summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2019-11-25 16:45:51 -0500
committerSean Whitton <spwhitton@spwhitton.name>2019-11-28 11:09:01 -0700
commit579b176e686d1b30cc8ecde55c5a8a31310c5938 (patch)
tree1f0110a0091c09ac1fbcc9bd12e489a5744789f4
parent229f295232e3abd3679bbb4ed258b81fc68a1931 (diff)
downloadmailscripts-579b176e686d1b30cc8ecde55c5a8a31310c5938.tar.gz
email-print-mime-structure: handle one-part PKCS#7 signature objects
PKCS#7 offers a signed-only mode which is distinct from multipart/signed. This mode is more robust to breakage by transforming MTAs, but it is also unreadable *unless* the receiver knows how to cope with S/MIME. See https://tools.ietf.org/html/rfc8551#section-3.5 for more details about the different formats. email-print-mime-structure should now be able to handle these messages and display the structure of their content as well. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Acked-by: Sean Whitton <spwhitton@spwhitton.name>
-rw-r--r--debian/control2
-rwxr-xr-xemail-print-mime-structure13
-rw-r--r--tests/email-print-mime-structure/smime-signed.eml41
-rw-r--r--tests/email-print-mime-structure/smime-signed.out7
4 files changed, 63 insertions, 0 deletions
diff --git a/debian/control b/debian/control
index d2e07da..73c5919 100644
--- a/debian/control
+++ b/debian/control
@@ -8,6 +8,7 @@ Build-Depends:
debhelper (>= 10),
dh-elpa,
diffutils <!nocheck>,
+ gnutls-bin <!nocheck>,
gpg <!nocheck>,
gpg-agent <!nocheck>,
gpgsm <!nocheck>,
@@ -52,6 +53,7 @@ Recommends:
python3-argcomplete,
python3-pgpy,
Suggests:
+ gnutls-bin,
gpg,
gpg-agent,
gpgsm,
diff --git a/email-print-mime-structure b/email-print-mime-structure
index 6d7b0af..b7646e0 100755
--- a/email-print-mime-structure
+++ b/email-print-mime-structure
@@ -103,6 +103,19 @@ class MimePrinter(object):
newprefix = prefix[:-3] + ' '
print(f'{newprefix}↧ (decrypts to)')
self.print_tree(cryptopayload, newprefix + '└', z, 0)
+ else:
+ if z.get_content_type().lower() == 'application/pkcs7-mime' and \
+ str(z.get_param('smime-type')).lower() == 'signed-data':
+ bodypart:Union[List[Message],str,bytes,None] = z.get_payload(decode=True)
+ if isinstance(bodypart, bytes):
+ unwrapped = self.pipe_transform(bodypart, ['certtool', '--p7-show-data', '--p7-info', '--inder'])
+ if unwrapped:
+ newprefix = prefix[:-3] + ' '
+ print(f'{newprefix}⇩ (unwraps to)')
+ self.print_tree(unwrapped, newprefix + '└', z, 0)
+ else:
+ logging.warning(f'Unable to unwrap one-part PKCS#7 signed message (maybe try "apt install gnutls-bin")')
+
def decrypt_part(self, msg:Message, flavor:EncType) -> Optional[Message]:
ciphertext:Union[List[Message],str,bytes,None] = msg.get_payload(decode=True)
diff --git a/tests/email-print-mime-structure/smime-signed.eml b/tests/email-print-mime-structure/smime-signed.eml
new file mode 100644
index 0000000..3929d6b
--- /dev/null
+++ b/tests/email-print-mime-structure/smime-signed.eml
@@ -0,0 +1,41 @@
+Date: Sun, 24 Nov 2019 21:13:45 -0500
+Subject: test message
+Message-ID: <smime-signed@mailscripts.example>
+From: Alice <alice@mailscripts.example>
+To: Bob <bob@mailscripts.example>
