1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
# -*- coding: utf-8 -*-
# __init__.py
# Copyright (C) 2014 LEAP
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
"""
Validation levels implementation for key managment.
See:
https://lists.riseup.net/www/arc/leap-discuss/2014-09/msg00000.html
"""
from datetime import datetime
from enum import Enum
ValidationLevel = Enum(
"Weak_Chain",
"Provider_Trust",
"Provider_Endorsement",
"Third_Party_Endorsement",
"Third_Party_Consensus",
"Historically_Auditing",
"Known_Key",
"Fingerprint")
def toValidationLevel(value):
"""
Convert a string representation of a validation level into
C{ValidationLevel}
:param value: validation level
:type value: str
:rtype: ValidationLevel
:raises ValueError: if C{value} is not a validation level
"""
for level in ValidationLevel:
if value == str(level):
return level
raise ValueError("Not valid validation level: %s" % (value,))
def can_upgrade(new_key, old_key):
"""
:type new_key: EncryptionKey
:type old_key: EncryptionKey
:rtype: bool
"""
# XXX not succesfully used and strict high validation level (#6211)
# XXX implement key signature checking (#6120)
# First contact
if old_key is None:
return True
# An update of the same key
if new_key.fingerprint == old_key.fingerprint:
return True
# Manually verified fingerprint
if new_key.validation == ValidationLevel.Fingerprint:
return True
# Expired key and higher validation level
if (old_key.expiry_date is not None and
old_key.expiry_date < datetime.now() and
new_key.validation >= old_key.validation):
return True
# No expiration date and higher validation level
if (old_key.expiry_date is None and
new_key.validation > old_key.validation):
return True
return False
|