| Age | Commit message (Collapse) | Author |
|---|
|
After PR #116, it's possible to inject an existing combined_ca_bundle
to the keymanager initialisation. However, it won't work for multiple
users because the file is removed when the keymanager is destroyed.
Considering there's no sensitive data on the file and it's created
as a temp file, we don't need to handle its deletion.
|
|
For the multi-tenancy case, the combined_ca_bundle could be done once
to avoid unnecessary disk IO for each user.
The default case is still valid, and will not cause issues anywhere.
|
|
- refresh random key in random time
- add get key by fingerprint
- refactor nicknym methods to own file
- tests
- note this do not include a check for
revoked key, since that need some changes
in gnupg
- Related: #6089
|
|
|
|
|
|
Needed by bytmask cli.
- Related: #7965
|
|
- Closes: #8165
|
|
Mostly for private keys we want to keep the latest one in the keyring.
It would be desirable to check with one is set in nicknym, but this
will need a big refactor that I'm not sure if it's worth it just for
that.
- Related: #6658, #8059
|
|
Two tests where failing, because
- Related: #7987
|
|
|
|
|
|
|
|
- Resolves: #8068
|
|
|
|
|
|
- Resolves: #8031
|
|
|
|
|
|
|
|
Raise KeyNotFound error, when nicknym throws response 404, as it fails to find a key and add tests.
- Resolves: #7987
|
|
into develop
- Resolves: #6200
|
|
|
|
Need pizza!!!!!!
|
|
|
|
* Related: #8022
|
|
|
|
There was a duplicate import for get_versions, that was not at
the top of the file, that caused a pep warning and was fixed
in this commit
|
|
|
|
- Resolves: #7974
|
|
|
|
During encryption we where updating 'enc_used' in the key without
checking if it was already set.
|
|
|
|
|
|
- Resolves: #7500
|
|
- Resolves: #7713
|
|
- Resolves: #7485
|
|
This commit put those gnupg operations to be run on external threads
limited by the amount of cores present on user machine.
Some gnupg calls spawn processes and communicating to them is a
synchronous operation, so running outside of a reactor should improve
response time by avoiding reactor locking.
|
|
|
|
Some methods were missing docstrings and some code was exceeding the 80
column limit. Also some asserts arent needed anymore.
|
|
This commit adapts code to use HTTPClient instead of requests.
requests library receives a certificate as parameter during requests
while HTTPClient recelives a cert only on constructor. In order to have
both types (leap cert and commercial certs) working together we
introduced two clients on constructor.
|
|
Isolate requests lib related code and update docstrings.
|
|
That's a temporary fix for #6506
This commit adapts code to deal with deferreds coming from calling
requests from Twisted. Next step is just to change requests for twisted
http client present in leap.common.
Unfortunately, this last step will be a bit longer and would be better
to have integrations tests to ensure current HTTP behaviour.
|
|
In some cases in the past keys got stored twice in different documents.
Hopefully this issue is solved now, this tries to self-repair the keyring
if encounters that. This is not really solving the problem, if it keeps
happening we need to investigate the source.
- Resolves: #7498
|
|
The latests refactor missed one line.
|
|
Improve readability of operations on generic keys, by assigning the
class matching the type of key (_wrapper_map[ktype]) at the beginning of
each block.
in the future, we could pass the type of key (only PGP keys being used
at the moment) on initialization of the Keymanager, so we don't have to
pass the ktype on each method call.
|
|
so that it can be tested without needing to instantiate the whole
OpenPGPScheme object, that receives a soledad instance.
|
|
|
|
|
|
In previous commit 9546348c, the combined bundle ca
was not long enough in scope and was therefore deleted
when it actually was used.
Adopted test to check whether file is deleted.
|
|
Fails if wrong address is passed to the put_key method,
or wrong key is marked as sign_used.
- Related: #7420
|
