Age | Commit message (Collapse) | Author |
|
Check on every fetch of the private key if the expiration is less than
two months before it expire. And extend the expiration if needed.
- Resolves: #8217
|
|
We are not planning to regenerate keys (for now), only to extend the
expiration date.
|
|
We were considering to reset the sign_used flag to force the new key to
be resend as attachment in forthcoming emails. Although, this is not a
good solution, because we'll lose information about which keys the
client has signed.
|
|
This was intended to offer the option of only extend the old key and
not change it for a new one. However, we don't plan to use this
behavior anymore.
|
|
|
|
This changes reflect python-gnupg naming.
With @aarni
|
|
|
|
The KEYMANAGER_FINISHED_KEY_GENERATION event is used to send a welcome
mail to the users, which was causing a new welcome mail when
regenerating a key. We removed the event from regenerate_key method.
We should implement a KEYMANAGER_FINISHED_KEY_REGENERATION event when
it's needed.
|
|
- private key is not allowed to be fetched remotely
- fetch_remote needs to be specifically set
- if a new key is fetched (ie different KeyID), the validation
rule applies
|
|
date is extended
- this is required so that the key is re-attached to the first
outgoing email to all users who already have the expired key.
|
|
- private key is not allowed to be fetched remotely
- fetch_remote needs to be specifically set
- if a new key is fetched (ie different KeyID), the validation
rule applies
|
|
|
|
is renewed
- there is only one private inactive key that is the key
expiring last among all inactive keys
- if there is an inactive key, decryption with it, is tried
if it fails with the current active key.
|
|
- this flag is used by leap.mail to attach the new key
|
|
- if current key pair is expired, it'll be extended for a day first
- new key pair will be signed by the old key
|
|
- extends key pair (unlocked from soledad)
- extension period is counted from key creation date
|
|
- Resolves: #9023
|
|
There was a mismatch on the return values of Nicknym class and the
expectations. As most of the code was expecting an OpenPGPKey, but it
was returning the json as it came from the nickserver. Now is just
returning the key data.
|
|
This can be produced by errors fetching keys from the server.
- Resolves: #8971
|
|
|
|
|
|
Deal as well with sending key if key is outdated in the providers nicknym.
- Resolves: #8819, #8832
|
|
I changed most of the logger statements to use a class attribute, in
this way it's easier to identify which class it's logging them.
in some cases I leave a module-level logger, when we're either using
functions or when the module it's too small.
at the same time I did a general review and cleanup of the logging
statements.
|
|
|
|
the token is set when we get the srp token in the keymanager service,
but it wasn't been propagated properly to the internal nicknym object
that was refactored recently.
here I make the setter write the same token to both keymanager itself
and the nicknym.
some little additional refactors:
- move gpg initialization to a helper method
in this way it becomes easier to stub the soledad and keymanager
components, for testing.
- name nicknym token as publicly visible, since i'm accessing
it from the keymanager object.
- Resolves: #8651
|
|
- some pep8 problems
- some confusion with old and new code after merging
from old keymanager
|
|
|
|
Port of the original commit:
8f1fe8dd4a54fd2bdda2fc78c339ce9b3d0fc331
by Zara Gebru that introduced updating keys in the background.
This was made in the legacy leapcode/keymanager repo, but was lost in
the merge to the unified bitmask-dev.
Original commit message follows:
--------------------------------
- refresh random key in random time
- add get key by fingerprint
- refactor nicknym methods to own file
- tests
- note this do not include a check for
revoked key, since that need some changes
in gnupg
- Related: #6089
|
|
|
|
|
|
|
|
|
|
this brings back a couple of commits by pixelated that were missed in my
keymanager merge.
https://github.com/leapcode/keymanager/commit/354ad5a12e90463f9952fe056f191c6d4cdadf40
https://github.com/leapcode/keymanager/commit/dd7ba606df2909c76b20b1d4bb0134302f94b3d0
basically it removes the destructor (there's no guarantee that it gets
executed!) and it addds the combined ca bundle as an optional parameter
to keymanager initialization
|
|
|
|
|
|
|