summaryrefslogtreecommitdiff
path: root/src/leap/keymanager/__init__.py
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2013-08-13 15:44:19 -0400
committerMicah Anderson <micah@riseup.net>2013-08-13 15:44:19 -0400
commit4649be42ce28aac037ee91a67995e6e1d982240b (patch)
tree30b73f4bdac8ef631e3582527b89223e09d16001 /src/leap/keymanager/__init__.py
parentc2b5526b020967ff4cf7c5fd08d0d8483363095e (diff)
parent3d3062e0463960e9ca1d5d7bb75e768ca876aafd (diff)
Merge tag '0.3.0' into debian
Tag keymanager version 0.3.0
Diffstat (limited to 'src/leap/keymanager/__init__.py')
-rw-r--r--src/leap/keymanager/__init__.py118
1 files changed, 109 insertions, 9 deletions
diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py
index e1f318c..e6122ff 100644
--- a/src/leap/keymanager/__init__.py
+++ b/src/leap/keymanager/__init__.py
@@ -20,14 +20,16 @@
Key Manager is a Nicknym agent for LEAP client.
"""
+import logging
import requests
-from leap.common.check import leap_assert
+from leap.common.check import leap_assert, leap_assert_type
from leap.keymanager.errors import (
KeyNotFound,
NoPasswordGiven,
)
from leap.keymanager.keys import (
+ EncryptionKey,
build_key_from_dict,
KEYMANAGER_KEY_TAG,
TAGS_PRIVATE_INDEX,
@@ -37,6 +39,8 @@ from leap.keymanager.openpgp import (
OpenPGPScheme,
)
+logger = logging.getLogger(__name__)
+
#
# The Key Manager
@@ -52,7 +56,8 @@ class KeyManager(object):
PUBKEY_KEY = "user[public_key]"
def __init__(self, address, nickserver_uri, soledad, session_id=None,
- ca_cert_path=None, api_uri=None, api_version=None, uid=None):
+ ca_cert_path=None, api_uri=None, api_version=None, uid=None,
+ gpgbinary=None):
"""
Initialize a Key Manager for user's C{address} with provider's
nickserver reachable in C{url}.
@@ -73,6 +78,8 @@ class KeyManager(object):
:type api_version: str
:param uid: The users' UID.
:type uid: str
+ :param gpgbinary: Name for GnuPG binary executable.
+ :type gpgbinary: C{str}
"""
self._address = address
self._nickserver_uri = nickserver_uri
@@ -84,7 +91,7 @@ class KeyManager(object):
self.uid = uid
# a dict to map key types to their handlers
self._wrapper_map = {
- OpenPGPKey: OpenPGPScheme(soledad),
+ OpenPGPKey: OpenPGPScheme(soledad, gpgbinary=gpgbinary),
# other types of key will be added to this mapper.
}
# the following are used to perform https requests
@@ -166,12 +173,18 @@ class KeyManager(object):
@raise KeyNotFound: If the key was not found on nickserver.
"""
# request keys from the nickserver
- server_keys = self._get(
- self._nickserver_uri, {'address': address}).json()
- # insert keys in local database
- if self.OPENPGP_KEY in server_keys:
- self._wrapper_map[OpenPGPKey].put_ascii_key(
- server_keys['openpgp'])
+ res = None
+ try:
+ res = self._get(self._nickserver_uri, {'address': address})
+ server_keys = res.json()
+ # insert keys in local database
+ if self.OPENPGP_KEY in server_keys:
+ self._wrapper_map[OpenPGPKey].put_ascii_key(
+ server_keys['openpgp'])
+ except Exception as e:
+ logger.warning("Error retrieving the keys: %r" % (e,))
+ if res:
+ logger.warning("%s" % (res.content,))
#
# key management
@@ -334,3 +347,90 @@ class KeyManager(object):
uid = property(
_get_uid, _set_uid, doc='The uid of the user.')
+
+ #
+ # encrypt/decrypt and sign/verify API
+ #
+
+ def encrypt(self, data, pubkey, passphrase=None, sign=None):
+ """
+ Encrypt C{data} using public @{key} and sign with C{sign} key.
+
+ :param data: The data to be encrypted.
+ :type data: str
+ :param pubkey: The key used to encrypt.
+ :type pubkey: EncryptionKey
+ :param sign: The key used for signing.
+ :type sign: EncryptionKey
+
+ :return: The encrypted data.
+ :rtype: str
+ """
+ leap_assert_type(pubkey, EncryptionKey)
+ leap_assert(pubkey.__class__ in self._wrapper_map, 'Unknown key type.')
+ leap_assert(pubkey.private is False, 'Key is not public.')
+ return self._wrapper_map[pubkey.__class__].encrypt(
+ data, pubkey, passphrase, sign)
+
+ def decrypt(self, data, privkey, passphrase=None, verify=None):
+ """
+ Decrypt C{data} using private @{privkey} and verify with C{verify} key.
+
+ :param data: The data to be decrypted.
+ :type data: str
+ :param privkey: The key used to decrypt.
+ :type privkey: OpenPGPKey
+ :param verify: The key used to verify a signature.
+ :type verify: OpenPGPKey
+
+ :return: The decrypted data.
+ :rtype: str
+
+ @raise InvalidSignature: Raised if unable to verify the signature with
+ C{verify} key.
+ """
+ leap_assert_type(privkey, EncryptionKey)
+ leap_assert(
+ privkey.__class__ in self._wrapper_map,
+ 'Unknown key type.')
+ leap_assert(privkey.private is True, 'Key is not private.')
+ return self._wrapper_map[privkey.__class__].decrypt(
+ data, privkey, passphrase, verify)
+
+ def sign(self, data, privkey):
+ """
+ Sign C{data} with C{privkey}.
+
+ :param data: The data to be signed.
+ :type data: str
+
+ :param privkey: The private key to be used to sign.
+ :type privkey: EncryptionKey
+
+ :return: The signed data.
+ :rtype: str
+ """
+ leap_assert_type(privkey, EncryptionKey)
+ leap_assert(
+ privkey.__class__ in self._wrapper_map,
+ 'Unknown key type.')
+ leap_assert(privkey.private is True, 'Key is not private.')
+ return self._wrapper_map[privkey.__class__].sign(data, privkey)
+
+ def verify(self, data, pubkey):
+ """
+ Verify signed C{data} with C{pubkey}.
+
+ :param data: The data to be verified.
+ :type data: str
+
+ :param pubkey: The public key to be used on verification.
+ :type pubkey: EncryptionKey
+
+ :return: The signed data.
+ :rtype: str
+ """
+ leap_assert_type(pubkey, EncryptionKey)
+ leap_assert(pubkey.__class__ in self._wrapper_map, 'Unknown key type.')
+ leap_assert(pubkey.private is False, 'Key is not public.')
+ return self._wrapper_map[pubkey.__class__].verify(data, pubkey)