#!/usr/bin/env python # mailman-openssl-smime.py - demo on how to deal with smime messages in # the Mailman framework, using the SMIMEUtils module which calls the # openssl command line tool # # based upon smime handling found in sympa-5.1/src/tools.pl , from # http://www.sympa.org/distribution/ # # usage: this script should get installed in mailman/bin. On Debian # GNU/Linux systems this is /usr/lib/mailman/bin/ . It reads a raw S/MIME # message on stdin. # Copyright (C) 2005 Tilburg University http://www.uvt.nl/ # Author: Joost van Baal # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA import paths from Mailman import mm_cfg import sys import email import os # import time # for sleep sys.path.append('/usr/lib/mailman/Mailman/Handlers') sys.path.append('/usr/lib/mailman/Mailman/') import Utils from Mailman import Message from Mailman import SMIMEUtils msg = email.message_from_string(sys.stdin.read(), Message.Message) from MailList import MailList mlist = MailList('test-smime', lock=False) # import pickle # mlist = pickle.load(open('/var/lib/mailman/lists/test-smime/config.pck')) # smime list stuff in: # /var/lib/mailman/lists//smime/{key,cert}.pem sm = SMIMEUtils.SMIMEHelper(mlist) if msg.is_multipart(): if sm.verifyMessage(msg): print "S/MIME verify OK" else: print "S/MIME verify failed" elif msg.get_content_type()=="application/x-pkcs7-mime": ciphertext = msg.as_string() (plaintext,key_ids) = sm.decryptMessage(ciphertext) print "sm.decryptMessage returned:" print plaintext # the plaintext could be signed s/mime stuff! # it could e.g. look like: # Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; # micalg=sha1; boundary="ZfOjI3PrQbgiZnxM" # Content-Disposition: inline # # # --ZfOjI3PrQbgiZnxM # Content-Type: text/plain; charset=us-ascii # Content-Disposition: inline # Content-Transfer-Encoding: quoted-printable # # blah # # --=20 # Joost van Baal joostvb@uvt.nl # http://abramowitz.uvt.nl/ (013-466-)3519 # # --ZfOjI3PrQbgiZnxM # Content-Type: application/x-pkcs7-signature # Content-Disposition: attachment; filename="smime.p7s" # Content-Transfer-Encoding: base64 # # MIILmQYJKoZIhvcNAQcCoIILijCCC4YCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC # COowggQ8MIIDJKADAgECAhEAgyFoZDtGClKLMxBBT6SYNDANBgkqhkiG9w0BAQUFADCBhTEL else: # assume stdin is just some blob of data. let's encrypt it. recipfile = sm.getSMIMEMemberCertFile("j.e.vanbaal@uvt.nl") ciphertext = sm.encryptMessage(msg.as_string(), recipfile) print "sm.encryptMessage returned:" print ciphertext ciphertext = sm.encryptSignMessage(msg.as_string(), recipfile) print "sm.encryptSignMessage returned:" print ciphertext # The only way to control the input and output streams and # also retrieve the return codes is to use the Popen3 and Popen4 classes from # the popen2 module; these are only available on Unix. # # os.system doesn't do it for us: we need to fiddle with std{in,out,err} # Let's see if our openssl calls really terminate. # If not, we'll see something like # joostvb 3857 0.5 0.2 7868 5480 pts/1 S+ 16:39 0:00 \_ python ./mailman-openssl-smime.py # joostvb 3858 0.0 0.0 0 0 pts/1 Z+ 16:39 0:00 \_ [openssl] # verify, decrypt and encrypt show this! ## os.wait() # reap our children ### import time # for sleep ### time.sleep(300) # give some time to inspect ps status