Use normal Python logging everywhere, not printing to debuglog.
This commit is contained in:
William Grant
+29
-29
@@ -21,6 +21,7 @@
|
||||
|
||||
import base64
|
||||
import hashlib
|
||||
import logging
|
||||
import re
|
||||
import time
|
||||
|
||||
@@ -35,6 +36,7 @@ from dkim.crypto import (
|
||||
UnparsableKeyError,
|
||||
)
|
||||
from dkim.util import (
|
||||
get_default_logger,
|
||||
InvalidTagValueList,
|
||||
parse_tag_value,
|
||||
)
|
||||
@@ -50,6 +52,7 @@ __all__ = [
|
||||
"verify",
|
||||
]
|
||||
|
||||
|
||||
class Simple:
|
||||
"""Class that represents the "simple" canonicalization algorithm."""
|
||||
|
||||
@@ -145,8 +148,6 @@ def validate_signature_fields(sig):
|
||||
Raises a ValidationError if checks fail, otherwise returns None.
|
||||
|
||||
@param sig: A dict mapping field keys to values.
|
||||
@param debuglog: A file-like object to which details will be written
|
||||
on error.
|
||||
"""
|
||||
mandatory_fields = ('v', 'a', 'b', 'bh', 'd', 'h', 's')
|
||||
for field in mandatory_fields:
|
||||
@@ -241,7 +242,10 @@ def fold(header):
|
||||
header = header[j:]
|
||||
return pre + header
|
||||
|
||||
def sign(message, selector, domain, privkey, identity=None, canonicalize=(Simple, Simple), include_headers=None, length=False, debuglog=None):
|
||||
|
||||
def sign(message, selector, domain, privkey, identity=None,
|
||||
canonicalize=(Simple, Simple), include_headers=None, length=False,
|
||||
logger=None):
|
||||
"""Sign an RFC822 message and return the DKIM-Signature header line.
|
||||
|
||||
@param message: an RFC822 formatted message (with either \\n or \\r\\n line endings)
|
||||
@@ -252,9 +256,10 @@ def sign(message, selector, domain, privkey, identity=None, canonicalize=(Simple
|
||||
@param canonicalize: the canonicalization algorithms to use (default (Simple, Simple))
|
||||
@param include_headers: a list of strings indicating which headers are to be signed (default all headers)
|
||||
@param length: true if the l= tag should be included to indicate body length (default False)
|
||||
@param debuglog: a file-like object to which debug info will be written (default None)
|
||||
|
||||
@param logger: a logger to which debug info will be written (default None)
|
||||
"""
|
||||
if logger is None:
|
||||
logger = get_default_logger()
|
||||
|
||||
(headers, body) = rfc822_parse(message)
|
||||
|
||||
@@ -304,8 +309,7 @@ def sign(message, selector, domain, privkey, identity=None, canonicalize=(Simple
|
||||
dkim_header = (dkim_header[0], dkim_header[1][:-2])
|
||||
sign_headers.append(dkim_header)
|
||||
|
||||
if debuglog is not None:
|
||||
print >>debuglog, "sign headers:", sign_headers
|
||||
logger.debug("sign headers: %r" % sign_headers)
|
||||
h = hashlib.sha256()
|
||||
for x in sign_headers:
|
||||
h.update(x[0])
|
||||
@@ -321,13 +325,16 @@ def sign(message, selector, domain, privkey, identity=None, canonicalize=(Simple
|
||||
|
||||
return 'DKIM-Signature: ' + sig_value + "\r\n"
|
||||
|
||||
def verify(message, debuglog=None, dnsfunc=dnstxt):
|
||||
|
||||
def verify(message, logger=None, dnsfunc=dnstxt):
|
||||
"""Verify a DKIM signature on an RFC822 formatted message.
