From 32a2c354c4cf1691446f91d5ee6b8ec036782956 Mon Sep 17 00:00:00 2001 From: drebs Date: Mon, 5 Nov 2012 12:03:34 -0200 Subject: relay raises exception if recipient's key is not ultimatelly trusted --- src/leap/email/smtp/smtprelay.tac | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/leap/email/smtp/smtprelay.tac b/src/leap/email/smtp/smtprelay.tac index 7d8e426d..2ee5ee4b 100644 --- a/src/leap/email/smtp/smtprelay.tac +++ b/src/leap/email/smtp/smtprelay.tac @@ -43,10 +43,13 @@ class SMTPDelivery(object): """Assert existence of and trust on recipient's GPG public key.""" # try to find recipient's public key try: - fp = self.gpg.get_fingerprint(user.dest.addrstr) + # this will raise an exception if key is not found + trust = self.gpg.find_key(user.dest.addrstr)['trust'] + # verify if key is (u)ltimatelly trusted + if trust != 'u': + raise smtp.SMTPBadRcpt(user) print "Accepting mail for %s..." % user.dest return lambda: EncryptedMessage(user) - # TODO: verify if key is trusted except LookupError: raise smtp.SMTPBadRcpt(user) @@ -126,7 +129,7 @@ class EncryptedMessage(): return d def encrypt(self): - fp = self.gpg.get_fingerprint(self.user.dest.addrstr) + fp = self.gpg.find_key(self.user.dest.addrstr)['fingerprint'] print "Encrypting to %s" % fp self.cyphertext = str(self.gpg.encrypt('\n'.join(self.body), [fp])) @@ -153,14 +156,14 @@ class GPGWrapper(): def __init__(self, gpghome=GNUPG_HOME, gpgbinary=GNUPG_BINARY): self.gpg = gnupg.GPG(gnupghome=gpghome, gpgbinary=gpgbinary) - def get_fingerprint(self, email): + def find_key(self, email): """ - Find user's fingerprint based on their email. + Find user's key based on their email. """ for key in self.gpg.list_keys(): for uid in key['uids']: if re.search(email, uid): - return key['fingerprint'] + return key raise LookupError("GnuPG public key for %s not found!" % email) def encrypt(self, data, recipient): -- cgit v1.2.3