1.1 --- a/scripts/getfiles.py Wed Jan 08 01:07:30 2014 +0100
1.2 +++ b/scripts/getfiles.py Wed Jan 08 01:55:57 2014 +0100
1.3 @@ -7,7 +7,6 @@
1.4 """
1.5
1.6 from MoinMessage import *
1.7 -from email.mime.application import MIMEApplication
1.8 from email.mime.text import MIMEText
1.9 from email.parser import Parser
1.10 from os.path import join, exists
1.11 @@ -21,6 +20,13 @@
1.12 finally:
1.13 f.close()
1.14
1.15 +def decrypt(gpg, content):
1.16 + if is_encrypted(content):
1.17 + text = gpg.decryptMessage(content)
1.18 + return Parser().parsestr(text)
1.19 + else:
1.20 + return content
1.21 +
1.22 if __name__ == "__main__":
1.23 try:
1.24 service = sys.argv[1]
1.25 @@ -46,29 +52,22 @@
1.26
1.27 # Get the e-mail message itself.
1.28
1.29 - message = message.get_payload()
1.30 + email_message = message.get_payload()
1.31
1.32 - # Encrypt, sign and send the message.
1.33 + # Encrypt, sign and send the request.
1.34
1.35 gpg = GPG()
1.36 - message = gpg.encryptMessage(message, service)
1.37 - message = gpg.signMessage(message, signer)
1.38 - resp = sendMessageForReading(message, url)
1.39 + encrypted_message = gpg.encryptMessage(email_message, service)
1.40 + signed_message = gpg.signMessage(encrypted_message, signer)
1.41 + resp = sendMessageForReading(signed_message, url)
1.42
1.43 - # Verify, decrypt and unpack the message.
1.44 + # Verify the response after possible transport encryption.
1.45
1.46 try:
1.47 - if not is_signed(message):
1.48 - print >>sys.stderr, "Incoming message was not signed."
1.49 - sys.exit(1)
1.50 -
1.51 message = Parser().parse(resp)
1.52 + message = decrypt(gpg, message)
1.53 fingerprint, identity, content = gpg.verifyMessage(message)
1.54
1.55 - if is_encrypted(content):
1.56 - text = gpg.decryptMessage(content)
1.57 - content = Parser().parsestr(text)
1.58 -
1.59 except MoinMessageDecodingError:
1.60 print >>sys.stderr, "Incoming message was improperly encoded."
1.61 sys.exit(1)
1.62 @@ -86,20 +85,17 @@
1.63 # file, even though the eventual filename in the directory may be
1.64 # different.
1.65
1.66 - filename = part["Content-Disposition"]
1.67 - directory, leafname = filename.split("/")
1.68 + directory = part["Content-Disposition"]
1.69
1.70 - # The data may be encrypted.
1.71 + # The retrieved content may be encrypted.
1.72 +
1.73 + part = decrypt(gpg, part)
1.74
1.75 - try:
1.76 - data = gpg.decryptMessage(part)
1.77 - except MoinMessageError:
1.78 - print >>sys.stderr, "Message part was not decrypted."
1.79 - data = part.get_payload(decode=True)
1.80 + # The original sender may now be verified.
1.81
1.82 - # Parse the decoded data.
1.83 -
1.84 - content = Parser().parsestr(data)
1.85 + if is_signed(part):
1.86 + fingerprint, identity, content = gpg.verifyMessage(part)
1.87 + print >>sys.stderr, "Content signed by %s." % identity
1.88
1.89 if content.is_multipart():
1.90 files = content.get_payload()
1.91 @@ -111,8 +107,8 @@
1.92 for file in files:
1.93 data = file.get_payload(decode=True)
1.94
1.95 - realname = file.get("Content-Disposition")
1.96 - filename = join(directory, realname or leafname)
1.97 + realname = file["Content-Disposition"]
1.98 + filename = join(directory, realname)
1.99
1.100 dirpath = join(target_dir, directory)
1.101 if not exists(dirpath):
2.1 --- a/scripts/sendfiles.py Wed Jan 08 01:07:30 2014 +0100
2.2 +++ b/scripts/sendfiles.py Wed Jan 08 01:55:57 2014 +0100
2.3 @@ -48,7 +48,8 @@
2.4
2.5 email_message = message.get_payload()
2.6
2.7 - # Sign, encrypt, sign and send the message.
2.8 + # Sign (for authorship), encrypt (for privacy), sign (for authentication),
2.9 + # and send the message.
2.10
2.11 gpg = GPG()
2.12 signed_message = gpg.signMessage(email_message, signer)