diff options
author | Zara Gebru <zgebru@thoughtworks.com> | 2016-06-16 14:41:54 +0200 |
---|---|---|
committer | Ruben Pollan <meskio@sindominio.net> | 2017-01-26 14:55:11 +0100 |
commit | 847bc7ddd051c4656d86a6eda1b4e6cbdb5b1c5e (patch) | |
tree | fd61837900c65efd44021b7d1fff59c8085a8bff /src/leap/bitmask/keymanager | |
parent | 9932121dd3da2611f14a59b27c40042dadff80a3 (diff) |
Check validity of key signature
Check if a new fetched key was signed by a old key with the same address.
Please do not merge before: https://github.com/isislovecruft/python-gnupg/pull/150
- Resolves #8112
Diffstat (limited to 'src/leap/bitmask/keymanager')
-rw-r--r-- | src/leap/bitmask/keymanager/keys.py | 22 | ||||
-rw-r--r-- | src/leap/bitmask/keymanager/validation.py | 7 |
2 files changed, 23 insertions, 6 deletions
diff --git a/src/leap/bitmask/keymanager/keys.py b/src/leap/bitmask/keymanager/keys.py index fd45448..622c1c6 100644 --- a/src/leap/bitmask/keymanager/keys.py +++ b/src/leap/bitmask/keymanager/keys.py @@ -160,6 +160,28 @@ class OpenPGPKey(object): return [] + def is_signed_by(self, other_key): + """ + Checks if current key was signed by another key. Rather than just + relying on the fingerprint being there, we use gpg's --check-sigs with + both keys being present in the keychain to check the signature + validity. By doing so, relying on the long key id instead of the + fingerprint is fine. + + :param other_key: the other key. + :return: True if valid signature could be found. + :rtype: bool + """ + keys = [self, other_key] + with TempGPGWrapper(keys=keys, gpgbinary=self._gpgbinary) as gpg: + certs = gpg.check_sigs(str(self.fingerprint)).certs + for uid, cur_certs in certs.iteritems(): + if (parse_address(uid) in other_key.uids and + other_key.fingerprint[-16:] in cur_certs): + return True + + return False + def merge(self, newkey): if newkey.fingerprint != self.fingerprint: logger.critical( diff --git a/src/leap/bitmask/keymanager/validation.py b/src/leap/bitmask/keymanager/validation.py index 16a897e..61adc0e 100644 --- a/src/leap/bitmask/keymanager/validation.py +++ b/src/leap/bitmask/keymanager/validation.py @@ -121,9 +121,4 @@ def can_upgrade(new_key, old_key): return True # New key signed by the old key - # XXX: signatures are using key-ids instead of fingerprints - key_id = old_key.fingerprint[-16:] - if key_id in new_key.signatures: - return True - - return False + return new_key.is_signed_by(old_key) |