Use host certificate to send emails

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/backend/base.py b/src/backend/base.py
index 6ee041dc212ada18f9e608df2b58783a2cdf84bf..bc8041af91c8ca095242523f4a273506418ee9d1 100644 (file)
--- a/src/backend/base.py
+++ b/src/backend/base.py
@@ -2,6 +2,8 @@
 
 import configparser
 import io
+import ssl
+import tempfile
 import tornado.httpclient
 
 from . import accounts
@@ -94,6 +96,39 @@ class Backend(object):
 
                self.db = database.Connection(**credentials)
 
+       @lazy_property
+       def ssl_context(self):
+               # Create SSL context
+               context = ssl.create_default_context()
+
+               # Fetch client certificate
+               certificate = self.settings.get("client-certificate", None)
+               key         = self.settings.get("client-key", None)
+
+               # Apply client certificate
+               if certificate and key:
+                       with tempfile.NamedTemporaryFile(mode="w") as f_cert:
+                               f_cert.write(certificate)
+                               f_cert.flush()
+
+                               with tempfile.NamedTemporaryFile(mode="w") as f_key:
+                                       f_key.write(key)
+                                       f_key.flush()
+
+                                       context.load_cert_chain(f_cert.name, f_key.name)
+
+               return context
+
+       async def load_certificate(self, certfile, keyfile):
+               with self.db.transaction():
+                       # Load certificate
+                       with open(certfile) as f:
+                               self.settings.set("client-certificate", f.read())
+
+                       # Load key file
+                       with open(keyfile) as f:
+                               self.settings.set("client-key", f.read())
+
        async def run_task(self, task, *args, **kwargs):
                tasks = {
                        "announce-blog-posts" : self.blog.announce,
@@ -102,6 +137,7 @@ class Backend(object):
                        "cleanup"             : self.cleanup,
                        "get-all-emails"      : self.accounts.get_all_emails,
                        "launch-campaigns"    : self.campaigns.launch_manually,
+                       "load-certificate"    : self.load_certificate,
                        "run-campaigns"       : self.campaigns.run,
                        "scan-files"          : self.releases.scan_files,
                        "send-message"        : self.messages.send_cli,

diff --git a/src/backend/messages.py b/src/backend/messages.py
index 0f0c56d2ba661b94a3f6855ab3f4afa82fca0105..817a6f10d4eccbe6a77940c47948526f19d5b51d 100644 (file)
--- a/src/backend/messages.py
+++ b/src/backend/messages.py
@@ -8,7 +8,6 @@ import logging
 import random
 import smtplib
 import socket
-import ssl
 import subprocess
 import tornado.locale
 import tornado.template
@@ -181,8 +180,6 @@ class Messages(misc.Object):
 
 
 class Queue(misc.Object):
-       context = ssl.create_default_context()
-
        @property
        def messages(self):
                return self.db.query("SELECT * FROM messages \
@@ -200,7 +197,7 @@ class Queue(misc.Object):
                conn = smtplib.SMTP(hostname)
 
                # Start TLS connection
-               conn.starttls(context=self.context)
+               conn.starttls(context=self.backend.ssl_context)
 
                return conn