gpg-lacre/lacre/keyring.py

"""Data structures and utilities to make keyring access easier.

IMPORTANT: This module has to be loaded _after_ initialisation of the logging
module.
"""

import lacre.text as text
import lacre.config as conf
import logging
from os import stat
from watchdog.events import FileSystemEventHandler, FileSystemEvent
from asyncio import Semaphore, run
import copy

import GnuPG

LOG = logging.getLogger(__name__)


def _sanitize(keys):
    sanitize = text.choose_sanitizer(conf.get_item('default', 'mail_case_insensitive'))
    return {fingerprint: sanitize(keys[fingerprint]) for fingerprint in keys}


class KeyCacheMisconfiguration(Exception):
    """Exception used to signal that KeyCache is misconfigured."""


class KeyCache:
    """A store for OpenPGP keys.

    Key case is sanitised while loading from GnuPG if so
    configured.  See mail_case_insensitive parameter in section
    [default].
    """

    def __init__(self, keys: dict = None):
        """Initialise an empty cache.

        With keyring_dir given, set location of the directory from which keys should be loaded.
        """
        self._keys = keys

    def __getitem__(self, fingerpring):
        """Look up email assigned to the given fingerprint."""
        return self._keys[fingerpring]

    def __setitem__(self, fingerprint, email):
        """Assign an email to a fingerpring, overwriting it if it was already present."""
        self._keys[fingerprint] = email

    def __contains__(self, fingerprint):
        """Check if the given fingerprint is assigned to an email."""
        # This method has to be present for KeyCache to be a dict substitute.
        # See mailgate, function _identify_gpg_recipients.
        return fingerprint in self._keys

    def has_email(self, email):
        """Check if cache contains a key assigned to the given email."""
        return email in self._keys.values()

    def __repr__(self):
        """Return text representation of this object."""
        details = ' '.join(self._keys.keys())
        return f'<KeyCache {details}>'


class KeyRing:
    """A high-level adapter for GnuPG-maintained keyring directory.

    Its role is to keep a cache of keys present in the keyring,
    reload it when necessary and produce static copies of
    fingerprint=>email maps.
    """

    def __init__(self, path: str):
        """Initialise the adapter."""
        self._path = path
        self._keys = self._load_and_sanitize()
        self._sema = Semaphore()
        self._last_mod = None

    def _load_and_sanitize(self):
        keys = self._load_keyring_from(self._path)
        return _sanitize(keys)

    def _load_keyring_from(self, keyring_dir):
        return GnuPG.public_keys(keyring_dir)

    async def freeze_identities(self) -> KeyCache:
        """Return a static, async-safe copy of the identity map."""
        async with self._sema:
            keys = copy.deepcopy(self._keys)
            return KeyCache(keys)

    def load(self):
        """Load keyring, replacing any previous contents of the cache."""
        LOG.debug('Reloading keys...')
        run(self._load())

    async def _load(self):
        last_mod = self._read_mod_time()
        if self._is_modified(last_mod):
            async with self._sema:
                self.replace_keyring(self._load_keyring_from(self._path))

        self._last_mod = self._read_mod_time()

    reload = load

    def replace_keyring(self, keys: dict):
        """Overwrite previously stored key cache with KEYS."""
        keys = _sanitize(keys)

        LOG.info(f'Storing {len(keys)} keys')
        self._keys = keys

    def _read_mod_time(self):
        # (mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime)
        #  0     1    2    3      4    5    6     7      8      9
        MTIME = 8
        st = stat(self._path)
        return st[MTIME]

    def _is_modified(self, last_mod):
        if self._last_mod is None:
            LOG.debug('Keyring not loaded before')
            return True
        elif self._last_mod != last_mod:
            LOG.debug('Keyring directory mtime changed')
            return True
        else:
            LOG.debug('Keyring not modified ')
            return False


class KeyringModificationListener(FileSystemEventHandler):
    """A filesystem event listener that triggers key cache reload."""

    def __init__(self, keyring: KeyRing):
        """Initialise a listener with a callback to be executed upon each change."""
        self._keyring = keyring

    def handle(self, event: FileSystemEvent):
        """Reload keys upon FS event."""
        if 'pubring.kbx' in event.src_path:
            LOG.debug(f'Reloading on event {event!r}')
            self._keyring.reload()

