diff options
author | NavaL <ayoyo@thoughtworks.com> | 2016-11-29 19:28:52 +0100 |
---|---|---|
committer | Ruben Pollan <meskio@sindominio.net> | 2017-12-03 20:43:32 +0100 |
commit | 9430464704fc58460613c4225f5a0eb59617d4b5 (patch) | |
tree | ec83219dcabd45d7dbbfe99f3500c1642ea601e9 /src/leap | |
parent | 6b5c2e802eef35f1752713d353d3001f43980841 (diff) |
[feat] expired public key are remotely fetched if expired
- private key is not allowed to be fetched remotely
- fetch_remote needs to be specifically set
- if a new key is fetched (ie different KeyID), the validation
rule applies
Diffstat (limited to 'src/leap')
-rw-r--r-- | src/leap/bitmask/keymanager/__init__.py | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/src/leap/bitmask/keymanager/__init__.py b/src/leap/bitmask/keymanager/__init__.py index e3d7fdd0..7164cb91 100644 --- a/src/leap/bitmask/keymanager/__init__.py +++ b/src/leap/bitmask/keymanager/__init__.py @@ -229,8 +229,9 @@ class KeyManager(object): """ Return a key bound to address. - First, search for the key in local storage. If it is not available, - then try to fetch from nickserver. + First, search for the key in local storage. When it is available + locally but is expired or when it is not available locally, + then a fetch from nickserver is tried. :param address: The address bound to the key. :type address: str @@ -244,6 +245,8 @@ class KeyManager(object): or which fails with KeyNotFound if no key was found neither locally or in keyserver or fail with KeyVersionError if the key has a format not supported by this version of KeyManager + or KeyNotValidUpgrade if the key is renewed remotely but fails + the validation rule :rtype: Deferred :raise UnsupportedKeyTypeError: if invalid key type @@ -255,17 +258,27 @@ class KeyManager(object): emit_async(catalog.KEYMANAGER_KEY_FOUND, address) return key + def ensure_valid(key): + if key.is_expired(): + logger.info('Found expired key for %s.' % self._address) + return _fetch_remotely(key) + key_found(key) + return key + def key_not_found(failure): if not failure.check(keymanager_errors.KeyNotFound): return failure emit_async(catalog.KEYMANAGER_KEY_NOT_FOUND, address) + return _fetch_remotely(failure) + def _fetch_remotely(passthru): # we will only try to fetch a key from nickserver if fetch_remote # is True and the key is not private. if fetch_remote is False or private is True: - return failure + return passthru + logger.debug('Fetching remotely key for %s.' % self._address) emit_async(catalog.KEYMANAGER_LOOKING_FOR_KEY, address) d = self._fetch_keys_from_server_and_store_local(address) d.addCallback( @@ -275,7 +288,7 @@ class KeyManager(object): # return key if it exists in local database d = self._openpgp.get_key(address, private=private) - d.addCallbacks(key_found, key_not_found) + d.addCallbacks(ensure_valid, key_not_found) return d @defer.inlineCallbacks |