aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKonstantin Ryabitsev <konstantin@linuxfoundation.org>2020-12-07 13:48:12 -0500
committerKonstantin Ryabitsev <konstantin@linuxfoundation.org>2020-12-07 13:48:12 -0500
commit8ddcf5c0ee341a1155a86141f44069819c05f68c (patch)
tree0a04fc83cd8926ac95910516a215935504e1b5ae
parentfba47b040dfca978c6685b81bac60ee2f7604b4d (diff)
downloadb4-8ddcf5c0ee341a1155a86141f44069819c05f68c.tar.gz
Try all DKIM headers if failed on the first
dkim.verify will only try the topmost DKIM-Signature header, so in case of a failure, pop the failed header and retry with the next one (if any). Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
-rw-r--r--b4/__init__.py57
1 files changed, 34 insertions, 23 deletions
diff --git a/b4/__init__.py b/b4/__init__.py
index 28d22a6..1cc4577 100644
--- a/b4/__init__.py
+++ b/b4/__init__.py
@@ -1690,33 +1690,44 @@ class LoreAttestationSignatureDKIM(LoreAttestationSignature):
# self.native_verify()
# return
- dks = self.msg.get('dkim-signature')
- if not dks:
- return
+ while True:
+ dks = self.msg.get('dkim-signature')
+ if not dks:
+ logger.debug('No DKIM-Signature headers in the message')
+ return
- self.present = True
+ self.present = True
- ddata = get_parts_from_header(dks)
- self.attestor = LoreAttestorDKIM(ddata['d'])
- # Do we have a resolve method?
- if _resolver and hasattr(_resolver, 'resolve'):
- res = dkim.verify(self.msg.as_bytes(), dnsfunc=dkim_get_txt)
- else:
- res = dkim.verify(self.msg.as_bytes())
- if not res:
- logger.debug('DKIM signature did NOT verify')
- return
- self.good = True
+ ddata = get_parts_from_header(dks)
+ self.attestor = LoreAttestorDKIM(ddata['d'])
+ # Do we have a resolve method?
+ if _resolver and hasattr(_resolver, 'resolve'):
+ res = dkim.verify(self.msg.as_bytes(), dnsfunc=dkim_get_txt)
+ else:
+ res = dkim.verify(self.msg.as_bytes())
+ if not res:
+ logger.debug('DKIM signature did NOT verify')
+ logger.debug('Retrying with the next DKIM-Signature header, if any')
+ at = 0
+ for header in self.msg._headers: # noqa
+ if header[0].lower() == 'dkim-signature':
+ del(self.msg._headers[at]) # noqa
+ break
+ at += 1
+ continue
- # Grab toplevel signature that we just verified
- self.valid = True
- self.trusted = True
- self.passing = True
+ self.good = True
- if ddata.get('t'):
- self.sigdate = datetime.datetime.utcfromtimestamp(int(ddata['t'])).replace(tzinfo=datetime.timezone.utc)
- else:
- self.sigdate = email.utils.parsedate_to_datetime(str(self.msg['Date']))
+ # Grab toplevel signature that we just verified
+ self.valid = True
+ self.trusted = True
+ self.passing = True
+
+ if ddata.get('t'):
+ self.sigdate = datetime.datetime.utcfromtimestamp(int(ddata['t'])).replace(tzinfo=datetime.timezone.utc)
+ else:
+ self.sigdate = email.utils.parsedate_to_datetime(str(self.msg['Date']))
+ return
# def native_verify(self):
# dks = self.msg.get('dkim-signature')