summaryrefslogtreecommitdiff
path: root/b4
diff options
context:
space:
mode:
Diffstat (limited to 'b4')
-rw-r--r--b4/__init__.py57
1 files changed, 34 insertions, 23 deletions
diff --git a/b4/__init__.py b/b4/__init__.py
index 28d22a6..1cc4577 100644
--- a/b4/__init__.py
+++ b/b4/__init__.py
@@ -1690,33 +1690,44 @@ class LoreAttestationSignatureDKIM(LoreAttestationSignature):
# self.native_verify()
# return
- dks = self.msg.get('dkim-signature')
- if not dks:
- return
+ while True:
+ dks = self.msg.get('dkim-signature')
+ if not dks:
+ logger.debug('No DKIM-Signature headers in the message')
+ return
- self.present = True
+ self.present = True
- ddata = get_parts_from_header(dks)
- self.attestor = LoreAttestorDKIM(ddata['d'])
- # Do we have a resolve method?
- if _resolver and hasattr(_resolver, 'resolve'):
- res = dkim.verify(self.msg.as_bytes(), dnsfunc=dkim_get_txt)
- else:
- res = dkim.verify(self.msg.as_bytes())
- if not res:
- logger.debug('DKIM signature did NOT verify')
- return
- self.good = True
+ ddata = get_parts_from_header(dks)
+ self.attestor = LoreAttestorDKIM(ddata['d'])
+ # Do we have a resolve method?
+ if _resolver and hasattr(_resolver, 'resolve'):
+ res = dkim.verify(self.msg.as_bytes(), dnsfunc=dkim_get_txt)
+ else:
+ res = dkim.verify(self.msg.as_bytes())
+ if not res:
+ logger.debug('DKIM signature did NOT verify')
+ logger.debug('Retrying with the next DKIM-Signature header, if any')
+ at = 0
+ for header in self.msg._headers: # noqa
+ if header[0].lower() == 'dkim-signature':
+ del(self.msg._headers[at]) # noqa
+ break
+ at += 1
+ continue
- # Grab toplevel signature that we just verified
- self.valid = True
- self.trusted = True
- self.passing = True
+ self.good = True
- if ddata.get('t'):
- self.sigdate = datetime.datetime.utcfromtimestamp(int(ddata['t'])).replace(tzinfo=datetime.timezone.utc)
- else:
- self.sigdate = email.utils.parsedate_to_datetime(str(self.msg['Date']))
+ # Grab toplevel signature that we just verified
+ self.valid = True
+ self.trusted = True
+ self.passing = True
+
+ if ddata.get('t'):
+ self.sigdate = datetime.datetime.utcfromtimestamp(int(ddata['t'])).replace(tzinfo=datetime.timezone.utc)
+ else:
+ self.sigdate = email.utils.parsedate_to_datetime(str(self.msg['Date']))
+ return
# def native_verify(self):
# dks = self.msg.get('dkim-signature')