summaryrefslogtreecommitdiff
path: root/keymanager/src/leap/keymanager/keys.py
diff options
context:
space:
mode:
Diffstat (limited to 'keymanager/src/leap/keymanager/keys.py')
-rw-r--r--keymanager/src/leap/keymanager/keys.py163
1 files changed, 36 insertions, 127 deletions
diff --git a/keymanager/src/leap/keymanager/keys.py b/keymanager/src/leap/keymanager/keys.py
index 296ed86..c0ee21b 100644
--- a/keymanager/src/leap/keymanager/keys.py
+++ b/keymanager/src/leap/keymanager/keys.py
@@ -27,78 +27,17 @@ import logging
import re
import time
-
from datetime import datetime
-from leap.common.check import leap_assert
-from twisted.internet import defer
from leap.keymanager import errors
from leap.keymanager.wrapper import TempGPGWrapper
from leap.keymanager.validation import ValidationLevels
+from leap.keymanager import documents as doc
logger = logging.getLogger(__name__)
#
-# Dictionary keys used for storing cryptographic keys.
-#
-
-KEY_VERSION_KEY = 'version'
-KEY_UIDS_KEY = 'uids'
-KEY_ADDRESS_KEY = 'address'
-KEY_TYPE_KEY = 'type'
-KEY_FINGERPRINT_KEY = 'fingerprint'
-KEY_DATA_KEY = 'key_data'
-KEY_PRIVATE_KEY = 'private'
-KEY_LENGTH_KEY = 'length'
-KEY_EXPIRY_DATE_KEY = 'expiry_date'
-KEY_LAST_AUDITED_AT_KEY = 'last_audited_at'
-KEY_REFRESHED_AT_KEY = 'refreshed_at'
-KEY_VALIDATION_KEY = 'validation'
-KEY_ENCR_USED_KEY = 'encr_used'
-KEY_SIGN_USED_KEY = 'sign_used'
-KEY_TAGS_KEY = 'tags'
-
-
-#
-# Key storage constants
-#
-
-KEYMANAGER_KEY_TAG = 'keymanager-key'
-KEYMANAGER_ACTIVE_TAG = 'keymanager-active'
-KEYMANAGER_ACTIVE_TYPE = '-active'
-
-# Version of the Soledad Document schema,
-# it should be bumped each time the document format changes
-KEYMANAGER_DOC_VERSION = 1
-
-
-#
-# key indexing constants.
-#
-
-TAGS_PRIVATE_INDEX = 'by-tags-private'
-TYPE_FINGERPRINT_PRIVATE_INDEX = 'by-type-fingerprint-private'
-TYPE_ADDRESS_PRIVATE_INDEX = 'by-type-address-private'
-INDEXES = {
- TAGS_PRIVATE_INDEX: [
- KEY_TAGS_KEY,
- 'bool(%s)' % KEY_PRIVATE_KEY,
- ],
- TYPE_FINGERPRINT_PRIVATE_INDEX: [
- KEY_TYPE_KEY,
- KEY_FINGERPRINT_KEY,
- 'bool(%s)' % KEY_PRIVATE_KEY,
- ],
- TYPE_ADDRESS_PRIVATE_INDEX: [
- KEY_TYPE_KEY,
- KEY_ADDRESS_KEY,
- 'bool(%s)' % KEY_PRIVATE_KEY,
- ]
-}
-
-
-#
# Key handling utilities
#
@@ -132,27 +71,27 @@ def build_key_from_dict(key, active=None):
sign_used = False
if active:
- address = active[KEY_ADDRESS_KEY]
+ address = active[doc.KEY_ADDRESS_KEY]
try:
- validation = ValidationLevels.get(active[KEY_VALIDATION_KEY])
+ validation = ValidationLevels.get(active[doc.KEY_VALIDATION_KEY])
except ValueError:
logger.error("Not valid validation level (%s) for key %s",
- (active[KEY_VALIDATION_KEY],
- active[KEY_FINGERPRINT_KEY]))
- last_audited_at = _to_datetime(active[KEY_LAST_AUDITED_AT_KEY])
- encr_used = active[KEY_ENCR_USED_KEY]
- sign_used = active[KEY_SIGN_USED_KEY]
+ (active[doc.KEY_VALIDATION_KEY],
+ active[doc.KEY_FINGERPRINT_KEY]))
+ last_audited_at = _to_datetime(active[doc.KEY_LAST_AUDITED_AT_KEY])
+ encr_used = active[doc.KEY_ENCR_USED_KEY]
+ sign_used = active[doc.KEY_SIGN_USED_KEY]
- expiry_date = _to_datetime(key[KEY_EXPIRY_DATE_KEY])
- refreshed_at = _to_datetime(key[KEY_REFRESHED_AT_KEY])
+ expiry_date = _to_datetime(key[doc.KEY_EXPIRY_DATE_KEY])
+ refreshed_at = _to_datetime(key[doc.KEY_REFRESHED_AT_KEY])
return OpenPGPKey(
address=address,
