisted.application import internet, service +from twisted.python import log +from email.Header import Header + + +class SMTPFactory(ServerFactory): + """ + Factory for an SMTP server with encrypted relaying capabilities. + """ + + def __init__(self, gpg=None): + self._gpg = gpg + + def buildProtocol(self, addr): + "Return a protocol suitable for the job." + # TODO: use ESMTP here. + smtpProtocol = smtp.SMTP(SMTPDelivery(self._gpg)) + smtpProtocol.factory = self + return smtpProtocol + + +class SMTPDelivery(object): + """ + Validate email addresses and handle message delivery. + """ + + implements(smtp.IMessageDelivery) + + def __init__(self, gpg=None): + if gpg: + self._gpg = gpg + else: + self._gpg = GPGWrapper() + + def receivedHeader(self, helo, origin, recipients): + myHostname, clientIP = helo + headerValue = "by %s from %s with ESMTP ; %s" % ( + myHostname, clientIP, smtp.rfc822date( )) + # email.Header.Header used for automatic wrapping of long lines + return "Received: %s" % Header(headerValue) + + def validateTo(self, user): + """Assert existence of and trust on recipient's GPG public key.""" + # try to find recipient's public key + try: + # this will raise an exception if key is not found + trust = self._gpg.find_key(user.dest.addrstr)['trust'] + # if key is not ultimatelly trusted, then the message will not + # be encrypted. So, we check for this below + #if trust != 'u': + # raise smtp.SMTPBadRcpt(user) + log.msg("Accepting mail for %s..." % user.dest) + return lambda: EncryptedMessage(user, gpg=self._gpg) + except LookupError: + raise smtp.SMTPBadRcpt(user) + + def validateFrom(self, helo, originAddress): + # accept mail from anywhere. To reject an address, raise + # smtp.SMTPBadSender here. + return originAddress + + +class EncryptedMessage(): + """ + Receive plaintext from client, encrypt it and send message to a + recipient. + """ + implements(smtp.IMessage) + + SMTP_HOSTNAME = "mail.riseup.net" + SMTP_PORT = 25 + + def __init__(self, user, gpg=None): + self.user = user + self.getSMTPInfo() + self.lines = [] + if gpg: + self._gpg = gpg + else: + self._gpg = GPGWrapper() + + def lineReceived(self, line): + """Store email DATA lines as they arrive.""" + self.lines.append(line) + + def eomReceived(self): + """Encrypt and send message.""" + log.msg("Message data complete.") + self.lines.append('') # add a trailing newline + self.parseMessage() + try: + self.encrypt() + return self.sendMessage() + except LookupError: + return None + + def parseMessage(self): + """Separate message headers from body.""" + sep = self.lines.index('') + self.headers = self.lines[:sep] + self.body = self.lines[sep+1:] + + def connectionLost(self): + log.msg("Connection lost unexpectedly!") + log.err() + # unexpected loss of connection; don't save + self.lines = [] + + def sendSuccess(self, r): + log.msg(r) + + def sendError(self, e): + log.msg(e) + log.err() + + def prepareHeader(self): + self.headers.insert(1, "From: %s" % self.user.orig.addrstr) + self.headers.insert(2, "To: %s" % self.user.dest.addrstr) + self.headers.append('') + + def sendMessage(self): + self.prepareHeader() + msg = '\n'.join(self.headers+[self.cyphertext]) + d = defer.Deferred() + factory = smtp.ESMTPSenderFactory(self.smtp_username, + self.smtp_password, + self.smtp_username, + self.user.dest.addrstr, + StringIO(msg), + d) + # the next call is TSL-powered! + reactor.connectTCP(self.SMTP_HOSTNAME, self.SMTP_PORT, factory) + d.addCallback(self.sendSuccess) + d.addErrback(self.sendError) + return d + + def encrypt(self, always_trust=True): + # TODO: do not "always trust" here. + fp = self._gpg.find_key(self.user.dest.addrstr)['fingerprint'] + log.msg("Encrypting to %s" % fp) + self.cyphertext = str(self._gpg.encrypt('\n'.join(self.body), [fp], + always_trust=always_trust)) + + # this