diff options
-rw-r--r-- | src/leap/bitmask/keymanager/__init__.py | 20 | ||||
-rw-r--r-- | src/leap/bitmask/keymanager/errors.py | 4 | ||||
-rw-r--r-- | src/leap/bitmask/keymanager/openpgp.py | 31 | ||||
-rw-r--r-- | tests/integration/keymanager/test_keymanager.py | 22 |
4 files changed, 40 insertions, 37 deletions
diff --git a/src/leap/bitmask/keymanager/__init__.py b/src/leap/bitmask/keymanager/__init__.py index 09ac9bc7..9240b8a5 100644 --- a/src/leap/bitmask/keymanager/__init__.py +++ b/src/leap/bitmask/keymanager/__init__.py @@ -787,23 +787,25 @@ class KeyManager(object): yield self.put_key(pubkey) @defer.inlineCallbacks - def extend_key_expiration(self, validity='1y', passphrase=None): + def change_key_expiration(self, expiration_time='1y', passphrase=None): """ - extend the expiration date of the key pair bound to the user's address - by the validity period, from the key's creation date. + Change the expiration date of the key pair bound to the user's address + by the expiration_time period, from the current day. - :param validity: new validity from creation date 'n','nw','nm' or 'ny' - where n is a number - :type validity: str + :param expiration_time: new expiration time from current day in 'n', + 'nw', 'nm' or 'ny' where n is a number + :type expiration_time: str :return: The updated secret key, with new expiry date :rtype: OpenPGPKey - :raise KeyExpiryExtensionError: if invalid validity period + :raise KeyExpirationError: if invalid expiration time period """ my_secret_key = yield self.get_key(self._address, private=True) - renewed_key = yield self._openpgp.extend_key(my_secret_key, validity, - passphrase) + renewed_key = yield self._openpgp.expire( + my_secret_key, + expiration_time=expiration_time, + passphrase=passphrase) yield self._openpgp.reset_all_keys_sign_used() defer.returnValue(renewed_key) diff --git a/src/leap/bitmask/keymanager/errors.py b/src/leap/bitmask/keymanager/errors.py index 1ca234de..0ec3650a 100644 --- a/src/leap/bitmask/keymanager/errors.py +++ b/src/leap/bitmask/keymanager/errors.py @@ -88,9 +88,9 @@ class GPGError(Exception): pass -class KeyExpiryExtensionError(Exception): +class KeyExpirationError(Exception): """ - Error during key expiry date extension + Error during key expiry date change """ diff --git a/src/leap/bitmask/keymanager/openpgp.py b/src/leap/bitmask/keymanager/openpgp.py index e667fd97..2361e6a8 100644 --- a/src/leap/bitmask/keymanager/openpgp.py +++ b/src/leap/bitmask/keymanager/openpgp.py @@ -180,8 +180,8 @@ class OpenPGPScheme(object): with TempGPGWrapper([current_sec_key], self._gpgbinary) as gpg: if current_sec_key.is_expired(): temporary_extension_period = '1' # extend for 1 extra day - gpg.extend_key(current_sec_key.fingerprint, - validity=temporary_extension_period) + gpg.expire(current_sec_key.fingerprint, + expiration_time=temporary_extension_period) yield self.unactivate_key(address) # only one priv key allowed yield self.delete_key(current_pub_key) new_key = yield self.gen_key(address) @@ -679,30 +679,31 @@ class OpenPGPScheme(object): raise errors.EncryptError() @defer.inlineCallbacks - def extend_key(self, seckey, validity='1y', passphrase=None): + def expire(self, seckey, expiration_time='1y', passphrase=None): """ - Extend C{key} key pair, expiration date for C{validity} period, - from its creation date. + Change expiration for C{key} key pair for the given C{expiration_time} + period, from the current day. - :param seckey: The secret key of the key pair to be extended. + :param seckey: The secret key of the key pair to have the expiration + time changed. :type seckey: OpenPGPKey - :param validity: new validity from creation date 'n','nw','nm' or 'ny' - where n is a number - :type validity: str + :param expiration_time: new expiration time from the current day in + 'n', 'nw','nm' or 'ny' where n is a number + :type expiration_time: str :return: The