diff options
Diffstat (limited to 'keymanager/src/leap/keymanager/keys.py')
-rw-r--r-- | keymanager/src/leap/keymanager/keys.py | 163 |
1 files changed, 36 insertions, 127 deletions
diff --git a/keymanager/src/leap/keymanager/keys.py b/keymanager/src/leap/keymanager/keys.py index 296ed86..c0ee21b 100644 --- a/keymanager/src/leap/keymanager/keys.py +++ b/keymanager/src/leap/keymanager/keys.py @@ -27,78 +27,17 @@ import logging import re import time - from datetime import datetime -from leap.common.check import leap_assert -from twisted.internet import defer from leap.keymanager import errors from leap.keymanager.wrapper import TempGPGWrapper from leap.keymanager.validation import ValidationLevels +from leap.keymanager import documents as doc logger = logging.getLogger(__name__) # -# Dictionary keys used for storing cryptographic keys. -# - -KEY_VERSION_KEY = 'version' -KEY_UIDS_KEY = 'uids' -KEY_ADDRESS_KEY = 'address' -KEY_TYPE_KEY = 'type' -KEY_FINGERPRINT_KEY = 'fingerprint' -KEY_DATA_KEY = 'key_data' -KEY_PRIVATE_KEY = 'private' -KEY_LENGTH_KEY = 'length' -KEY_EXPIRY_DATE_KEY = 'expiry_date' -KEY_LAST_AUDITED_AT_KEY = 'last_audited_at' -KEY_REFRESHED_AT_KEY = 'refreshed_at' -KEY_VALIDATION_KEY = 'validation' -KEY_ENCR_USED_KEY = 'encr_used' -KEY_SIGN_USED_KEY = 'sign_used' -KEY_TAGS_KEY = 'tags' - - -# -# Key storage constants -# - -KEYMANAGER_KEY_TAG = 'keymanager-key' -KEYMANAGER_ACTIVE_TAG = 'keymanager-active' -KEYMANAGER_ACTIVE_TYPE = '-active' - -# Version of the Soledad Document schema, -# it should be bumped each time the document format changes -KEYMANAGER_DOC_VERSION = 1 - - -# -# key indexing constants. -# - -TAGS_PRIVATE_INDEX = 'by-tags-private' -TYPE_FINGERPRINT_PRIVATE_INDEX = 'by-type-fingerprint-private' -TYPE_ADDRESS_PRIVATE_INDEX = 'by-type-address-private' -INDEXES = { - TAGS_PRIVATE_INDEX: [ - KEY_TAGS_KEY, - 'bool(%s)' % KEY_PRIVATE_KEY, - ], - TYPE_FINGERPRINT_PRIVATE_INDEX: [ - KEY_TYPE_KEY, - KEY_FINGERPRINT_KEY, - 'bool(%s)' % KEY_PRIVATE_KEY, - ], - TYPE_ADDRESS_PRIVATE_INDEX: [ - KEY_TYPE_KEY, - KEY_ADDRESS_KEY, - 'bool(%s)' % KEY_PRIVATE_KEY, - ] -} - - -# # Key handling utilities # @@ -132,27 +71,27 @@ def build_key_from_dict(key, active=None): sign_used = False if active: - address = active[KEY_ADDRESS_KEY] + address = active[doc.KEY_ADDRESS_KEY] try: - validation = ValidationLevels.get(active[KEY_VALIDATION_KEY]) + validation = ValidationLevels.get(active[doc.KEY_VALIDATION_KEY]) except ValueError: logger.error("Not valid validation level (%s) for key %s", - (active[KEY_VALIDATION_KEY], - active[KEY_FINGERPRINT_KEY])) - last_audited_at = _to_datetime(active[KEY_LAST_AUDITED_AT_KEY]) - encr_used = active[KEY_ENCR_USED_KEY] - sign_used = active[KEY_SIGN_USED_KEY] + (active[doc.KEY_VALIDATION_KEY], + active[doc.KEY_FINGERPRINT_KEY])) + last_audited_at = _to_datetime(active[doc.KEY_LAST_AUDITED_AT_KEY]) + encr_used = active[doc.KEY_ENCR_USED_KEY] + sign_used = active[doc.KEY_SIGN_USED_KEY] - expiry_date = _to_datetime(key[KEY_EXPIRY_DATE_KEY]) - refreshed_at = _to_datetime(key[KEY_REFRESHED_AT_KEY]) + expiry_date = _to_datetime(key[doc.KEY_EXPIRY_DATE_KEY]) + refreshed_at = _to_datetime(key[doc.KEY_REFRESHED_AT_KEY]) return OpenPGPKey( address=address, - uids=key[KEY_UIDS_KEY], - fingerprint=key[KEY_FINGERPRINT_KEY], - key_data=key[KEY_DATA_KEY], - private=key[KEY_PRIVATE_KEY], - length=key[KEY_LENGTH_KEY], + uids=key[doc.KEY_UIDS_KEY], + fingerprint=key[doc.KEY_FINGERPRINT_KEY], + key_data=key[doc.KEY_DATA_KEY], + private=key[doc.KEY_PRIVATE_KEY], + length=key[doc.KEY_LENGTH_KEY], expiry_date=expiry_date, last_audited_at=last_audited_at, refreshed_at=refreshed_at, @@ -271,16 +210,16 @@ class OpenPGPKey(object): refreshed_at = _to_unix_time(self.refreshed_at) return json.dumps({ - KEY_UIDS_KEY: self.uids, - KEY_TYPE_KEY: self.__class__.__name__, - KEY_FINGERPRINT_KEY: self.fingerprint, - KEY_DATA_KEY: self.key_data, - KEY_PRIVATE_KEY: self.private, - KEY_LENGTH_KEY: self.length, - KEY_EXPIRY_DATE_KEY: expiry_date, - KEY_REFRESHED_AT_KEY: refreshed_at, - KEY_VERSION_KEY: KEYMANAGER_DOC_VERSION, - KEY_TAGS_KEY: [KEYMANAGER_KEY_TAG], + doc.KEY_UIDS_KEY: self.uids, + doc.KEY_TYPE_KEY: self.__class__.__name__, + doc.KEY_FINGERPRINT_KEY: self.fingerprint, + doc.KEY_DATA_KEY: self.key_data, + doc.KEY_PRIVATE_KEY: self.private, + doc.KEY_LENGTH_KEY: self.length, + doc.KEY_EXPIRY_DATE_KEY: expiry_date, + doc.KEY_REFRESHED_AT_KEY: refreshed_at, + doc.KEY_VERSION_KEY: doc.KEYMANAGER_DOC_VERSION, + doc.KEY_TAGS_KEY: [doc.KEYMANAGER_KEY_TAG], }) def get_active_json(self): @@ -293,16 +232,17 @@ class OpenPGPKey(object): last_audited_at = _to_unix_time(self.last_audited_at) return json.dumps({ - KEY_ADDRESS_KEY: self.address, - KEY_TYPE_KEY: self.__class__.__name__ + KEYMANAGER_ACTIVE_TYPE, - KEY_FINGERPRINT_KEY: self.fingerprint, - KEY_PRIVATE_KEY: self.private, - KEY_VALIDATION_KEY: str(self.validation), - KEY_LAST_AUDITED_AT_KEY: last_audited_at, - KEY_ENCR_USED_KEY: self.encr_used, - KEY_SIGN_USED_KEY: self.sign_used, - KEY_VERSION_KEY: KEYMANAGER_DOC_VERSION, - KEY_TAGS_KEY: [KEYMANAGER_ACTIVE_TAG], + doc.KEY_ADDRESS_KEY: self.address, + doc.KEY_TYPE_KEY: (self.__class__.__name__ + + doc.KEYMANAGER_ACTIVE_TYPE), + doc.KEY_FINGERPRINT_KEY: self.fingerprint, + doc.KEY_PRIVATE_KEY: self.private, + doc.KEY_VALIDATION_KEY: str(self.validation), + doc.KEY_LAST_AUDITED_AT_KEY: last_audited_at, + doc.KEY_ENCR_USED_KEY: self.encr_used, + doc.KEY_SIGN_USED_KEY: self.sign_used, + doc.KEY_VERSION_KEY: doc.KEYMANAGER_DOC_VERSION, + doc.KEY_TAGS_KEY: [doc.KEYMANAGER_ACTIVE_TAG], }) def next(self): @@ -351,34 +291,3 @@ def parse_address(address): if match is None: return None return ''.join(match.group(2, 4)) - - -def init_indexes(soledad): - """ - Initialize the database indexes. - """ - leap_assert(soledad is not None, - "Cannot init indexes with null soledad") - - def create_idexes(indexes): - deferreds = [] - db_indexes = dict(indexes) - # Loop through the indexes we expect to find. - for name, expression in INDEXES.items(): - if name not in db_indexes: - # The index does not yet exist. - d = soledad.create_index(name, *expression) - deferreds.append(d) - elif expression != db_indexes[name]: - # The index exists but the definition is not what expected, - # so we delete it and add the proper index expression. - d = soledad.delete_index(name) - d.addCallback( - lambda _: - soledad.create_index(name, *expression)) - deferreds.append(d) - return defer.gatherResults(deferreds, consumeErrors=True) - - d = soledad.list_indexes() - d.addCallback(create_idexes) - return d |