From 7f7cb59a38a3be3d486bafc810133b584d7fd7a7 Mon Sep 17 00:00:00 2001
From: NavaL <ayoyo@thoughtworks.com>
Date: Mon, 21 Nov 2016 14:23:20 +0100
Subject: [#815] regenerating new keys when the current one expires

---
 service/pixelated/bitmask_libraries/keymanager.py  | 34 +++++++++++-------
 service/requirements.txt                           |  2 +-
 .../test/unit/bitmask_libraries/test_keymanager.py | 41 +++++++++++++++++++---
 3 files changed, 60 insertions(+), 17 deletions(-)

diff --git a/service/pixelated/bitmask_libraries/keymanager.py b/service/pixelated/bitmask_libraries/keymanager.py
index e9868662..4af7d982 100644
--- a/service/pixelated/bitmask_libraries/keymanager.py
+++ b/service/pixelated/bitmask_libraries/keymanager.py
@@ -40,23 +40,33 @@ class Keymanager(object):
 
     @defer.inlineCallbacks
     def generate_openpgp_key(self):
-        key_present = yield self._key_exists(self._email)
-        if not key_present:
-            logger.info("Generating keys - this could take a while...")
-            yield self._gen_key()
-            try:
-                yield self._send_key_to_leap()
-            except Exception as e:
-                yield self.delete_key_pair(self._email)
-                raise UploadKeyError(e.message)
+        current_key = yield self._key_exists(self._email)
+        if not current_key:
+            yield self._generate_key_and_send_to_leap()
+        elif current_key.has_expired():
+            yield self._regenerate_key()
+            yield self._send_key_to_leap()
+
+    def _regenerate_key(self):
+        yield self.keymanager.regenerate_key()
+
+    @defer.inlineCallbacks
+    def _generate_key_and_send_to_leap(self):
+        logger.info("Generating keys - this could take a while...")
+        yield self._gen_key()
+        try:
+            yield self._send_key_to_leap()
+        except Exception as e:
+            yield self.delete_key_pair(self._email)
+            raise UploadKeyError(e.message)
 
     @defer.inlineCallbacks
     def _key_exists(self, email):
         try:
-            yield self.get_key(email, private=True, fetch_remote=False)
-            defer.returnValue(True)
+            current_key = yield self.get_key(email, private=True, fetch_remote=False)
+            defer.returnValue(current_key)
         except KeyNotFound:
-            defer.returnValue(False)
+            defer.returnValue(None)
 
     def get_key(self, email, private=False, fetch_remote=True):
         return self.keymanager.get_key(email, private=private, fetch_remote=fetch_remote)
diff --git a/service/requirements.txt b/service/requirements.txt
index 8bef32b4..3bd22f13 100644
--- a/service/requirements.txt
+++ b/service/requirements.txt
@@ -7,7 +7,7 @@ srp==1.0.6
 whoosh==2.6.0
 Twisted==16.1.1
 -e 'git+https://0xacab.org/pixelated/leap_pycommon.git@develop#egg=leap.common'
--e 'git+https://0xacab.org/pixelated/bitmask-dev.git@master#egg=leap.bitmask'
+-e 'git+https://0xacab.org/pixelated/bitmask-dev.git@feat_regenerate_key#egg=leap.bitmask'
 -e 'git+https://0xacab.org/pixelated/soledad.git@develop#egg=leap.soledad.common&subdirectory=common/'
 -e 'git+https://0xacab.org/pixelated/soledad.git@develop#egg=leap.soledad.client&subdirectory=client/'
 -e 'git+https://0xacab.org/pixelated/soledad.git@develop#egg=leap.soledad.server&subdirectory=server/'
diff --git a/service/test/unit/bitmask_libraries/test_keymanager.py b/service/test/unit/bitmask_libraries/test_keymanager.py
index de382359..6b7c114e 100644
--- a/service/test/unit/bitmask_libraries/test_keymanager.py
+++ b/service/test/unit/bitmask_libraries/test_keymanager.py
@@ -66,7 +66,7 @@ class KeymanagerTest(TestCase):
             combined_ca_bundle='combined_ca_bundle')
 
