dkimpy

Merge ~jbfzs/dkimpy:content_debugging into dkimpy:master

  1. Git
  2. lp:~jbfzs/dkimpy
  3. content_debugging
  4. Merge into master
Proposed by Jonathan Bastien-Filiatrault
Status: Merged
Merged at revision: 9bf7e43e20ee7305b8882f4b96105fedc6710330
Proposed branch: ~jbfzs/dkimpy:content_debugging
Merge into: dkimpy:master
Diff against target: 115 lines (+22/-11)
2 files modified
ChangeLog (+3/-0)
dkim/__init__.py (+19/-11)
Reviewer Review Type Date Requested Status
Scott Kitterman Approve
Jonathan Bastien-Filiatrault (community) Needs Resubmitting
Review via email: mp+360871@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Scott Kitterman (kitterman) wrote :

Please add an @param for class DomainSigner for the new debug parameter. Also, it'd be nice for you to include the ChangeLog entry.

Do dkimsign, dkimverify, etc. still work with this change? I believe they set the logger, so they may need updating. They aren't tested by the test suite, so passing tests isn't enough.

Thanks,

Scott K

review: Needs Fixing
Revision history for this message
Jonathan Bastien-Filiatrault (jbfzs) wrote :

dkimverify:
  dkim.DKIM(message, logger=logging)

dkimsign:
  dkim.DKIM(message,logger=logger, signature_algorithm=args.signalg)

Both specify arguments explicitly and work as expected. In my experience, appending a parameter with a default value is quite safe from an API breaking point of view.

I added a changelog entry and documented the parameter as requested.

review: Needs Resubmitting
Revision history for this message
Scott Kitterman (kitterman) wrote :

Merged. Thanks.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/ChangeLog b/ChangeLog
2index ffaa3dc..2176499 100644
3--- a/ChangeLog
4+++ b/ChangeLog
5@@ -4,6 +4,9 @@ UNRELEASED Version 0.9.2
6 Bastien-Filiatrault for the change)
7 - Refactor header folding for more consistent results, including reduced
8 stray whitespace (Also Jonathan Bastien-Filiatrault)
9+ - Don't log message headers and body unless explicitely requested. This
10+ should also reduce memory usage on large messages. (Jonathan
11+ Bastien-Filiatrault).
12 2018-12-09 Version 0.9.1
13 - Fixed ARC verification to fail if h= tag is present in Arc-Seal and
14 added tests
15diff --git a/dkim/__init__.py b/dkim/__init__.py
16index a8d3bbe..5a1708a 100644
17--- a/dkim/__init__.py
18+++ b/dkim/__init__.py
19@@ -112,13 +112,15 @@ CV_None = b'none'
20
21
22 class HashThrough(object):
23- def __init__(self, hasher):
24+ def __init__(self, hasher, debug=False):
25 self.data = []
26 self.hasher = hasher
27 self.name = hasher.name
28+ self.debug = debug
29
30 def update(self, data):
31- self.data.append(data)
32+ if self.debug:
33+ self.data.append(data)
34 return self.hasher.update(data)
35
36 def digest(self):
37@@ -460,12 +462,14 @@ class DomainSigner(object):
38 #: (with either \\n or \\r\\n line endings)
39 #: @param logger: a logger to which debug info will be written (default None)
40 #: @param signature_algorithm: the signing algorithm to use when signing
41+ #: @param debug_content: log headers and body after canonicalization (default False)
42 def __init__(self,message=None,logger=None,signature_algorithm=b'rsa-sha256',
43- minkey=1024):
44+ minkey=1024, debug_content=False):
45 self.set_message(message)
46 if logger is None:
47 logger = get_default_logger()
48 self.logger = logger
49+ self.debug_content = debug_content and logger.isEnabledFor(logging.DEBUG)
50 if signature_algorithm not in HASH_ALGORITHMS:
51 raise ParameterError(
52 "Unsupported signature algorithm: "+signature_algorithm)
53@@ -611,13 +615,14 @@ class DomainSigner(object):
54 header_value = fold(header_value, namelen=len(header_name))
55 header_value = RE_BTAG.sub(b'\\1',header_value)
56 header = (header_name, b' ' + header_value)
57- h = HashThrough(self.hasher())
58+ h = HashThrough(self.hasher(), self.debug_content)
59 sig = dict(fields)
60
61 headers = canon_policy.canonicalize_headers(self.headers)
62 self.signed_headers = hash_headers(
63 h, canon_policy, headers, include_headers, header, sig)
64- self.logger.debug("sign %s headers: %r" % (header_name, h.hashed()))
65+ if self.debug_content:
66+ self.logger.debug("sign %s headers: %r" % (header_name, h.hashed()))
67
68 if self.signature_algorithm == b'rsa-sha256' or self.signature_algorithm == b'rsa-sha1':
69 try:
70@@ -663,13 +668,14 @@ class DomainSigner(object):
71
72 # validate body if present
73 if b'bh' in sig:
74- h = HashThrough(hasher())
75+ h = HashThrough(hasher(), self.debug_content)
76
77 body = canon_policy.canonicalize_body(self.body)
78 if b'l' in sig:
79 body = body[:int(sig[b'l'])]
80 h.update(body)
81- self.logger.debug("body hashed: %r" % h.hashed())
82+ if self.debug_content:
83+ self.logger.debug("body hashed: %r" % h.hashed())
84 bodyhash = h.digest()
85
86 self.logger.debug("bh: %s" % base64.b64encode(bodyhash))
87@@ -688,12 +694,13 @@ class DomainSigner(object):
88 # generalized to check for extras of other singleton headers.
89 if b'from' in include_headers:
90 include_headers.append(b'from')
91- h = HashThrough(hasher())
92+ h = HashThrough(hasher(), self.debug_content)
93
94 headers = canon_policy.canonicalize_headers(self.headers)
95 self.signed_headers = hash_headers(
96 h, canon_policy, headers, include_headers, sig_header, sig)
97- self.logger.debug("signed for %s: %r" % (sig_header[0], h.hashed()))
98+ if self.debug_content:
99+ self.logger.debug("signed for %s: %r" % (sig_header[0], h.hashed()))
100 signature = base64.b64decode(re.sub(br"\s+", b"", sig[b'b']))
101 if ktag == b'rsa':
102 try:
103@@ -1009,9 +1016,10 @@ class ARC(DomainSigner):
104 canon_policy = CanonicalizationPolicy.from_c_value(b'relaxed/relaxed')
105
106 self.hasher = HASH_ALGORITHMS[self.signature_algorithm]
107- h = HashThrough(self.hasher())
108+ h = HashThrough(self.hasher(), self.debug_content)
109 h.update(canon_policy.canonicalize_body(self.body))
110- self.logger.debug("sign ams body hashed: %r" % h.hashed())
111+ if self.debug_content:
112+ self.logger.debug("sign ams body hashed: %r" % h.hashed())
113 bodyhash = base64.b64encode(h.digest())
114
115 # Compute ARC-Message-Signature

Subscribers

People subscribed via source and target branches