summaryrefslogtreecommitdiff
path: root/src/leap/keymanager
diff options
context:
space:
mode:
Diffstat (limited to 'src/leap/keymanager')
-rw-r--r--src/leap/keymanager/__init__.py14
-rw-r--r--src/leap/keymanager/keys.py10
-rw-r--r--src/leap/keymanager/tests/test_keymanager.py13
-rw-r--r--src/leap/keymanager/tests/test_validation.py18
-rw-r--r--src/leap/keymanager/validation.py73
5 files changed, 77 insertions, 51 deletions
diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py
index 47f479b..c2d7409 100644
--- a/src/leap/keymanager/__init__.py
+++ b/src/leap/keymanager/__init__.py
@@ -57,7 +57,7 @@ from leap.keymanager.errors import (
UnsupportedKeyTypeError,
InvalidSignature
)
-from leap.keymanager.validation import ValidationLevel, can_upgrade
+from leap.keymanager.validation import ValidationLevels, can_upgrade
from leap.keymanager.keys import (
build_key_from_dict,
@@ -224,10 +224,10 @@ class KeyManager(object):
if self.OPENPGP_KEY in server_keys:
# nicknym server is authoritative for its own domain,
# for other domains the key might come from key servers.
- validation_level = ValidationLevel.Weak_Chain
+ validation_level = ValidationLevels.Weak_Chain
_, domain = _split_email(address)
if (domain == _get_domain(self._nickserver_uri)):
- validation_level = ValidationLevel.Provider_Trust
+ validation_level = ValidationLevels.Provider_Trust
d = self.put_raw_key(
server_keys['openpgp'],
@@ -712,7 +712,7 @@ class KeyManager(object):
return d
def put_raw_key(self, key, ktype, address,
- validation=ValidationLevel.Weak_Chain):
+ validation=ValidationLevels.Weak_Chain):
"""
Put raw key bound to address in local storage.
@@ -724,7 +724,7 @@ class KeyManager(object):
:type address: str
:param validation: validation level for this key
(default: 'Weak_Chain')
- :type validation: ValidationLevel
+ :type validation: ValidationLevels
:return: A Deferred which fires when the key is in the storage, or
which fails with KeyAddressMismatch if address doesn't match
@@ -744,7 +744,7 @@ class KeyManager(object):
return d
def fetch_key(self, address, uri, ktype,
- validation=ValidationLevel.Weak_Chain):
+ validation=ValidationLevels.Weak_Chain):
"""
Fetch a public key bound to address from the network and put it in
local storage.
@@ -757,7 +757,7 @@ class KeyManager(object):
:type ktype: subclass of EncryptionKey
:param validation: validation level for this key
(default: 'Weak_Chain')
- :type validation: ValidationLevel
+ :type validation: ValidationLevels
:return: A Deferred which fires when the key is in the storage, or
which fails with KeyNotFound: if not valid key on uri or fails
diff --git a/src/leap/keymanager/keys.py b/src/leap/keymanager/keys.py
index 562c0a9..91559c2 100644
--- a/src/leap/keymanager/keys.py
+++ b/src/leap/keymanager/keys.py
@@ -35,7 +35,7 @@ from datetime import datetime
from leap.common.check import leap_assert
from twisted.internet import defer
-from leap.keymanager.validation import ValidationLevel, toValidationLevel
+from leap.keymanager.validation import ValidationLevels
logger = logging.getLogger(__name__)
@@ -120,11 +120,11 @@ def build_key_from_dict(kClass, kdict):
:rtype: C{kClass}
"""
try:
- validation = toValidationLevel(kdict[KEY_VALIDATION_KEY])
+ validation = ValidationLevels.get(kdict[KEY_VALIDATION_KEY])
except ValueError:
logger.error("Not valid validation level (%s) for key %s",
(kdict[KEY_VALIDATION_KEY], kdict[KEY_ID_KEY]))
- validation = ValidationLevel.Weak_Chain
+ validation = ValidationLevels.Weak_Chain
expiry_date = _to_datetime(kdict[KEY_EXPIRY_DATE_KEY])
last_audited_at = _to_datetime(kdict[KEY_LAST_AUDITED_AT_KEY])
@@ -176,7 +176,7 @@ class EncryptionKey(object):
def __init__(self, address, key_id="", fingerprint="",
key_data="", private=False, length=0, expiry_date=None,
- validation=ValidationLevel.Weak_Chain, last_audited_at=None,
