From 8fc1258ace65be2bb828bf302fc0661cdd128bd7 Mon Sep 17 00:00:00 2001
From: Ruben Pollan <meskio@sindominio.net>
Date: Wed, 18 Nov 2015 00:27:56 +0100
Subject: [feat] postfix lookup against couchdb for client smtp fingerprint

- Resolves: #4285
---
 src/leap/mx/couchdbhelper.py        | 28 +++++++++++
 src/leap/mx/fingerprint_resolver.py | 98 +++++++++++++++++++++++++++++++++++++
 2 files changed, 126 insertions(+)
 create mode 100644 src/leap/mx/fingerprint_resolver.py

(limited to 'src')

diff --git a/src/leap/mx/couchdbhelper.py b/src/leap/mx/couchdbhelper.py
index 115ecbe..de133d5 100644
--- a/src/leap/mx/couchdbhelper.py
+++ b/src/leap/mx/couchdbhelper.py
@@ -138,6 +138,34 @@ class ConnectedCouchDB(client.CouchDB):
         d.addCallbacks(_get_pubkey_cbk, log.err)
         return d
 
+    def getCertExpiry(self, fingerprint):
+        """
+        Query couch and return a deferred that will fire with the expiration
+        date for the cert with the given fingerprint.
+
+        :param fingerprint: The cert fingerprint
+        :type fingerprint: str
+
+        :return: A deferred that will fire with the cert expiration date as a
+                 str.
+        :rtype: Deferred
+        """
+        d = self.openView(docId="Identity",
+                          viewId="cert_expiry_by_fingerprint/",
+                          key=fingerprint,
+                          reduce=False,
+                          include_docs=True)
+
+        def _get_cert_expiry_cbk(result):
+            try:
+                expiry = result["rows"][0]["value"]
+            except (KeyError, IndexError):
+                expiry = None
+            return expiry
+
+        d.addCallback(_get_cert_expiry_cbk)
+        return d
+
     def put_doc(self, uuid, doc):
         """
         Update a document.
diff --git a/src/leap/mx/fingerprint_resolver.py b/src/leap/mx/fingerprint_resolver.py
new file mode 100644
index 0000000..0a0850d
--- /dev/null
+++ b/src/leap/mx/fingerprint_resolver.py
@@ -0,0 +1,98 @@
+#!/usr/bin/env python
+# -*- encoding: utf-8 -*-
+# fingerprint_resolver.py
+# Copyright (C) 2015 LEAP
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+"""
+Classes for resolve expiration date of certs.
+
+Test this with postmap -v -q "fingerprint" tcp:localhost:2424
+"""
+
+
+from datetime import datetime
+from twisted.internet.protocol import ServerFactory
+from twisted.protocols import postfix
+from twisted.python import log
+
+from leap.mx.tcp_map import TCP_MAP_CODE_SUCCESS
+from leap.mx.tcp_map import TCP_MAP_CODE_PERMANENT_FAILURE
+
+
+class LEAPPostfixTCPMapFingerprintServer(postfix.PostfixTCPMapServer):
+    """
+    A postfix tcp map fingerprint resolver server.
+    """
+
+    def _cbGot(self, res):
+        """
+        Return a code and message depending on the result of the factory's
+        get().
+
+        :param res: The fingerprint and expiration date of the cert
+        :type res: (str, str)
+        """
+        fingerprint, expiry = (None, None)
+        if res is not None:
+            fingerprint, expiry = res
+
+        if expiry is None:
+            code = TCP_MAP_CODE_PERMANENT_FAILURE
+            msg = "NOT FOUND SRY"
+        elif expiry < datetime.utcnow().strftime("%Y-%m-%d"):
+            code = TCP_MAP_CODE_PERMANENT_FAILURE
+            msg = "EXPIRED CERT"
+        else:
+            # properly encode expiry, otherwise twisted complains when replying
+            if isinstance(expiry, unicode):
+                expiry = expiry.encode("utf8")
+            code = TCP_MAP_CODE_SUCCESS
+            msg = fingerprint + " " + expiry
+
+        self.sendCode(code, postfix.quote(msg))
+
+
+class FingerprintResolverFactory(ServerFactory, object):
+    """
+    A factory for postfix tcp map fingerprint resolver servers.
+    """
+
+    protocol = LEAPPostfixTCPMapFingerprintServer
+
+    def __init__(self, couchdb):
+        """
+        Initialize the factory.
+
+        :param couchdb: A CouchDB client.
+        :type couchdb: leap.mx.couchdbhelper.ConnectedCouchDB
+        """
+        self._cdb = couchdb
+
+    def get(self, fingerprint):
+        """
+        Look up the cert expiration date based on fingerprint.
+
+        :param fingerprint: The cert fingerprint.
+        :type fingerprint: str
+
+        :return: A deferred that will be fired with the expiration date.
+        :rtype: Deferred
+        """
+        log.msg("look up: %s" % (fingerprint,))
+        d = self._cdb.getCertExpiry(fingerprint.lower())
+        d.addCallback(lambda expiry: (fingerprint, expiry))
+        d.addErrback(log.err)
+        return d
-- 
cgit v1.2.3