feature/outgoing

author: J08nY 2017-07-19 20:43:24 +0200
committer: J08nY 2017-07-19 21:46:39 +0200
commit: f0670baf7f66faab8ed4f16d393eea8a570f9630 (patch)
tree: dfe4669827c0171bfb45f5a50f6093216d05761b /src/mailman_pgp/pgp/__init__.py
parent: 63b7097f67dfcbd95c4df359d31374e8849a666c (diff)
download: mailman-pgp-feature/outgoing.tar.gz
mailman-pgp-feature/outgoing.tar.zst
mailman-pgp-feature/outgoing.zip
1 files changed, 40 insertions, 20 deletions
diff --git a/src/mailman_pgp/pgp/__init__.py b/src/mailman_pgp/pgp/__init__.py
index 31b61b3..b41c8a1 100644
--- a/src/mailman_pgp/pgp/__init__.py
+++ b/src/mailman_pgp/pgp/__init__.py
@@ -24,25 +24,29 @@ from os.path import join
 from mailman.config import config as mailman_config
 from mailman.utilities.string import expand
 from pgpy import PGPKeyring
-from pgpy.constants import PubKeyAlgorithm
+from pgpy.constants import PubKeyAlgorithm, EllipticCurveOID
 from public import public
 
 from mailman_pgp.config import config
 
 KEYDIR_CONFIG_PATHS = ['list_keydir', 'user_keydir', 'archive_keydir']
-KEYPAIR_CONFIG_VARIABLES = ['autogenerate', 'key_type', 'key_length',
-                            'subkey_type', 'subkey_length']
+KEYPAIR_CONFIG_VARIABLES = ['autogenerate', 'primary_key', 'sub_key']
 
-# The main key needs to support signing.
-KEYPAIR_KEY_TYPE_VALID = ['RSA', 'DSA', 'ECDSA']
-# The subkey needs to support encryption.
-KEYPAIR_SUBKEY_TYPE_VALID = ['RSA', 'ECDH']
 KEYPAIR_TYPE_MAP = {
     'RSA': PubKeyAlgorithm.RSAEncryptOrSign,
     'DSA': PubKeyAlgorithm.DSA,
     'ECDSA': PubKeyAlgorithm.ECDSA,
     'ECDH': PubKeyAlgorithm.ECDH
 }
+ECC_OID_MAP = {
+    'nistp256': EllipticCurveOID.NIST_P256,
+    'nistp384': EllipticCurveOID.NIST_P384,
+    'nistp521': EllipticCurveOID.NIST_P521,
+    'brainpoolP256r1': EllipticCurveOID.Brainpool_P256,
+    'brainpoolP384r1': EllipticCurveOID.Brainpool_P384,
+    'brainpoolP512r1': EllipticCurveOID.Brainpool_P512,
+    'secp256k1': EllipticCurveOID.SECP256K1
+}
 
 
 @public
@@ -56,7 +60,7 @@ class PGP:
         Load [keypairs] and [keydirs] config sections. Expand paths in them.
         """
         # Get all the [keypairs] config variables.
-        self.keypair_config = dict(
+        self._keypair_config = dict(
                 (k, config.get('keypairs', k)) for k in
                 KEYPAIR_CONFIG_VARIABLES)
 
@@ -66,25 +70,41 @@ class PGP:
                  expand(config.get('keydirs', k), None, mailman_config.paths))
                 for k in KEYDIR_CONFIG_PATHS)
 
+    def _parse_key_directive(self, value):
+        key_type, key_length = value.split(':')
+        key_type = key_type.upper()
+        key_length = key_length.lower()
+
+        if key_type not in KEYPAIR_TYPE_MAP:
+            raise ValueError('Invalid key type: {}.'.format(key_type))
+
+        out_type = KEYPAIR_TYPE_MAP[key_type]
+        if key_type in ('ECDSA', 'ECDH'):
+            if key_length not in ECC_OID_MAP:
+                raise ValueError('Invalid key length: {}.'.format(key_length))
+            out_length = ECC_OID_MAP[key_length]
+        else:
+            out_length = int(key_length)
+        return (out_type, out_length)
+
     def _validate_config(self):
         """
         Validate [keypairs] and [keydirs] config sections. And create
         keydirs if necessary.
         """
         # Validate keypair config.
-        key_type = self.keypair_config['key_type'].upper()
-        if key_type not in KEYPAIR_KEY_TYPE_VALID:
-            raise ValueError('Invalid key_type. {}'.format(key_type))
-        self.keypair_config['key_type'] = KEYPAIR_TYPE_MAP[key_type]
-        self.keypair_config['key_length'] = int(
-                self.keypair_config['key_length'])
+        self.primary_key_args = self._parse_key_directive(
+                self._keypair_config['primary_key'])
+        if not self.primary_key_args[0].can_sign:
+            raise ValueError(
+                    'Invalid primary key type: {}.'.format(
+                            self.primary_key_args[0]))
 
-        subkey_type = self.keypair_config['subkey_type'].upper()
-        if subkey_type not in KEYPAIR_SUBKEY_TYPE_VALID:
-            raise ValueError('Invalid subkey_type. {}'.format(subkey_type))
-        self.keypair_config['subkey_type'] = KEYPAIR_TYPE_MAP[subkey_type]
-        self.keypair_config['subkey_length'] = int(
-                self.keypair_config['subkey_length'])
+        self.sub_key_args = self._parse_key_directive(
+                self._keypair_config['sub_key'])
+        if not self.sub_key_args[0].can_encrypt:
+            raise ValueError(
+                    'Invalid sub key type: {}.'.format(self.sub_key_args[0]))
 
         # Make sure the keydir paths are directories and exist.
         for keydir in self.keydir_config.values():
author	J08nY	2017-07-19 20:43:24 +0200
committer	J08nY	2017-07-19 21:46:39 +0200
commit	f0670baf7f66faab8ed4f16d393eea8a570f9630 (patch)
tree	dfe4669827c0171bfb45f5a50f6093216d05761b /src/mailman_pgp/pgp/__init__.py
parent	63b7097f67dfcbd95c4df359d31374e8849a666c (diff)
download	mailman-pgp-feature/outgoing.tar.gz mailman-pgp-feature/outgoing.tar.zst mailman-pgp-feature/outgoing.zip