From a164b1daa6bcbbf6bffe84d6b02ed2be43c29e7f Mon Sep 17 00:00:00 2001 From: NavaL Date: Mon, 5 Dec 2016 15:12:56 +0100 Subject: [bug] sign_used flag is reset for all public keys when the key expiration date is extended - this is required so that the key is re-attached to the first outgoing email to all users who already have the expired key. --- src/leap/bitmask/keymanager/__init__.py | 3 ++- tests/integration/keymanager/test_keymanager.py | 35 ++++++++++++++++++++++++- 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/src/leap/bitmask/keymanager/__init__.py b/src/leap/bitmask/keymanager/__init__.py index 7164cb91..6eeaecc9 100644 --- a/src/leap/bitmask/keymanager/__init__.py +++ b/src/leap/bitmask/keymanager/__init__.py @@ -793,7 +793,7 @@ class KeyManager(object): yield self.put_key(pubkey) @defer.inlineCallbacks - def extend_key(self, validity='1y', passphrase=None): + def extend_key_expiration(self, validity='1y', passphrase=None): """ extend the expiration date of the key pair bound to the user's address by the validity period, from the key's creation date. @@ -810,6 +810,7 @@ class KeyManager(object): my_secret_key = yield self.get_key(self._address, private=True) renewed_key = yield self._openpgp.extend_key(my_secret_key, validity, passphrase) + yield self._openpgp.reset_all_keys_sign_used() defer.returnValue(renewed_key) diff --git a/tests/integration/keymanager/test_keymanager.py b/tests/integration/keymanager/test_keymanager.py index 6a6feb31..d8772191 100644 --- a/tests/integration/keymanager/test_keymanager.py +++ b/tests/integration/keymanager/test_keymanager.py @@ -653,6 +653,39 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase): km._openpgp.reset_all_keys_sign_used.assert_called_once() + @defer.inlineCallbacks + def test_keymanager_extend_key_expiry_date_for_key_pair(self): + km = self._key_manager(user=ADDRESS_EXPIRING) + + yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING) + key = yield km.get_key(ADDRESS_EXPIRING) + + yield km.extend_key_expiration(validity='1w') + + new_expiry_date = datetime.strptime( + KEY_EXPIRING_CREATION_DATE, '%Y-%m-%d') + new_expiry_date += timedelta(weeks=1) + renewed_public_key = yield km.get_key(ADDRESS_EXPIRING) + renewed_private_key = yield km.get_key(ADDRESS_EXPIRING, private=True) + + self.assertEqual(new_expiry_date.date(), + renewed_public_key.expiry_date.date()) + self.assertEqual(new_expiry_date.date(), + renewed_private_key.expiry_date.date()) + self.assertEqual(key.fingerprint, renewed_public_key.fingerprint) + self.assertEqual(key.fingerprint, renewed_private_key.fingerprint) + + @defer.inlineCallbacks + def test_key_extension_resets_all_public_key_sign_used(self): + km = self._key_manager(user=ADDRESS_EXPIRING) + + yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING) + km._openpgp.reset_all_keys_sign_used = mock.Mock() + + yield km.extend_key_expiration(validity='1w') + + km._openpgp.reset_all_keys_sign_used.assert_called_once() + @defer.inlineCallbacks def test_key_extension_with_invalid_period_throws_exception(self): km = self._key_manager(user=ADDRESS_EXPIRING) @@ -663,7 +696,7 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase): invalid_validity_option = '2xw' with self.assertRaises(KeyExpiryExtensionError): - yield km.extend_key(validity=invalid_validity_option) + yield km.extend_key_expiration(validity=invalid_validity_option) renewed_public_key = yield km.get_key(ADDRESS_EXPIRING, fetch_remote=False) -- cgit v1.2.3