updated secret key, with new expiry date :rtype: OpenPGPKey - :raise KeyExpiryExtensionError: Raised if failed to extend key - for some reason. + :raise KeyExpirationError: Raised if failed to change expiration of key + for some reason. """ leap_assert_type(seckey, OpenPGPKey) leap_assert(seckey.private is True, 'Key is not private.') keys = [seckey] try: with TempGPGWrapper(keys, self._gpgbinary) as gpg: - result = yield from_thread(gpg.extend_key, seckey.fingerprint, - validity=validity, + result = yield from_thread(gpg.expire, seckey.fingerprint, + expiration_time=expiration_time, passphrase=passphrase) if result.status == 'ok': for secret in [False, True]: @@ -716,8 +717,8 @@ class OpenPGPScheme(object): yield self.put_key(renewed_key) defer.returnValue(renewed_key) except Exception as e: - log.warn('Failed to Extend Key: %s expiration date.' % str(e)) - raise errors.KeyExpiryExtensionError(str(e)) + log.warn('Failed to change expiration of key: %s' % str(e)) + raise errors.KeyExpirationError(str(e)) @defer.inlineCallbacks def decrypt(self, data, privkey, passphrase=None, verify=None): diff --git a/tests/integration/keymanager/test_keymanager.py b/tests/integration/keymanager/test_keymanager.py index 5b805ea4..474643d4 100644 --- a/tests/integration/keymanager/test_keymanager.py +++ b/tests/integration/keymanager/test_keymanager.py @@ -31,7 +31,7 @@ import mock from leap.common import ca_bundle from leap.bitmask.keymanager import errors -from leap.bitmask.keymanager.errors import KeyExpiryExtensionError +from leap.bitmask.keymanager.errors import KeyExpirationError from leap.bitmask.keymanager.keys import ( OpenPGPKey, is_address, @@ -54,8 +54,7 @@ from common import ( OLD_AND_NEW_KEY_ADDRESS, DIFFERENT_PRIVATE_KEY, DIFFERENT_KEY_FPR, - DIFFERENT_PUBLIC_KEY, - KEY_EXPIRING_CREATION_DATE) + DIFFERENT_PUBLIC_KEY) NICKSERVER_URI = "http://leap.se/" REMOTE_KEY_URL = "http://site.domain/key" @@ -654,13 +653,13 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase): km._openpgp.reset_all_keys_sign_used.assert_called_once() @defer.inlineCallbacks - def test_keymanager_extend_key_expiry_date_for_key_pair(self): + def test_keymanager_change_key_expiry_date_for_key_pair(self): km = self._key_manager(user=ADDRESS_EXPIRING) yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING) key = yield km.get_key(ADDRESS_EXPIRING, fetch_remote=False) - yield km.extend_key_expiration(validity='1w') + yield km.change_key_expiration(expiration_time='1w') new_expiry_date = date.today() + timedelta(weeks=1) @@ -676,27 +675,28 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase): self.assertEqual(key.fingerprint, renewed_private_key.fingerprint) @defer.inlineCallbacks - def test_key_extension_resets_all_public_key_sign_used(self): + def test_change_key_expiration_resets_all_public_key_sign_used(self): km = self._key_manager(user=ADDRESS_EXPIRING) yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING) km._openpgp.reset_all_keys_sign_used = mock.Mock() - yield km.extend_key_expiration(validity='1w') + yield km.change_key_expiration(expiration_time='1w') km._openpgp.reset_all_keys_sign_used.assert_called_once() @defer.inlineCallbacks - def test_key_extension_with_invalid_period_throws_exception(self): + def test_change_key_expiration_with_invalid_period_throws_exception(self): km = self._key_manager(user=ADDRESS_EXPIRING) yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING) key = yield km.get_key(ADDRESS_EXPIRING, fetch_remote=False) - invalid_validity_option = '2xw' + invalid_expiration_time_option = '2xw' - with self.assertRaises(KeyExpiryExtensionError): - yield km.extend_key_expiration(validity=invalid_validity_option) + with self.assertRaises(KeyExpirationError): + yield km.change_key_expiration( + expiration_time=invalid_expiration_time_option) renewed_public_key = yield km.get_key(ADDRESS_EXPIRING, fetch_remote=False) |