From f6c71494f0ada864e80ee74c60ec09939a14f44b Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Tue, 31 Oct 2017 10:36:35 +0100 Subject: [refactor] remove rengenerate key We are not planning to regenerate keys (for now), only to extend the expiration date. --- src/leap/bitmask/keymanager/__init__.py | 14 ------- src/leap/bitmask/keymanager/keys.py | 5 +-- src/leap/bitmask/keymanager/openpgp.py | 42 +------------------- tests/integration/keymanager/test_keymanager.py | 51 ------------------------- 4 files changed, 4 insertions(+), 108 deletions(-) diff --git a/src/leap/bitmask/keymanager/__init__.py b/src/leap/bitmask/keymanager/__init__.py index 2fa80c7c..c1095877 100644 --- a/src/leap/bitmask/keymanager/__init__.py +++ b/src/leap/bitmask/keymanager/__init__.py @@ -361,20 +361,6 @@ class KeyManager(object): d.addCallback(signal_finished) return d - @defer.inlineCallbacks - def regenerate_key(self): - """ - Regenerate a key bound to the user's address. - - :return: A Deferred which fires with the generated EncryptionKey. - :rtype: Deferred - """ - - self.log.info('Regenerating key for %s.' % self._address) - - new_key = yield self._openpgp.regenerate_key(self._address) - defer.returnValue(new_key) - # # Setters/getters # diff --git a/src/leap/bitmask/keymanager/keys.py b/src/leap/bitmask/keymanager/keys.py index 6c0c64ff..0f68c06b 100644 --- a/src/leap/bitmask/keymanager/keys.py +++ b/src/leap/bitmask/keymanager/keys.py @@ -191,7 +191,7 @@ class OpenPGPKey(object): return False - def merge(self, newkey, key_renewal=False): + def merge(self, newkey): if newkey.fingerprint != self.fingerprint: self.log.critical( "Can't put a key whith the same key_id and different " @@ -223,8 +223,7 @@ class OpenPGPKey(object): if newkey.last_audited_at > self.last_audited_at: self.validation = newkey.last_audited_at self.encr_used = newkey.encr_used or self.encr_used - if not key_renewal: - self.sign_used = newkey.sign_used or self.sign_used + self.sign_used = newkey.sign_used or self.sign_used self.refreshed_at = datetime.now() def get_json(self): diff --git a/src/leap/bitmask/keymanager/openpgp.py b/src/leap/bitmask/keymanager/openpgp.py index aea82156..ef77e30c 100644 --- a/src/leap/bitmask/keymanager/openpgp.py +++ b/src/leap/bitmask/keymanager/openpgp.py @@ -161,44 +161,6 @@ class OpenPGPScheme(object): # # Keys management # - @defer.inlineCallbacks - def regenerate_key(self, address): - """ - Deactivate Current keypair, - Generate a new OpenPGP keypair bound to C{address}, - and sign the new key with the old key. - - :param address: The address bound to the key. - :type address: str - - :return: A Deferred which fires with the new key bound to address. - :rtype: Deferred - """ - leap_assert(is_address(address), 'Not an user address: %s' % address) - current_sec_key = yield self.get_key(address, private=True) - current_pub_key = yield self.get_key(address, private=False) - with TempGPGWrapper([current_sec_key], self._gpgbinary) as gpg: - if current_sec_key.is_expired(): - temporary_extension_period = '1' # extend for 1 extra day - gpg.expire(current_sec_key.fingerprint, - expiration_time=temporary_extension_period) - yield self.unactivate_key(address) # only one priv key allowed - yield self.delete_key(current_pub_key) - new_key = yield self.gen_key(address) - gpg.import_keys(new_key.key_data) - key_signing = yield from_thread(gpg.sign_key, new_key.fingerprint) - if key_signing.status == 'ok': - fetched_keys = gpg.list_keys(secret=False) - fetched_key = filter(lambda k: k['fingerprint'] == - new_key.fingerprint, fetched_keys)[0] - key_data = gpg.export_keys(new_key.fingerprint, secret=False) - renewed_key = self._build_key_from_gpg( - fetched_key, - key_data, - new_key.address) - yield self.put_key(renewed_key) - defer.returnValue(new_key) - def gen_key(self, address): """ Generate an OpenPGP keypair bound to C{address}. @@ -411,7 +373,7 @@ class OpenPGPScheme(object): d.addCallback(put_key, openpgp_privkey) return d - def put_key(self, key, key_renewal=False): + def put_key(self, key): """ Put C{key} in local storage. @@ -431,7 +393,7 @@ class OpenPGPScheme(object): active_content = activedoc.content oldkey = build_key_from_dict(keydoc.content, active_content) - key.merge(oldkey, key_renewal) + key.merge(oldkey) keydoc.set_json(key.get_json()) d = self._soledad.put_doc(keydoc) d.addCallback(put_active, activedoc) diff --git a/tests/integration/keymanager/test_keymanager.py b/tests/integration/keymanager/test_keymanager.py index 2e4a9a97..8ed70bdf 100644 --- a/tests/integration/keymanager/test_keymanager.py +++ b/tests/integration/keymanager/test_keymanager.py @@ -592,51 +592,6 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase): yield km.put_raw_key(PRIVATE_KEY, ADDRESS) km.send_key.assert_called_once_with() - @defer.inlineCallbacks - def test_key_regenerate_gets_new_expiry_date_and_signed_by_old_key(self): - km = self._key_manager(user=ADDRESS_EXPIRING) - - yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING) - old_key = yield km.get_key(ADDRESS_EXPIRING, fetch_remote=False) - - new_key = yield km.regenerate_key() - - today = datetime.now() - new_expiry_date = date(today.year + 1, today.month, today.day) - renewed_public_key = yield km.get_key(ADDRESS_EXPIRING, - fetch_remote=False) - renewed_private_key = yield km.get_key(ADDRESS_EXPIRING, private=True) - - self.assertEqual(new_expiry_date, - renewed_public_key.expiry_date.date()) - self.assertEqual(new_expiry_date, - renewed_private_key.expiry_date.date()) - self.assertNotEqual(old_key.fingerprint, - renewed_public_key.fingerprint) - self.assertEqual(new_key.fingerprint, renewed_public_key.fingerprint) - self.assertIn(old_key.fingerprint[-16:], renewed_public_key.signatures) - - @defer.inlineCallbacks - def test_key_regenerate_deactivate_the_old_private_key(self): - km = self._key_manager(user=ADDRESS_EXPIRING) - - yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING) - old_key = yield km.get_key(ADDRESS_EXPIRING, fetch_remote=False) - - new_key = yield km.regenerate_key() - inactive_private_keys = yield km._get_inactive_private_keys() - renewed_public_key = yield km.get_key(ADDRESS_EXPIRING, private=False, - fetch_remote=False) - - self.assertEqual(1, len(inactive_private_keys)) - retrieved_old_key = inactive_private_keys[0] - self.assertEqual(old_key.fingerprint, - retrieved_old_key.fingerprint) - self.assertNotEqual(old_key.fingerprint, - new_key.fingerprint) - self.assertEqual(new_key.fingerprint, renewed_public_key.fingerprint) - self.assertIn(old_key.fingerprint[-16:], renewed_public_key.signatures) - class KeyManagerCryptoTestCase(KeyManagerWithSoledadTestCase): RAW_DATA = 'data' @@ -669,9 +624,6 @@ class KeyManagerCryptoTestCase(KeyManagerWithSoledadTestCase): fetch_remote=False) self.assertNotEqual(self.RAW_DATA, encdata) - # renew key - yield km.regenerate_key() - # decrypt rawdata, signingkey = yield km.decrypt( encdata, ADDRESS, verify=ADDRESS_2, fetch_remote=False) @@ -686,9 +638,6 @@ class KeyManagerCryptoTestCase(KeyManagerWithSoledadTestCase): yield km._openpgp.put_raw_key(PRIVATE_KEY, ADDRESS) yield km._openpgp.put_raw_key(PRIVATE_KEY_2, ADDRESS_2) - # renew key -- deactivate current key - yield km.regenerate_key() - # decrypt with self.assertRaises(errors.DecryptError): yield km.decrypt(ENCRYPTED_MESSAGE_FOR_DIFFERENT_KEY, -- cgit v1.2.3