git » kxd » master » tree

[master] / kxd / email.go 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package main

import (
	"bytes"
	"crypto/x509"
	"crypto/x509/pkix"
	"fmt"
	"net/smtp"
	"strings"
	"text/template"
	"time"
)

// EmailBody represents the body of an email message to sent.
type EmailBody struct {
	From       string
	To         string
	Key        string
	Time       time.Time
	TimeString string
	Req        *Request
	Cert       *x509.Certificate
	Chains     [][]*x509.Certificate
}

const emailTmplBody = (`Date: {{.TimeString}}
From: Key Exchange Daemon <{{.From}}>
To: {{.To}}
Subject: Access to key {{.Key}}

Key: {{.Key}}
Accessed by: {{.Req.RemoteAddr}}
On: {{.TimeString}}

Client certificate:
  Signature: {{printf "%.16s" (printf "%x" .Cert.Signature)}}...
  Subject: {{NameToString .Cert.Subject}}

Authorizing chains:
{{range .Chains}}  {{ChainToString .}}
{{end}}

`)

var emailTmpl = template.New("email")

func init() {
	emailTmpl.Funcs(map[string]interface{}{
		"NameToString":  NameToString,
		"ChainToString": ChainToString,
	})

	template.Must(emailTmpl.Parse(emailTmplBody))
}

// NameToString converts a pkix.Name from a certificate to a human-friendly
// string.
func NameToString(name pkix.Name) string {
	s := make([]string, 0)
	for _, c := range name.Country {
		s = append(s, fmt.Sprintf("C=%s", c))
	}
	for _, o := range name.Organization {
		s = append(s, fmt.Sprintf("O=%s", o))
	}
	for _, o := range name.OrganizationalUnit {
		s = append(s, fmt.Sprintf("OU=%s", o))
	}

	if name.CommonName != "" {
		s = append(s, fmt.Sprintf("N=%s", name.CommonName))
	}

	return strings.Join(s, " ")
}

// SendMail sends an email notifying of an access to the given key.
func SendMail(kc *KeyConfig, req *Request,
	chains [][]*x509.Certificate) error {
	if *smtpAddr == "" {
		req.Printf("Skipping notifications")
		return nil
	}

	emailTo, err := kc.EmailTo()
	if err != nil {
		return err
	}

	if emailTo == nil {
		return nil
	}

	keyPath, err := req.KeyPath()
	if err != nil {
		return err
	}

	now := time.Now()
	body := EmailBody{
		From:       *emailFrom,
		To:         strings.Join(emailTo, ", "),
		Key:        keyPath,
		Time:       now,
		TimeString: now.Format(time.RFC1123Z),
		Req:        req,
		Cert:       chains[0][0],
		Chains:     chains,
	}

	msg := new(bytes.Buffer)

	err = emailTmpl.Execute(msg, body)
	if err != nil {
		return err
	}

	return smtp.SendMail(*smtpAddr, nil, *emailFrom, emailTo,
		msg.Bytes())
}