+ validation=ValidationLevels.Weak_Chain, last_audited_at=None,
refreshed_at=None, encr_used=False, sign_used=False):
self.address = address
self.key_id = key_id
@@ -213,7 +213,7 @@ class EncryptionKey(object):
KEY_EXPIRY_DATE_KEY: expiry_date,
KEY_LAST_AUDITED_AT_KEY: last_audited_at,
KEY_REFRESHED_AT_KEY: refreshed_at,
- KEY_VALIDATION_KEY: self.validation.name,
+ KEY_VALIDATION_KEY: str(self.validation),
KEY_ENCR_USED_KEY: self.encr_used,
KEY_SIGN_USED_KEY: self.sign_used,
KEY_TAGS_KEY: [KEYMANAGER_KEY_TAG],
diff --git a/src/leap/keymanager/tests/test_keymanager.py b/src/leap/keymanager/tests/test_keymanager.py
index 55f892e..08d3750 100644
--- a/src/leap/keymanager/tests/test_keymanager.py
+++ b/src/leap/keymanager/tests/test_keymanager.py
@@ -36,10 +36,7 @@ from leap.keymanager.keys import (
is_address,
build_key_from_dict,
)
-from leap.keymanager.validation import (
- ValidationLevel,
- toValidationLevel
-)
+from leap.keymanager.validation import ValidationLevels
from leap.keymanager.tests import (
KeyManagerWithSoledadTestCase,
ADDRESS,
@@ -82,7 +79,7 @@ class KeyManagerUtilTestCase(unittest.TestCase):
'expiry_date': 0,
'last_audited_at': 0,
'refreshed_at': 1311239602,
- 'validation': ValidationLevel.Weak_Chain.name,
+ 'validation': str(ValidationLevels.Weak_Chain),
'encr_used': False,
'sign_used': True,
}
@@ -115,7 +112,7 @@ class KeyManagerUtilTestCase(unittest.TestCase):
datetime.fromtimestamp(kdict['refreshed_at']), key.refreshed_at,
'Wrong data in key.')
self.assertEqual(
- toValidationLevel(kdict['validation']), key.validation,
+ ValidationLevels.get(kdict['validation']), key.validation,
'Wrong data in key.')
self.assertEqual(
kdict['encr_used'], key.encr_used,
@@ -227,7 +224,7 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase):
key = yield self._fetch_key(km, ADDRESS, PUBLIC_KEY)
self.assertIsInstance(key, OpenPGPKey)
self.assertTrue(ADDRESS in key.address)
- self.assertEqual(key.validation, ValidationLevel.Provider_Trust)
+ self.assertEqual(key.validation, ValidationLevels.Provider_Trust)
@inlineCallbacks
def test_get_key_fetches_other_domain(self):
@@ -239,7 +236,7 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase):
key = yield self._fetch_key(km, ADDRESS_OTHER, PUBLIC_KEY_OTHER)
self.assertIsInstance(key, OpenPGPKey)
self.assertTrue(ADDRESS_OTHER in key.address)
- self.assertEqual(key.validation, ValidationLevel.Weak_Chain)
+ self.assertEqual(key.validation, ValidationLevels.Weak_Chain)
def _fetch_key(self, km, address, key):
"""
diff --git a/src/leap/keymanager/tests/test_validation.py b/src/leap/keymanager/tests/test_validation.py
index 15e7d27..0c1d155 100644
--- a/src/leap/keymanager/tests/test_validation.py
+++ b/src/leap/keymanager/tests/test_validation.py
@@ -31,10 +31,10 @@ from leap.keymanager.tests import (
PUBLIC_KEY,
KEY_FINGERPRINT
)
-from leap.keymanager.validation import ValidationLevel
+from leap.keymanager.validation import ValidationLevels
-class ValidationLevelTestCase(KeyManagerWithSoledadTestCase):
+class ValidationLevelsTestCase(KeyManagerWithSoledadTestCase):
@inlineCallbacks
def test_none_old_key(self):
@@ -47,7 +47,7 @@ class ValidationLevelTestCase(KeyManagerWithSoledadTestCase):
def test_cant_upgrade(self):
km = self._key_manager()
yield km.put_raw_key(PUBLIC_KEY, OpenPGPKey, ADDRESS,
- validation=ValidationLevel.Provider_Trust)
+ validation=ValidationLevels.Provider_Trust)
d = km.put_raw_key(UNRELATED_KEY, OpenPGPKey, ADDRESS)
yield self.assertFailure(d, KeyNotValidUpgrade)
@@ -56,7 +56,7 @@ class ValidationLevelTestCase(KeyManagerWithSoledadTestCase):
km = self._key_manager()
yield km.put_raw_key(PUBLIC_KEY, OpenPGPKey, ADDRESS)
yield km.put_raw_key(UNRELATED_KEY, OpenPGPKey, ADDRESS,
- validation=ValidationLevel.Fingerprint)
+ validation=ValidationLevels.Fingerprint)
key = yield km.get_key(ADDRESS, OpenPGPKey, fetch_remote=False)
self.assertEqual(key.fingerprint, UNRELATED_FINGERPRINT)
