diff options
author | Zara Gebru <zgebru@thoughtworks.com> | 2016-07-08 11:55:55 +0200 |
---|---|---|
committer | Kali Kaneko (leap communications) <kali@leap.se> | 2016-11-22 15:57:03 +0100 |
commit | e5717e853af7d2f91ac69e66c1b2ee058289e78d (patch) | |
tree | 1fd7058206dd934a8ad0444c0f40a82e3d95dd09 /src/leap/bitmask/keymanager/nicknym.py | |
parent | f02921a627e9ea0e6524e4b8e7744806e654a733 (diff) |
[feature] keymanager: background update keys
Port of the original commit:
8f1fe8dd4a54fd2bdda2fc78c339ce9b3d0fc331
by Zara Gebru that introduced updating keys in the background.
This was made in the legacy leapcode/keymanager repo, but was lost in
the merge to the unified bitmask-dev.
Original commit message follows:
--------------------------------
- refresh random key in random time
- add get key by fingerprint
- refactor nicknym methods to own file
- tests
- note this do not include a check for
revoked key, since that need some changes
in gnupg
- Related: #6089
Diffstat (limited to 'src/leap/bitmask/keymanager/nicknym.py')
-rw-r--r-- | src/leap/bitmask/keymanager/nicknym.py | 181 |
1 files changed, 181 insertions, 0 deletions
diff --git a/src/leap/bitmask/keymanager/nicknym.py b/src/leap/bitmask/keymanager/nicknym.py new file mode 100644 index 0000000..7af49d6 --- /dev/null +++ b/src/leap/bitmask/keymanager/nicknym.py @@ -0,0 +1,181 @@ +# -*- coding: utf-8 -*- +# nicknym.py +# Copyright (C) 2016 LEAP +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <http://www.gnu.org/licenses/>. + +import json +import sys +import logging +import urllib + +from twisted.internet import defer +from twisted.web import client +from twisted.web._responses import NOT_FOUND + +from leap.bitmask.keymanager.errors import KeyNotFound +from leap.common.check import leap_assert +from leap.common.http import HTTPClient +from leap.common.decorators import memoized_method + + +logger = logging.getLogger(__name__) + + +class Nicknym(object): + """ + Responsible for communication to the nicknym server. + """ + + PUBKEY_KEY = "user[public_key]" + + def __init__(self, nickserver_uri, ca_cert_path, token): + self._nickserver_uri = nickserver_uri + self._async_client_pinned = HTTPClient(ca_cert_path) + self._token = token + + @defer.inlineCallbacks + def put_key(self, uid, key_data, api_uri, api_version): + """ + Send a PUT request to C{uri} containing C{data}. + + The request will be sent using the configured CA certificate path to + verify the server certificate and the configured session id for + authentication. + + :param uid: The URI of the request. + :type uid: str + :param key_data: The body of the request. + :type key_data: dict, str or file + + :return: A deferred that will be fired when PUT request finishes + :rtype: Deferred + """ + data = { + self.PUBKEY_KEY: key_data + } + + uri = "%s/%s/users/%s.json" % ( + api_uri, + api_version, + uid) + + leap_assert( + self._token is not None, + 'We need a token to interact with webapp!') + if type(data) == dict: + data = urllib.urlencode(data) + headers = {'Authorization': [str('Token token=%s' % self._token)]} + headers['Content-Type'] = ['application/x-www-form-urlencoded'] + try: + res = yield self._async_client_pinned.request(str(uri), 'PUT', + body=str(data), + headers=headers) + except Exception as e: + logger.warning("Error uploading key: %r" % (e,)) + raise e + if 'error' in res: + # FIXME: That's a workaround for 500, + # we need to implement a readBody to assert response code + logger.warning("Error uploading key: %r" % (res,)) + raise Exception(res) + + @defer.inlineCallbacks + def _get_key_from_nicknym(self, uri): + """ + Send a GET request to C{uri} containing C{data}. + + :param uri: The URI of the request. + :type uri: str + + :return: A deferred that will be fired with GET content as json (dict) + :rtype: Deferred + """ + try: + content = yield self._fetch_and_handle_404_from_nicknym(uri) + json_content = json.loads(content) + + except KeyNotFound: + raise + except IOError as e: + logger.warning("HTTP error retrieving key: %r" % (e,)) + logger.warning("%s" % (content,)) + raise KeyNotFound(e.message), None, sys.exc_info()[2] + except ValueError as v: + logger.warning("Invalid JSON data from key: %s" % (uri,)) + raise KeyNotFound(v.message + ' - ' + uri), None, sys.exc_info()[2] + + except Exception as e: + logger.warning("Error retrieving key: %r" % (e,)) + raise KeyNotFound(e.message), None, sys.exc_info()[2] + # Responses are now text/plain, although it's json anyway, but + # this will fail when it shouldn't + # leap_assert( + # res.headers['content-type'].startswith('application/json'), + # 'Content-type is not JSON.') + defer.returnValue(json_content) + + def _fetch_and_handle_404_from_nicknym(self, uri): + """ + Send a GET request to C{uri} containing C{data}. + + :param uri: The URI of the request. + :type uri: str + + :return: A deferred that will be fired with GET content as json (dict) + :rtype: Deferred + """ + + def check_404(response): + if response.code == NOT_FOUND: + message = ' %s: Key not found. Request: %s' % (response.code, uri) + logger.warning(message) + raise KeyNotFound(message), None, sys.exc_info()[2] + return response + + d = self._async_client_pinned.request(str(uri), 'GET', callback=check_404) + d.addCallback(client.readBody) + return d + + @memoized_method(invalidation=300) + def fetch_key_with_address(self, address): + """ + Fetch keys bound to address from nickserver. + + :param address: The address bound to the keys. + :type address: str + + :return: A Deferred which fires when the key is in the storage, + or which fails with KeyNotFound if the key was not found on + nickserver. + :rtype: Deferred + + """ + return self._get_key_from_nicknym(self._nickserver_uri + '?address=' + address) + + @memoized_method(invalidation=300) + def fetch_key_with_fingerprint(self, fingerprint): + """ + Fetch keys bound to fingerprint from nickserver. + + :param fingerprint: The fingerprint bound to the keys. + :type fingerprint: str + + :return: A Deferred which fires when the key is in the storage, + or which fails with KeyNotFound if the key was not found on + nickserver. + :rtype: Deferred + + """ + return self._get_key_from_nicknym(self._nickserver_uri + '?fingerprint=' + fingerprint) |