[feat] check key document versions and fail if it's unknown

- Closes: #8165
author: Ruben Pollan <meskio@sindominio.net> 2016-06-16 20:16:54 +0200
committer: Ruben Pollan <meskio@sindominio.net> 2016-06-20 18:30:22 +0200
commit: 5409c0dec9d1d4a562cc69798e36d534b6690d30 (patch)
tree: 6e9197e4a933c4f0ded905d4b5f4f4df2084aec9 /keymanager
parent: 161fd0542425dc9afa336dcb0675f56b3e1b0b55 (diff)
4 files changed, 26 insertions, 3 deletions
diff --git a/keymanager/changes/next-changelog.txt b/keymanager/changes/next-changelog.txt
index a2ab4fb..56ff7aa 100644
--- a/keymanager/changes/next-changelog.txt
+++ b/keymanager/changes/next-changelog.txt
@@ -13,6 +13,7 @@ Features
 - `#8031 <https://leap.se/code/issues/8031>`_: Remove support for multiple key types.
 - `#8068 <https://leap.se/code/issues/8068>`_: make get_all_keys aware of active addresses.
 - `#6658 <https://leap.se/code/issues/6658>`_: Improve duplicated active documents fixup.
+- `#8165 <https://leap.se/code/issues/8165>`_: Check key document versions and fail if it's unknown.
 
 - `#1234 <https://leap.se/code/issues/1234>`_: Description of the new feature corresponding with issue #1234.
 - New feature without related issue number.
diff --git a/keymanager/src/leap/keymanager/__init__.py b/keymanager/src/leap/keymanager/__init__.py
index 97d2985..0b8a5b3 100644
--- a/keymanager/src/leap/keymanager/__init__.py
+++ b/keymanager/src/leap/keymanager/__init__.py
@@ -376,7 +376,8 @@ class KeyManager(object):
 
         :return: A Deferred which fires with an EncryptionKey bound to address,
                  or which fails with KeyNotFound if no key was found neither
-                 locally or in keyserver.
+                 locally or in keyserver or fail with KeyVersionError if the
+                 key has a format not supported by this version of KeyManager
         :rtype: Deferred
 
         :raise UnsupportedKeyTypeError: if invalid key type
@@ -522,8 +523,9 @@ class KeyManager(object):
 
         :return: A Deferred which fires with the encrypted data as str, or
                  which fails with KeyNotFound if no keys were found neither
-                 locally or in keyserver or fails with EncryptError if failed
-                 encrypting for some reason.
+                 locally or in keyserver or fails with KeyVersionError if the
+                 key format is not supported or fails with EncryptError if
+                 failed encrypting for some reason.
         :rtype: Deferred
 
         :raise UnsupportedKeyTypeError: if invalid key type
diff --git a/keymanager/src/leap/keymanager/errors.py b/keymanager/src/leap/keymanager/errors.py
index 8a9fb3c..dfff393 100644
--- a/keymanager/src/leap/keymanager/errors.py
+++ b/keymanager/src/leap/keymanager/errors.py
@@ -28,6 +28,15 @@ class KeyNotFound(Exception):
     pass
 
 
+class KeyVersionError(KeyNotFound):
+    """
+    Raised when key was found in the keyring but the version is not supported.
+
+    It will usually mean that it was created by a newer version of KeyManager.
+    """
+    pass
+
+
 class KeyAlreadyExists(Exception):
     """
     Raised when attempted to create a key that already exists.
diff --git a/keymanager/src/leap/keymanager/openpgp.py b/keymanager/src/leap/keymanager/openpgp.py
index 98ce464..31c13df 100644
--- a/keymanager/src/leap/keymanager/openpgp.py
+++ b/keymanager/src/leap/keymanager/openpgp.py
@@ -53,6 +53,8 @@ from leap.keymanager.documents import (
     KEY_ENCR_USED_KEY,
     KEY_ADDRESS_KEY,
     KEY_TYPE_KEY,
+    KEY_VERSION_KEY,
+    KEYMANAGER_DOC_VERSION,
     KEYMANAGER_ACTIVE_TYPE,
     KEYMANAGER_KEY_TAG,
     KEYMANAGER_ACTIVE_TAG,
@@ -734,6 +736,7 @@ class OpenPGPScheme(object):
             address,
             '1' if private else '0')
         d.addCallback(self._repair_and_get_doc, self._repair_active_docs)
+        d.addCallback(self._check_version)
         return d
 
     def _get_key_doc_from_fingerprint(self, fingerprint, private):
@@ -743,6 +746,7 @@ class OpenPGPScheme(object):
             fingerprint,
             '1' if private else '0')
         d.addCallback(self._repair_and_get_doc, self._repair_key_docs)
+        d.addCallback(self._check_version)
         return d
 
     def _repair_and_get_doc(self, doclist, repair_func):
@@ -752,6 +756,13 @@ class OpenPGPScheme(object):
             return repair_func(doclist)
         return doclist[0]
 
+    def _check_version(self, doc):
+        if doc is not None:
+            version = doc.content[KEY_VERSION_KEY]
+            if version > KEYMANAGER_DOC_VERSION:
+                raise errors.KeyVersionError(str(version))
+        return doc
+
     def _repair_key_docs(self, doclist):
         """
         If there is more than one key for a key id try to self-repair it
author	Ruben Pollan <meskio@sindominio.net>	2016-06-16 20:16:54 +0200
committer	Ruben Pollan <meskio@sindominio.net>	2016-06-20 18:30:22 +0200
commit	5409c0dec9d1d4a562cc69798e36d534b6690d30 (patch)
tree	6e9197e4a933c4f0ded905d4b5f4f4df2084aec9 /keymanager
parent	161fd0542425dc9afa336dcb0675f56b3e1b0b55 (diff)