[feat] add key expiry date extension in keymanager

- extends key pair (unlocked from soledad) - extension period is counted from key creation date
author: NavaL <ayoyo@thoughtworks.com> 2016-11-16 16:53:48 +0100
committer: Ruben Pollan <meskio@sindominio.net> 2017-12-03 20:43:24 +0100
commit: 3eab1813bfb9efeea65ab3ad9798b8e8dba6d163 (patch)
tree: af519eaf21e15edeb0211e0e1ad1b4b6c3301e18 /src/leap/bitmask/keymanager/openpgp.py
parent: 10a8b732576aa6a21ca01f265967f9e09560c2cf (diff)
1 files changed, 41 insertions, 0 deletions
diff --git a/src/leap/bitmask/keymanager/openpgp.py b/src/leap/bitmask/keymanager/openpgp.py
index a27eb3de..99e5bc72 100644
--- a/src/leap/bitmask/keymanager/openpgp.py
+++ b/src/leap/bitmask/keymanager/openpgp.py
@@ -617,6 +617,47 @@ class OpenPGPScheme(object):
                 raise errors.EncryptError()
 
     @defer.inlineCallbacks
+    def extend_key(self, seckey, validity='1y', passphrase=None):
+        """
+        Extend C{key} key pair, expiration date for C{validity} period,
+        from its creation date.
+
+        :param seckey: The secret key of the key pair to be extended.
+        :type seckey: OpenPGPKey
+        :param validity: new validity from creation date 'n','nw','nm' or 'ny'
+                         where n is a number
+        :type validity: str
+
+        :return: The updated secret key, with new expiry date
+        :rtype: OpenPGPKey
+
+        :raise KeyExpiryExtensionError: Raised if failed to extend key
+                                        for some reason.
+        """
+        leap_assert_type(seckey, OpenPGPKey)
+        leap_assert(seckey.private is True, 'Key is not private.')
+        keys = [seckey]
+        try:
+            with TempGPGWrapper(keys, self._gpgbinary) as gpg:
+                result = yield from_thread(gpg.extend_key, seckey.address,
+                                           validity=validity,
+                                           passphrase=passphrase)
+                if result.status == 'ok':
+                    for secret in [False, True]:
+                        fetched_key = gpg.list_keys(secret=secret).pop()
+                        key_data = gpg.export_keys(seckey.fingerprint,
+                                                   secret=secret)
+                        renewed_key = self._build_key_from_gpg(
+                            fetched_key,
+                            key_data,
+                            seckey.address)
+                        yield self.put_key(renewed_key)
+                    defer.returnValue(renewed_key)
+        except Exception as e:
+            logger.warn('Failed to Extend Key: %s expiration date.' % str(e))
+            raise errors.KeyExpiryExtensionError(str(e))
+
+    @defer.inlineCallbacks
     def decrypt(self, data, privkey, passphrase=None, verify=None):
         """
         Decrypt C{data} using private @{privkey} and verify with C{verify} key.
author	NavaL <ayoyo@thoughtworks.com>	2016-11-16 16:53:48 +0100
committer	Ruben Pollan <meskio@sindominio.net>	2017-12-03 20:43:24 +0100
commit	3eab1813bfb9efeea65ab3ad9798b8e8dba6d163 (patch)
tree	af519eaf21e15edeb0211e0e1ad1b4b6c3301e18 /src/leap/bitmask/keymanager/openpgp.py
parent	10a8b732576aa6a21ca01f265967f9e09560c2cf (diff)