From efd7245edae94842b6c480ca26424185e60f0bdd Mon Sep 17 00:00:00 2001
From: Brian Dolbec <dolsen@gentoo.org>
Date: Mon, 11 Nov 2013 08:43:17 -0800
Subject: [PATCH] Begin migration to fingerprints only in ldap info

---
 gkeyldap/actions.py | 52 ++++++++++++++++++++++++++++++---------------
 gkeys/config.py     | 10 +++++++++
 2 files changed, 45 insertions(+), 17 deletions(-)

diff --git a/gkeyldap/actions.py b/gkeyldap/actions.py
index 07130eb..be02dfd 100644
--- a/gkeyldap/actions.py
+++ b/gkeyldap/actions.py
@@ -13,7 +13,7 @@
 import os
 import re
 
-from gkeys.config import GKEY
+from gkeys.config import GKEY, KEYID, LONGKEYID, FINGERPRINT
 from gkeys.seed import Seeds
 from gkeyldap.search import (LdapSearch, UID, gkey2ldap_map, gkey2SEARCH)
 
@@ -211,26 +211,43 @@ class Actions(object):
                     is_good = False
                 keyinfo.append(value)
             except KeyError:
-                self.logger.error('ERROR in ldap info for: %s, %s'
+                self.logger.debug('Ldap info for: %s, %s'
                     %(info['uid'][0],info['cn'][0]))
-                self.logger.error('  MISSING or EMPTY ldap field ' +
+                self.logger.debug('  MISSING or EMPTY ldap field ' +
                     '[%s] GPGKey field [%s]' %(field, x))
                 if x in ['keyid', 'longkeyid']:
                     keyid_missing = True
+                else:
+                    is_good = False
                 keyinfo.append(None)
-                is_good = False
-        if not keyid_found and not keyid_missing:
+        if not keyid_found and keyid_missing:
+            fingerprint = None
             try:
-                gpgkey = info[gkey2ldap_map['longkeyid']]
+                fingerprint = info[gkey2ldap_map['fingerprint']]
+                self.logger.debug('  Generate gpgkey, Found ldap fingerprint field')
             except KeyError:
-                gpgkey = 'Missing from ldap info'
-            self.logger.error('ERROR in ldap info for: %s, %s'
-                %(info['uid'][0],info['cn'][0]))
-            self.logger.error('  A valid keyid or longkeyid was not found '
-                "%s : gpgkey = %s" %(info['cn'][0], gpgkey))
-            is_good = False
-        else:
-            if keyinfo[5]: # fingerprints exist check
+                gpgkey = 'Missing fingerprint from ldap info'
+                self.logger.debug('  Generate gpgkey, ldap fingerprint KeyError')
+            if fingerprint:
+                values = [y.strip('\n') for y in fingerprint]
+                value = [v.replace(' ', '') for v in values]
+                # assign it to gpgkey to prevent a possible
+                # "gpgkey" undefined error
+                gpgkey = ['0x' + x[-KEY_LEN['longkeyid']:] for x in value]
+                keyinfo[LONGKEYID] = gpgkey
+                self.logger.debug('  Generate gpgkey, NEW keyinfo[LONGKEYID] = %s'
+                    % str(keyinfo[LONGKEYID]))
+            else:
+                gpgkey = 'Missing or Bad fingerprint from ldap info'
+                is_good = False
+            if not keyinfo[LONGKEYID]:
+                self.logger.error('ERROR in ldap info for: %s, %s'
+                    %(info['uid'][0],info['cn'][0]))
+                self.logger.error('  A valid keyid, longkeyid or fingerprint '
+                    'was not found for %s : gpgkey = %s' %(info['cn'][0], gpgkey))
+                is_good = False
+        if is_good:
+            if keyinfo[FINGERPRINT]: # fingerprints exist check
                 is_ok = self._check_fingerprint_integrity(info, keyinfo)
                 is_match = self._check_id_fingerprint_match(info, keyinfo)
                 if not is_ok or not is_match:
@@ -243,13 +260,14 @@ class Actions(object):
     def _check_id_fingerprint_match(self, info, keyinfo):
         # assume it's good until found an error is found
         is_good = True
-        for x in [2, 3]:
+        for x in [KEYID, LONGKEYID]:
             # skip blank id field
             if not keyinfo[x]:
                 continue
             for y in keyinfo[x]:
                 index = len(y.lstrip('0x'))
-                if y.lstrip('0x').lower() not in [x[-index:].lower() for x in keyinfo[5]]:
+                if y.lstrip('0x').upper() not in \
+                        [x[-index:].upper() for x in keyinfo[FINGERPRINT]]:
                     self.logger.error('ERROR in ldap info for: %s, %s'
                         %(info['uid'][0],info['cn'][0]))
                     self.logger.error('  ' + str(keyinfo))
@@ -262,7 +280,7 @@ class Actions(object):
     def _check_fingerprint_integrity(self, info, keyinfo):
         # assume it's good until found an error is found
         is_good = True
-        for x in keyinfo[5]:
+        for x in keyinfo[FINGERPRINT]:
             # check fingerprint integrity
             if len(x) != 40:
                 self.logger.error('ERROR in ldap info for: %s, %s'
diff --git a/gkeys/config.py b/gkeys/config.py
index 5b220a8..20a00b7 100644
--- a/gkeys/config.py
+++ b/gkeys/config.py
@@ -104,6 +104,16 @@ class GKeysConfig(GPGConfig):
             return super(GKeysConfig, self)._get_(key, subkey)
 
 
+# some constants used in gkeyldap/actions.py
+# they map the index values of the GKEY input data fields
+NICK = 0
+NAME = 1
+KEYID = 2
+LONGKEYID = 3
+KEYDIR = 4
+FINGERPRINT = 5
+
+
 class GKEY(namedtuple('GKEY', ['nick', 'name', 'keyid', 'longkeyid',
     'keydir', 'fingerprint'])):
     '''Class to hold the relavent info about a key'''
-- 
2.26.2