Initial S/MIME support (requires Enterprise SKU)

2025-07-09 06:03:35 +00:00 · 2017-02-03 13:29:36 -05:00
parent 2a1d3a1ce1
commit 5b469496d6
1 changed files with 176 additions and 0 deletions
--- a/src/gam.py
+++ b/src/gam.py
@ -4588,6 +4588,132 @@ def deleteSendAs(users):
             soft_errors=True,
             userId=u'me', sendAsEmail=emailAddress)

+def updateSmime(users):
+  smimeId = None
+  sendAsEmail = None
+  make_default = False
+  i = 5
+  while i < len(sys.argv):
+    myarg = sys.argv[i].lower()
+    if myarg == u'id':
+      smimeId = sys.argv[i+1]
+      i += 2
+    elif myarg in [u'sendas', u'sendasemail']:
+      sendAsEmail = sys.argv[i+1]
+      i += 2
+    elif myarg in [u'default']:
+      make_default = True
+      i += 1
+    else:
+      print u'ERROR: %s is not a valid argument to "gam <users> update smime"' % myarg
+      sys.exit(3)
+  if not make_default:
+    print u'Nothing to update for smime.'
+    sys.exit(0)
+  for user in users:
+    user, gmail = buildGmailGAPIObject(user)
+    if not gmail:
+      continue
+    if not sendAsEmail:
+      sendAsEmail = user
+    if not smimeId:
+      result = callGAPI(gmail.users().settings().sendAs().smimeInfo(), u'list', userId=u'me', sendAsEmail=sendAsEmail, fields=u'smimeInfo(id)')
+      smimes = result.get(u'smimeInfo', [])
+      if len(smimes) == 0:
+        print u'ERROR: %s has no S/MIME certificates for sendas address %s' % (user, sendAsEmail)
+        sys.exit(3)
+      elif len(smimes) > 1:
+        print u'ERROR: %s has more than one S/MIME certificate. Please specify a cert to update:'
+        for smime in smimes:
+          print u' %s' % smime[u'id']
+        sys.exit(3)
+      smimeId = smimes[0][u'id']
+    print u'Setting smime id %s as default for user %s and sendas %s' % (smimeId, user, sendAsEmail)
+    callGAPI(gmail.users().settings().sendAs().smimeInfo(), u'setDefault', userId=u'me', sendAsEmail=sendAsEmail, id=smimeId)
+
+def deleteSmime(users):
+  smimeId = None
+  sendAsEmail = None
+  i = 5
+  while i < len(sys.argv):
+    myarg = sys.argv[i].lower()
+    if myarg == u'id':
+      smimeId = sys.argv[i+1]
+      i += 2
+    elif myarg in [u'sendas', u'sendasemail']:
+      sendAsEmail = sys.argv[i+1]
+      i += 2
+    else:
+      print u'ERROR: %s is not a valid argument to "gam <users> delete smime"' % myarg
+      sys.exit(3)
+  for user in users:
+    user, gmail = buildGmailGAPIObject(user)
+    if not sendAsEmail:
+      sendAsEmail = user
+    if not smimeId:
+      result = callGAPI(gmail.users().settings().sendAs().smimeInfo(), u'list', userId=u'me', sendAsEmail=sendAsEmail, fields=u'smimeInfo(id)')
+      smimes = result.get(u'smimeInfo', [])
+      if len(smimes) == 0:
+        print u'ERROR: %s has no S/MIME certificates for sendas address %s' % (user, sendAsEmail)
+        sys.exit(3)
+      elif len(smimes) > 1:
+        print u'ERROR: %s has more than one S/MIME certificate. Please specify a cert to delete:'
+        for smime in smimes:
+          print u' %s' % smime[u'id']
+        sys.exit(3)
+      smimeId = smimes[0][u'id']
+    callGAPI(gmail.users().settings().sendAs().smimeInfo(), u'delete', userId=u'me', sendAsEmail=sendAsEmail, id=smimeId)
+
+def printShowSmime(users, csvFormat):
+  if csvFormat:
+    todrive = False
+    titles = [u'User']
+    csvRows = []
+  primaryonly = False
+  i = 5
+  while i < len(sys.argv):
+    myarg = sys.argv[i].lower()
+    if csvFormat and myarg == u'todrive':
+      todrive = True
+      i += 1
+    elif myarg == u'primaryonly':
+      primaryonly = True
+      i += 1
+    else:
+      print u'ERROR: %s is not a valid argumetn for "gam <users> %s smime"' % (myarg, [u'show', u'print'][csvFormat])
+      sys.exit(3)
+  i = 0
+  count = len(users)
+  for user in users:
+    i += 1
+    user, gmail = buildGmailGAPIObject(user)
+    if not gmail:
+      continue
+    if primaryonly:
+      sendAsEmails = [user]
+    else:
+      result = callGAPI(gmail.users().settings().sendAs(), u'list', userId=u'me', fields=u'sendAs(sendAsEmail)')
+      sendAsEmails = []
+      for sendAs in result[u'sendAs']:
+        sendAsEmails.append(sendAs[u'sendAsEmail'])
+    for sendAsEmail in sendAsEmails:
+      result = callGAPI(gmail.users().settings().sendAs().smimeInfo(), u'list', sendAsEmail=sendAsEmail, userId=u'me')
+      smimes = result.get(u'smimeInfo', [])
+      for i, _ in enumerate(smimes):
+        smimes[i][u'expiration'] = datetime.datetime.fromtimestamp(int(smimes[i][u'expiration'])/1000).strftime('%Y-%m-%d %H:%M:%S')
+      if csvFormat:
+        for smime in smimes:
+          row = {u'User': user}
+          for item in smime:
+            if item not in titles:
+              titles.append(item)
+            row[item] = smime[item]
+          csvRows.append(row)
+      else:
+        print_json(None, smimes)
+  if csvFormat:
+    writeCSVfile(csvRows, titles, u'S/MIME', todrive)
+
 def printShowSendAs(users, csvFormat):
  if csvFormat:
    todrive = False
@ -4666,6 +4792,46 @@ def infoSendAs(users):
    if result:
      _showSendAs(result, i, count, formatSig)

