feature/key-store

5 files changed, 78 insertions, 20 deletions

diff --git a/src/mailman_pgp/model/fs_key.py b/src/mailman_pgp/model/fs_key.py
index c4a2ac4..118f971 100644
--- a/src/mailman_pgp/model/fs_key.py
+++ b/src/mailman_pgp/model/fs_key.py
@@ -16,14 +16,15 @@
 # this program.  If not, see <http://www.gnu.org/licenses/>.
 
 """Filesystem stored PGP key."""
-from os import remove
-from os.path import getmtime, join
+from os import remove, urandom
+from os.path import getmtime, getsize, join
 
 from public import public
 
 from mailman_pgp.utils.file import locked_obj
 from mailman_pgp.utils.pgp import key_from_file
 
+
 @public
 class FSKey:
     """Filesystem stored PGP key."""
@@ -94,4 +95,19 @@ class FSKey:
 
     @locked_obj('lock_path')
     def delete(self):
-        remove(self.key_path)
+        try:
+            remove(self.key_path)
+        except FileNotFoundError:
+            pass
+
+    @locked_obj('lock_path')
+    def shred(self):
+        try:
+            size = getsize(self.key_path)
+            for _ in range(10):
+                with open(self.key_path, 'wb') as f:
+                    data = urandom(size)
+                    f.write(data)
+            remove(self.key_path)
+        except FileNotFoundError:
+            pass
diff --git a/src/mailman_pgp/model/list.py b/src/mailman_pgp/model/list.py
index 838bcab..946af34 100644
--- a/src/mailman_pgp/model/list.py
+++ b/src/mailman_pgp/model/list.py
@@ -16,7 +16,7 @@
 # this program.  If not, see <http://www.gnu.org/licenses/>.
 
 """Model for PGP enabled mailing lists."""
-
+from lazr.config import as_boolean
 from mailman.database.types import Enum, SAUnicode
 from mailman.interfaces.action import Action
 from mailman.interfaces.listmanager import (IListManager, ListDeletingEvent)
@@ -145,8 +145,12 @@ class PGPMailingList(Base):
 
 @classhandler.handler(ListDeletingEvent)
 def on_delete(event):
+    shred = as_boolean(config.get('keypairs', 'shred'))
     pgp_list = PGPMailingList.for_list(event.mailing_list)
     if pgp_list:
         with transaction() as session:
-            # TODO shred the list key
+            if shred:
+                pgp_list.fs_key.shred()
+            else:
+                pgp_list.fs_key.delete()
             session.delete(pgp_list)
diff --git a/src/mailman_pgp/model/sighash.py b/src/mailman_pgp/model/sighash.py
index d936f35..e8a7ca9 100644
--- a/src/mailman_pgp/model/sighash.py
+++ b/src/mailman_pgp/model/sighash.py
@@ -16,10 +16,10 @@
 # this program.  If not, see <http://www.gnu.org/licenses/>.
 
 """"""
+from public import public
 from sqlalchemy import Column, LargeBinary, String
 
 from mailman_pgp.model.base import Base
-from public import public
 
 
 @public
diff --git a/src/mailman_pgp/model/tests/test_fs_key.py b/src/mailman_pgp/model/tests/test_fs_key.py
index 8828e4b..3a4f859 100644
--- a/src/mailman_pgp/model/tests/test_fs_key.py
+++ b/src/mailman_pgp/model/tests/test_fs_key.py
@@ -16,7 +16,7 @@
 # this program.  If not, see <http://www.gnu.org/licenses/>.
 