- uids=key[KEY_UIDS_KEY],
- fingerprint=key[KEY_FINGERPRINT_KEY],
- key_data=key[KEY_DATA_KEY],
- private=key[KEY_PRIVATE_KEY],
- length=key[KEY_LENGTH_KEY],
+ uids=key[doc.KEY_UIDS_KEY],
+ fingerprint=key[doc.KEY_FINGERPRINT_KEY],
+ key_data=key[doc.KEY_DATA_KEY],
+ private=key[doc.KEY_PRIVATE_KEY],
+ length=key[doc.KEY_LENGTH_KEY],
expiry_date=expiry_date,
last_audited_at=last_audited_at,
refreshed_at=refreshed_at,
@@ -271,16 +210,16 @@ class OpenPGPKey(object):
refreshed_at = _to_unix_time(self.refreshed_at)
return json.dumps({
- KEY_UIDS_KEY: self.uids,
- KEY_TYPE_KEY: self.__class__.__name__,
- KEY_FINGERPRINT_KEY: self.fingerprint,
- KEY_DATA_KEY: self.key_data,
- KEY_PRIVATE_KEY: self.private,
- KEY_LENGTH_KEY: self.length,
- KEY_EXPIRY_DATE_KEY: expiry_date,
- KEY_REFRESHED_AT_KEY: refreshed_at,
- KEY_VERSION_KEY: KEYMANAGER_DOC_VERSION,
- KEY_TAGS_KEY: [KEYMANAGER_KEY_TAG],
+ doc.KEY_UIDS_KEY: self.uids,
+ doc.KEY_TYPE_KEY: self.__class__.__name__,
+ doc.KEY_FINGERPRINT_KEY: self.fingerprint,
+ doc.KEY_DATA_KEY: self.key_data,
+ doc.KEY_PRIVATE_KEY: self.private,
+ doc.KEY_LENGTH_KEY: self.length,
+ doc.KEY_EXPIRY_DATE_KEY: expiry_date,
+ doc.KEY_REFRESHED_AT_KEY: refreshed_at,
+ doc.KEY_VERSION_KEY: doc.KEYMANAGER_DOC_VERSION,
+ doc.KEY_TAGS_KEY: [doc.KEYMANAGER_KEY_TAG],
})
def get_active_json(self):
@@ -293,16 +232,17 @@ class OpenPGPKey(object):
last_audited_at = _to_unix_time(self.last_audited_at)
return json.dumps({
- KEY_ADDRESS_KEY: self.address,
- KEY_TYPE_KEY: self.__class__.__name__ + KEYMANAGER_ACTIVE_TYPE,
- KEY_FINGERPRINT_KEY: self.fingerprint,
- KEY_PRIVATE_KEY: self.private,
- KEY_VALIDATION_KEY: str(self.validation),
- KEY_LAST_AUDITED_AT_KEY: last_audited_at,
- KEY_ENCR_USED_KEY: self.encr_used,
- KEY_SIGN_USED_KEY: self.sign_used,
- KEY_VERSION_KEY: KEYMANAGER_DOC_VERSION,
- KEY_TAGS_KEY: [KEYMANAGER_ACTIVE_TAG],
+ doc.KEY_ADDRESS_KEY: self.address,
+ doc.KEY_TYPE_KEY: (self.__class__.__name__ +
+ doc.KEYMANAGER_ACTIVE_TYPE),
+ doc.KEY_FINGERPRINT_KEY: self.fingerprint,
+ doc.KEY_PRIVATE_KEY: self.private,
+ doc.KEY_VALIDATION_KEY: str(self.validation),
+ doc.KEY_LAST_AUDITED_AT_KEY: last_audited_at,
+ doc.KEY_ENCR_USED_KEY: self.encr_used,
+ doc.KEY_SIGN_USED_KEY: self.sign_used,
+ doc.KEY_VERSION_KEY: doc.KEYMANAGER_DOC_VERSION,
+ doc.KEY_TAGS_KEY: [doc.KEYMANAGER_ACTIVE_TAG],
})
def next(self):
@@ -351,34 +291,3 @@ def parse_address(address):
if match is None:
return None
return ''.join(match.group(2, 4))
-
-
-def init_indexes(soledad):
- """
- Initialize the database indexes.
- """
- leap_assert(soledad is not None,
- "Cannot init indexes with null soledad")
-
- def create_idexes(indexes):
- deferreds = []
- db_indexes = dict(indexes)
- # Loop through the indexes we expect to find.
- for name, expression in INDEXES.items():
- if name not in db_indexes:
- # The index does not yet exist.
- d = soledad.create_index(name, *expression)
- deferreds.append(d)
- elif expression != db_indexes[name]:
- # The index exists but the definition is not what expected,
- # so we delete it and add the proper index expression.
- d = soledad.delete_index(name)
- d.addCallback(
- lambda _:
- soledad.create_index(name, *expression))
- deferreds.append(d)
- return defer.gatherResults(deferreds, consumeErrors=True)
-
- d = soledad.list_indexes()
- d.addCallback(create_idexes)
- return d