summaryrefslogtreecommitdiff
path: root/keymanager
diff options
context:
space:
mode:
authorRuben Pollan <meskio@sindominio.net>2016-06-16 20:16:54 +0200
committerRuben Pollan <meskio@sindominio.net>2016-06-20 18:30:22 +0200
commit5409c0dec9d1d4a562cc69798e36d534b6690d30 (patch)
tree6e9197e4a933c4f0ded905d4b5f4f4df2084aec9 /keymanager
parent161fd0542425dc9afa336dcb0675f56b3e1b0b55 (diff)
[feat] check key document versions and fail if it's unknown
- Closes: #8165
Diffstat (limited to 'keymanager')
-rw-r--r--keymanager/changes/next-changelog.txt1
-rw-r--r--keymanager/src/leap/keymanager/__init__.py8
-rw-r--r--keymanager/src/leap/keymanager/errors.py9
-rw-r--r--keymanager/src/leap/keymanager/openpgp.py11
4 files changed, 26 insertions, 3 deletions
diff --git a/keymanager/changes/next-changelog.txt b/keymanager/changes/next-changelog.txt
index a2ab4fb1..56ff7aa9 100644
--- a/keymanager/changes/next-changelog.txt
+++ b/keymanager/changes/next-changelog.txt
@@ -13,6 +13,7 @@ Features
- `#8031 <https://leap.se/code/issues/8031>`_: Remove support for multiple key types.
- `#8068 <https://leap.se/code/issues/8068>`_: make get_all_keys aware of active addresses.
- `#6658 <https://leap.se/code/issues/6658>`_: Improve duplicated active documents fixup.
+- `#8165 <https://leap.se/code/issues/8165>`_: Check key document versions and fail if it's unknown.
- `#1234 <https://leap.se/code/issues/1234>`_: Description of the new feature corresponding with issue #1234.
- New feature without related issue number.
diff --git a/keymanager/src/leap/keymanager/__init__.py b/keymanager/src/leap/keymanager/__init__.py
index 97d29857..0b8a5b30 100644
--- a/keymanager/src/leap/keymanager/__init__.py
+++ b/keymanager/src/leap/keymanager/__init__.py
@@ -376,7 +376,8 @@ class KeyManager(object):
:return: A Deferred which fires with an EncryptionKey bound to address,
or which fails with KeyNotFound if no key was found neither
- locally or in keyserver.
+ locally or in keyserver or fail with KeyVersionError if the
+ key has a format not supported by this version of KeyManager
:rtype: Deferred
:raise UnsupportedKeyTypeError: if invalid key type
@@ -522,8 +523,9 @@ class KeyManager(object):
:return: A Deferred which fires with the encrypted data as str, or
which fails with KeyNotFound if no keys were found neither
- locally or in keyserver or fails with EncryptError if failed
- encrypting for some reason.
+ locally or in keyserver or fails with KeyVersionError if the
+ key format is not supported or fails with EncryptError if
+ failed encrypting for some reason.
:rtype: Deferred
:raise UnsupportedKeyTypeError: if invalid key type
diff --git a/keymanager/src/leap/keymanager/errors.py b/keymanager/src/leap/keymanager/errors.py
index 8a9fb3c7..dfff3936 100644
--- a/keymanager/src/leap/keymanager/errors.py
+++ b/keymanager/src/leap/keymanager/errors.py
@@ -28,6 +28,15 @@ class KeyNotFound(Exception):
pass
+class KeyVersionError(KeyNotFound):
+ """
+ Raised when key was found in the keyring but the version is not supported.
+
+ It will usually mean that it was created by a newer version of KeyManager.
+ """
+ pass
+
+
class KeyAlreadyExists(Exception):
"""
Raised when attempted to create a key that already exists.
diff --git a/keymanager/src/leap/keymanager/openpgp.py b/keymanager/src/leap/keymanager/openpgp.py
index 98ce4649..31c13df1 100644
--- a/keymanager/src/leap/keymanager/openpgp.py
+++ b/keymanager/src/leap/keymanager/openpgp.py
@@ -53,6 +53,8 @@ from leap.keymanager.documents import (
KEY_ENCR_USED_KEY,
KEY_ADDRESS_KEY,
KEY_TYPE_KEY,
+ KEY_VERSION_KEY,
+ KEYMANAGER_DOC_VERSION,
KEYMANAGER_ACTIVE_TYPE,
KEYMANAGER_KEY_TAG,
KEYMANAGER_ACTIVE_TAG,
@@ -734,6 +736,7 @@ class OpenPGPScheme(object):
address,
'1' if private else '0')
d.addCallback(self._repair_and_get_doc, self._repair_active_docs)
+ d.addCallback(self._check_version)
return d
def _get_key_doc_from_fingerprint(self, fingerprint, private):
@@ -743,6 +746,7 @@ class OpenPGPScheme(object):
fingerprint,
'1' if private else '0')
d.addCallback(self._repair_and_get_doc, self._repair_key_docs)
+ d.addCallback(self._check_version)
return d
def _repair_and_get_doc(self, doclist, repair_func):
@@ -752,6 +756,13 @@ class OpenPGPScheme(object):
return repair_func(doclist)
return doclist[0]
+ def _check_version(self, doc):
+ if doc is not None:
+ version = doc.content[KEY_VERSION_KEY]
+ if version > KEYMANAGER_DOC_VERSION:
+ raise errors.KeyVersionError(str(version))
+ return doc
+
def _repair_key_docs(self, doclist):
"""
If there is more than one key for a key id try to self-repair it