[feat] add keys from the bitmask cli

- Resolves: #7965

4 files changed, 41 insertions, 7 deletions

diff --git a/changes/next-changelog.rst b/changes/next-changelog.rst
index 389c3f33..3f352eca 100644
--- a/changes/next-changelog.rst
+++ b/changes/next-changelog.rst
@@ -10,6 +10,7 @@ I've added a new category `Misc` so we can track doc/style/packaging stuff.
 
 Features
 ~~~~~~~~
+- `#7965 <https://leap.se/code/issues/7965>`_: Add basic keymanagement to the cli.
 - Use mail_auth token in the core instead of imap/smtp tokens.
 
 - `#1234 <https://leap.se/code/issues/1234>`_: Description of the new feature corresponding with issue #1234.
diff --git a/src/leap/bitmask/cli/bitmask_cli.py b/src/leap/bitmask/cli/bitmask_cli.py
index 144dcbb8..79e15051 100755
--- a/src/leap/bitmask/cli/bitmask_cli.py
+++ b/src/leap/bitmask/cli/bitmask_cli.py
@@ -31,6 +31,7 @@ from txzmq import ZmqFactory, ZmqREQConnection
 from txzmq import ZmqRequestTimeoutError
 
 from leap.bitmask.core import ENDPOINT
+from leap.keymanager.validation import ValidationLevels
 
 
 class BitmaskCLI(object):
@@ -136,14 +137,20 @@ GENERAL COMMANDS:
         parser = argparse.ArgumentParser(
             description='Bitmask Keymanager management service',
             prog='bitmask_cli keys')
-        parser.add_argument('--private', action='store_true',
-                            help='Use private keys (by default uses public)')
         parser.add_argument('--list', action='store_true',
                             help='List all known keys')
         parser.add_argument('--export', action='store_true',
                             help='Export the given key')
+        parser.add_argument('--import', action='store', metavar='file',
+                            dest='imprt',
+                            help='Import a key from the file')
         parser.add_argument('--delete', action='store_true',
                             help='Delete the given key')
+        parser.add_argument('--private', action='store_true',
+                            help='Use private keys (by default uses public)')
+        parser.add_argument('--validation', choices=list(ValidationLevels),
+                            default='Fingerprint',
+                            help='Validation level for the key')
         parser.add_argument('address', nargs='?',
                             help='email address of the key')
         args = parser.parse_args(sys.argv[2:])
@@ -354,20 +361,24 @@ def send_command(cli):
             cb = do_print_key_list
 
         elif subargs.export:
-            data += ['export']
+            data += ['export', subargs.address]
+            cb = do_print_key
+
+        elif subargs.imprt:
+            with open(subargs.imprt, 'r') as keyfile:
+                rawkey = keyfile.read()
+
+            data += ['add', subargs.address, subargs.validation, rawkey]
             cb = do_print_key
 
         elif subargs.delete:
-            data += ['delete']
+            data += ['delete', subargs.address]
 
         else:
             error('Use bitmask_cli keys --help to see available subcommands',
                   stop=True)
             return
 
-        if subargs.address:
-            data.append(subargs.address)
-
         if subargs.private:
             data += ['private']
         else:
diff --git a/src/leap/bitmask/core/dispatcher.py b/src/leap/bitmask/core/dispatcher.py
index a50a6b62..9e2b96de 100644
--- a/src/leap/bitmask/core/dispatcher.py
+++ b/src/leap/bitmask/core/dispatcher.py
@@ -179,6 +179,19 @@ class KeysCmd(SubCommand):
         d.addCallback(service.do_export, address, private)
         return d
 
+    @register_method('dict')
+    def do_ADD(self, service, *parts, **kw):
+        if len(parts) < 5:
+            return defer.fail("An email address is needed")
+        address = parts[2]
+        validation = parts[3]
+        rawkey = parts[4]
+
+        bonafide = kw['bonafide']
+        d = bonafide.do_get_active_user()
+        d.addCallback(service.do_add, address, rawkey, validation)
+        return d
+
     @register_method('str')
     def do_DELETE(self, service, *parts, **kw):
         if len(parts) < 3:
diff --git a/src/leap/bitmask/core/mail_services.py b/src/leap/bitmask/core/mail_services.py
index 37dae344..adf5a92a 100644
--- a/src/leap/bitmask/core/mail_services.py
+++ b/src/leap/bitmask/core/mail_services.py
@@ -33,6 +33,7 @@ from leap.bonafide import config
 from leap.common.service_hooks import HookableService
 from leap.keymanager import KeyManager
 from leap.keymanager.errors import KeyNotFound
+from leap.keymanager.validation import ValidationLevels
 from leap.soledad.client.api import Soledad
 from leap.mail.constants import INBOX_NAME
 from leap.mail.mail import Account
@@ -358,6 +359,14 @@ class KeymanagerService(HookableService):
         d.addCallback(lambda key: dict(key))
         return d
 
+    def do_add(self, userid, address, rawkey, validation='Fingerprint'):
+        km = self._container.get_instance(userid)
+        validation = ValidationLevels.get(validation)
+        d = km.put_raw_key(rawkey, address, validation=validation)
+        d.addCallback(lambda _: km.get_key(address, fetch_remote=False))
+        d.addCallback(lambda key: dict(key))
+        return d
+
     @defer.inlineCallbacks
     def do_delete(self, userid, address, private=False):
         km = self._container.get_instance(userid)