summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/leap/bitmask/keymanager/__init__.py14
-rw-r--r--src/leap/bitmask/keymanager/keys.py5
-rw-r--r--src/leap/bitmask/keymanager/openpgp.py42
-rw-r--r--tests/integration/keymanager/test_keymanager.py51
4 files changed, 4 insertions, 108 deletions
diff --git a/src/leap/bitmask/keymanager/__init__.py b/src/leap/bitmask/keymanager/__init__.py
index 2fa80c7c..c1095877 100644
--- a/src/leap/bitmask/keymanager/__init__.py
+++ b/src/leap/bitmask/keymanager/__init__.py
@@ -361,20 +361,6 @@ class KeyManager(object):
d.addCallback(signal_finished)
return d
- @defer.inlineCallbacks
- def regenerate_key(self):
- """
- Regenerate a key bound to the user's address.
-
- :return: A Deferred which fires with the generated EncryptionKey.
- :rtype: Deferred
- """
-
- self.log.info('Regenerating key for %s.' % self._address)
-
- new_key = yield self._openpgp.regenerate_key(self._address)
- defer.returnValue(new_key)
-
#
# Setters/getters
#
diff --git a/src/leap/bitmask/keymanager/keys.py b/src/leap/bitmask/keymanager/keys.py
index 6c0c64ff..0f68c06b 100644
--- a/src/leap/bitmask/keymanager/keys.py
+++ b/src/leap/bitmask/keymanager/keys.py
@@ -191,7 +191,7 @@ class OpenPGPKey(object):
return False
- def merge(self, newkey, key_renewal=False):
+ def merge(self, newkey):
if newkey.fingerprint != self.fingerprint:
self.log.critical(
"Can't put a key whith the same key_id and different "
@@ -223,8 +223,7 @@ class OpenPGPKey(object):
if newkey.last_audited_at > self.last_audited_at:
self.validation = newkey.last_audited_at
self.encr_used = newkey.encr_used or self.encr_used
- if not key_renewal:
- self.sign_used = newkey.sign_used or self.sign_used
+ self.sign_used = newkey.sign_used or self.sign_used
self.refreshed_at = datetime.now()
def get_json(self):
diff --git a/src/leap/bitmask/keymanager/openpgp.py b/src/leap/bitmask/keymanager/openpgp.py
index aea82156..ef77e30c 100644
--- a/src/leap/bitmask/keymanager/openpgp.py
+++ b/src/leap/bitmask/keymanager/openpgp.py
@@ -161,44 +161,6 @@ class OpenPGPScheme(object):
#
# Keys management
#
- @defer.inlineCallbacks
- def regenerate_key(self, address):
- """
- Deactivate Current keypair,
- Generate a new OpenPGP keypair bound to C{address},
- and sign the new key with the old key.
-
- :param address: The address bound to the key.
- :type address: str
-
- :return: A Deferred which fires with the new key bound to address.
- :rtype: Deferred
- """
- leap_assert(is_address(address), 'Not an user address: %s' % address)
- current_sec_key = yield self.get_key(address, private=True)
- current_pub_key = yield self.get_key(address, private=False)
- with TempGPGWrapper([current_sec_key], self._gpgbinary) as gpg:
- if current_sec_key.is_expired():
- temporary_extension_period = '1' # extend for 1 extra day
- gpg.expire(current_sec_key.fingerprint,
- expiration_time=temporary_extension_period)
- yield self.unactivate_key(address) # only one priv key allowed
- yield self.delete_key(current_pub_key)
- new_key = yield self.gen_key(address)
- gpg.import_keys(new_key.key_data)
- key_signing = yield from_thread(gpg.sign_key, new_key.fingerprint)
- if key_signing.status == 'ok':
- fetched_keys = gpg.list_keys(secret=False)
- fetched_key = filter(lambda k: k['fingerprint'] ==
- new_key.fingerprint, fetched_keys)[0]
- key_data = gpg.export_keys(new_key.fingerprint, secret=False)
- renewed_key = self._build_key_from_gpg(
- fetched_key,
- key_data,
- new_key.address)
- yield self.put_key(renewed_key)
- defer.returnValue(new_key)
-
def gen_key(self, address):
"""
Generate an OpenPGP keypair bound to C{address}.
