[#850] keys will now be renewed two months before expiry date

2 files changed, 30 insertions, 4 deletions

diff --git a/service/pixelated/bitmask_libraries/keymanager.py b/service/pixelated/bitmask_libraries/keymanager.py
index 464604db..cba9c6bd 100644
--- a/service/pixelated/bitmask_libraries/keymanager.py
+++ b/service/pixelated/bitmask_libraries/keymanager.py
@@ -13,6 +13,7 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
+import datetime
 from twisted.internet import defer
 from twisted.logger import Logger
 
@@ -27,7 +28,12 @@ class UploadKeyError(Exception):
     pass
 
 
+TWO_MONTHS = 60
+DEFAULT_EXTENSION_THRESHOLD = TWO_MONTHS
+
+
 class Keymanager(object):
+
     def __init__(self, provider, soledad, email_address, token, uuid):
         nicknym_url = provider._discover_nicknym_server()
         self._email = email_address
@@ -43,7 +49,7 @@ class Keymanager(object):
         current_key = yield self._key_exists(self._email)
         if not current_key:
             yield self._generate_key_and_send_to_leap()
-        elif current_key.has_expired():
+        elif self.should_renew(current_key):
             yield self._regenerate_key()
             yield self._send_key_to_leap()
 
@@ -69,6 +75,11 @@ class Keymanager(object):
         except KeyNotFound:
             defer.returnValue(None)
 
+    def should_renew(self, key):
+        # feature envy -- should be in keymanager
+        till_expiry_date = (key.expiry_date - datetime.datetime.now())
+        return till_expiry_date.days < DEFAULT_EXTENSION_THRESHOLD
+
     @defer.inlineCallbacks
     def get_key(self, email, private=False, fetch_remote=True):
         key = yield self.keymanager.get_key(email, private=private, fetch_remote=fetch_remote)
diff --git a/service/test/unit/bitmask_libraries/test_keymanager.py b/service/test/unit/bitmask_libraries/test_keymanager.py
index c788697c..57235bae 100644
--- a/service/test/unit/bitmask_libraries/test_keymanager.py
+++ b/service/test/unit/bitmask_libraries/test_keymanager.py
@@ -13,6 +13,7 @@
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with Pixelated. If not, see <http://www.gnu.org/licenses/>.
+import datetime
 from mock import patch, MagicMock
 from mockito import when
 from unittest import TestCase
@@ -111,10 +112,23 @@ class KeymanagerTest(TestCase):
 
         self.keymanager.delete_key_pair.assert_called_once()
 
+    def test_key_should_be_renewed_two_months_prior_to_expiry(self):
+        today = datetime.datetime.now()
+        mock_key = MagicMock()
+        mock_key.expiry_date = today - datetime.timedelta(days=20)
+        self.assertTrue(self.keymanager.should_renew(mock_key))
+
+    def test_key_should_not_be_renewed_before_two_months_prior_to_expiry(self):
+        today = datetime.datetime.now()
+        mock_key = MagicMock()
+        mock_key.expiry_date = today + datetime.timedelta(days=61)
+        self.assertFalse(self.keymanager.should_renew(mock_key))
+
     @defer.inlineCallbacks
-    def test_keymanager_regenerate_key_pair_if_current_key_expired(self):
+    def test_keymanager_regenerate_key_pair_if_current_key_is_about_to_expire(self):
+        today = datetime.datetime.now()
         mock_open_pgp_key = MagicMock()
-        mock_open_pgp_key.has_expired = MagicMock(return_value=True)
+        mock_open_pgp_key.expiry_date = today - datetime.timedelta(days=20)
         when(self.keymanager)._key_exists('test_user@some-server.test').thenReturn(mock_open_pgp_key)
 
         yield self.keymanager.generate_openpgp_key()
@@ -124,8 +138,9 @@ class KeymanagerTest(TestCase):
 
     @defer.inlineCallbacks
     def test_key_regeneration_does_not_delete_key_when_upload_fails(self):
+        today = datetime.datetime.now()
         mock_open_pgp_key = MagicMock()
-        mock_open_pgp_key.has_expired = MagicMock(return_value=True)
+        mock_open_pgp_key.expiry_date = today - datetime.timedelta(days=20)
         self.leap_keymanager.get_key = MagicMock(return_value=defer.succeed(mock_open_pgp_key))
         self.leap_keymanager.send_key = MagicMock(side_effect=UploadKeyError('Could not upload key'))