Verified Commit f6c71494 by meskio

[refactor] remove rengenerate key

We are not planning to regenerate keys (for now), only to extend the
expiration date.
parent d13fb37a
......@@ -361,20 +361,6 @@ class KeyManager(object):
d.addCallback(signal_finished)
return d
@defer.inlineCallbacks
def regenerate_key(self):
"""
Regenerate a key bound to the user's address.
:return: A Deferred which fires with the generated EncryptionKey.
:rtype: Deferred
"""
self.log.info('Regenerating key for %s.' % self._address)
new_key = yield self._openpgp.regenerate_key(self._address)
defer.returnValue(new_key)
#
# Setters/getters
#
......
......@@ -191,7 +191,7 @@ class OpenPGPKey(object):
return False
def merge(self, newkey, key_renewal=False):
def merge(self, newkey):
if newkey.fingerprint != self.fingerprint:
self.log.critical(
"Can't put a key whith the same key_id and different "
......@@ -223,8 +223,7 @@ class OpenPGPKey(object):
if newkey.last_audited_at > self.last_audited_at:
self.validation = newkey.last_audited_at
self.encr_used = newkey.encr_used or self.encr_used
if not key_renewal:
self.sign_used = newkey.sign_used or self.sign_used
self.sign_used = newkey.sign_used or self.sign_used
self.refreshed_at = datetime.now()
def get_json(self):
......
......@@ -161,44 +161,6 @@ class OpenPGPScheme(object):
#
# Keys management
#
@defer.inlineCallbacks
def regenerate_key(self, address):
"""
Deactivate Current keypair,
Generate a new OpenPGP keypair bound to C{address},
and sign the new key with the old key.
:param address: The address bound to the key.
:type address: str
:return: A Deferred which fires with the new key bound to address.
:rtype: Deferred
"""
leap_assert(is_address(address), 'Not an user address: %s' % address)
current_sec_key = yield self.get_key(address, private=True)
current_pub_key = yield self.get_key(address, private=False)
with TempGPGWrapper([current_sec_key], self._gpgbinary) as gpg:
if current_sec_key.is_expired():
temporary_extension_period = '1' # extend for 1 extra day
gpg.expire(current_sec_key.fingerprint,
expiration_time=temporary_extension_period)
yield self.unactivate_key(address) # only one priv key allowed
yield self.delete_key(current_pub_key)
new_key = yield self.gen_key(address)
gpg.import_keys(new_key.key_data)
key_signing = yield from_thread(gpg.sign_key, new_key.fingerprint)
if key_signing.status == 'ok':
fetched_keys = gpg.list_keys(secret=False)
fetched_key = filter(lambda k: k['fingerprint'] ==
new_key.fingerprint, fetched_keys)[0]
key_data = gpg.export_keys(new_key.fingerprint, secret=False)
renewed_key = self._build_key_from_gpg(
fetched_key,
key_data,
new_key.address)
yield self.put_key(renewed_key)
defer.returnValue(new_key)
def gen_key(self, address):
"""
Generate an OpenPGP keypair bound to C{address}.
......@@ -411,7 +373,7 @@ class OpenPGPScheme(object):
d.addCallback(put_key, openpgp_privkey)
return d
def put_key(self, key, key_renewal=False):
def put_key(self, key):
"""
Put C{key} in local storage.
......@@ -431,7 +393,7 @@ class OpenPGPScheme(object):
active_content = activedoc.content
oldkey = build_key_from_dict(keydoc.content, active_content)
key.merge(oldkey, key_renewal)
key.merge(oldkey)
keydoc.set_json(key.get_json())
d = self._soledad.put_doc(keydoc)
d.addCallback(put_active, activedoc)
......
......@@ -592,51 +592,6 @@ class KeyManagerKeyManagementTestCase(KeyManagerWithSoledadTestCase):
yield km.put_raw_key(PRIVATE_KEY, ADDRESS)
km.send_key.assert_called_once_with()
@defer.inlineCallbacks
def test_key_regenerate_gets_new_expiry_date_and_signed_by_old_key(self):
km = self._key_manager(user=ADDRESS_EXPIRING)
yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING)
old_key = yield km.get_key(ADDRESS_EXPIRING, fetch_remote=False)
new_key = yield km.regenerate_key()
today = datetime.now()
new_expiry_date = date(today.year + 1, today.month, today.day)
renewed_public_key = yield km.get_key(ADDRESS_EXPIRING,
fetch_remote=False)
renewed_private_key = yield km.get_key(ADDRESS_EXPIRING, private=True)
self.assertEqual(new_expiry_date,
renewed_public_key.expiry_date.date())
self.assertEqual(new_expiry_date,
renewed_private_key.expiry_date.date())
self.assertNotEqual(old_key.fingerprint,
renewed_public_key.fingerprint)
self.assertEqual(new_key.fingerprint, renewed_public_key.fingerprint)
self.assertIn(old_key.fingerprint[-16:], renewed_public_key.signatures)
@defer.inlineCallbacks
def test_key_regenerate_deactivate_the_old_private_key(self):
km = self._key_manager(user=ADDRESS_EXPIRING)
yield km._openpgp.put_raw_key(PRIVATE_EXPIRING_KEY, ADDRESS_EXPIRING)
old_key = yield km.get_key(ADDRESS_EXPIRING, fetch_remote=False)
new_key = yield km.regenerate_key()
inactive_private_keys = yield km._get_inactive_private_keys()
renewed_public_key = yield km.get_key(ADDRESS_EXPIRING, private=False,
fetch_remote=False)
self.assertEqual(1, len(inactive_private_keys))
retrieved_old_key = inactive_private_keys[0]
self.assertEqual(old_key.fingerprint,
retrieved_old_key.fingerprint)
self.assertNotEqual(old_key.fingerprint,
new_key.fingerprint)
self.assertEqual(new_key.fingerprint, renewed_public_key.fingerprint)
self.assertIn(old_key.fingerprint[-16:], renewed_public_key.signatures)
class KeyManagerCryptoTestCase(KeyManagerWithSoledadTestCase):
RAW_DATA = 'data'
......@@ -669,9 +624,6 @@ class KeyManagerCryptoTestCase(KeyManagerWithSoledadTestCase):
fetch_remote=False)
self.assertNotEqual(self.RAW_DATA, encdata)
# renew key
yield km.regenerate_key()
# decrypt
rawdata, signingkey = yield km.decrypt(
encdata, ADDRESS, verify=ADDRESS_2, fetch_remote=False)
......@@ -686,9 +638,6 @@ class KeyManagerCryptoTestCase(KeyManagerWithSoledadTestCase):
yield km._openpgp.put_raw_key(PRIVATE_KEY, ADDRESS)
yield km._openpgp.put_raw_key(PRIVATE_KEY_2, ADDRESS_2)
# renew key -- deactivate current key
yield km.regenerate_key()
# decrypt
with self.assertRaises(errors.DecryptError):
yield km.decrypt(ENCRYPTED_MESSAGE_FOR_DIFFERENT_KEY,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment