+# vi: encoding=utf-8 ts=8 sts=4 sw=4 et
+
+import log
+import subprocess
+import re
+import StringIO
+
+import util
+import os
+import pipeutil
+
+def get_keys(buf):
+ """Extract keys from gpg message
+
+ """
+
+ if not os.path.isfile('/usr/bin/gpg'):
+ log.error("missing gnupg binary: /usr/bin/gpg")
+ raise OSError, 'Missing gnupg binary'
+
+ d_stdout = None
+ d_stderr = None
+ cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--decrypt']
+ gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
+ try:
+ d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
+ except OSError, e:
+ log.error("gnupg run, does gpg binary exist? : %s" % e)
+ raise
+
+ rx = re.compile("^gpg: Signature made .*using [DR]SA key ID (.+)")
+ keys = []
+
+ for l in d_stderr.split('\n'):
+ m = rx.match(l)
+ if m:
+ keys.append(m.group(1))
+
+ return keys
+
+def verify_sig(buf):
+ """Check signature.
+
+ Given email as file-like object, return (signer-emails, signed-body).
+ where signer-emails is lists of strings, and signed-body is StringIO
+ object.
+ """
+
+ if not os.path.isfile('/usr/bin/gpg'):
+ log.error("missing gnupg binary: /usr/bin/gpg")
+ raise OSError, 'Missing gnupg binary'
+
+ d_stdout = None
+ d_stderr = None
+ cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--decrypt']
+ gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
+ try:
+ d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
+ except OSError, e:
+ log.error("gnupg run failed, does gpg binary exist? : %s" % e)
+ raise
+
+ rx = re.compile("^gpg: (Good signature from| aka) .*<([^>]+)>")
+ emails = []
+ for l in d_stderr.split('\n'):
+ m = rx.match(l)
+ if m:
+ emails.append(m.group(2))
+ if not emails:
+ log.error("gnupg signature check failed: %s" % d_stderr)
+ return (emails, d_stdout)
+
+def sign(buf):
+ if not os.path.isfile('/usr/bin/gpg'):
+ log.error("missing gnupg binary: /usr/bin/gpg")
+ raise OSError, 'Missing gnupg binary'
+
+ d_stdout = None
+ d_stderr = None
+ cmd = ['/usr/bin/gpg', '--batch', '--no-tty', '--clearsign']
+ gpg_run = subprocess.Popen(cmd, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE, close_fds=True)
+ try:
+ d_stdout, d_stderr = gpg_run.communicate(buf.encode('utf-8'))
+ except OSError, e:
+ log.error("gnupg signing failed, does gpg binary exist? : %s" % e)
+ raise
+
+ return d_stdout