summaryrefslogtreecommitdiff
path: root/src/leap/bitmask/keymanager
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/bitmask/keymanager')
-rw-r--r--src/leap/bitmask/keymanager/__init__.py10
-rw-r--r--src/leap/bitmask/keymanager/keys.py5
-rw-r--r--src/leap/bitmask/keymanager/openpgp.py32
3 files changed, 38 insertions, 9 deletions
diff --git a/src/leap/bitmask/keymanager/__init__.py b/src/leap/bitmask/keymanager/__init__.py
index 483c7e51..a273b87d 100644
--- a/src/leap/bitmask/keymanager/__init__.py
+++ b/src/leap/bitmask/keymanager/__init__.py
@@ -330,6 +330,7 @@ class KeyManager(object):
d.addCallback(signal_finished)
return d
+ @defer.inlineCallbacks
def regenerate_key(self):
"""
Regenerate a key bound to the user's address.
@@ -345,9 +346,12 @@ class KeyManager(object):
self.log.info('Regenerating key for %s.' % self._address)
emit_async(catalog.KEYMANAGER_STARTED_KEY_GENERATION, self._address)
- d = self._openpgp.regenerate_key(self._address)
- d.addCallback(signal_finished)
- return d
+ new_key = yield self._openpgp.regenerate_key(self._address)
+ yield self._openpgp.reset_all_keys_sign_used()
+ emit_async(
+ catalog.KEYMANAGER_FINISHED_KEY_GENERATION, self._address)
+
+ defer.returnValue(new_key)
#
# Setters/getters
diff --git a/src/leap/bitmask/keymanager/keys.py b/src/leap/bitmask/keymanager/keys.py
index d37c6d21..7e8d8ead 100644
--- a/src/leap/bitmask/keymanager/keys.py
+++ b/src/leap/bitmask/keymanager/keys.py
@@ -184,7 +184,7 @@ class OpenPGPKey(object):
return False
- def merge(self, newkey):
+ def merge(self, newkey, key_renewal=False):
if newkey.fingerprint != self.fingerprint:
self.log.critical(
"Can't put a key whith the same key_id and different "
@@ -216,7 +216,8 @@ class OpenPGPKey(object):
if newkey.last_audited_at > self.last_audited_at:
self.validation = newkey.last_audited_at
self.encr_used = newkey.encr_used or self.encr_used
- self.sign_used = newkey.sign_used or self.sign_used
+ if not key_renewal:
+ self.sign_used = newkey.sign_used or self.sign_used
self.refreshed_at = datetime.now()
def get_json(self):
diff --git a/src/leap/bitmask/keymanager/openpgp.py b/src/leap/bitmask/keymanager/openpgp.py
index d0acca54..593536eb 100644
--- a/src/leap/bitmask/keymanager/openpgp.py
+++ b/src/leap/bitmask/keymanager/openpgp.py
@@ -30,6 +30,7 @@ from twisted.internet import defer
from twisted.internet.threads import deferToThread
from twisted.logger import Logger
+from leap.bitmask.keymanager.migrator import KeyDocumentsMigrator
from leap.common.check import leap_assert, leap_assert_type, leap_check
from leap.bitmask.keymanager import errors
from leap.bitmask.keymanager.wrapper import TempGPGWrapper
@@ -120,7 +121,6 @@ class OpenPGPScheme(object):
self._wait_indexes("get_key", "put_key", "get_all_keys")
def _migrate_documents_schema(self, _):
- from leap.bitmask.keymanager.migrator import KeyDocumentsMigrator
migrator = KeyDocumentsMigrator(self._soledad)
return migrator.migrate()
@@ -149,6 +149,7 @@ class OpenPGPScheme(object):
d.addCallback(lambda _: self.stored[method](*args, **kw))
self.waiting.append(d)
return d
+
return wrapper
for method in methods:
@@ -175,12 +176,14 @@ class OpenPGPScheme(object):
"""
leap_assert(is_address(address), 'Not an user address: %s' % address)
current_sec_key = yield self.get_key(address, private=True)
+ current_pub_key = yield self.get_key(address, private=False)
with TempGPGWrapper([current_sec_key], self._gpgbinary) as gpg:
if current_sec_key.has_expired():
temporary_extension_period = '1' # extend for 1 extra day
gpg.extend_key(current_sec_key.fingerprint,
validity=temporary_extension_period)
- yield self.unactivate_key(address)
+ yield self.unactivate_key(address) # only one priv key allowed
+ yield self.delete_key(current_pub_key)
new_key = yield self.gen_key(address)
gpg.import_keys(new_key.key_data)
key_signing = yield from_thread(gpg.sign_key, new_key.fingerprint)
@@ -405,7 +408,7 @@ class OpenPGPScheme(object):
d.addCallback(put_key, openpgp_privkey)
return d
- def put_key(self, key):
+ def put_key(self, key, key_renewal=False):
"""
Put C{key} in local storage.
@@ -425,7 +428,7 @@ class OpenPGPScheme(object):
active_content = activedoc.content
oldkey = build_key_from_dict(keydoc.content, active_content)
- key.merge(oldkey)
+ key.merge(oldkey, key_renewal)
keydoc.set_json(key.get_json())
d = self._soledad.put_doc(keydoc)
d.addCallback(put_active, activedoc)
@@ -578,6 +581,27 @@ class OpenPGPScheme(object):
active_doc = yield self._get_active_doc_from_address(address, False)
yield self._soledad.delete_doc(active_doc)
+ @defer.inlineCallbacks
+ def reset_all_keys_sign_used(self):
+ """
+ Reset sign_used flag for all keys in storage, to False...
+ to indicate that the key pair has not interacted with all
+ keys in the key ring yet.
+ This should only be used when regenerating the key pair.
+
+ """
+ all_keys = yield self.get_all_keys(private=False)
+ deferreds = []
+
+ @defer.inlineCallbacks
+ def reset_sign_used(key):
+ key.sign_used = False
+ yield self.put_key(key, key_renewal=True)
+
+ for open_pgp_key in all_keys:
+ deferreds.append(reset_sign_used(open_pgp_key))
+ yield defer.gatherResults(deferreds)
+
#
# Data encryption, decryption, signing and verifying
#