     def test_keymanager_generate_openpgp_key_generates_key_correctly(self):
-        when(self.keymanager)._key_exists('test_user@some-server.test').thenReturn(False)
+        when(self.keymanager)._key_exists('test_user@some-server.test').thenReturn(None)
 
         self.keymanager._gen_key = MagicMock()
         self.keymanager._send_key_to_leap = MagicMock()
@@ -77,7 +77,9 @@ class KeymanagerTest(TestCase):
         self.keymanager._send_key_to_leap.assert_called_once()
 
     def test_keymanager_generate_openpgp_key_doesnt_regenerate_preexisting_key(self):
-        when(self.keymanager)._key_exists('test_user@some-server.test').thenReturn(True)
+        mock_open_pgp_key = MagicMock()
+        mock_open_pgp_key.has_expired = MagicMock(return_value=False)
+        when(self.keymanager)._key_exists('test_user@some-server.test').thenReturn(mock_open_pgp_key)
 
         self.keymanager._gen_key = MagicMock()
 
@@ -86,7 +88,9 @@ class KeymanagerTest(TestCase):
         self.keymanager._gen_key.assert_not_called()
 
     def test_keymanager_generate_openpgp_key_doesnt_upload_preexisting_key(self):
-        when(self.keymanager)._key_exists('test_user@some-server.test').thenReturn(True)
+        mock_open_pgp_key = MagicMock()
+        mock_open_pgp_key.has_expired = MagicMock(return_value=False)
+        when(self.keymanager)._key_exists('test_user@some-server.test').thenReturn(mock_open_pgp_key)
 
         self.keymanager._send_key_to_leap = MagicMock()
 
@@ -96,7 +100,7 @@ class KeymanagerTest(TestCase):
 
     @defer.inlineCallbacks
     def test_keymanager_generate_openpgp_key_deletes_key_when_upload_fails(self):
-        when(self.keymanager)._key_exists('test_user@some-server.test').thenReturn(False)
+        when(self.keymanager)._key_exists('test_user@some-server.test').thenReturn(None)
 
         self.keymanager.delete_key_pair = MagicMock()
         when(self.keymanager)._send_key_to_leap().thenRaise(Exception('Could not upload key'))
@@ -105,3 +109,32 @@ class KeymanagerTest(TestCase):
             yield self.keymanager.generate_openpgp_key()
 
         self.keymanager.delete_key_pair.assert_called_once_with('test_user@some-server.test')
+
+    def test_keymanager_regenerate_key_pair_if_current_key_expired(self):
+        mock_open_pgp_key = MagicMock()
+        mock_open_pgp_key.has_expired = MagicMock(return_value=True)
+        when(self.keymanager)._key_exists('test_user@some-server.test').thenReturn(mock_open_pgp_key)
+
+        self.keymanager._regenerate_key = MagicMock()
+        self.keymanager._send_key_to_leap = MagicMock()
+
+        self.keymanager.generate_openpgp_key()
+
+        self.keymanager._regenerate_key.assert_called_once()
+        self.keymanager._send_key_to_leap.assert_called_once()
+
+    @defer.inlineCallbacks
+    def test_key_regeneration_does_not_delete_key_when_upload_fails(self):
+        mock_open_pgp_key = MagicMock()
+        mock_open_pgp_key.has_expired = MagicMock(return_value=True)
+        when(self.keymanager)._key_exists('test_user@some-server.test').thenReturn(mock_open_pgp_key)
+
+        self.keymanager._regenerate_key = MagicMock()
+        self.keymanager.delete_key_pair = MagicMock()
+        when(self.keymanager)._send_key_to_leap().thenRaise(UploadKeyError('Could not upload key'))
+
+        with self.assertRaises(UploadKeyError):
+            yield self.keymanager.generate_openpgp_key()
+
+        self.keymanager._regenerate_key.assert_called_once()
+        self.keymanager.delete_key_pair.assert_not_called()
-- 
cgit v1.2.3