From: Michael Tremer <michael.tremer@ipfire.org>
Date: Tue, 19 May 2020 18:25:33 +0000 (+0000)
Subject: Use host certificate to send emails
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5946846974c1c862231d39194d4403ea7c053a28;p=ipfire.org.git

Use host certificate to send emails

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/backend/base.py b/src/backend/base.py
index 6ee041dc..bc8041af 100644
--- a/src/backend/base.py
+++ b/src/backend/base.py
@@ -2,6 +2,8 @@
 
 import configparser
 import io
+import ssl
+import tempfile
 import tornado.httpclient
 
 from . import accounts
@@ -94,6 +96,39 @@ class Backend(object):
 
 		self.db = database.Connection(**credentials)
 
+	@lazy_property
+	def ssl_context(self):
+		# Create SSL context
+		context = ssl.create_default_context()
+
+		# Fetch client certificate
+		certificate = self.settings.get("client-certificate", None)
+		key         = self.settings.get("client-key", None)
+
+		# Apply client certificate
+		if certificate and key:
+			with tempfile.NamedTemporaryFile(mode="w") as f_cert:
+				f_cert.write(certificate)
+				f_cert.flush()
+
+				with tempfile.NamedTemporaryFile(mode="w") as f_key:
+					f_key.write(key)
+					f_key.flush()
+
+					context.load_cert_chain(f_cert.name, f_key.name)
+
+		return context
+
+	async def load_certificate(self, certfile, keyfile):
+		with self.db.transaction():
+			# Load certificate
+			with open(certfile) as f:
+				self.settings.set("client-certificate", f.read())
+
+			# Load key file
+			with open(keyfile) as f:
+				self.settings.set("client-key", f.read())
+
 	async def run_task(self, task, *args, **kwargs):
 		tasks = {
 			"announce-blog-posts" : self.blog.announce,
@@ -102,6 +137,7 @@ class Backend(object):
 			"cleanup"             : self.cleanup,
 			"get-all-emails"      : self.accounts.get_all_emails,
 			"launch-campaigns"    : self.campaigns.launch_manually,
+			"load-certificate"    : self.load_certificate,
 			"run-campaigns"       : self.campaigns.run,
 			"scan-files"          : self.releases.scan_files,
 			"send-message"        : self.messages.send_cli,
diff --git a/src/backend/messages.py b/src/backend/messages.py
index 0f0c56d2..817a6f10 100644
--- a/src/backend/messages.py
+++ b/src/backend/messages.py
@@ -8,7 +8,6 @@ import logging
 import random
 import smtplib
 import socket
-import ssl
 import subprocess
 import tornado.locale
 import tornado.template
@@ -181,8 +180,6 @@ class Messages(misc.Object):
 
 
 class Queue(misc.Object):
-	context = ssl.create_default_context()
-
 	@property
 	def messages(self):
 		return self.db.query("SELECT * FROM messages \
@@ -200,7 +197,7 @@ class Queue(misc.Object):
 		conn = smtplib.SMTP(hostname)
 
 		# Start TLS connection
-		conn.starttls(context=self.context)
+		conn.starttls(context=self.backend.ssl_context)
 
 		return conn