    # All methods should do the same: reload the key cache.
    # on_created = handle
    # on_deleted = handle
    on_modified = handle
Rename lacre.keycache to lacre.keyring This will better reflect the fact we're doing more than just caching. 2022-10-16 22:58:38 +02:00			`"""Data structures and utilities to make keyring access easier.`
Document dependencies on the logging module 2022-10-15 13:47:45 +02:00
			`IMPORTANT: This module has to be loaded _after_ initialisation of the logging`
			`module.`
			`"""`
Implement a basic KeyCache 2022-09-30 22:40:42 +02:00
			`import lacre.text as text`
Rework PGP-Inline verification/recognition 2022-10-22 19:21:25 +02:00			`import lacre.config as conf`
Add cache validity configuration parameter Also, log basic information in KeyCache and provide load() and reload() operations to make daemon's code cleaner. 2022-10-05 22:11:26 +02:00			`import logging`
Reload key cache only if keyring dir was modified 2022-10-14 22:42:30 +02:00			`from os import stat`
Only reload on pubring.kbx file modifications 2022-10-23 13:51:42 +02:00			`from watchdog.events import FileSystemEventHandler, FileSystemEvent`
Make key-loading async, remove unused parameter 2022-10-17 23:25:51 +02:00			`from asyncio import Semaphore, run`
Separate key-cache and key-loader Extract key-loading code to a dedicated class KeyRing in lacre.keyring module. KeyCache only keeps a static map of identities, making it safe to use in asynchronous context (and race condition resistant). 2022-10-17 20:13:37 +02:00			`import copy`
Implement a basic KeyCache 2022-09-30 22:40:42 +02:00
			`import GnuPG`

Add cache validity configuration parameter Also, log basic information in KeyCache and provide load() and reload() operations to make daemon's code cleaner. 2022-10-05 22:11:26 +02:00			`LOG = logging.getLogger(__name__)`

Implement a basic KeyCache 2022-09-30 22:40:42 +02:00
Separate key-cache and key-loader Extract key-loading code to a dedicated class KeyRing in lacre.keyring module. KeyCache only keeps a static map of identities, making it safe to use in asynchronous context (and race condition resistant). 2022-10-17 20:13:37 +02:00			`def _sanitize(keys):`
Rework PGP-Inline verification/recognition 2022-10-22 19:21:25 +02:00			`sanitize = text.choose_sanitizer(conf.get_item('default', 'mail_case_insensitive'))`
			`return {fingerprint: sanitize(keys[fingerprint]) for fingerprint in keys}`
Separate key-cache and key-loader Extract key-loading code to a dedicated class KeyRing in lacre.keyring module. KeyCache only keeps a static map of identities, making it safe to use in asynchronous context (and race condition resistant). 2022-10-17 20:13:37 +02:00

Reload key cache periodically Use [default]cache_refresh_minutes configuration parameter to define periods between cache reloads. After this number of minutes cache will be reloaded. 2022-10-11 21:50:51 +02:00			`class KeyCacheMisconfiguration(Exception):`
			`"""Exception used to signal that KeyCache is misconfigured."""`


Implement a basic KeyCache 2022-09-30 22:40:42 +02:00			`class KeyCache:`
			`"""A store for OpenPGP keys.`

			`Key case is sanitised while loading from GnuPG if so`
			`configured. See mail_case_insensitive parameter in section`
			`[default].`
			`"""`

Separate key-cache and key-loader Extract key-loading code to a dedicated class KeyRing in lacre.keyring module. KeyCache only keeps a static map of identities, making it safe to use in asynchronous context (and race condition resistant). 2022-10-17 20:13:37 +02:00			`def __init__(self, keys: dict = None):`
Add cache validity configuration parameter Also, log basic information in KeyCache and provide load() and reload() operations to make daemon's code cleaner. 2022-10-05 22:11:26 +02:00			`"""Initialise an empty cache.`

			`With keyring_dir given, set location of the directory from which keys should be loaded.`
			`"""`
Separate key-cache and key-loader Extract key-loading code to a dedicated class KeyRing in lacre.keyring module. KeyCache only keeps a static map of identities, making it safe to use in asynchronous context (and race condition resistant). 2022-10-17 20:13:37 +02:00			`self._keys = keys`
Implement a basic KeyCache 2022-09-30 22:40:42 +02:00
Add cache validity configuration parameter Also, log basic information in KeyCache and provide load() and reload() operations to make daemon's code cleaner. 2022-10-05 22:11:26 +02:00			`def __getitem__(self, fingerpring):`
			`"""Look up email assigned to the given fingerprint."""`
			`return self._keys[fingerpring]`
Implement a basic KeyCache 2022-09-30 22:40:42 +02:00
Add cache validity configuration parameter Also, log basic information in KeyCache and provide load() and reload() operations to make daemon's code cleaner. 2022-10-05 22:11:26 +02:00			`def __setitem__(self, fingerprint, email):`
			`"""Assign an email to a fingerpring, overwriting it if it was already present."""`
			`self._keys[fingerprint] = email`
Implement a basic KeyCache 2022-09-30 22:40:42 +02:00
			`def __contains__(self, fingerprint):`
			`"""Check if the given fingerprint is assigned to an email."""`
			`# This method has to be present for KeyCache to be a dict substitute.`
			`# See mailgate, function _identify_gpg_recipients.`
			`return fingerprint in self._keys`

