def _build_keyring(self):
"""
Create an empty GPG keyring and import C{keys} into it.
:param keys: List of keys to add to the keyring.
:type keys: list of OpenPGPKey
:return: A GPG wrapper with a unitary keyring.
:rtype: gnupg.GPG
"""
privkeys = [key for key in self._keys if key and key.private is True]
publkeys = [key for key in self._keys if key and key.private is False]
# here we filter out public keys that have a correspondent
# private key in the list because the private key_data by
# itself is enough to also have the public key in the keyring,
# and we want to count the keys afterwards.
privaddrs = map(lambda privkey: privkey.address, privkeys)
publkeys = filter(
lambda pubkey: pubkey.address not in privaddrs, publkeys)
listkeys = lambda: self._gpg.list_keys()
listsecretkeys = lambda: self._gpg.list_keys(secret=True)
self._gpg = GPGWrapper(
gnupghome=tempfile.mkdtemp(),
gpgbinary=self._gpgbinary)
leap_assert(len(listkeys()) is 0, 'Keyring not empty.')
# import keys into the keyring:
# concatenating ascii-armored keys, which is correctly
# understood by the GPGWrapper.
self._gpg.import_keys("".join(
[x.key_data for x in publkeys + privkeys]))
# assert the number of keys in the keyring
leap_assert(
len(listkeys()) == len(publkeys) + len(privkeys),
'Wrong number of public keys in keyring: %d, should be %d)' %
(len(listkeys()), len(publkeys) + len(privkeys)))
leap_assert(
len(listsecretkeys()) == len(privkeys),
'Wrong number of private keys in keyring: %d, should be %d)' %
(len(listsecretkeys()), len(privkeys)))
class TempGPGWrapper(object):
"""
A context manager returning a temporary GPG wrapper keyring, which
contains exactly zero or one pubkeys, and zero or one privkeys.
Temporary unitary keyrings allow the to use GPG's facilities for exactly
one key. This function creates an empty temporary keyring and imports
C{keys} if it is not None.
"""
def __init__(self, keys=None):
"""
:param keys: OpenPGP key, or list of.
:type keys: OpenPGPKey or list of OpenPGPKeys
"""
self._gpg = None
if not keys:
keys = list()
if not isinstance(keys, list):
keys = [keys]
self._keys = keys
for key in filter(None, keys):
leap_assert_type(key, OpenPGPKey)
def __enter__(self):
"""
Calls the unitary gpgwrapper initializer
:return: A GPG wrapper with a unitary keyring.
:rtype: gnupg.GPG
"""
self._build_keyring()
return self._gpg
def __exit__(self, exc_type, exc_value, traceback):
"""
Ensures the gpgwrapper is properly destroyed.
"""
# TODO handle exceptions and log here
self._destroy_keyring()
def _build_keyring(self):
"""
Create an empty GPG keyring and import C{keys} into it.
:param keys: List of keys to add to the keyring.
:type keys: list of OpenPGPKey
:return: A GPG wrapper with a unitary keyring.
:rtype: gnupg.GPG
"""
privkeys = [key for key in self._keys if key and key.private is True]
publkeys = [key for key in self._keys if key and key.private is False]
# here we filter out public keys that have a correspondent
# private key in the list because the private key_data by
# itself is enough to also have the public key in the keyring,
# and we want to count the keys afterwards.
privaddrs = map(lambda privkey: privkey.address, privkeys)
publkeys = filter(
lambda pubkey: pubkey.address not in privaddrs, publkeys)
listkeys = lambda: self._gpg.list_keys()
listsecretkeys = lambda: self._gpg.list_keys(secret=True)
self._gpg = GPGWrapper(gnupghome=tempfile.mkdtemp())
leap_assert(len(listkeys()) is 0, 'Keyring not empty.')
# import keys into the keyring:
# concatenating ascii-armored keys, which is correctly
# understood by the GPGWrapper.
self._gpg.import_keys("".join(
[x.key_data for x in publkeys + privkeys]))
# assert the number of keys in the keyring
leap_assert(
len(listkeys()) == len(publkeys) + len(privkeys),
'Wrong number of public keys in keyring: %d, should be %d)' %
(len(listkeys()), len(publkeys) + len(privkeys)))
leap_assert(
len(listsecretkeys()) == len(privkeys),
'Wrong number of private keys in keyring: %d, should be %d)' %
(len(listsecretkeys()), len(privkeys)))
def _destroy_keyring(self):
"""
Securely erase a unitary keyring.
"""
# TODO: implement some kind of wiping of data or a more
# secure way that
# does not write to disk.
try:
for secret in [True, False]:
for key in self._gpg.list_keys(secret=secret):
self._gpg.delete_keys(
key['fingerprint'],
secret=secret)
leap_assert(len(self._gpg.list_keys()) is 0, 'Keyring not empty!')
except:
raise
finally:
leap_assert(self._gpg.gnupghome != os.path.expanduser('~/.gnupg'),
"watch out! Tried to remove default gnupg home!")
shutil.rmtree(self._gpg.gnupghome)
