summaryrefslogtreecommitdiff
path: root/src/leap/keymanager
AgeCommit message (Collapse)Author
2016-02-25[feat] update usage only if neededRuben Pollan
During encryption we where updating 'enc_used' in the key without checking if it was already set.
2016-02-25[feat] Make EncryptionKey aware of the active addressRuben Pollan
2016-02-25[test] add updater testsRuben Pollan
2016-02-25[feat] Use fingerprints instead of key idsRuben Pollan
- Resolves: #7500
2016-02-25[feat] Migrate soledad documents by adding versioning fieldRuben Pollan
- Resolves: #7713
2016-02-25[feat] move validation, usage and audited date to the active documentRuben Pollan
- Resolves: #7485
2016-02-23[feat] defer decrypt, gen_key and encryptVictor Shyba
This commit put those gnupg operations to be run on external threads limited by the amount of cores present on user machine. Some gnupg calls spawn processes and communicating to them is a synchronous operation, so running outside of a reactor should improve response time by avoiding reactor locking.
2016-02-09[style] fix pep8Ruben Pollan
2016-02-04[docs] add docstrings and fixes pep8Victor Shyba
Some methods were missing docstrings and some code was exceeding the 80 column limit. Also some asserts arent needed anymore.
2016-01-29[feat] use HTTPClient instead of requestsVictor Shyba
This commit adapts code to use HTTPClient instead of requests. requests library receives a certificate as parameter during requests while HTTPClient recelives a cert only on constructor. In order to have both types (leap cert and commercial certs) working together we introduced two clients on constructor.
2016-01-27[refactor] isolate requestsVictor Shyba
Isolate requests lib related code and update docstrings.
2016-01-27[feat] defer blocking requests calls to threadVictor Shyba
That's a temporary fix for #6506 This commit adapts code to deal with deferreds coming from calling requests from Twisted. Next step is just to change requests for twisted http client present in leap.common. Unfortunately, this last step will be a bit longer and would be better to have integrations tests to ensure current HTTP behaviour.
2015-10-01[feat] self-repair the keyring if keys get duplicatedRuben Pollan
In some cases in the past keys got stored twice in different documents. Hopefully this issue is solved now, this tries to self-repair the keyring if encounters that. This is not really solving the problem, if it keeps happening we need to investigate the source. - Resolves: #7498
2015-09-28[bug] fix verify keys usageRuben Pollan
The latests refactor missed one line.
2015-09-25[refactor] improve readabilityKali Kaneko
Improve readability of operations on generic keys, by assigning the class matching the type of key (_wrapper_map[ktype]) at the beginning of each block. in the future, we could pass the type of key (only PGP keys being used at the moment) on initialization of the Keymanager, so we don't have to pass the ktype on each method call.
2015-09-24[refactor] refactor key parsingKali Kaneko
so that it can be tested without needing to instantiate the whole OpenPGPScheme object, that receives a soledad instance.
2015-09-24[style] more pep8 fixesKali Kaneko
2015-09-24[style] fix pep8 warningsFolker Bernitt
2015-09-24[bug] keep combined file longer in scopeFolker Bernitt
In previous commit 9546348c, the combined bundle ca was not long enough in scope and was therefore deleted when it actually was used. Adopted test to check whether file is deleted.
2015-09-24[tests] Add regression tests for sign_usedFolker Bernitt
Fails if wrong address is passed to the put_key method, or wrong key is marked as sign_used. - Related: #7420
2015-09-24[bug] don't repush a public key with different addressRuben Pollan
During decryption the signing public key was getting repush with a different address as part of the verify usage flagging. - Resolves: https://github.com/pixelated/pixelated-user-agent/issues/466 - Related: #7420
2015-09-24[bug] treat empty string ca_cert_path as NoneFolker Bernitt
Fixup for 9546348c36. This problem only occurs in test setups where '' is passed to ca_cert_path.
2015-09-22[bug] catch request exceptionsRuben Pollan
On fetch_key we were not catching the request exceptions, now they are returned as failure in the deferred as it should. - Related: #7410
2015-09-21[feat] more verbosity in get_key wrong address logRuben Pollan
2015-09-21[style] fix pep8 problemsRuben Pollan
2015-09-18[feature] Use ca_bundle when fetching keys by urlFolker Bernitt
This is necessary as a fetch by url will talk to remote sites or, for providers with a commercial cert, with a cert that had not been signed with the provider CA. - support lookup of local keys by url for providers with a commercial cert - combine ca_bundle with ca_cert_path if specified - close soledad after each test
2015-09-17[feat] add logging to fetch_keyRuben Pollan
In case of failure of fetch_key will be useful to have some logging telling us wich key is fetching. - Related: #7410
2015-09-16[style] pep8 fixKali Kaneko
2015-09-14[feat] use async events apiKali Kaneko
this avoids using a separate thread with tornado ioloop for events client, since we can use twisted reactor. - Resolves: #7274
2015-08-17[style] pep8 fixKali Kaneko
2015-08-03[style] Re-added lambdas to openpgp on keymanagerBruno Wagner
2015-08-03[style] Fixed pep8 warningsBruno Wagner
Fixed pep8 warnings to prepare the keymanager for CI
2015-07-29[style] pep8Kali Kaneko
2015-07-23[pkg] avoid choking on latest gnupg versionKali Kaneko
latest gnupg version (from pypi) was '2.0.2-py2.7.egg', which is parsed as a LegacyVersion and therefore breaks the numeric comparison. this is a workaround to allow the sanity check to continue, by comparing just the numeric part of the version string.
2015-06-29[style] spelling typoKali Kaneko
2015-06-27[bug] remove the dependency on enum34Ruben Pollan
* Resolves: #7188
2015-05-27[feat] adapt to new events api on commonIvan Alejandro
- Related: #6359
2015-04-07[doc] added the right link the validation levels documentationRuben Pollan
The mailing list was linked, but now there is a proper documentation page. - Releases: 0.4.0
2015-03-30[feat] set fetched keys as Weak Chain if they are not from the same domainRuben Pollan
Nicknym server is authoritative for its own domain, but for others it might retrieve keys from key servers. On keys from the same domain we set the validation level to 'Provider Trust'. For other domains in the email address we set it to 'Weak Chain' as we don't have info about its source. Resolves: #6815 Related: #6718 Releases: 0.4.0
2015-02-19Fetch keys should return KeyNotFound for unknown errorsRuben Pollan
2015-01-15Port validation levels to enum34Ruben Pollan
2015-01-15upgrade key when signed by old keyRuben Pollan
2015-01-15Upgrade keys if not successfully used and strict high validation levelRuben Pollan
2015-01-15On key update merge metadata correctlyRuben Pollan
2015-01-15Fix key upgrade on no expiration date and higher validation levelRuben Pollan
2015-01-15Return a valid error from gatherResultsRuben Pollan
2014-12-16Return the right error on signature verificationRuben Pollan
2014-12-16Find the gpg path instead of hard code itRuben Pollan
2014-12-16Fix key generationRuben Pollan
2014-12-16Port to soledad new async APIRuben Pollan