[bug] sign_used flag is reset for all public keys when the key expiration date is extended

- this is required so that the key is re-attached to the first
outgoing email to all users who already have the expired key.

2 files changed, 36 insertions, 2 deletions

diff --git a/src/leap/bitmask/keymanager/__init__.py b/src/leap/bitmask/keymanager/__init__.py
index 7164cb91..6eeaecc9 100644
--- a/src/leap/bitmask/keymanager/__init__.py
+++ b/src/leap/bitmask/keymanager/__init__.py
@@ -793,7 +793,7 @@ class KeyManager(object):
         yield self.put_key(pubkey)
 
     @defer.inlineCallbacks
-    def extend_key(self, validity='1y', passphrase=None):
+    def extend_key_expiration(self, validity='1y', passphrase=None):
         """
         extend the expiration date of the key pair bound to the user's address
         by the validity period, from the key's creation date.
@@ -810,6 +810,7 @@ class KeyManager(object):
         my_secret_key = yield self.get_key(self._address, private=True)
         renewed_key = yield self._openpgp.extend_key(my_secret_key, validity,
                                                      passphrase)
+        yield self._openpgp.reset_all_keys_sign_used()
         defer.returnValue(renewed_key)
 
 
diff --git a/tests/integration/keymanager/test_keymanager.py b/tests/integration/keymanager/test_keymanager.py
index 6a6feb31..d8772191 100644
--- a/tests/integration/keymanager/test_keymanager.py
+++ b/tests/integration/keymanager/test_keymanager.py
@@ -654,6 +654,39 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase):
         km._openpgp.reset_all_keys_sign_used.assert_called_once()
 
     @defer.inlineCallbacks
+    def test_keymanager_extend_key_expiry_date_for_key_pair(self):
+        km = self._key_manager(user=ADDRESS_EXPIRING)
+
+        yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING)
+        key = yield km.get_key(ADDRESS_EXPIRING)
+
+        yield km.extend_key_expiration(validity='1w')
+
+        new_expiry_date = datetime.strptime(
+            KEY_EXPIRING_CREATION_DATE, '%Y-%m-%d')
+        new_expiry_date += timedelta(weeks=1)
+        renewed_public_key = yield km.get_key(ADDRESS_EXPIRING)
+        renewed_private_key = yield km.get_key(ADDRESS_EXPIRING, private=True)
+
+        self.assertEqual(new_expiry_date.date(),
+                         renewed_public_key.expiry_date.date())
+        self.assertEqual(new_expiry_date.date(),
+                         renewed_private_key.expiry_date.date())
+        self.assertEqual(key.fingerprint, renewed_public_key.fingerprint)
+        self.assertEqual(key.fingerprint, renewed_private_key.fingerprint)
+
+    @defer.inlineCallbacks
+    def test_key_extension_resets_all_public_key_sign_used(self):
+        km = self._key_manager(user=ADDRESS_EXPIRING)
+
+        yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING)
+        km._openpgp.reset_all_keys_sign_used = mock.Mock()
+
+        yield km.extend_key_expiration(validity='1w')
+
+        km._openpgp.reset_all_keys_sign_used.assert_called_once()
+
+    @defer.inlineCallbacks
     def test_key_extension_with_invalid_period_throws_exception(self):
         km = self._key_manager(user=ADDRESS_EXPIRING)
 
@@ -663,7 +696,7 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase):
         invalid_validity_option = '2xw'
 
         with self.assertRaises(KeyExpiryExtensionError):
-            yield km.extend_key(validity=invalid_validity_option)
+            yield km.extend_key_expiration(validity=invalid_validity_option)
 
         renewed_public_key = yield km.get_key(ADDRESS_EXPIRING,
                                               fetch_remote=False)