From 847bc7ddd051c4656d86a6eda1b4e6cbdb5b1c5e Mon Sep 17 00:00:00 2001
From: Zara Gebru <zgebru@thoughtworks.com>
Date: Thu, 16 Jun 2016 14:41:54 +0200
Subject: Check validity of key signature

Check if a new fetched key was signed by a old key with the same address.

Please do not merge before: https://github.com/isislovecruft/python-gnupg/pull/150

- Resolves #8112
---
 src/leap/bitmask/keymanager/keys.py       | 22 ++++++++++++++++++++++
 src/leap/bitmask/keymanager/validation.py |  7 +------
 2 files changed, 23 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/leap/bitmask/keymanager/keys.py b/src/leap/bitmask/keymanager/keys.py
index fd454480..622c1c68 100644
--- a/src/leap/bitmask/keymanager/keys.py
+++ b/src/leap/bitmask/keymanager/keys.py
@@ -160,6 +160,28 @@ class OpenPGPKey(object):
 
         return []
 
+    def is_signed_by(self, other_key):
+        """
+        Checks if current key was signed by another key. Rather than just
+        relying on the fingerprint being there, we use gpg's --check-sigs with
+        both keys being present in the keychain to check the signature
+        validity. By doing so, relying on the long key id instead of the
+        fingerprint is fine.
+
+        :param other_key: the other key.
+        :return: True if valid signature could be found.
+        :rtype: bool
+        """
+        keys = [self, other_key]
+        with TempGPGWrapper(keys=keys, gpgbinary=self._gpgbinary) as gpg:
+            certs = gpg.check_sigs(str(self.fingerprint)).certs
+            for uid, cur_certs in certs.iteritems():
+                if (parse_address(uid) in other_key.uids and
+                        other_key.fingerprint[-16:] in cur_certs):
+                    return True
+
+            return False
+
     def merge(self, newkey):
         if newkey.fingerprint != self.fingerprint:
             logger.critical(
diff --git a/src/leap/bitmask/keymanager/validation.py b/src/leap/bitmask/keymanager/validation.py
index 16a897e9..61adc0e1 100644
--- a/src/leap/bitmask/keymanager/validation.py
+++ b/src/leap/bitmask/keymanager/validation.py
@@ -121,9 +121,4 @@ def can_upgrade(new_key, old_key):
         return True
 
     # New key signed by the old key
-    # XXX: signatures are using key-ids instead of fingerprints
-    key_id = old_key.fingerprint[-16:]
-    if key_id in new_key.signatures:
-        return True
-
-    return False
+    return new_key.is_signed_by(old_key)
-- 
cgit v1.2.3