messages: Use a client certificate to send any emails

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/buildservice/__init__.py b/src/buildservice/__init__.py
index 6ead74ac4075b363efdbc50803c496d8791d2f1f..2cdd2f5609a8609b477fe5dda6e190086785456d 100644 (file)
--- a/src/buildservice/__init__.py
+++ b/src/buildservice/__init__.py
@@ -7,6 +7,7 @@ import logging
 import os
 import pakfire
 import shutil
+import ssl
 import systemd.journal
 import tempfile
 import urllib.parse
@@ -286,6 +287,41 @@ class Backend(object):
                # Open the archive
                return p.open(path)
 
+       @property
+       def ssl_context(self):
+               # Create SSL context
+               context = ssl.create_default_context()
+
+               # Fetch client certificate
+               certificate = self.settings.get("client-certificate", None)
+               key         = self.settings.get("client-key", None)
+
+               # Apply client certificate
+               if certificate and key:
+                       with tempfile.NamedTemporaryFile(mode="w") as f_cert:
+                               f_cert.write(certificate)
+                               f_cert.flush()
+
+                               with tempfile.NamedTemporaryFile(mode="w") as f_key:
+                                       f_key.write(key)
+                                       f_key.flush()
+
+                                       context.load_cert_chain(f_cert.name, f_key.name)
+
+               return context
+
+       async def load_certificate(self, certfile, keyfile):
+               with self.db.transaction():
+                       # Load certificate
+                       with open(certfile) as f:
+                               self.settings.set("client-certificate", f.read())
+
+                       # Load key file
+                       with open(keyfile) as f:
+                               self.settings.set("client-key", f.read())
+
+                       log.info("Updated certificates")
+
        async def cleanup(self):
                """
                        Called regularly to cleanup any left-over resources

diff --git a/src/buildservice/messages.py b/src/buildservice/messages.py
index 14572d56e7fe4a4aaeb10370bae7eea09a686da4..cde53e8cee708433bc3a853fdb7805f38a6fb3ab 100644 (file)
--- a/src/buildservice/messages.py
+++ b/src/buildservice/messages.py
@@ -191,7 +191,7 @@ class Queue(base.Object):
                conn = smtplib.SMTP(hostname)
 
                # Start TLS connection
-               conn.starttls()
+               conn.starttls(context=self.backend.ssl_context)
 
                return conn
 

diff --git a/src/scripts/pakfire-build-service b/src/scripts/pakfire-build-service
index 51127c1e716299a9ca1907adce4fcd66acbcbf34..836ac936519e4893a5ef409981d0d682c1917a3b 100644 (file)
--- a/src/scripts/pakfire-build-service
+++ b/src/scripts/pakfire-build-service
@@ -18,6 +18,9 @@ class Cli(object):
                        # Bugzilla
                        "bugzilla:version"    : self.backend.bugzilla.version,
 
+                       # Certificates
+                       "load-certificate"    : self.backend.load_certificate,
+
                        # Cleanup
                        "cleanup"             : self.backend.cleanup,