diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2019-11-25 16:45:51 -0500 |
|---|---|---|
| committer | Sean Whitton <spwhitton@spwhitton.name> | 2019-11-28 11:09:01 -0700 |
| commit | 579b176e686d1b30cc8ecde55c5a8a31310c5938 (patch) | |
| tree | 1f0110a0091c09ac1fbcc9bd12e489a5744789f4 /email-print-mime-structure | |
| parent | 229f295232e3abd3679bbb4ed258b81fc68a1931 (diff) | |
| download | mailscripts-579b176e686d1b30cc8ecde55c5a8a31310c5938.tar.gz | |
email-print-mime-structure: handle one-part PKCS#7 signature objects
PKCS#7 offers a signed-only mode which is distinct from
multipart/signed. This mode is more robust to breakage by
transforming MTAs, but it is also unreadable *unless* the receiver
knows how to cope with S/MIME.
See https://tools.ietf.org/html/rfc8551#section-3.5 for more details
about the different formats.
email-print-mime-structure should now be able to handle these messages
and display the structure of their content as well.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
Diffstat (limited to 'email-print-mime-structure')
| -rwxr-xr-x | email-print-mime-structure | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/email-print-mime-structure b/email-print-mime-structure index 6d7b0af..b7646e0 100755 --- a/email-print-mime-structure +++ b/email-print-mime-structure @@ -103,6 +103,19 @@ class MimePrinter(object): newprefix = prefix[:-3] + ' ' print(f'{newprefix}↧ (decrypts to)') self.print_tree(cryptopayload, newprefix + '└', z, 0) + else: + if z.get_content_type().lower() == 'application/pkcs7-mime' and \ + str(z.get_param('smime-type')).lower() == 'signed-data': + bodypart:Union[List[Message],str,bytes,None] = z.get_payload(decode=True) + if isinstance(bodypart, bytes): + unwrapped = self.pipe_transform(bodypart, ['certtool', '--p7-show-data', '--p7-info', '--inder']) + if unwrapped: + newprefix = prefix[:-3] + ' ' + print(f'{newprefix}⇩ (unwraps to)') + self.print_tree(unwrapped, newprefix + '└', z, 0) + else: + logging.warning(f'Unable to unwrap one-part PKCS#7 signed message (maybe try "apt install gnutls-bin")') + def decrypt_part(self, msg:Message, flavor:EncType) -> Optional[Message]: ciphertext:Union[List[Message],str,bytes,None] = msg.get_payload(decode=True) |