			`def has_email(self, email):`
Add cache validity configuration parameter Also, log basic information in KeyCache and provide load() and reload() operations to make daemon's code cleaner. 2022-10-05 22:11:26 +02:00			`"""Check if cache contains a key assigned to the given email."""`
Implement a basic KeyCache 2022-09-30 22:40:42 +02:00			`return email in self._keys.values()`

Remove too verbose debug logs, implement repr() for KeyCache 2022-10-20 22:27:34 +02:00			`def __repr__(self):`
			`"""Return text representation of this object."""`
			`details = ' '.join(self._keys.keys())`
			`return f'<KeyCache {details}>'`

Separate key-cache and key-loader Extract key-loading code to a dedicated class KeyRing in lacre.keyring module. KeyCache only keeps a static map of identities, making it safe to use in asynchronous context (and race condition resistant). 2022-10-17 20:13:37 +02:00
			`class KeyRing:`
			`"""A high-level adapter for GnuPG-maintained keyring directory.`

			`Its role is to keep a cache of keys present in the keyring,`
			`reload it when necessary and produce static copies of`
			`fingerprint=>email maps.`
			`"""`

			`def __init__(self, path: str):`
			`"""Initialise the adapter."""`
			`self._path = path`
			`self._keys = self._load_and_sanitize()`
			`self._sema = Semaphore()`
			`self._last_mod = None`

			`def _load_and_sanitize(self):`
			`keys = self._load_keyring_from(self._path)`
			`return _sanitize(keys)`

			`def _load_keyring_from(self, keyring_dir):`
			`return GnuPG.public_keys(keyring_dir)`

			`async def freeze_identities(self) -> KeyCache:`
			`"""Return a static, async-safe copy of the identity map."""`
			`async with self._sema:`
			`keys = copy.deepcopy(self._keys)`
			`return KeyCache(keys)`

Add cache validity configuration parameter Also, log basic information in KeyCache and provide load() and reload() operations to make daemon's code cleaner. 2022-10-05 22:11:26 +02:00			`def load(self):`
			`"""Load keyring, replacing any previous contents of the cache."""`
Reload key cache periodically Use [default]cache_refresh_minutes configuration parameter to define periods between cache reloads. After this number of minutes cache will be reloaded. 2022-10-11 21:50:51 +02:00			`LOG.debug('Reloading keys...')`
Make key-loading async, remove unused parameter 2022-10-17 23:25:51 +02:00			`run(self._load())`
Reload key cache only if keyring dir was modified 2022-10-14 22:42:30 +02:00
Make key-loading async, remove unused parameter 2022-10-17 23:25:51 +02:00			`async def _load(self):`
Reload key cache only if keyring dir was modified 2022-10-14 22:42:30 +02:00			`last_mod = self._read_mod_time()`
			`if self._is_modified(last_mod):`
Separate key-cache and key-loader Extract key-loading code to a dedicated class KeyRing in lacre.keyring module. KeyCache only keeps a static map of identities, making it safe to use in asynchronous context (and race condition resistant). 2022-10-17 20:13:37 +02:00			`async with self._sema:`
			`self.replace_keyring(self._load_keyring_from(self._path))`
Reload key cache only if keyring dir was modified 2022-10-14 22:42:30 +02:00
			`self._last_mod = self._read_mod_time()`
Add cache validity configuration parameter Also, log basic information in KeyCache and provide load() and reload() operations to make daemon's code cleaner. 2022-10-05 22:11:26 +02:00
			`reload = load`

