86 lines
3.1 KiB
Python
86 lines
3.1 KiB
Python
import gpg
|
|
import os
|
|
import psutil
|
|
import gpg.errors
|
|
|
|
class GPGHandler(object):
|
|
def __init__(self, gnupg_homedir = None, key_id = None, keyservers = None):
|
|
self.home = gnupg_homedir
|
|
self.key_id = key_id
|
|
self.keyservers = keyservers
|
|
if self.home:
|
|
self._prep_home()
|
|
else:
|
|
self._check_home()
|
|
self.ctx = self.get_context(home_dir = self.home)
|
|
|
|
def _check_home(self, home = None):
|
|
if not home:
|
|
home = self.home
|
|
if not home:
|
|
self.home = os.environ.get('GNUPGHOME', '~/.gnupg')
|
|
home = self.home
|
|
self._prep_home(home)
|
|
return()
|
|
|
|
def _prep_home(self, home = None):
|
|
if not home:
|
|
home = self.home
|
|
if not home:
|
|
self.home = os.environ.get('GNUPGHOME', '~/.gnupg')
|
|
self.home = os.path.abspath(os.path.expanduser(self.home))
|
|
if os.path.isdir(self.home):
|
|
_exists = True
|
|
else:
|
|
_exists = False
|
|
_uid = os.getuid()
|
|
_gid = os.getgid()
|
|
try:
|
|
os.makedirs(self.home, exist_ok = True)
|
|
os.chown(self.home, _uid, _gid)
|
|
os.chmod(self.home, 0o700)
|
|
except PermissionError:
|
|
# It's alright; it's HOPEFULLY already created.
|
|
if not _exists:
|
|
raise PermissionError('We need a GnuPG home directory we can '
|
|
'write to')
|
|
return()
|
|
|
|
def get_context(self, **kwargs):
|
|
ctx = gpg.Context(**kwargs)
|
|
return(ctx)
|
|
|
|
def kill_stale_agent(self):
|
|
_process_list = []
|
|
# TODO: optimize; can I search by proc name?
|
|
for p in psutil.process_iter():
|
|
if (p.name() in ('gpg-agent', 'dirmngr') and \
|
|
p.uids()[0] == os.getuid()):
|
|
pd = psutil.Process(p.pid).as_dict()
|
|
# TODO: convert these over
|
|
# for d in (chrootdir, dlpath):
|
|
# if pd['cwd'].startswith('{0}'.format(d)):
|
|
# plst.append(p.pid)
|
|
# if len(plst) >= 1:
|
|
# for p in plst:
|
|
# psutil.Process(p).terminate()
|
|
|
|
def get_sigs(self, data_in):
|
|
key_ids = []
|
|
# Currently as of May 13, 2018 there's no way using the GPGME API to do
|
|
# the equivalent of the CLI's --list-packets.
|
|
# https://lists.gnupg.org/pipermail/gnupg-users/2018-January/
|
|
# 059708.html
|
|
# https://lists.gnupg.org/pipermail/gnupg-users/2018-January/
|
|
# 059715.html
|
|
# We use the "workaround in:
|
|
# https://lists.gnupg.org/pipermail/gnupg-users/2018-January/
|
|
# 059711.html
|
|
try:
|
|
self.ctx.verify(data_in)
|
|
except gpg.errors.BadSignatures as sig_except:
|
|
for line in [i.strip() for i in str(sig_except).splitlines()]:
|
|
l = [i.strip() for i in line.split(':')]
|
|
key_ids.append(l[0])
|
|
return(key_ids)
|