summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/leap/bitmask/util/keyring_helpers.py43
1 files changed, 35 insertions, 8 deletions
diff --git a/src/leap/bitmask/util/keyring_helpers.py b/src/leap/bitmask/util/keyring_helpers.py
index 4b3eb57f..b202d47e 100644
--- a/src/leap/bitmask/util/keyring_helpers.py
+++ b/src/leap/bitmask/util/keyring_helpers.py
@@ -31,18 +31,45 @@ OBSOLETE_KEYRINGS = [
PlaintextKeyring
]
+canuse = lambda kr: kr is not None and kr.__class__ not in OBSOLETE_KEYRINGS
+
+
+def _get_keyring_with_fallback():
+ """
+ Get the default keyring, and if obsolete try to pick SecretService keyring
+ if available.
+
+ This is a workaround for the cases in which the keyring module chooses
+ an insecure keyring by default (ie, inside a virtualenv).
+ """
+ kr = keyring.get_keyring()
+ if not canuse(kr):
+ try:
+ kr_klass = keyring.backends.SecretService
+ kr = kr_klass.Keyring()
+ except AttributeError:
+ logger.warning("Keyring cannot find SecretService Backend")
+ logger.debug("Selected keyring: %s" % (kr.__class__,))
+ if not canuse(kr):
+ logger.debug("Not using default keyring since it is obsolete")
+ return kr
+
def has_keyring():
"""
- Returns whether we have an useful keyring to use.
+ Return whether we have an useful keyring to use.
:rtype: bool
"""
- kr = keyring.get_keyring()
- klass = kr.__class__
- logger.debug("Selected keyring: %s" % (klass,))
+ kr = _get_keyring_with_fallback()
+ return canuse(kr)
+
- canuse = kr is not None and klass not in OBSOLETE_KEYRINGS
- if not canuse:
- logger.debug("Not using this keyring since it is obsolete")
- return canuse
+def get_keyring():
+ """
+ Return an usable keyring.
+
+ :rtype: keyringBackend or None
+ """
+ kr = _get_keyring_with_fallback()
+ return kr if canuse(kr) else None