Implement a basic KeyCache 2022-09-30 22:40:42 +02:00			`def replace_keyring(self, keys: dict):`
			`"""Overwrite previously stored key cache with KEYS."""`
Separate key-cache and key-loader Extract key-loading code to a dedicated class KeyRing in lacre.keyring module. KeyCache only keeps a static map of identities, making it safe to use in asynchronous context (and race condition resistant). 2022-10-17 20:13:37 +02:00			`keys = _sanitize(keys)`
Implement a basic KeyCache 2022-09-30 22:40:42 +02:00
Reload key cache periodically Use [default]cache_refresh_minutes configuration parameter to define periods between cache reloads. After this number of minutes cache will be reloaded. 2022-10-11 21:50:51 +02:00			`LOG.info(f'Storing {len(keys)} keys')`
Implement a basic KeyCache 2022-09-30 22:40:42 +02:00			`self._keys = keys`

Separate key-cache and key-loader Extract key-loading code to a dedicated class KeyRing in lacre.keyring module. KeyCache only keeps a static map of identities, making it safe to use in asynchronous context (and race condition resistant). 2022-10-17 20:13:37 +02:00			`def _read_mod_time(self):`
			`# (mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime)`
Simplify code, improve log entries, add comments 2022-10-22 11:19:47 +02:00			`# 0 1 2 3 4 5 6 7 8 9`
Separate key-cache and key-loader Extract key-loading code to a dedicated class KeyRing in lacre.keyring module. KeyCache only keeps a static map of identities, making it safe to use in asynchronous context (and race condition resistant). 2022-10-17 20:13:37 +02:00			`MTIME = 8`
			`st = stat(self._path)`
			`return st[MTIME]`
Reload key cache only if keyring dir was modified 2022-10-14 22:42:30 +02:00
			`def _is_modified(self, last_mod):`
			`if self._last_mod is None:`
			`LOG.debug('Keyring not loaded before')`
			`return True`
			`elif self._last_mod != last_mod:`
			`LOG.debug('Keyring directory mtime changed')`
			`return True`
			`else:`
			`LOG.debug('Keyring not modified ')`
			`return False`

Reload keyring on filesystem events Subscribe to FS events from keyring directory using Python Watchdog and when a modification is observed, reload the key cache. Since we may receive more than one event about a single modification, keep directory's last modification to recognise 'false positives'. 2022-10-15 19:53:55 +02:00
			`class KeyringModificationListener(FileSystemEventHandler):`
			`"""A filesystem event listener that triggers key cache reload."""`

Separate key-cache and key-loader Extract key-loading code to a dedicated class KeyRing in lacre.keyring module. KeyCache only keeps a static map of identities, making it safe to use in asynchronous context (and race condition resistant). 2022-10-17 20:13:37 +02:00			`def __init__(self, keyring: KeyRing):`
Reload keyring on filesystem events Subscribe to FS events from keyring directory using Python Watchdog and when a modification is observed, reload the key cache. Since we may receive more than one event about a single modification, keep directory's last modification to recognise 'false positives'. 2022-10-15 19:53:55 +02:00			`"""Initialise a listener with a callback to be executed upon each change."""`
Separate key-cache and key-loader Extract key-loading code to a dedicated class KeyRing in lacre.keyring module. KeyCache only keeps a static map of identities, making it safe to use in asynchronous context (and race condition resistant). 2022-10-17 20:13:37 +02:00			`self._keyring = keyring`
Reload keyring on filesystem events Subscribe to FS events from keyring directory using Python Watchdog and when a modification is observed, reload the key cache. Since we may receive more than one event about a single modification, keep directory's last modification to recognise 'false positives'. 2022-10-15 19:53:55 +02:00
Only reload on pubring.kbx file modifications 2022-10-23 13:51:42 +02:00			`def handle(self, event: FileSystemEvent):`
Reload keyring on filesystem events Subscribe to FS events from keyring directory using Python Watchdog and when a modification is observed, reload the key cache. Since we may receive more than one event about a single modification, keep directory's last modification to recognise 'false positives'. 2022-10-15 19:53:55 +02:00			`"""Reload keys upon FS event."""`
Only reload on pubring.kbx file modifications 2022-10-23 13:51:42 +02:00			`if 'pubring.kbx' in event.src_path:`
			`LOG.debug(f'Reloading on event {event!r}')`
			`self._keyring.reload()`
Reload keyring on filesystem events Subscribe to FS events from keyring directory using Python Watchdog and when a modification is observed, reload the key cache. Since we may receive more than one event about a single modification, keep directory's last modification to recognise 'false positives'. 2022-10-15 19:53:55 +02:00
			`# All methods should do the same: reload the key cache.`
			`# on_created = handle`
			`# on_deleted = handle`
			`on_modified = handle`