|
||||
|
||||
@param message: an RFC822 formatted message (with either \\n or \\r\\n line endings)
|
||||
@param debuglog: a file-like object to which debug info will be written (default None)
|
||||
@param logger: a logger to which debug info will be written (default None)
|
||||
|
||||
"""
|
||||
if logger is None:
|
||||
logger = get_default_logger()
|
||||
|
||||
(headers, body) = rfc822_parse(message)
|
||||
|
||||
@@ -340,20 +347,18 @@ def verify(message, debuglog=None, dnsfunc=dnstxt):
|
||||
sig = parse_tag_value(sigheaders[0][1])
|
||||
except InvalidTagValueList:
|
||||
return False
|
||||
if debuglog is not None:
|
||||
print >>debuglog, "sig:", sig
|
||||
logger.debug("sig: %r" % sig)
|
||||
|
||||
try:
|
||||
validate_signature_fields(sig)
|
||||
except ValidationError, e:
|
||||
if debuglog is not None:
|
||||
print >>debuglog, str(e)
|
||||
logger.error("signature fields failed to validate: %s" % e)
|
||||
return False
|
||||
|
||||
m = re.match("(\w+)(?:/(\w+))?$", sig['c'])
|
||||
if m is None:
|
||||
if debuglog is not None:
|
||||
print >>debuglog, "c= value is not in format method/method (%s)" % sig['c']
|
||||
logger.error(
|
||||
"c= value is not in format method/method (%s)" % sig['c'])
|
||||
return False
|
||||
can_headers = m.group(1)
|
||||
if m.group(2) is not None:
|
||||
@@ -366,8 +371,7 @@ def verify(message, debuglog=None, dnsfunc=dnstxt):
|
||||
elif can_headers == "relaxed":
|
||||
canonicalize_headers = Relaxed
|
||||
else:
|
||||
if debuglog is not None:
|
||||
print >>debuglog, "Unknown header canonicalization (%s)" % can_headers
|
||||
logger.error("unknown header canonicalization (%s)" % can_headers)
|
||||
return False
|
||||
|
||||
headers = canonicalize_headers.canonicalize_headers(headers)
|
||||
@@ -377,8 +381,7 @@ def verify(message, debuglog=None, dnsfunc=dnstxt):
|
||||
elif can_body == "relaxed":
|
||||
body = Relaxed.canonicalize_body(body)
|
||||
else:
|
||||
if debuglog is not None:
|
||||
print >>debuglog, "Unknown body canonicalization (%s)" % can_body
|
||||
logger.error("unknown body canonicalization (%s)" % can_body)
|
||||
return False
|
||||
|
||||
if sig['a'] == "rsa-sha1":
|
||||
@@ -386,8 +389,7 @@ def verify(message, debuglog=None, dnsfunc=dnstxt):
|
||||
elif sig['a'] == "rsa-sha256":
|
||||
hasher = hashlib.sha256
|
||||
else:
|
||||
if debuglog is not None:
|
||||
print >>debuglog, "Unknown signature algorithm (%s)" % sig['a']
|
||||
logger.error("unknown signature algorithm (%s)" % sig['a'])
|
||||
return False
|
||||
|
||||
if 'l' in sig:
|
||||
@@ -396,11 +398,11 @@ def verify(message, debuglog=None, dnsfunc=dnstxt):
|
||||
h = hasher()
|
||||
h.update(body)
|
||||
bodyhash = h.digest()
|
||||
if debuglog is not None:
|
||||
print >>debuglog, "bh:", base64.b64encode(bodyhash)
|
||||
logger.debug("bh: %s" % base64.b64encode(bodyhash))
|
||||
if bodyhash != base64.b64decode(re.sub(r"\s+", "", sig['bh'])):
|
||||
if debuglog is not None:
|
||||
print >>debuglog, "body hash mismatch (got %s, expected %s)" % (base64.b64encode(bodyhash), sig['bh'])
|
||||
logger.error(
|
||||
"body hash mismatch (got %s, expected %s)" %
|
||||
(base64.b64encode(bodyhash), sig['bh']))
|
||||
return False
|
||||
|
||||
s = dnsfunc(sig['s']+"._domainkey."+sig['d']+".")
|
||||
@@ -413,8 +415,7 @@ def verify(message, debuglog=None, dnsfunc=dnstxt):
|
||||
try:
|
||||
pk = parse_public_key(base64.b64decode(pub['p']))
|
||||
except UnparsableKeyError, e:
|
||||
if debuglog is not None:
|
||||
print >>debuglog, "could not parse public key: %s" % e
|
||||
logger.error("could not parse public key: %s" % e)
|
||||
return False
|
||||
|
||||
include_headers = re.split(r"\s*:\s*", sig['h'])
|
||||
@@ -426,6 +427,5 @@ def verify(message, debuglog=None, dnsfunc=dnstxt):
|
||||
return RSASSA_PKCS1_v1_5_verify(
|
||||
h, signature, pk['publicExponent'], pk['modulus'])
|
||||
except DigestTooLargeError:
|
||||
if debuglog is not None:
|
||||
print >>debuglog, "digest too large for modulus"
|
||||
logger.error("digest too large for modulus")
|
||||
return False
|
||||
|
||||
@@ -16,8 +16,18 @@
|
||||
#
|
||||
# Copyright (c) 2011 William Grant <me@williamgrant.id.au>
|
||||
|
||||
import logging
|
||||
try:
|
||||
from logging import NullHandler
|
||||
except ImportError:
|
||||
class NullHandler(logging.Handler):
|
||||
def emit(self, record):
|
||||
pass
|
||||
|
||||
|
||||
__all__ = [
|
||||
'DuplicateTag',
|
||||
'get_default_logger',
|
||||
'InvalidTagSpec',
|
||||
'InvalidTagValueList',
|
||||
'parse_tag_value',
|
||||
@@ -58,3 +68,11 @@ def parse_tag_value(tag_list):
|
||||
raise DuplicateTag(key.strip())
|
||||
tags[key.strip()] = value.strip()
|
||||
return tags
|
||||
|
||||
|
||||
def get_default_logger():
|
||||
"""Get the default pydkim logger."""
|
||||
logger = logging.getLogger('pydkim')
|
||||
if not logger.handlers:
|
||||
logger.addHandler(NullHandler())
|
||||
return logger
|
||||
|
||||
Reference in New Issue
Block a user