Skip to content
This repository has been archived by the owner on Apr 2, 2024. It is now read-only.

Small improvements for pygpghttpd #119

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Small improvements for pygpghttpd #119

wants to merge 3 commits into from

Conversation

krautsource
Copy link
Contributor

Hi!

  1. Shebang: I'm completely new to python, but it seems like "python" defaults to python2 on most systems. Hope it's okay to make it say "python3".
  2. Query string: I was wondering at the workaround for "+"-encoded blankspaces which didn't work for me, so I replaced the whole query string parser with the one included in urllib.parse -- which also handles the blankspace encoding along the way.
  3. example.htm: When listing all the keys, only the last one was displayed.

@krautsource
Sets shebang to explicitly use python3, adds proper query string pars…
b290a85 
…ing using urllib and fixes key listing in example.htm
@krautsource
pygpghttpd/pygpghttpd.py: fixed signing and verification, added error…
a90fd51 
… handling, changed from low-level socket handling to http.server.HTTPServer,

                          made reading accepted_domains.txt a one-shot instead of on every request.
pygpghttpd/example.htm: improved readability of HTML output, added tests for signing and signature verification, added output of key identities.
@krautsource
Re-introduces fallback to Referer header for CORS if no Origin header…
222c69d 
… present
@krautsource
Copy link
Contributor Author

Did some more work on pygpghttpd... using this as an opportunity to get more familiar with Python :-)

  • The original socket handling routines couldn't cope with larger payloads where not all of the data was available in the socket buffer right away. In my case (Chromium on Linux), this happened consistently with request bodies larger than 856 bytes -- the server would always tell me that no cmdstr was received.
    So I took the liberty to employ the http.server.HTTPServer module for all HTTP and connection handling. This also somewhat reduces code and complexity.
  • The file accepted_domains.txt was read on every request even though the file is unlikely to change between requests. I changed this to execute at startup instead.
  • Signatures were completely ignored when decrypting messages; AFAICT, python-gnupg doesn't tell the caller whether signature verification succeeded or not. So I resorted to checking for "ERRSIG" in GnuPG's stderr output after the decrypt() call. If you can think of a better way, please let me know.
  • I also added some error handling though this could still be refined by parsing GnuPG's stderr output for markers like "BAD_PASSPHRASE" etc. to create more meaningful error messages.
    Not sure if that's a direction you'd like to go, so I'm waiting for your feedback on this.

I hope these changes are okay with you.

One more thought on returning data from pygpghttpd to the client:
IMHO a JSON struct should be returned to the client even for encryption/decryption/signing/verification etc. with three fields like "statuscode", "message" and "result", so the client can tell error messages from GnuPG results and display both of them accordingly.
One example would be an encrypted & signed message that decrypts ok but fails signature verification. In that case, the client probably should display the decrypted message plus an error message regarding the signature. Currently that's not implemented with pygpghttpd.
What do you think?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@krautsource @niklasfemerstrand