 """"""
-from os.path import join, exists
+from os.path import exists, join
 from tempfile import TemporaryDirectory
 from unittest import TestCase
 
@@ -47,19 +47,7 @@ class TestFSKey(TestCase):
         key.load()
         self.assertEqual(key.key.fingerprint, key_data.fingerprint)
 
-    def test_reload_none(self):
-        key_name = 'something.asc'
-        key = FSKey(self.tmpdir.name, key_name, False)
-        key_data = load_key('rsa_1024.priv.asc')
-        with open(key.key_path, 'w') as key_file:
-            key_file.write(str(key_data))
-
-        self.assertIsNone(key.key)
-        key.reload()
-        self.assertIsNotNone(key.key)
-        self.assertEqual(key.key.fingerprint, key_data.fingerprint)
-
-    def test_reload_not_none(self):
+    def test_reload(self):
         key_name = 'something.asc'
         key_path = join(self.tmpdir.name, key_name)
         key_data = load_key('rsa_1024.priv.asc')
@@ -76,6 +64,18 @@ class TestFSKey(TestCase):
         self.assertIsNotNone(key.key)
         self.assertEqual(key.key.fingerprint, new_key_data.fingerprint)
 
+    def test_reload_none(self):
+        key_name = 'something.asc'
+        key = FSKey(self.tmpdir.name, key_name, False)
+        key_data = load_key('rsa_1024.priv.asc')
+        with open(key.key_path, 'w') as key_file:
+            key_file.write(str(key_data))
+
+        self.assertIsNone(key.key)
+        key.reload()
+        self.assertIsNotNone(key.key)
+        self.assertEqual(key.key.fingerprint, key_data.fingerprint)
+
     def test_save(self):
         key_name = 'something.asc'
         key = FSKey(self.tmpdir.name, key_name)
@@ -97,3 +97,24 @@ class TestFSKey(TestCase):
         key.delete()
         self.assertFalse(exists(key.key_path))
         self.assertIsNotNone(key.key)
+
+    def test_delete_none(self):
+        key = FSKey(self.tmpdir.name, 'something.asc')
+        key.delete()
+
+    def test_shred(self):
+        key_name = 'something.asc'
+        key_path = join(self.tmpdir.name, key_name)
+        key_data = load_key('rsa_1024.priv.asc')
+        with open(key_path, 'w') as key_file:
+            key_file.write(str(key_data))
+
+        key = FSKey(self.tmpdir.name, key_name, True)
+
+        key.shred()
+        self.assertFalse(exists(key.key_path))
+        self.assertIsNotNone(key.key)
+
+    def test_shred_none(self):
+        key = FSKey(self.tmpdir.name, 'something.asc')
+        key.shred()
diff --git a/src/mailman_pgp/model/tests/test_list.py b/src/mailman_pgp/model/tests/test_list.py
index 58f52f2..aa07a79 100644
--- a/src/mailman_pgp/model/tests/test_list.py
+++ b/src/mailman_pgp/model/tests/test_list.py
@@ -16,15 +16,18 @@
 # this program.  If not, see <http://www.gnu.org/licenses/>.
 
 """"""
+from os.path import exists
 from unittest import TestCase
 
 from mailman.app.lifecycle import create_list
 from mailman.interfaces.listmanager import IListManager
 from zope.component import getUtility
 
+from mailman_pgp.config import config
 from mailman_pgp.database import mm_transaction
 from mailman_pgp.model.list import PGPMailingList
 from mailman_pgp.testing.layers import PGPConfigLayer
+from mailman_pgp.testing.pgp import load_key
 
 
 class TestPGPMailingList(TestCase):
@@ -34,8 +37,22 @@ class TestPGPMailingList(TestCase):
         with mm_transaction():
             self.mlist = create_list('test@example.com',
                                      style_name='pgp-default')
+        pgp_list = PGPMailingList.for_list(self.mlist)
+        pgp_list.key = load_key('rsa_1024.priv.asc')
 
     def test_delete(self):
         getUtility(IListManager).delete(self.mlist)
         pgp_list = PGPMailingList.for_list(self.mlist)
         self.assertIsNone(pgp_list)
+
+    def test_shred_key(self):
+        key_path = PGPMailingList.for_list(self.mlist).key_path
+        getUtility(IListManager).delete(self.mlist)
+        self.assertFalse(exists(key_path))
+
+    def test_delete_key(self):
+        self.addCleanup(config.set, 'keypairs', 'shred', 'yes')
+        config.set('keypairs', 'shred', 'no')
+        key_path = PGPMailingList.for_list(self.mlist).key_path
+        getUtility(IListManager).delete(self.mlist)
+        self.assertFalse(exists(key_path))