+def addSmime(users):
+  sendAsEmail = None
+  smimefile = None
+  body = {u'isDefault': False}
+  i = 5
+  while i < len(sys.argv):
+    myarg = sys.argv[i].lower()
+    if myarg == u'file':
+      smimefile = sys.argv[i+1]
+      i += 2
+    elif myarg == u'password':
+      body[u'encryptedKeyPassword'] = sys.argv[i+1]
+      i += 2
+    elif myarg == u'default':
+      body[u'isDefault'] = True
+      i += 1
+    elif myarg in [u'sendas', u'sendasemail']:
+      sendAsEmail = sys.argv[i+1]
+      i += 2
+    else:
+      print u'ERROR: %s is not a valid argument for smime' % myarg
+      sys.exit(3)
+  if not smimefile:
+    print u'ERROR: you must specify a file to upload'
+    sys.exit(3)
+  smime_data = readFile(smimefile)
+  smime_data = base64.urlsafe_b64encode(smime_data)
+  body[u'pkcs12'] = smime_data
+  i = 0
+  count = len(users)
+  for user in users:
+    i += 1
+    user, gmail = buildGmailGAPIObject(user)
+    if not sendAsEmail:
+      sendAsEmail = user
+    if not gmail:
+      continue
+    result = callGAPI(gmail.users().settings().sendAs().smimeInfo(), u'insert', userId=u'me', sendAsEmail=sendAsEmail, body=body)
+    print u'Added S/MIME certificate for user %s sendas %s issued by %s' % (user, sendAsEmail, result[u'issuerCn'])
+
 def doLabel(users, i):
  label = sys.argv[i]
  i += 1
@ -10318,6 +10484,8 @@ def ProcessGAMCommand(args):
        showDriveFileRevisions(users)
      elif showWhat == u'sendas':
        printShowSendAs(users, False)
+      elif showWhat == u'smime':
+        printShowSmime(users, False)
      elif showWhat == u'gmailprofile':
        showGmailProfile(users)
      elif showWhat == u'gplusprofile':
@ -10369,6 +10537,8 @@ def ProcessGAMCommand(args):
        printShowForwardingAddresses(users, True)
      elif printWhat == u'sendas':
        printShowSendAs(users, True)
+      elif printWhat == u'smime':
+        printShowSmime(users, True)
      elif printWhat in [u'token', u'tokens', u'oauth', u'3lo']:
        printShowTokens(5, u'users', users, True)
      else:
@ -10439,6 +10609,8 @@ def ProcessGAMCommand(args):
        deleteForwardingAddresses(users)
      elif delWhat == u'sendas':
        deleteSendAs(users)
+      elif delWhat == u'smime':
+        deleteSmime(users)
      else:
        print u'ERROR: %s is not a valid argument for "gam <users> delete"' % delWhat
        sys.exit(2)
@ -10462,6 +10634,8 @@ def ProcessGAMCommand(args):
        addForwardingAddresses(users)
      elif addWhat == u'sendas':
        addUpdateSendAs(users, 5, True)
+      elif addWhat == u'smime':
+        addSmime(users)
      else:
        print u'ERROR: %s is not a valid argument for "gam <users> add"' % addWhat
        sys.exit(2)
@ -10489,6 +10663,8 @@ def ProcessGAMCommand(args):
        updateLabels(users)
      elif updateWhat == u'sendas':
        addUpdateSendAs(users, 5, False)
+      elif updateWhat == u'smime':
+        updateSmime(users)
      else:
        print u'ERROR: %s is not a valid argument for "gam <users> update"' % updateWhat
        sys.exit(2)