@@ -73,12 +73,12 @@ class ValidationLevelTestCase(KeyManagerWithSoledadTestCase):
km = self._key_manager()
yield km.put_raw_key(
EXPIRED_KEY, OpenPGPKey, ADDRESS,
- validation=ValidationLevel.Third_Party_Endorsement)
+ validation=ValidationLevels.Third_Party_Endorsement)
d = km.put_raw_key(
UNRELATED_KEY,
OpenPGPKey,
ADDRESS,
- validation=ValidationLevel.Provider_Trust)
+ validation=ValidationLevels.Provider_Trust)
yield self.assertFailure(d, KeyNotValidUpgrade)
@inlineCallbacks
@@ -93,9 +93,9 @@ class ValidationLevelTestCase(KeyManagerWithSoledadTestCase):
def test_not_used(self):
km = self._key_manager()
yield km.put_raw_key(UNEXPIRED_KEY, OpenPGPKey, ADDRESS,
- validation=ValidationLevel.Provider_Trust)
+ validation=ValidationLevels.Provider_Trust)
yield km.put_raw_key(UNRELATED_KEY, OpenPGPKey, ADDRESS,
- validation=ValidationLevel.Provider_Endorsement)
+ validation=ValidationLevels.Provider_Endorsement)
key = yield km.get_key(ADDRESS, OpenPGPKey, fetch_remote=False)
self.assertEqual(key.fingerprint, UNRELATED_FINGERPRINT)
@@ -114,7 +114,7 @@ class ValidationLevelTestCase(KeyManagerWithSoledadTestCase):
yield km.verify(TEXT, ADDRESS, OpenPGPKey, detached_sig=signature)
d = km.put_raw_key(
UNRELATED_KEY, OpenPGPKey, ADDRESS,
- validation=ValidationLevel.Provider_Endorsement)
+ validation=ValidationLevels.Provider_Endorsement)
yield self.assertFailure(d, KeyNotValidUpgrade)
@inlineCallbacks
diff --git a/src/leap/keymanager/validation.py b/src/leap/keymanager/validation.py
index dfe6432..3bb4032 100644
--- a/src/leap/keymanager/validation.py
+++ b/src/leap/keymanager/validation.py
@@ -24,34 +24,63 @@ See:
from datetime import datetime
-from enum import IntEnum
-ValidationLevel = IntEnum("ValidationLevel",
- "Weak_Chain "
- "Provider_Trust "
- "Provider_Endorsement "
- "Third_Party_Endorsement "
- "Third_Party_Consensus "
- "Historically_Auditing "
- "Known_Key "
- "Fingerprint")
+class ValidationLevel(object):
+ """
+ A validation level
+
+ Meant to be used to compare levels or get it's string representation.
+ """
+ def __init__(self, name, value):
+ self.name = name
+ self.value = value
+
+ def __cmp__(self, other):
+ return cmp(self.value, other.value)
+
+ def __str__(self):
+ return self.name
+
+ def __repr__(self):
+ return "<ValidationLevel: %s (%d)>" % (self.name, self.value)
-def toValidationLevel(value):
+class _ValidationLevels(object):
"""
- Convert a string representation of a validation level into
- C{ValidationLevel}
+ Handler class to manage validation levels. It should have only one global
+ instance 'ValidationLevels'.
- :param value: validation level
- :type value: str
- :rtype: ValidationLevel
- :raises ValueError: if C{value} is not a validation level
+ The levels are attributes of the instance and can be used like:
+ ValidationLevels.Weak_Chain
+ ValidationLevels.get("Weak_Chain")
"""
- for level in ValidationLevel:
- if value == level.name:
- return level
- raise ValueError("Not valid validation level: %s" % (value,))
+ _level_names = ("Weak_Chain",
+ "Provider_Trust",
+ "Provider_Endorsement",
+ "Third_Party_Endorsement",
+ "Third_Party_Consensus",
+ "Historically_Auditing",
+ "Known_Key",
+ "Fingerprint")
+
+ def __init__(self):
+ for name in self._level_names:
+ setattr(self, name,
+ ValidationLevel(name, self._level_names.index(name)))
+
+ def get(self, name):
+ """
+ Get the ValidationLevel of a name
+
+ :param name: name of the level
+ :type name: str
+ :rtype: ValidationLevel
+ """
+ return getattr(self, name)
+
+
+ValidationLevels = _ValidationLevels()
def can_upgrade(new_key, old_key):
@@ -69,7 +98,7 @@ def can_upgrade(new_key, old_key):
return True
# Manually verified fingerprint
- if new_key.validation == ValidationLevel.Fingerprint:
+ if new_key.validation == ValidationLevels.Fingerprint:
return True
# Expired key and higher validation level