diff options
author | Kali Kaneko <kali@leap.se> | 2015-02-11 14:01:20 -0400 |
---|---|---|
committer | Kali Kaneko <kali@leap.se> | 2015-02-11 14:01:20 -0400 |
commit | 8d8d5f2a3d9dbefcf98a5e3d7245a5f13360a88e (patch) | |
tree | 4e91d829a7185be9cb127592747eb72866d47f77 /src/leap/keymanager/validation.py | |
parent | c794991d65d987b59014d067e730976684307775 (diff) | |
parent | 82d027b1f471517213bdcdc773dc8eea677fe330 (diff) |
Merge branch 'feature/async-api' into develop
Diffstat (limited to 'src/leap/keymanager/validation.py')
-rw-r--r-- | src/leap/keymanager/validation.py | 35 |
1 files changed, 21 insertions, 14 deletions
diff --git a/src/leap/keymanager/validation.py b/src/leap/keymanager/validation.py index 245013e..c81d533 100644 --- a/src/leap/keymanager/validation.py +++ b/src/leap/keymanager/validation.py @@ -24,17 +24,17 @@ See: from datetime import datetime -from enum import Enum +from enum import IntEnum -ValidationLevel = Enum( - "Weak_Chain", - "Provider_Trust", - "Provider_Endorsement", - "Third_Party_Endorsement", - "Third_Party_Consensus", - "Historically_Auditing", - "Known_Key", +ValidationLevel = IntEnum("ValidationLevel", + "Weak_Chain " + "Provider_Trust " + "Provider_Endorsement " + "Third_Party_Endorsement " + "Third_Party_Consensus " + "Historically_Auditing " + "Known_Key " "Fingerprint") @@ -49,7 +49,7 @@ def toValidationLevel(value): :raises ValueError: if C{value} is not a validation level """ for level in ValidationLevel: - if value == str(level): + if value == level.name: return level raise ValueError("Not valid validation level: %s" % (value,)) @@ -60,9 +60,6 @@ def can_upgrade(new_key, old_key): :type old_key: EncryptionKey :rtype: bool """ - # XXX not succesfully used and strict high validation level (#6211) - # XXX implement key signature checking (#6120) - # First contact if old_key is None: return True @@ -82,7 +79,17 @@ def can_upgrade(new_key, old_key): return True # No expiration date and higher validation level - elif new_key.validation >= old_key.validation: + if (old_key.expiry_date is None and + new_key.validation > old_key.validation): + return True + + # Not successfully used and strict high validation level + if (not (old_key.sign_used and old_key.encr_used) and + new_key.validation > old_key.validation): + return True + + # New key signed by the old key + if old_key.key_id in new_key.signatures: return True return False |