Verified Commit 026de868 by NavaL Committed by meskio

[feat] expired public key are remotely fetched if expired

- private key is not allowed to be fetched remotely
- fetch_remote needs to be specifically set
- if a new key is fetched (ie different KeyID), the validation
  rule applies
parent 1986316b
......@@ -210,7 +210,7 @@ class KeyManager(object):
@defer.inlineCallbacks
def get_inactive_private_keys(self):
"""
Return all inactive private keys bound to address, that can are
Return all inactive private keys bound to address, that are
stored locally.
This can be used to attempt decryption from multiple keys.
......@@ -494,7 +494,8 @@ class KeyManager(object):
"""
Decrypt data using private key from address and verify with public key
bound to verify address. If the decryption using the active private
key fails, then decription using the inactive key, if any, is tried.
key fails, then decryption with inactive keys, if any, is recursively
tried.
:param data: The data to be decrypted.
:type data: str
......
......@@ -330,7 +330,7 @@ class OpenPGPKey(object):
def needs_renewal(self, pre_expiration_threshold=DEFAULT_THRESHOLD):
"""
Indicates if the key is inside the renewal period. For ease of
transition keys should be renewed before they expire.
transition keys should be renewed/extended before they expire.
:param pre_expiration_threshold: the amount of days before expiry date
whereby the key should be renewed -- default value is 60 days
......
......@@ -590,7 +590,7 @@ class OpenPGPScheme(object):
Reset sign_used flag for all keys in storage, to False...
to indicate that the key pair has not interacted with all
keys in the key ring yet.
This should only be used when regenerating the key pair.
This should only be used when regenerating/extending the key pair.
"""
all_keys = yield self.get_all_keys(private=False)
......
......@@ -55,7 +55,7 @@ from common import (
DIFFERENT_PRIVATE_KEY,
DIFFERENT_KEY_FPR,
DIFFERENT_PUBLIC_KEY,
)
KEY_EXPIRING_CREATION_DATE)
NICKSERVER_URI = "http://leap.se/"
REMOTE_KEY_URL = "http://site.domain/key"
......@@ -658,14 +658,15 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase):
km = self._key_manager(user=ADDRESS_EXPIRING)
yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING)
key = yield km.get_key(ADDRESS_EXPIRING)
key = yield km.get_key(ADDRESS_EXPIRING, fetch_remote=False)
yield km.extend_key_expiration(validity='1w')
new_expiry_date = datetime.strptime(
KEY_EXPIRING_CREATION_DATE, '%Y-%m-%d')
new_expiry_date += timedelta(weeks=1)
renewed_public_key = yield km.get_key(ADDRESS_EXPIRING)
renewed_public_key = yield km.get_key(ADDRESS_EXPIRING,
fetch_remote=False)
renewed_private_key = yield km.get_key(ADDRESS_EXPIRING, private=True)
self.assertEqual(new_expiry_date.date(),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment