From d7acaf356d16c795f1481fefc7a75ffc8a36b1d0 Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Fri, 26 Jun 2015 18:12:22 +0200 Subject: [bug] remove the dependency on enum34 * Resolves: #7188 --- src/leap/keymanager/__init__.py | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index 47f479b..c2d7409 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -57,7 +57,7 @@ from leap.keymanager.errors import ( UnsupportedKeyTypeError, InvalidSignature ) -from leap.keymanager.validation import ValidationLevel, can_upgrade +from leap.keymanager.validation import ValidationLevels, can_upgrade from leap.keymanager.keys import ( build_key_from_dict, @@ -224,10 +224,10 @@ class KeyManager(object): if self.OPENPGP_KEY in server_keys: # nicknym server is authoritative for its own domain, # for other domains the key might come from key servers. - validation_level = ValidationLevel.Weak_Chain + validation_level = ValidationLevels.Weak_Chain _, domain = _split_email(address) if (domain == _get_domain(self._nickserver_uri)): - validation_level = ValidationLevel.Provider_Trust + validation_level = ValidationLevels.Provider_Trust d = self.put_raw_key( server_keys['openpgp'], @@ -712,7 +712,7 @@ class KeyManager(object): return d def put_raw_key(self, key, ktype, address, - validation=ValidationLevel.Weak_Chain): + validation=ValidationLevels.Weak_Chain): """ Put raw key bound to address in local storage. @@ -724,7 +724,7 @@ class KeyManager(object): :type address: str :param validation: validation level for this key (default: 'Weak_Chain') - :type validation: ValidationLevel + :type validation: ValidationLevels :return: A Deferred which fires when the key is in the storage, or which fails with KeyAddressMismatch if address doesn't match @@ -744,7 +744,7 @@ class KeyManager(object): return d def fetch_key(self, address, uri, ktype, - validation=ValidationLevel.Weak_Chain): + validation=ValidationLevels.Weak_Chain): """ Fetch a public key bound to address from the network and put it in local storage. @@ -757,7 +757,7 @@ class KeyManager(object): :type ktype: subclass of EncryptionKey :param validation: validation level for this key (default: 'Weak_Chain') - :type validation: ValidationLevel + :type validation: ValidationLevels :return: A Deferred which fires when the key is in the storage, or which fails with KeyNotFound: if not valid key on uri or fails -- cgit v1.2.3 From 8d355cabd0b087b5e7161c2721bb8ae94ace1336 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Thu, 23 Jul 2015 14:34:53 -0400 Subject: [pkg] avoid choking on latest gnupg version latest gnupg version (from pypi) was '2.0.2-py2.7.egg', which is parsed as a LegacyVersion and therefore breaks the numeric comparison. this is a workaround to allow the sanity check to continue, by comparing just the numeric part of the version string. --- src/leap/keymanager/__init__.py | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index c2d7409..56633c5 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -24,13 +24,20 @@ try: from gnupg.gnupg import GPGUtilities assert(GPGUtilities) # pyflakes happy from gnupg import __version__ as _gnupg_version + if '-' in _gnupg_version: + # avoid Parsing it as LegacyVersion, get just + # the release numbers: + _gnupg_version = _gnupg_version.split('-')[0] from pkg_resources import parse_version + # We need to make sure that we're not colliding with the infamous + # python-gnupg assert(parse_version(_gnupg_version) >= parse_version('1.4.0')) except (ImportError, AssertionError): print "*******" print "Ooops! It looks like there is a conflict in the installed version " print "of gnupg." + print "GNUPG_VERSION:", _gnupg_version print print "Disclaimer: Ideally, we would need to work a patch and propose the " print "merge to upstream. But until then do: " -- cgit v1.2.3 From 5c967b8c236900f93147b7d286a080d650a9e5d0 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 29 Jul 2015 16:27:54 -0400 Subject: [style] pep8 --- src/leap/keymanager/__init__.py | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index 56633c5..282ff48 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -71,10 +71,12 @@ from leap.keymanager.keys import ( KEYMANAGER_KEY_TAG, TAGS_PRIVATE_INDEX, ) -from leap.keymanager.openpgp import ( - OpenPGPKey, - OpenPGPScheme, -) +from leap.keymanager.openpgp import OpenPGPKey, OpenPGPScheme + +from ._version import get_versions + +__version__ = get_versions()['version'] +del get_versions logger = logging.getLogger(__name__) @@ -828,8 +830,3 @@ def _get_domain(url): :rtype: str """ return urlparse(url).hostname - - -from ._version import get_versions -__version__ = get_versions()['version'] -del get_versions -- cgit v1.2.3 From 3fab338ef4e1ae0efcfaee455ae04881aa013083 Mon Sep 17 00:00:00 2001 From: Bruno Wagner Date: Fri, 24 Jul 2015 16:24:13 -0300 Subject: [style] Fixed pep8 warnings Fixed pep8 warnings to prepare the keymanager for CI --- src/leap/keymanager/__init__.py | 1 + 1 file changed, 1 insertion(+) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index 282ff48..999b53c 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -19,6 +19,7 @@ Key Manager is a Nicknym agent for LEAP client. """ # let's do a little sanity check to see if we're using the wrong gnupg import sys +from ._version import get_versions try: from gnupg.gnupg import GPGUtilities -- cgit v1.2.3 From ff15f95460036485a417964c6ed61ebffe7b9e46 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Mon, 14 Sep 2015 23:08:41 -0400 Subject: [feat] use async events api this avoids using a separate thread with tornado ioloop for events client, since we can use twisted reactor. - Resolves: #7274 --- src/leap/keymanager/__init__.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index 999b53c..34bc964 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -55,7 +55,7 @@ from twisted.internet import defer from urlparse import urlparse from leap.common.check import leap_assert -from leap.common.events import emit, catalog +from leap.common.events import emit_async, catalog from leap.common.decorators import memoized_method from leap.keymanager.errors import ( @@ -287,7 +287,7 @@ class KeyManager(object): self._api_version, self._uid) self._put(uri, data) - emit(catalog.KEYMANAGER_DONE_UPLOADING_KEYS, self._address) + emit_async(catalog.KEYMANAGER_DONE_UPLOADING_KEYS, self._address) d = self.get_key( self._address, ktype, private=False, fetch_remote=False) @@ -323,24 +323,24 @@ class KeyManager(object): leap_assert( ktype in self._wrapper_map, 'Unkown key type: %s.' % str(ktype)) - emit(catalog.KEYMANAGER_LOOKING_FOR_KEY, address) + emit_async(catalog.KEYMANAGER_LOOKING_FOR_KEY, address) def key_found(key): - emit(catalog.KEYMANAGER_KEY_FOUND, address) + emit_async(catalog.KEYMANAGER_KEY_FOUND, address) return key def key_not_found(failure): if not failure.check(KeyNotFound): return failure - emit(catalog.KEYMANAGER_KEY_NOT_FOUND, address) + emit_async(catalog.KEYMANAGER_KEY_NOT_FOUND, address) # we will only try to fetch a key from nickserver if fetch_remote # is True and the key is not private. if fetch_remote is False or private is True: return failure - emit(catalog.KEYMANAGER_LOOKING_FOR_KEY, address) + emit_async(catalog.KEYMANAGER_LOOKING_FOR_KEY, address) d = self._fetch_keys_from_server(address) d.addCallback( lambda _: @@ -397,10 +397,10 @@ class KeyManager(object): self._assert_supported_key_type(ktype) def signal_finished(key): - emit(catalog.KEYMANAGER_FINISHED_KEY_GENERATION, self._address) + emit_async(catalog.KEYMANAGER_FINISHED_KEY_GENERATION, self._address) return key - emit(catalog.KEYMANAGER_STARTED_KEY_GENERATION, self._address) + emit_async(catalog.KEYMANAGER_STARTED_KEY_GENERATION, self._address) d = self._wrapper_map[ktype].gen_key(self._address) d.addCallback(signal_finished) return d -- cgit v1.2.3 From 481c5807ae99575d20fd15a96321103cbcfcdfd2 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Wed, 16 Sep 2015 12:55:08 -0400 Subject: [style] pep8 fix --- src/leap/keymanager/__init__.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index 34bc964..c4534e5 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -74,8 +74,6 @@ from leap.keymanager.keys import ( ) from leap.keymanager.openpgp import OpenPGPKey, OpenPGPScheme -from ._version import get_versions - __version__ = get_versions()['version'] del get_versions @@ -397,7 +395,8 @@ class KeyManager(object): self._assert_supported_key_type(ktype) def signal_finished(key): - emit_async(catalog.KEYMANAGER_FINISHED_KEY_GENERATION, self._address) + emit_async( + catalog.KEYMANAGER_FINISHED_KEY_GENERATION, self._address) return key emit_async(catalog.KEYMANAGER_STARTED_KEY_GENERATION, self._address) -- cgit v1.2.3 From 0b9f64faef0ba9c5cf2a9efe485794ef9b999fab Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Wed, 16 Sep 2015 11:04:33 +0200 Subject: [feat] add logging to fetch_key In case of failure of fetch_key will be useful to have some logging telling us wich key is fetching. - Related: #7410 --- src/leap/keymanager/__init__.py | 1 + 1 file changed, 1 insertion(+) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index c4534e5..cf43004 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -779,6 +779,7 @@ class KeyManager(object): """ self._assert_supported_key_type(ktype) + logger.info("Fetch key for %s from %s" % (address, uri)) res = self._get(uri) if not res.ok: return defer.fail(KeyNotFound(uri)) -- cgit v1.2.3 From 9546348c3603f390fdd6d5a119414142e9bd02ea Mon Sep 17 00:00:00 2001 From: Folker Bernitt Date: Fri, 18 Sep 2015 17:03:14 +0200 Subject: [feature] Use ca_bundle when fetching keys by url This is necessary as a fetch by url will talk to remote sites or, for providers with a commercial cert, with a cert that had not been signed with the provider CA. - support lookup of local keys by url for providers with a commercial cert - combine ca_bundle with ca_cert_path if specified - close soledad after each test --- src/leap/keymanager/__init__.py | 42 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 40 insertions(+), 2 deletions(-) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index cf43004..1220402 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -18,7 +18,10 @@ Key Manager is a Nicknym agent for LEAP client. """ # let's do a little sanity check to see if we're using the wrong gnupg +import fileinput import sys +import tempfile +from leap.common import ca_bundle from ._version import get_versions try: @@ -134,12 +137,30 @@ class KeyManager(object): } # the following are used to perform https requests self._fetcher = requests - self._session = self._fetcher.session() + self._combined_ca_bundle = self._create_combined_bundle_file() # # utilities # + def _create_combined_bundle_file(self): + leap_ca_bundle = ca_bundle.where() + + if self._ca_cert_path == leap_ca_bundle: + return self._ca_cert_path # don't merge file with itself + elif self._ca_cert_path is None: + return leap_ca_bundle + + tmp_file = tempfile.NamedTemporaryFile(delete=True) # file is auto deleted when python process ends + + with open(tmp_file.name, 'w') as fout: + fin = fileinput.input(files=(leap_ca_bundle, self._ca_cert_path)) + for line in fin: + fout.write(line) + fin.close() + + return tmp_file.name + def _key_class_from_type(self, ktype): """ Return key class from string representation of key type. @@ -176,6 +197,23 @@ class KeyManager(object): # 'Content-type is not JSON.') return res + def _get_with_combined_ca_bundle(self, uri, data=None): + """ + Send a GET request to C{uri} containing C{data}. + + Instead of using the ca_cert provided on construction time, this version also uses + the default certificates shipped with leap.common + + :param uri: The URI of the request. + :type uri: str + :param data: The body of the request. + :type data: dict, str or file + + :return: The response to the request. + :rtype: requests.Response + """ + return self._fetcher.get(uri, data=data, verify=self._combined_ca_bundle) + def _put(self, uri, data=None): """ Send a PUT request to C{uri} containing C{data}. @@ -780,7 +818,7 @@ class KeyManager(object): self._assert_supported_key_type(ktype) logger.info("Fetch key for %s from %s" % (address, uri)) - res = self._get(uri) + res = self._get_with_combined_ca_bundle(uri) if not res.ok: return defer.fail(KeyNotFound(uri)) -- cgit v1.2.3 From 3b0e1694bc3280896a845d92f55590b1553c4a3f Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Mon, 21 Sep 2015 19:59:11 +0200 Subject: [style] fix pep8 problems --- src/leap/keymanager/__init__.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index 1220402..5248cb0 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -151,7 +151,8 @@ class KeyManager(object): elif self._ca_cert_path is None: return leap_ca_bundle - tmp_file = tempfile.NamedTemporaryFile(delete=True) # file is auto deleted when python process ends + # file is auto deleted when python process ends + tmp_file = tempfile.NamedTemporaryFile(delete=True) with open(tmp_file.name, 'w') as fout: fin = fileinput.input(files=(leap_ca_bundle, self._ca_cert_path)) @@ -201,8 +202,8 @@ class KeyManager(object): """ Send a GET request to C{uri} containing C{data}. - Instead of using the ca_cert provided on construction time, this version also uses - the default certificates shipped with leap.common + Instead of using the ca_cert provided on construction time, this + version also uses the default certificates shipped with leap.common :param uri: The URI of the request. :type uri: str @@ -212,7 +213,8 @@ class KeyManager(object): :return: The response to the request. :rtype: requests.Response """ - return self._fetcher.get(uri, data=data, verify=self._combined_ca_bundle) + return self._fetcher.get( + uri, data=data, verify=self._combined_ca_bundle) def _put(self, uri, data=None): """ -- cgit v1.2.3 From 1b805754f1d6efe9af25dcf0ab60b3aa2100ee20 Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Tue, 22 Sep 2015 16:18:36 +0200 Subject: [bug] catch request exceptions On fetch_key we were not catching the request exceptions, now they are returned as failure in the deferred as it should. - Related: #7410 --- src/leap/keymanager/__init__.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index 5248cb0..e378c91 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -820,7 +820,11 @@ class KeyManager(object): self._assert_supported_key_type(ktype) logger.info("Fetch key for %s from %s" % (address, uri)) - res = self._get_with_combined_ca_bundle(uri) + try: + res = self._get_with_combined_ca_bundle(uri) + except Exception as e: + logger.warning("There was a problem fetching key: %s" % (e,)) + return defer.fail(KeyNotFound(uri)) if not res.ok: return defer.fail(KeyNotFound(uri)) -- cgit v1.2.3 From 3da04e10ce961e2606ce00125d092d9daa621636 Mon Sep 17 00:00:00 2001 From: Folker Bernitt Date: Tue, 22 Sep 2015 17:43:29 +0200 Subject: [bug] treat empty string ca_cert_path as None Fixup for 9546348c36. This problem only occurs in test setups where '' is passed to ca_cert_path. --- src/leap/keymanager/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index e378c91..cf099bb 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -148,7 +148,7 @@ class KeyManager(object): if self._ca_cert_path == leap_ca_bundle: return self._ca_cert_path # don't merge file with itself - elif self._ca_cert_path is None: + elif not self._ca_cert_path: return leap_ca_bundle # file is auto deleted when python process ends -- cgit v1.2.3 From 7242d003877ef08cb7fa0e55a05c915a03b602ab Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Thu, 24 Sep 2015 01:15:11 +0200 Subject: [bug] don't repush a public key with different address During decryption the signing public key was getting repush with a different address as part of the verify usage flagging. - Resolves: https://github.com/pixelated/pixelated-user-agent/issues/466 - Related: #7420 --- src/leap/keymanager/__init__.py | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index cf099bb..22fb725 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -590,10 +590,12 @@ class KeyManager(object): if pubkey is None: signature = KeyNotFound(verify) elif signed: - pubkey.sign_used = True - d = self._wrapper_map[ktype].put_key(pubkey, address) - d.addCallback(lambda _: (decrypted, pubkey)) - return d + signature = pubkey + if not pubkey.sign_used: + pubkey.sign_used = True + d = self._wrapper_map[ktype].put_key(pubkey, verify) + d.addCallback(lambda _: (decrypted, signature)) + return d else: signature = InvalidSignature( 'Failed to verify signature with key %s' % @@ -685,10 +687,12 @@ class KeyManager(object): signed = self._wrapper_map[ktype].verify( data, pubkey, detached_sig=detached_sig) if signed: - pubkey.sign_used = True - d = self._wrapper_map[ktype].put_key(pubkey, address) - d.addCallback(lambda _: pubkey) - return d + if not pubkey.sign_used: + pubkey.sign_used = True + d = self._wrapper_map[ktype].put_key(pubkey, address) + d.addCallback(lambda _: pubkey) + return d + return pubkey else: raise InvalidSignature( 'Failed to verify signature with key %s' % -- cgit v1.2.3 From 4a090d6e405415607f9c811a7961f8dc0cdd2af0 Mon Sep 17 00:00:00 2001 From: Folker Bernitt Date: Mon, 21 Sep 2015 15:59:53 +0200 Subject: [bug] keep combined file longer in scope In previous commit 9546348c, the combined bundle ca was not long enough in scope and was therefore deleted when it actually was used. Adopted test to check whether file is deleted. --- src/leap/keymanager/__init__.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index 22fb725..f00e049 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -19,6 +19,7 @@ Key Manager is a Nicknym agent for LEAP client. """ # let's do a little sanity check to see if we're using the wrong gnupg import fileinput +import os import sys import tempfile from leap.common import ca_bundle @@ -139,6 +140,18 @@ class KeyManager(object): self._fetcher = requests self._combined_ca_bundle = self._create_combined_bundle_file() + # + # destructor + # + + def __del__(self): + try: + created_tmp_combined_ca_bundle = self._combined_ca_bundle not in [ca_bundle.where(), self._ca_cert_path] + if created_tmp_combined_ca_bundle: + os.remove(self._combined_ca_bundle) + except OSError: + pass + # # utilities # @@ -151,8 +164,7 @@ class KeyManager(object): elif not self._ca_cert_path: return leap_ca_bundle - # file is auto deleted when python process ends - tmp_file = tempfile.NamedTemporaryFile(delete=True) + tmp_file = tempfile.NamedTemporaryFile(delete=False) # delete when keymanager expires with open(tmp_file.name, 'w') as fout: fin = fileinput.input(files=(leap_ca_bundle, self._ca_cert_path)) -- cgit v1.2.3 From 7fa74c8f099fa8e6fedd95ce8a203b46fa9186c5 Mon Sep 17 00:00:00 2001 From: Folker Bernitt Date: Thu, 24 Sep 2015 14:04:43 +0200 Subject: [style] fix pep8 warnings --- src/leap/keymanager/__init__.py | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index f00e049..01f3b6e 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -22,7 +22,9 @@ import fileinput import os import sys import tempfile + from leap.common import ca_bundle + from ._version import get_versions try: @@ -146,7 +148,8 @@ class KeyManager(object): def __del__(self): try: - created_tmp_combined_ca_bundle = self._combined_ca_bundle not in [ca_bundle.where(), self._ca_cert_path] + created_tmp_combined_ca_bundle = self._combined_ca_bundle not in \ + [ca_bundle.where(), self._ca_cert_path] if created_tmp_combined_ca_bundle: os.remove(self._combined_ca_bundle) except OSError: @@ -164,7 +167,7 @@ class KeyManager(object): elif not self._ca_cert_path: return leap_ca_bundle - tmp_file = tempfile.NamedTemporaryFile(delete=False) # delete when keymanager expires + tmp_file = tempfile.NamedTemporaryFile(delete=False) with open(tmp_file.name, 'w') as fout: fin = fileinput.input(files=(leap_ca_bundle, self._ca_cert_path)) -- cgit v1.2.3 From 34573a93a19d1d157a271c4ebdbb76ff5a7d1e63 Mon Sep 17 00:00:00 2001 From: Kali Kaneko Date: Thu, 24 Sep 2015 12:44:28 -0400 Subject: [refactor] improve readability Improve readability of operations on generic keys, by assigning the class matching the type of key (_wrapper_map[ktype]) at the beginning of each block. in the future, we could pass the type of key (only PGP keys being used at the moment) on initialization of the Keymanager, so we don't have to pass the ktype on each method call. --- src/leap/keymanager/__init__.py | 48 +++++++++++++++++++++++++---------------- 1 file changed, 30 insertions(+), 18 deletions(-) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index 01f3b6e..4826ba7 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -376,6 +376,8 @@ class KeyManager(object): leap_assert( ktype in self._wrapper_map, 'Unkown key type: %s.' % str(ktype)) + _keys = self._wrapper_map[ktype] + emit_async(catalog.KEYMANAGER_LOOKING_FOR_KEY, address) def key_found(key): @@ -396,13 +398,12 @@ class KeyManager(object): emit_async(catalog.KEYMANAGER_LOOKING_FOR_KEY, address) d = self._fetch_keys_from_server(address) d.addCallback( - lambda _: - self._wrapper_map[ktype].get_key(address, private=False)) + lambda _: _keys.get_key(address, private=False)) d.addCallback(key_found) return d # return key if it exists in local database - d = self._wrapper_map[ktype].get_key(address, private=private) + d = _keys.get_key(address, private=private) d.addCallbacks(key_found, key_not_found) return d @@ -448,6 +449,7 @@ class KeyManager(object): :raise UnsupportedKeyTypeError: if invalid key type """ self._assert_supported_key_type(ktype) + _keys = self._wrapper_map[ktype] def signal_finished(key): emit_async( @@ -455,7 +457,8 @@ class KeyManager(object): return key emit_async(catalog.KEYMANAGER_STARTED_KEY_GENERATION, self._address) - d = self._wrapper_map[ktype].gen_key(self._address) + + d = _keys.gen_key(self._address) d.addCallback(signal_finished) return d @@ -545,14 +548,15 @@ class KeyManager(object): :raise UnsupportedKeyTypeError: if invalid key type """ self._assert_supported_key_type(ktype) + _keys = self._wrapper_map[ktype] def encrypt(keys): pubkey, signkey = keys - encrypted = self._wrapper_map[ktype].encrypt( + encrypted = _keys.encrypt( data, pubkey, passphrase, sign=signkey, cipher_algo=cipher_algo) pubkey.encr_used = True - d = self._wrapper_map[ktype].put_key(pubkey, address) + d = _keys.put_key(pubkey, address) d.addCallback(lambda _: encrypted) return d @@ -597,10 +601,11 @@ class KeyManager(object): :raise UnsupportedKeyTypeError: if invalid key type """ self._assert_supported_key_type(ktype) + _keys = self._wrapper_map[ktype] def decrypt(keys): pubkey, privkey = keys - decrypted, signed = self._wrapper_map[ktype].decrypt( + decrypted, signed = _keys.decrypt( data, privkey, passphrase=passphrase, verify=pubkey) if pubkey is None: signature = KeyNotFound(verify) @@ -608,7 +613,7 @@ class KeyManager(object): signature = pubkey if not pubkey.sign_used: pubkey.sign_used = True - d = self._wrapper_map[ktype].put_key(pubkey, verify) + d = _keys.put_key(pubkey, verify) d.addCallback(lambda _: (decrypted, signature)) return d else: @@ -659,9 +664,10 @@ class KeyManager(object): :raise UnsupportedKeyTypeError: if invalid key type """ self._assert_supported_key_type(ktype) + _keys = self._wrapper_map[ktype] def sign(privkey): - return self._wrapper_map[ktype].sign( + return _keys.sign( data, privkey, digest_algo=digest_algo, clearsign=clearsign, detach=detach, binary=binary) @@ -697,14 +703,15 @@ class KeyManager(object): :raise UnsupportedKeyTypeError: if invalid key type """ self._assert_supported_key_type(ktype) + _keys = self._wrapper_map[ktype] def verify(pubkey): - signed = self._wrapper_map[ktype].verify( + signed = _keys.verify( data, pubkey, detached_sig=detached_sig) if signed: if not pubkey.sign_used: pubkey.sign_used = True - d = self._wrapper_map[ktype].put_key(pubkey, address) + d = keys.put_key(pubkey, address) d.addCallback(lambda _: pubkey) return d return pubkey @@ -732,7 +739,8 @@ class KeyManager(object): :raise UnsupportedKeyTypeError: if invalid key type """ self._assert_supported_key_type(type(key)) - return self._wrapper_map[type(key)].delete_key(key) + _keys = self._wrapper_map[type(key)] + return _keys.delete_key(key) def put_key(self, key, address): """ @@ -752,7 +760,9 @@ class KeyManager(object): :raise UnsupportedKeyTypeError: if invalid key type """ - self._assert_supported_key_type(type(key)) + ktype = type(key) + self._assert_supported_key_type(ktype) + _keys = self._wrapper_map[ktype] if address not in key.address: return defer.fail( @@ -767,14 +777,13 @@ class KeyManager(object): def check_upgrade(old_key): if key.private or can_upgrade(key, old_key): - return self._wrapper_map[type(key)].put_key(key, address) + return _keys.put_key(key, address) else: raise KeyNotValidUpgrade( "Key %s can not be upgraded by new key %s" % (old_key.key_id, key.key_id)) - d = self._wrapper_map[type(key)].get_key(address, - private=key.private) + d = _keys.get_key(address, private=key.private) d.addErrback(old_key_not_found) d.addCallback(check_upgrade) return d @@ -804,7 +813,9 @@ class KeyManager(object): :raise UnsupportedKeyTypeError: if invalid key type """ self._assert_supported_key_type(ktype) - pubkey, privkey = self._wrapper_map[ktype].parse_ascii_key(key) + _keys = self._wrapper_map[ktype] + + pubkey, privkey = _keys.parse_ascii_key(key) pubkey.validation = validation d = self.put_key(pubkey, address) if privkey is not None: @@ -837,6 +848,7 @@ class KeyManager(object): :raise UnsupportedKeyTypeError: if invalid key type """ self._assert_supported_key_type(ktype) + _keys = self._wrapper_map[ktype] logger.info("Fetch key for %s from %s" % (address, uri)) try: @@ -848,7 +860,7 @@ class KeyManager(object): return defer.fail(KeyNotFound(uri)) # XXX parse binary keys - pubkey, _ = self._wrapper_map[ktype].parse_ascii_key(res.content) + pubkey, _ = _keys.parse_ascii_key(res.content) if pubkey is None: return defer.fail(KeyNotFound(uri)) -- cgit v1.2.3 From 6a8cd66c656b810fb5052c75fa21002de5330273 Mon Sep 17 00:00:00 2001 From: Ruben Pollan Date: Mon, 28 Sep 2015 19:06:20 +0200 Subject: [bug] fix verify keys usage The latests refactor missed one line. --- src/leap/keymanager/__init__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/leap/keymanager/__init__.py') diff --git a/src/leap/keymanager/__init__.py b/src/leap/keymanager/__init__.py index 4826ba7..c7886e0 100644 --- a/src/leap/keymanager/__init__.py +++ b/src/leap/keymanager/__init__.py @@ -711,7 +711,7 @@ class KeyManager(object): if signed: if not pubkey.sign_used: pubkey.sign_used = True - d = keys.put_key(pubkey, address) + d = _keys.put_key(pubkey, address) d.addCallback(lambda _: pubkey) return d return pubkey -- cgit v1.2.3