summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNavaL <ayoyo@thoughtworks.com>2016-11-29 19:28:52 +0100
committerRuben Pollan <meskio@sindominio.net>2017-12-03 20:43:33 +0100
commit026de868a3f301abea2671dfd7d858e73f3bb755 (patch)
treebae67987207b22fabc103d6dd2d380473f00b2f3
parent1986316b7150a91798baea35e4b7507c3f4a337d (diff)
[feat] expired public key are remotely fetched if expired
- private key is not allowed to be fetched remotely - fetch_remote needs to be specifically set - if a new key is fetched (ie different KeyID), the validation rule applies
-rw-r--r--src/leap/bitmask/keymanager/__init__.py5
-rw-r--r--src/leap/bitmask/keymanager/keys.py2
-rw-r--r--src/leap/bitmask/keymanager/openpgp.py2
-rw-r--r--tests/integration/keymanager/test_keymanager.py7
4 files changed, 9 insertions, 7 deletions
diff --git a/src/leap/bitmask/keymanager/__init__.py b/src/leap/bitmask/keymanager/__init__.py
index 6eeaecc9..2014524f 100644
--- a/src/leap/bitmask/keymanager/__init__.py
+++ b/src/leap/bitmask/keymanager/__init__.py
@@ -210,7 +210,7 @@ class KeyManager(object):
@defer.inlineCallbacks
def get_inactive_private_keys(self):
"""
- Return all inactive private keys bound to address, that can are
+ Return all inactive private keys bound to address, that are
stored locally.
This can be used to attempt decryption from multiple keys.
@@ -494,7 +494,8 @@ class KeyManager(object):
"""
Decrypt data using private key from address and verify with public key
bound to verify address. If the decryption using the active private
- key fails, then decription using the inactive key, if any, is tried.
+ key fails, then decryption with inactive keys, if any, is recursively
+ tried.
:param data: The data to be decrypted.
:type data: str
diff --git a/src/leap/bitmask/keymanager/keys.py b/src/leap/bitmask/keymanager/keys.py
index 4a3aa403..6c0c64ff 100644
--- a/src/leap/bitmask/keymanager/keys.py
+++ b/src/leap/bitmask/keymanager/keys.py
@@ -330,7 +330,7 @@ class OpenPGPKey(object):
def needs_renewal(self, pre_expiration_threshold=DEFAULT_THRESHOLD):
"""
Indicates if the key is inside the renewal period. For ease of
- transition keys should be renewed before they expire.
+ transition keys should be renewed/extended before they expire.
:param pre_expiration_threshold: the amount of days before expiry date
whereby the key should be renewed -- default value is 60 days
diff --git a/src/leap/bitmask/keymanager/openpgp.py b/src/leap/bitmask/keymanager/openpgp.py
index a856ee06..984e1e68 100644
--- a/src/leap/bitmask/keymanager/openpgp.py
+++ b/src/leap/bitmask/keymanager/openpgp.py
@@ -590,7 +590,7 @@ class OpenPGPScheme(object):
Reset sign_used flag for all keys in storage, to False...
to indicate that the key pair has not interacted with all
keys in the key ring yet.
- This should only be used when regenerating the key pair.
+ This should only be used when regenerating/extending the key pair.
"""
all_keys = yield self.get_all_keys(private=False)
diff --git a/tests/integration/keymanager/test_keymanager.py b/tests/integration/keymanager/test_keymanager.py
index d8772191..cacdc704 100644
--- a/tests/integration/keymanager/test_keymanager.py
+++ b/tests/integration/keymanager/test_keymanager.py
@@ -55,7 +55,7 @@ from common import (
DIFFERENT_PRIVATE_KEY,
DIFFERENT_KEY_FPR,
DIFFERENT_PUBLIC_KEY,
-)
+ KEY_EXPIRING_CREATION_DATE)
NICKSERVER_URI = "http://leap.se/"
REMOTE_KEY_URL = "http://site.domain/key"
@@ -658,14 +658,15 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase):
km = self._key_manager(user=ADDRESS_EXPIRING)
yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING)
- key = yield km.get_key(ADDRESS_EXPIRING)
+ key = yield km.get_key(ADDRESS_EXPIRING, fetch_remote=False)
yield km.extend_key_expiration(validity='1w')
new_expiry_date = datetime.strptime(
KEY_EXPIRING_CREATION_DATE, '%Y-%m-%d')
new_expiry_date += timedelta(weeks=1)
- renewed_public_key = yield km.get_key(ADDRESS_EXPIRING)
+ renewed_public_key = yield km.get_key(ADDRESS_EXPIRING,
+ fetch_remote=False)
renewed_private_key = yield km.get_key(ADDRESS_EXPIRING, private=True)
self.assertEqual(new_expiry_date.date(),