Use parse_tag_value in verify().

2011-03-09 22:54:41 +11:00
parent 42a463cc23
commit fb2d8678fd
1 changed files with 13 additions and 27 deletions
@@ -23,6 +23,11 @@ import time
 import dns.resolver
 from dkim.util import (
    InvalidTagValueList,
    parse_tag_value,
    )
 __all__ = [
    "Simple",
    "Relaxed",
@@ -498,19 +503,10 @@ def verify(message, debuglog=None, dnsfunc=dnstxt):
        return False
    # Currently, we only validate the first DKIM-Signature line found.
-
+    try:
-    a = re.split(r"\s*;\s*", sigheaders[0][1].strip())
+        sig = parse_tag_value(sigheaders[0][1])
-    if debuglog is not None:
+    except InvalidTagValueList:
        print >>debuglog, "a:", a
    sig = {}
    for x in a:
        if x:
            m = re.match(r"(\w+)\s*=\s*(.*)", x, re.DOTALL)
            if m is None:
                if debuglog is not None:
                    print >>debuglog, "invalid format of signature part: %s" % x
        return False
            sig[m.group(1)] = m.group(2)
    if debuglog is not None:
        print >>debuglog, "sig:", sig
@@ -575,19 +571,9 @@ def verify(message, debuglog=None, dnsfunc=dnstxt):
    s = dnsfunc(sig['s']+"._domainkey."+sig['d']+".")
    if not s:
        return False
-    a = re.split(r"\s*;\s*", s)
+    try:
-    # Trailing ';' on signature record is valid, see RFC 4871 3.2
+        pub = parse_tag_value(s)
-    #  tag-list  =  tag-spec 0*( ";" tag-spec ) [ ";" ]
+    except InvalidTagValueList:
    if a[-1] == '':
        a.pop(-1)
    pub = {}
    for f in a:
        m = re.match(r"(\w+)=(.*)", f)
        if m is not None:
            pub[m.group(1)] = m.group(2)
        else:
            if debuglog is not None:
                print >>debuglog, "invalid format in _domainkey txt record"
        return False
    pk = parse_public_key(base64.b64decode(pub['p']))
    modlen = len(int2str(pk['modulus']))