will be replaced by some other mechanism of obtaining credentials + # for SMTP server. + def getSMTPInfo(self): + f = open('/media/smtp-info.txt', 'r') + self.smtp_host = f.readline().rstrip() + self.smtp_port = f.readline().rstrip() + self.smtp_username = f.readline().rstrip() + self.smtp_password = f.readline().rstrip() + f.close() + + +class GPGWrapper(): + """ + This is a temporary class for handling GPG requests, and should be + replaced by a more general class used throughout the project. + """ + + GNUPG_HOME = "~/.config/leap/gnupg" + GNUPG_BINARY = "/usr/bin/gpg" # this has to be changed based on OS + + def __init__(self, gpghome=GNUPG_HOME, gpgbinary=GNUPG_BINARY): + self.gpg = gnupg.GPG(gnupghome=gpghome, gpgbinary=gpgbinary) + + def find_key(self, email): + """ + Find user's key based on their email. + """ + for key in self.gpg.list_keys(): + for uid in key['uids']: + if re.search(email, uid): + return key + raise LookupError("GnuPG public key for %s not found!" % email) + + def encrypt(self, data, recipient, always_trust=True): + # TODO: do not 'always_trust'. + return self.gpg.encrypt(data, recipient, always_trust=always_trust) + + def decrypt(self, data): + return self.gpg.decrypt(data) + + def import_keys(self, data): + return self.gpg.import_keys(data) + + +# service configuration +port = 25 +factory = SMTPFactory() + +# these enable the use of this service with twistd +application = service.Application("LEAP SMTP Relay") +service = internet.TCPServer(port, factory) +service.setServiceParent(application) diff --git a/src/leap/email/smtp/smtprelay.tac b/src/leap/email/smtp/smtprelay.tac deleted file mode 100644 index f7074dfb..00000000 --- a/src/leap/email/smtp/smtprelay.tac +++ /dev/null @@ -1,200 +0,0 @@ -import re -import gnupg -from zope.interface import implements -from StringIO import StringIO -from twisted.mail import smtp -from twisted.internet.protocol import ServerFactory -from twisted.internet import reactor -from twisted.internet import defer -from twisted.application import internet, service -from email.Header import Header - - -class SMTPFactory(ServerFactory): - """ - Factory for an SMTP server with encrypted relaying capabilities. - """ - - def __init__(self, gpg=None): - self._gpg = gpg - - def buildProtocol(self, addr): - "Return a protocol suitable for the job." - # TODO: use ESMTP here. - smtpProtocol = smtp.SMTP(SMTPDelivery(self._gpg)) - smtpProtocol.factory = self - return smtpProtocol - - -class SMTPDelivery(object): - """ - Validate email addresses and handle message delivery. - """ - - implements(smtp.IMessageDelivery) - - def __init__(self, gpg=None): - if gpg: - self._gpg = gpg - else: - self._gpg = GPGWrapper() - - def receivedHeader(self, helo, origin, recipients): - myHostname, clientIP = helo - headerValue = "by %s from %s with ESMTP ; %s" % ( - myHostname, clientIP, smtp.rfc822date( )) - # email.Header.Header used for automatic wrapping of long lines - return "Received: %s" % Header(headerValue) - - def validateTo(self, user): - """Assert existence of and trust on recipient's GPG public key.""" - # try to find recipient's public key - try: - # this will raise an exception if key is not found - trust = self._gpg.find_key(user.dest.addrstr)['trust'] - # if key is not ultimatelly trusted, then the message will not - # be encrypted. So, we check for this below - #if trust != 'u': - # raise smtp.SMTPBadRcpt(user) - print "Accepting mail for %s..." % user.dest - return lambda: EncryptedMessage(user, gpg=self._gpg) - except LookupError: - raise smtp.SMTPBadRcpt(user) - - def validateFrom(self, helo, originAddress): - # accept mail from anywhere. To reject an address, raise - # smtp.SMTPBadSender here. - return originAddress - - -class EncryptedMessage(): - """ - Receive plaintext from client, encrypt it and send message to a - recipient. - """ - implements(smtp.IMessage) - - SMTP_HOSTNAME = "mail.riseup.net" - SMTP_PORT = 25 - - def __init__(self, user, gpg=None): - self.user = user - self.getSMTPInfo() - self.lines = [] - if gpg: - self._gpg = gpg - else: - self._gpg = GPGWrapper() - - def lineReceived(self, line): - """Store email DATA lines as they arrive.""" - self.lines.append(line) - - def eomReceived(self): - """Encrypt and send message.""" - print "Message data complete." - self.lines.append('') # add a trailing newline - self.parseMessage() - try: - self.encrypt() - return self.sendMessage() - except LookupError: - return None - - def parseMessage(self): - """Separate message headers from body.""" - sep = self.lines.index('') - self.headers = self.lines[:sep] - self.body = self.lines[sep+1:] - - def connectionLost(self): - print "Connection lost unexpectedly!" - # unexpected loss of connection; don't save - self.lines = [] - - def sendSuccess(self, r): - print r - - def sendError(self, e): - print e - - def prepareHeader(self): - self.headers.insert(1, "From: %s" % self.user.orig.addrstr) - self.headers.insert(2, "To: %s" % self.user.dest.addrstr) - self.headers.append('') - - def sendMessage(self): - self.prepareHeader() - msg = '\n'.join(self.headers+[self.cyphertext]) - d = defer.Deferred() - factory = smtp.ESMTPSenderFactory(self.smtp_username, - self.smtp_password, - self.smtp_username, - self.user.dest.addrstr, - StringIO(msg), - d) - # the next call is TSL-powered! - reactor.connectTCP(self.SMTP_HOSTNAME, self.SMTP_PORT, factory) - d.addCallback(self.sendSuccess) - d.addErrback(self.sendError) - return d - - def encrypt(self, always_trust=True): - # TODO: do not "always trust" here. - fp = self._gpg.find_key(self.user.dest.addrstr)['fingerprint'] - print "Encrypting to %s" % fp - self.cyphertext = str(self._gpg.encrypt('\n'.join(self.body), [fp], - always_trust=always_trust)) - - # this will be replaced by some other mechanism of obtaining credentials - # for SMTP server. - def getSMTPInfo(self): - f = open('/media/smtp-info.txt', 'r') - self.smtp_host = f.readline().rstrip() - self.smtp_port = f.readline().rstrip() - self.smtp_username = f.readline().rstrip() - self.smtp_password = f.readline().rstrip() - f.close() - - -class GPGWrapper(): - """ - This is a temporary class for handling GPG requests, and should be - replaced by a more general class used throughout the project. - """ - - GNUPG_HOME = "~/.config/leap/gnupg" - GNUPG_BINARY = "/usr/bin/gpg" # this has to be changed based on OS - - def __init__(self, gpghome=GNUPG_HOME, gpgbinary=GNUPG_BINARY): - self.gpg = gnupg.GPG(gnupghome=gpghome, gpgbinary=gpgbinary) - - def find_key(self, email): - """ - Find user's key based on their email. - """ - for key in self.gpg.list_keys(): - for uid in key['uids']: - if re.search(email, uid): - return key - raise LookupError("GnuPG public key for %s not found!" % email) - - def encrypt(self, data, recipient, always_trust=True): - # TODO: do not 'always_trust'. - return self.gpg.encrypt(data, recipient, always_trust=always_trust) - - def decrypt(self, data): - return self.gpg.decrypt(data) - - def import_keys(self, data): - return self.gpg.import_keys(data) - - -# service configuration -port = 25 -factory = SMTPFactory() - -# these enable the use of this service with twistd -application = service.Application("LEAP SMTP Relay") -service = internet.TCPServer(port, factory) -service.setServiceParent(application) diff --git a/src/leap/email/smtp/tests/__init__.py b/src/leap/email/smtp/tests/__init__.py index 1b2d8bd1..d00ebeb5 100644 --- a/src/leap/email/smtp/tests/__init__.py +++ b/src/leap/email/smtp/tests/__init__.py @@ -21,7 +21,7 @@ class