diff options
Diffstat (limited to 'src/leap/bitmask/keymanager/openpgp.py')
-rw-r--r-- | src/leap/bitmask/keymanager/openpgp.py | 32 |
1 files changed, 28 insertions, 4 deletions
diff --git a/src/leap/bitmask/keymanager/openpgp.py b/src/leap/bitmask/keymanager/openpgp.py index d0acca54..593536eb 100644 --- a/src/leap/bitmask/keymanager/openpgp.py +++ b/src/leap/bitmask/keymanager/openpgp.py @@ -30,6 +30,7 @@ from twisted.internet import defer from twisted.internet.threads import deferToThread from twisted.logger import Logger +from leap.bitmask.keymanager.migrator import KeyDocumentsMigrator from leap.common.check import leap_assert, leap_assert_type, leap_check from leap.bitmask.keymanager import errors from leap.bitmask.keymanager.wrapper import TempGPGWrapper @@ -120,7 +121,6 @@ class OpenPGPScheme(object): self._wait_indexes("get_key", "put_key", "get_all_keys") def _migrate_documents_schema(self, _): - from leap.bitmask.keymanager.migrator import KeyDocumentsMigrator migrator = KeyDocumentsMigrator(self._soledad) return migrator.migrate() @@ -149,6 +149,7 @@ class OpenPGPScheme(object): d.addCallback(lambda _: self.stored[method](*args, **kw)) self.waiting.append(d) return d + return wrapper for method in methods: @@ -175,12 +176,14 @@ class OpenPGPScheme(object): """ leap_assert(is_address(address), 'Not an user address: %s' % address) current_sec_key = yield self.get_key(address, private=True) + current_pub_key = yield self.get_key(address, private=False) with TempGPGWrapper([current_sec_key], self._gpgbinary) as gpg: if current_sec_key.has_expired(): temporary_extension_period = '1' # extend for 1 extra day gpg.extend_key(current_sec_key.fingerprint, validity=temporary_extension_period) - yield self.unactivate_key(address) + yield self.unactivate_key(address) # only one priv key allowed + yield self.delete_key(current_pub_key) new_key = yield self.gen_key(address) gpg.import_keys(new_key.key_data) key_signing = yield from_thread(gpg.sign_key, new_key.fingerprint) @@ -405,7 +408,7 @@ class OpenPGPScheme(object): d.addCallback(put_key, openpgp_privkey) return d - def put_key(self, key): + def put_key(self, key, key_renewal=False): """ Put C{key} in local storage. @@ -425,7 +428,7 @@ class OpenPGPScheme(object): active_content = activedoc.content oldkey = build_key_from_dict(keydoc.content, active_content) - key.merge(oldkey) + key.merge(oldkey, key_renewal) keydoc.set_json(key.get_json()) d = self._soledad.put_doc(keydoc) d.addCallback(put_active, activedoc) @@ -578,6 +581,27 @@ class OpenPGPScheme(object): active_doc = yield self._get_active_doc_from_address(address, False) yield self._soledad.delete_doc(active_doc) + @defer.inlineCallbacks + def reset_all_keys_sign_used(self): + """ + Reset sign_used flag for all keys in storage, to False... + to indicate that the key pair has not interacted with all + keys in the key ring yet. + This should only be used when regenerating the key pair. + + """ + all_keys = yield self.get_all_keys(private=False) + deferreds = [] + + @defer.inlineCallbacks + def reset_sign_used(key): + key.sign_used = False + yield self.put_key(key, key_renewal=True) + + for open_pgp_key in all_keys: + deferreds.append(reset_sign_used(open_pgp_key)) + yield defer.gatherResults(deferreds) + # # Data encryption, decryption, signing and verifying # |