summaryrefslogtreecommitdiff
path: root/src/leap/bitmask
diff options
context:
space:
mode:
authorNavaL <ayoyo@thoughtworks.com>2016-11-29 19:28:52 +0100
committerRuben Pollan <meskio@sindominio.net>2017-12-03 20:43:32 +0100
commit9430464704fc58460613c4225f5a0eb59617d4b5 (patch)
treeec83219dcabd45d7dbbfe99f3500c1642ea601e9 /src/leap/bitmask
parent6b5c2e802eef35f1752713d353d3001f43980841 (diff)
[feat] expired public key are remotely fetched if expired
- private key is not allowed to be fetched remotely - fetch_remote needs to be specifically set - if a new key is fetched (ie different KeyID), the validation rule applies
Diffstat (limited to 'src/leap/bitmask')
-rw-r--r--src/leap/bitmask/keymanager/__init__.py21
1 files changed, 17 insertions, 4 deletions
diff --git a/src/leap/bitmask/keymanager/__init__.py b/src/leap/bitmask/keymanager/__init__.py
index e3d7fdd0..7164cb91 100644
--- a/src/leap/bitmask/keymanager/__init__.py
+++ b/src/leap/bitmask/keymanager/__init__.py
@@ -229,8 +229,9 @@ class KeyManager(object):
"""
Return a key bound to address.
- First, search for the key in local storage. If it is not available,
- then try to fetch from nickserver.
+ First, search for the key in local storage. When it is available
+ locally but is expired or when it is not available locally,
+ then a fetch from nickserver is tried.
:param address: The address bound to the key.
:type address: str
@@ -244,6 +245,8 @@ class KeyManager(object):
or which fails with KeyNotFound if no key was found neither
locally or in keyserver or fail with KeyVersionError if the
key has a format not supported by this version of KeyManager
+ or KeyNotValidUpgrade if the key is renewed remotely but fails
+ the validation rule
:rtype: Deferred
:raise UnsupportedKeyTypeError: if invalid key type
@@ -255,17 +258,27 @@ class KeyManager(object):
emit_async(catalog.KEYMANAGER_KEY_FOUND, address)
return key
+ def ensure_valid(key):
+ if key.is_expired():
+ logger.info('Found expired key for %s.' % self._address)
+ return _fetch_remotely(key)
+ key_found(key)
+ return key
+
def key_not_found(failure):
if not failure.check(keymanager_errors.KeyNotFound):
return failure
emit_async(catalog.KEYMANAGER_KEY_NOT_FOUND, address)
+ return _fetch_remotely(failure)
+ def _fetch_remotely(passthru):
# we will only try to fetch a key from nickserver if fetch_remote
# is True and the key is not private.
if fetch_remote is False or private is True:
- return failure
+ return passthru
+ logger.debug('Fetching remotely key for %s.' % self._address)
emit_async(catalog.KEYMANAGER_LOOKING_FOR_KEY, address)
d = self._fetch_keys_from_server_and_store_local(address)
d.addCallback(
@@ -275,7 +288,7 @@ class KeyManager(object):
# return key if it exists in local database
d = self._openpgp.get_key(address, private=private)
- d.addCallbacks(key_found, key_not_found)
+ d.addCallbacks(ensure_valid, key_not_found)
return d
@defer.inlineCallbacks