OpenPGPTestCase(unittest.TestCase): def tearDown(self): shutil.rmtree(self.GNUPG_HOME) - def test_encrypt_decrypt(self): + def test_openpgp_encrypt_decrypt(self): text = "simple raw text" encrypted = str(self._gpg.encrypt(text, KEY_FINGERPRINT, # TODO: handle always trust issue diff --git a/src/leap/email/smtp/tests/test_smtprelay.py b/src/leap/email/smtp/tests/test_smtprelay.py index 5410c75e..dc0055c6 100644 --- a/src/leap/email/smtp/tests/test_smtprelay.py +++ b/src/leap/email/smtp/tests/test_smtprelay.py @@ -1,22 +1,25 @@ from datetime import datetime import re from leap.email.smtp.smtprelay import ( - SMTPFactory, # a ServerFactory + SMTPFactory, #SMTPDelivery, # an object - #EncryptedMessage, + EncryptedMessage, ) from leap.email.smtp import tests from twisted.internet.error import ConnectionDone from twisted.test import proto_helpers +from twisted.internet import defer +from twisted.mail.smtp import User +# some regexps +IP_REGEX = "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"; +HOSTNAME_REGEX = "(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])"; +IP_OR_HOST_REGEX = '(' + IP_REGEX + '|' + HOSTNAME_REGEX + ')' + class TestSmtpRelay(tests.OpenPGPTestCase): - IP_REGEX = "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"; - HOSTNAME_REGEX = "(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])"; - IP_OR_HOST_REGEX = '(' + IP_REGEX + '|' + HOSTNAME_REGEX + ')' - - CRLF = '\r\n' + EMAIL_DATA = [ 'HELO relay.leap.se', 'MAIL FROM: ', 'RCPT TO: ', @@ -32,25 +35,8 @@ class TestSmtpRelay(tests.OpenPGPTestCase): '', '.', 'QUIT' ] - SMTP_ANSWERS = [ '220 ' + IP_OR_HOST_REGEX + ' NO UCE NO UBE NO RELAY PROBES', - '250 ' + IP_OR_HOST_REGEX + ' Hello ' + IP_OR_HOST_REGEX + ', nice to meet you', - '250 Sender address accepted', - '250 Recipient address accepted', - '354 Continue' ] - - - def setUp(self): - super(TestSmtpRelay, self).setUp() - self.proto = SMTPFactory(self._gpg).buildProtocol(('127.0.0.1',0)) - self.transport = proto_helpers.StringTransport() - self.proto.makeConnection(self.transport) - def tearDown(self): - self.proto.setTimeout(None) - super(TestSmtpRelay, self).tearDown() - - def assertMatch(self, string, pattern, msg=None): if not re.match(pattern, string): msg = self._formatMessage(msg, '"%s" does not match pattern "%s".' @@ -58,13 +44,33 @@ class TestSmtpRelay(tests.OpenPGPTestCase): raise self.failureException(msg) - def test_send_email(self): + def test_relay_accepts_valid_email(self): """ - If L{smtp.SMTP} receives an empty line, it responds with a 500 error - response code and a message about a syntax error. + Test if SMTP server responds correctly for valid interaction. """ + SMTP_ANSWERS = [ '220 ' + IP_OR_HOST_REGEX + ' NO UCE NO UBE NO RELAY PROBES', + '250 ' + IP_OR_HOST_REGEX + ' Hello ' + IP_OR_HOST_REGEX + ', nice to meet you', + '250 Sender address accepted', + '250 Recipient address accepted', + '354 Continue' ] + proto = SMTPFactory(self._gpg).buildProtocol(('127.0.0.1',0)) + transport = proto_helpers.StringTransport() + proto.makeConnection(transport) for i, line in enumerate(self.EMAIL_DATA): - self.proto.lineReceived(line+self.CRLF) - self.assertMatch(self.transport.value(), - self.CRLF.join(self.SMTP_ANSWERS[0:i+1])) + proto.lineReceived(line + '\r\n') + self.assertMatch(transport.value(), + '\r\n'.join(SMTP_ANSWERS[0:i+1])) + proto.setTimeout(None) + + + def test_message_encrypt(self): + proto = SMTPFactory(self._gpg).buildProtocol(('127.0.0.1',0)) + user = User('leap@leap.se', 'relay.leap.se', proto, 'leap@leap.se') + m = EncryptedMessage(user, self._gpg) + for line in self.EMAIL_DATA[4:12]: + m.lineReceived(line) + m.parseMessage() + m.encrypt() + decrypted = str(self._gpg.decrypt(m.cyphertext)) + self.assertEqual('\n'.join(self.EMAIL_DATA[9:12]), decrypted) -- cgit v1.2.3