@@ -411,7 +373,7 @@ class OpenPGPScheme(object):
d.addCallback(put_key, openpgp_privkey)
return d
- def put_key(self, key, key_renewal=False):
+ def put_key(self, key):
"""
Put C{key} in local storage.
@@ -431,7 +393,7 @@ class OpenPGPScheme(object):
active_content = activedoc.content
oldkey = build_key_from_dict(keydoc.content, active_content)
- key.merge(oldkey, key_renewal)
+ key.merge(oldkey)
keydoc.set_json(key.get_json())
d = self._soledad.put_doc(keydoc)
d.addCallback(put_active, activedoc)
diff --git a/tests/integration/keymanager/test_keymanager.py b/tests/integration/keymanager/test_keymanager.py
index 2e4a9a97..8ed70bdf 100644
--- a/tests/integration/keymanager/test_keymanager.py
+++ b/tests/integration/keymanager/test_keymanager.py
@@ -592,51 +592,6 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase):
yield km.put_raw_key(PRIVATE_KEY, ADDRESS)
km.send_key.assert_called_once_with()
- @defer.inlineCallbacks
- def test_key_regenerate_gets_new_expiry_date_and_signed_by_old_key(self):
- km = self._key_manager(user=ADDRESS_EXPIRING)
-
- yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING)
- old_key = yield km.get_key(ADDRESS_EXPIRING, fetch_remote=False)
-
- new_key = yield km.regenerate_key()
-
- today = datetime.now()
- new_expiry_date = date(today.year + 1, today.month, today.day)
- renewed_public_key = yield km.get_key(ADDRESS_EXPIRING,
- fetch_remote=False)
- renewed_private_key = yield km.get_key(ADDRESS_EXPIRING, private=True)
-
- self.assertEqual(new_expiry_date,
- renewed_public_key.expiry_date.date())
- self.assertEqual(new_expiry_date,
- renewed_private_key.expiry_date.date())
- self.assertNotEqual(old_key.fingerprint,
- renewed_public_key.fingerprint)
- self.assertEqual(new_key.fingerprint, renewed_public_key.fingerprint)
- self.assertIn(old_key.fingerprint[-16:], renewed_public_key.signatures)
-
- @defer.inlineCallbacks
- def test_key_regenerate_deactivate_the_old_private_key(self):
- km = self._key_manager(user=ADDRESS_EXPIRING)
-
- yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING)
- old_key = yield km.get_key(ADDRESS_EXPIRING, fetch_remote=False)
-
- new_key = yield km.regenerate_key()
- inactive_private_keys = yield km._get_inactive_private_keys()
- renewed_public_key = yield km.get_key(ADDRESS_EXPIRING, private=False,
- fetch_remote=False)
-
- self.assertEqual(1, len(inactive_private_keys))
- retrieved_old_key = inactive_private_keys[0]
- self.assertEqual(old_key.fingerprint,
- retrieved_old_key.fingerprint)
- self.assertNotEqual(old_key.fingerprint,
- new_key.fingerprint)
- self.assertEqual(new_key.fingerprint, renewed_public_key.fingerprint)
- self.assertIn(old_key.fingerprint[-16:], renewed_public_key.signatures)
-
class KeyManagerCryptoTestCase(KeyManagerWithSoledadTestCase):
RAW_DATA = 'data'
@@ -669,9 +624,6 @@ class KeyManagerCryptoTestCase(KeyManagerWithSoledadTestCase):
fetch_remote=False)
self.assertNotEqual(self.RAW_DATA, encdata)
- # renew key
- yield km.regenerate_key()
-
# decrypt
rawdata, signingkey = yield km.decrypt(
encdata, ADDRESS, verify=ADDRESS_2, fetch_remote=False)
@@ -686,9 +638,6 @@ class KeyManagerCryptoTestCase(KeyManagerWithSoledadTestCase):
yield km._openpgp.put_raw_key(PRIVATE_KEY, ADDRESS)
yield km._openpgp.put_raw_key(PRIVATE_KEY_2, ADDRESS_2)
- # renew key -- deactivate current key
- yield km.regenerate_key()
-
# decrypt
with self.assertRaises(errors.DecryptError):
yield km.decrypt(ENCRYPTED_MESSAGE_FOR_DIFFERENT_KEY,