diff options
-rw-r--r-- | src/leap/bitmask/keymanager/keys.py | 22 | ||||
-rw-r--r-- | src/leap/bitmask/keymanager/openpgp.py | 2 |
2 files changed, 20 insertions, 4 deletions
diff --git a/src/leap/bitmask/keymanager/keys.py b/src/leap/bitmask/keymanager/keys.py index d26f8b31..1e8d383f 100644 --- a/src/leap/bitmask/keymanager/keys.py +++ b/src/leap/bitmask/keymanager/keys.py @@ -30,6 +30,9 @@ from leap.bitmask.keymanager.wrapper import TempGPGWrapper from leap.bitmask.keymanager.validation import ValidationLevels from leap.bitmask.keymanager import documents as doc +TWO_MONTHS = 60 +DEFAULT_THRESHOLD = TWO_MONTHS + log = Logger() @@ -288,9 +291,6 @@ class OpenPGPKey(object): value = str(value) return key, value - def has_expired(self): - return self.expiry_date and self.expiry_date < datetime.now() - def __iter__(self): return self @@ -327,6 +327,22 @@ class OpenPGPKey(object): return False if self.expiry_date is None \ else self.expiry_date < datetime.now() + def should_be_renewed(self, before_expiry_threshold=DEFAULT_THRESHOLD): + """ + Indicates if the key reaches the renewal period. For ease of transition + keys should be renewed before they expire. + + :param before_expiry_threshold: the amount of days before expiry date + whereby the key should be renewed -- default value is 60 days + :type before_expiry_threshold: int + + :return: True if the current date is within the threshold + :rtype: Boolean + """ + + days_till_expiry = (self.expiry_date - datetime.now()) + return days_till_expiry.days < before_expiry_threshold + def parse_address(address): """ diff --git a/src/leap/bitmask/keymanager/openpgp.py b/src/leap/bitmask/keymanager/openpgp.py index d82f8e52..a856ee06 100644 --- a/src/leap/bitmask/keymanager/openpgp.py +++ b/src/leap/bitmask/keymanager/openpgp.py @@ -178,7 +178,7 @@ class OpenPGPScheme(object): current_sec_key = yield self.get_key(address, private=True) current_pub_key = yield self.get_key(address, private=False) with TempGPGWrapper([current_sec_key], self._gpgbinary) as gpg: - if current_sec_key.has_expired(): + if current_sec_key.is_expired(): temporary_extension_period = '1' # extend for 1 extra day gpg.extend_key(current_sec_key.fingerprint, validity=temporary_extension_period) |