diff options
| author | J08nY | 2017-08-02 20:48:31 +0200 |
|---|---|---|
| committer | J08nY | 2017-08-02 20:48:31 +0200 |
| commit | ffafcc3d57eba95095b64dbaad78bb6785266dc2 (patch) | |
| tree | 3dbb983f9c34b038a25f561ffc92fbe5781f130c /src/mailman_pgp | |
| parent | 7d75ff06f2601dbc43327ccdb383a8ecdbf73720 (diff) | |
| download | mailman-pgp-ffafcc3d57eba95095b64dbaad78bb6785266dc2.tar.gz mailman-pgp-ffafcc3d57eba95095b64dbaad78bb6785266dc2.tar.zst mailman-pgp-ffafcc3d57eba95095b64dbaad78bb6785266dc2.zip | |
Diffstat (limited to 'src/mailman_pgp')
| -rw-r--r-- | src/mailman_pgp/commands/eml_key.py | 12 | ||||
| -rw-r--r-- | src/mailman_pgp/utils/pgp.py | 31 |
2 files changed, 34 insertions, 9 deletions
diff --git a/src/mailman_pgp/commands/eml_key.py b/src/mailman_pgp/commands/eml_key.py index 0d5fa1e..e182451 100644 --- a/src/mailman_pgp/commands/eml_key.py +++ b/src/mailman_pgp/commands/eml_key.py @@ -23,7 +23,6 @@ from mailman.interfaces.command import ContinueProcessing, IEmailCommand from mailman.interfaces.pending import IPendings from mailman.interfaces.subscriptions import ISubscriptionManager from mailman.interfaces.usermanager import IUserManager -from pgpy.constants import KeyFlags from public import public from zope.component import getUtility from zope.interface import implementer @@ -35,6 +34,7 @@ from mailman_pgp.model.list import PGPMailingList from mailman_pgp.pgp.mime import MIMEWrapper from mailman_pgp.pgp.wrapper import PGPWrapper from mailman_pgp.utils.email import get_email +from mailman_pgp.utils.pgp import key_usable from mailman_pgp.workflows.key_change import (CHANGE_CONFIRM_REQUEST, KeyChangeModWorkflow, KeyChangeWorkflow) @@ -77,10 +77,7 @@ def _cmd_set(pgp_list, mlist, msg, msgdata, arguments, results): file=results) return ContinueProcessing.no - usage_flags = key.usage_flags() - for subkey in key.subkeys.values(): - usage_flags |= subkey.usage_flags() - if KeyFlags.EncryptCommunications not in usage_flags: + if not key_usable(key): print('Need a key which can be used to encrypt communications.', file=results) return ContinueProcessing.no @@ -231,10 +228,7 @@ def _cmd_change(pgp_list, mlist, msg, msgdata, arguments, results): file=results) return ContinueProcessing.no - usage_flags = key.usage_flags() - for subkey in key.subkeys.values(): - usage_flags |= subkey.usage_flags() - if KeyFlags.EncryptCommunications not in usage_flags: + if not key_usable(key): print('Need a key which can be used to encrypt communications.', file=results) return ContinueProcessing.no diff --git a/src/mailman_pgp/utils/pgp.py b/src/mailman_pgp/utils/pgp.py index 621aa02..1dfdc5e 100644 --- a/src/mailman_pgp/utils/pgp.py +++ b/src/mailman_pgp/utils/pgp.py @@ -18,6 +18,7 @@ """Miscellaneous PGP utilities.""" from pgpy import PGPKey, PGPSignature from pgpy.constants import SignatureType +from pgpy.errors import PGPError from pgpy.packet import Packet, Signature from pgpy.types import Armorable from public import public @@ -97,3 +98,33 @@ def revoc_from_blob(blob): sig = PGPSignature() sig |= p return sig + + +@public +def key_usable(key, flags_required): + """ + + :param key: + :type key: pgpy.PGPKey + :param flags_required: + :return: + :rtype: bool + """ + if key.is_expired: + return False + primary_revocs = (sig for sig in key.self_signatures if + sig.sigtype is SignatureType.KeyRevocation) + for revoc in primary_revocs: + try: + verified = key.verify(key, revoc) + except PGPError: + continue + if bool(verified): + return False + usage_flags = key.usage_flags() + for subkey in key.subkeys.values(): + usage_flags |= subkey.usage_flags() + + if flags_required not in usage_flags: + return False + return True |