From 64be054961f4829c7cd49bc9aedc6b7c116b7097 Mon Sep 17 00:00:00 2001
From: Pierre-Olivier Mercier <nemunaire@nemunai.re>
Date: Sun, 18 Mar 2018 14:05:20 +0100
Subject: [PATCH] New option to skip public key discovery in attachments

---
 check.py    | 13 ++++++++-----
 envelope.py | 17 +++++++++--------
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/check.py b/check.py
index 34ea2b8..7e2e354 100755
--- a/check.py
+++ b/check.py
@@ -33,14 +33,14 @@ def relatesTo(data, submissions_dir):
     yield data
 
 
-def gen_checks(submissions_dir, check_content=False, check_submission_hash=None):
+def gen_checks(submissions_dir, check_content=False, check_submission_hash=None, skip_public_key=True):
     if check_content:
         yield (relatesTo, [submissions_dir])
         if HARD_MAX_SUBMISSION is not None:
             yield (late.check, [HARD_MAX_SUBMISSION, SOFT_MAX_SUBMISSION])
     else:
         yield signcheck
-    yield (envelope.check, [GNUPG_DIRECTORY, BETA])
+    yield (envelope.check, [GNUPG_DIRECTORY, not skip_public_key, BETA])
     yield (signature.check, [GNUPG_DIRECTORY])
     yield (login.check, ["/home/nemunaire/workspace/check_mail/SRS2017.csv"])
     if check_content:
@@ -137,14 +137,14 @@ def readmail(fp):
     return cnt, frm, subject, ref, to
 
 
-def check_mail(cnt, submissions_dir, check_content=False, check_submission_hash=None):
+def check_mail(cnt, submissions_dir, check_content=False, check_submission_hash=None, skip_public_key=True):
     results = []
 
     # sentinel
     results.append([(None, [cnt])])
 
     lvl = 0
-    for check in gen_checks(submissions_dir=submissions_dir, check_content=check_content, check_submission_hash=check_submission_hash):
+    for check in gen_checks(submissions_dir=submissions_dir, check_content=check_content, check_submission_hash=check_submission_hash, skip_public_key=skip_public_key):
         lvl += 1
         curr = []
         curc = []
@@ -231,6 +231,9 @@ if __name__ == '__main__':
     parser.add_argument('--review-before-send', action="store_true",
                         help="Review the e-mail to be sent before sending it")
 
+    parser.add_argument('--skip-public-key', action="store_true",
+                        help="enable if you want to skip public key discovery through attachments")
+
     parser.add_argument('--beta', action="store_true",
                         help="enable beta features")
 
@@ -252,4 +255,4 @@ if __name__ == '__main__':
     BETA = args.beta
 
     cnt, frm, subject, ref, to = readmail(sys.stdin.buffer)
-    respondmail(frm, subject, ref, [c for c in check_mail(cnt, submissions_dir=args.submissions, check_content=not args.sign, check_submission_hash=args.expected_submission_hash)], to)
+    respondmail(frm, subject, ref, [c for c in check_mail(cnt, submissions_dir=args.submissions, check_content=not args.sign, check_submission_hash=args.expected_submission_hash, skip_public_key=args.skip_public_key)], to)
diff --git a/envelope.py b/envelope.py
index 769b189..2a0cf03 100644
--- a/envelope.py
+++ b/envelope.py
@@ -47,16 +47,17 @@ def assume_oldstyle(payload):
 
 
 
-def check(msg, GNUPG_DIRECTORY, beta=False):
+def check(msg, GNUPG_DIRECTORY, accept_public_key=True, beta=False):
     ct = msg.get_content_type()
 
     # First, looking for public key
-    for part in msg.walk():
-        if part.get_content_type() == "application/pgp-keys" and not part.is_multipart() and part.get_payload(decode=True).find(b"-----BEGIN PGP PUBLIC KEY BLOCK-----") >= 0:
-            if part.get_content_type() != "application/pgp-keys":
-                yield MailTest("Public key file discovered, but content-type mismatched: got %s instead of application/pgp-keys." % part.get_content_type(), 2)
-            yield from import_pubkey(part.get_payload(decode=True), GNUPG_DIRECTORY)
-            return
+    if accept_public_key:
+        for part in msg.walk():
+            if part.get_content_type() == "application/pgp-keys" and not part.is_multipart() and part.get_payload(decode=True).find(b"-----BEGIN PGP PUBLIC KEY BLOCK-----") >= 0:
+                if part.get_content_type() != "application/pgp-keys":
+                    yield MailTest("Public key file discovered, but content-type mismatched: got %s instead of application/pgp-keys." % part.get_content_type(), 2)
+                yield from import_pubkey(part.get_payload(decode=True), GNUPG_DIRECTORY)
+                return
 
     if ct == "multipart/signed" and msg.is_multipart():
         yield from assume_rfc3156(msg)
@@ -85,7 +86,7 @@ def check(msg, GNUPG_DIRECTORY, beta=False):
                         yield MailTest("Separate signature found. Trying it with part %d (%s) ..." % (s, spart.get_content_type()), -1)
                         yield (spart.get_payload(decode=True), part.get_payload(decode=True))
 
-            elif payload is not None and not part.is_multipart() and part.get_payload(decode=True).find(b"-----BEGIN PGP PUBLIC KEY BLOCK-----") >= 0:
+            elif accept_public_key and payload is not None and not part.is_multipart() and part.get_payload(decode=True).find(b"-----BEGIN PGP PUBLIC KEY BLOCK-----") >= 0:
                 if part.get_content_type() != "application/pgp-keys":
                     yield MailTest("Public key file discovered, but content-type mismatched: got %s instead of application/pgp-keys." % part.get_content_type(), 2)
                 yield from import_pubkey(part.get_payload(decode=True), GNUPG_DIRECTORY)