summaryrefslogtreecommitdiff
path: root/src/leap/bitmask/keymanager/openpgp.py
diff options
context:
space:
mode:
authorNavaL <ayoyo@thoughtworks.com>2016-11-21 12:07:10 +0100
committerRuben Pollan <meskio@sindominio.net>2017-12-03 20:43:30 +0100
commit0454dc3545693a8c6325f4864d89154c514b3bcb (patch)
tree157a12a02cccca3184814ba8b059a8648b2cea54 /src/leap/bitmask/keymanager/openpgp.py
parente5c567d79557eecbd708f4fabe8d04c92cf66ea1 (diff)
[feat] reset sign_used flag after regenerating key pair
- this flag is used by leap.mail to attach the new key
Diffstat (limited to 'src/leap/bitmask/keymanager/openpgp.py')
-rw-r--r--src/leap/bitmask/keymanager/openpgp.py32
1 files changed, 28 insertions, 4 deletions
diff --git a/src/leap/bitmask/keymanager/openpgp.py b/src/leap/bitmask/keymanager/openpgp.py
index d0acca54..593536eb 100644
--- a/src/leap/bitmask/keymanager/openpgp.py
+++ b/src/leap/bitmask/keymanager/openpgp.py
@@ -30,6 +30,7 @@ from twisted.internet import defer
from twisted.internet.threads import deferToThread
from twisted.logger import Logger
+from leap.bitmask.keymanager.migrator import KeyDocumentsMigrator
from leap.common.check import leap_assert, leap_assert_type, leap_check
from leap.bitmask.keymanager import errors
from leap.bitmask.keymanager.wrapper import TempGPGWrapper
@@ -120,7 +121,6 @@ class OpenPGPScheme(object):
self._wait_indexes("get_key", "put_key", "get_all_keys")
def _migrate_documents_schema(self, _):
- from leap.bitmask.keymanager.migrator import KeyDocumentsMigrator
migrator = KeyDocumentsMigrator(self._soledad)
return migrator.migrate()
@@ -149,6 +149,7 @@ class OpenPGPScheme(object):
d.addCallback(lambda _: self.stored[method](*args, **kw))
self.waiting.append(d)
return d
+
return wrapper
for method in methods:
@@ -175,12 +176,14 @@ class OpenPGPScheme(object):
"""
leap_assert(is_address(address), 'Not an user address: %s' % address)
current_sec_key = yield self.get_key(address, private=True)
+ current_pub_key = yield self.get_key(address, private=False)
with TempGPGWrapper([current_sec_key], self._gpgbinary) as gpg:
if current_sec_key.has_expired():
temporary_extension_period = '1' # extend for 1 extra day
gpg.extend_key(current_sec_key.fingerprint,
validity=temporary_extension_period)
- yield self.unactivate_key(address)
+ yield self.unactivate_key(address) # only one priv key allowed
+ yield self.delete_key(current_pub_key)
new_key = yield self.gen_key(address)
gpg.import_keys(new_key.key_data)
key_signing = yield from_thread(gpg.sign_key, new_key.fingerprint)
@@ -405,7 +408,7 @@ class OpenPGPScheme(object):
d.addCallback(put_key, openpgp_privkey)
return d
- def put_key(self, key):
+ def put_key(self, key, key_renewal=False):
"""
Put C{key} in local storage.
@@ -425,7 +428,7 @@ class OpenPGPScheme(object):
active_content = activedoc.content
oldkey = build_key_from_dict(keydoc.content, active_content)
- key.merge(oldkey)
+ key.merge(oldkey, key_renewal)
keydoc.set_json(key.get_json())
d = self._soledad.put_doc(keydoc)
d.addCallback(put_active, activedoc)
@@ -578,6 +581,27 @@ class OpenPGPScheme(object):
active_doc = yield self._get_active_doc_from_address(address, False)
yield self._soledad.delete_doc(active_doc)
+ @defer.inlineCallbacks
+ def reset_all_keys_sign_used(self):
+ """
+ Reset sign_used flag for all keys in storage, to False...
+ to indicate that the key pair has not interacted with all
+ keys in the key ring yet.
+ This should only be used when regenerating the key pair.
+
+ """
+ all_keys = yield self.get_all_keys(private=False)
+ deferreds = []
+
+ @defer.inlineCallbacks
+ def reset_sign_used(key):
+ key.sign_used = False
+ yield self.put_key(key, key_renewal=True)
+
+ for open_pgp_key in all_keys:
+ deferreds.append(reset_sign_used(open_pgp_key))
+ yield defer.gatherResults(deferreds)
+
#
# Data encryption, decryption, signing and verifying
#