+Content-Type: application/pkcs7-mime; smime-type="signed-data"
+Content-Transfer-Encoding: base64
+
+MIIHOgYJKoZIhvcNAQcCoIIHKzCCBycCAQExDTALBglghkgBZQMEAgEwggG+BgkqhkiG9w0BBwGg
+ggGvBIIBq0NvbnRlbnQtVHlwZTogbXVsdGlwYXJ0L21peGVkOyBib3VuZGFyeT0ieHl6Ig0KDQot
+LXh5eg0KQ29udGVudC1UeXBlOiBtdWx0aXBhcnQvYWx0ZXJuYXRpdmU7IGJvdW5kYXJ5PSJhYmMx
+MjMiDQoNCi0tYWJjMTIzDQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4NCg0KVGhpcyBpcyBhIHNp
+bXBsZSBtZXNzYWdlDQoNCi0tYWJjMTIzDQpDb250ZW50LVR5cGU6IHRleHQvaHRtbA0KDQo8aHRt
+bD48aGVhZD48L2hlYWQ+PGJvZHk+PHA+VGhpcyBpcyBhIHNpbXBsZSBtZXNzYWdlPC9wPjwvYm9k
+eT48L2h0bWw+DQoNCi0tYWJjMTIzLS0NCi0teHl6DQpDb250ZW50LVR5cGU6IHRleHQvcGxhaW4N
+CkNvbnRlbnQtRGlzcG9zaXRpb246IGF0dGFjaG1lbnQ7IGZpbGVuYW1lPSJ0ZXN0LnR4dCINCg0K
+VGhpcyBpcyBhIHNpbXBsZSBhdHRhY2htZW50IGZpbGUuDQqgggNyMIIDbjCCAlagAwIBAgIUZ4K0
+WXNSS8H0cUcZavD9EYqqTAswDQYJKoZIhvcNAQENBQAwLTErMCkGA1UEAxMiU2FtcGxlIExBTVBT
+IENlcnRpZmljYXRlIEF1dGhvcml0eTAgFw0xOTExMjAwNjU0MThaGA8yMDUyMDkyNzA2NTQxOFow
+GTEXMBUGA1UEAxMOQWxpY2UgTG92ZWxhY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDD7q35ZdG2JAzzJGNZDZ9sV7AKh0hlRfoFjTZN5m4RegQAYSyag43ouWi1xRN0avf0UTYrwjK0
+4qRdV7GzCACoEKq/xiNUOsjfJXzbCublN3fZMOXDshKKBqThlK75SjA9Czxg7ejGoiY/iidk0e91
+neK30SCCaBTJlfR2ZDrPk73IPMeksxoTatfF9hw9dDA+/Hi1yptN/aG0Q/s9icFrxr6y2zQXsjuQ
+PmjMZgj10aD9cazWVgRYCgflhmA0V1uQl1wobYU8DAVxVn+GgabqyjGQMoythIK0Gn5+ofwxXXUM
+/zbU+g6+1ISdoXxRRFtq2GzbIqkAHZZQm+BbnFrhAgMBAAGjgZcwgZQwDAYDVR0TAQH/BAIwADAe
+BgNVHREEFzAVgRNhbGljZUBzbWltZS5leGFtcGxlMBMGA1UdJQQMMAoGCCsGAQUFBwMEMA8GA1Ud
+DwEB/wQFAwMHoAAwHQYDVR0OBBYEFKwuVFqk/VUYry7oZkQ40SXR1wB5MB8GA1UdIwQYMBaAFLdS
+TXPAiD2yw3paDPOU9/eAonfbMA0GCSqGSIb3DQEBDQUAA4IBAQB76o4Yz7yrVSFcpXqLrcGtdI4q
+93aKCXECCCzNQLp4yesh6brqaZHNJtwYcJ5TqbUym9hJ70iJE4jGNN+yAZR1ltte0HFKYIBKM4EJ
+umG++2hqbUaLz4tl06BHaQPCv/9NiNY7q9R9c/B6s1YzHhwqkWht2a+AtgJ4BkpG+g+MmZMQV/Ao
+7RwLFKJ9OlMWLBmEXFcpIJN0HpPasT0nEl/MmotSu+8RnClAi3yFfyTKb+8rD7VxuyXetqDZ6dU/
+9/iqD/SZS7OQIjywtd343mACz3B1RlFxMHSA6dQAf2btGumqR0KiAp3KkYRAePoaJqYkB7Zad06n
+gFl0G0FHON+7MYIB2TCCAdUCAQEwRTAtMSswKQYDVQQDEyJTYW1wbGUgTEFNUFMgQ2VydGlmaWNh
+dGUgQXV0aG9yaXR5AhRngrRZc1JLwfRxRxlq8P0RiqpMCzALBglghkgBZQMEAgGgaTAYBgkqhkiG
+9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0xOTExMjUyMDQ0MDZaMC8GCSqGSIb3
+DQEJBDEiBCCFhxQumT0jWdiOeuN21xClT1cnZAuhs2YCQjJWBu5fDjANBgkqhkiG9w0BAQEFAASC
+AQCau7ahdSrX99SsKrAVpTgL9ifxt5DgVywQQGOaKjsEHCRq8SH0BMuU+ByJryzkmsNFSUOo/Okg
+GZ5ZUlw+3W9Lnb9HM9Ad9WYZVT0LY7cqXDTV1ElQG7fnP6ugg/mOIw6UfqMc2SznGZX9ZGlOAwvk
+G7v/20xsw99ZQddcr4zSJ7V+bKxBmeysaMlGRKfwrEmu+/bDKGXRLstjsJmzvOK+LYqNKCFPhehf
+EjOJQyQq5sEHYc63gnziWTEcwoCQJcFGVZhh/x+KEdXtTb/jXpQzoX/IAs3ED/ggOzEyPbuMTrQD
+c9LA8e8NbwhGhKvNi0sZYccDsFMQLpo3rZttA4mo
diff --git a/tests/email-print-mime-structure/smime-signed.out b/tests/email-print-mime-structure/smime-signed.out
new file mode 100644
index 0000000..293a271
--- /dev/null
+++ b/tests/email-print-mime-structure/smime-signed.out
@@ -0,0 +1,7 @@
+└─╴application/pkcs7-mime 2538 bytes
+ ⇩ (unwraps to)
+ └┬╴multipart/mixed 415 bytes
+ ├┬╴multipart/alternative 234 bytes
+ │├─╴text/plain 26 bytes
+ │└─╴text/html 72 bytes
+ └─╴text/plain attachment [test.txt] 33 bytes