commit 2db549b98c6c65677bc59c87fa7d0954bc9880bc Author: Isis Lovecruft isis@torproject.org Date: Tue Nov 19 05:25:39 2013 +0000
Refactor bridgedb.EmailServer.getGPGContext() to improve exception/error handling. --- lib/bridgedb/EmailServer.py | 61 +++++++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 29 deletions(-)
diff --git a/lib/bridgedb/EmailServer.py b/lib/bridgedb/EmailServer.py index b2f2bf5..c37713e 100644 --- a/lib/bridgedb/EmailServer.py +++ b/lib/bridgedb/EmailServer.py @@ -452,40 +452,43 @@ def getGPGContext(cfg): except AttributeError: return None
+ keyfile = None + ctx = gpgme.Context() + try: - # import the key + logging.debug("Opening GPG keyfile %s..." % cfg.EMAIL_GPG_SIGNING_KEY) keyfile = open(cfg.EMAIL_GPG_SIGNING_KEY) - logging.debug("Opened GPG Keyfile %s" % cfg.EMAIL_GPG_SIGNING_KEY) - ctx = gpgme.Context() - result = ctx.import_(keyfile) + key = ctx.import_(keyfile) + + if not (len(key.imports) > 0): + logging.debug( + "Unexpected result from gpgme.Context.import_(): %r" % key) + raise gpgme.GpgmeError("Could not import GnuPG key from file %r" + % cfg.EMAIL_GPG_SIGNING_KEY)
- assert len(result.imports) == 1 - fingerprint = result.imports[0][0] - keyfile.close() - logging.debug("GPG Key with fingerprint %s imported" % fingerprint) + fingerprint = key.imports[0][0] + logging.info("GPG Key with fingerprint %s imported" % fingerprint)
ctx.armor = True ctx.signers = [ctx.get_key(fingerprint)] - assert len(ctx.signers) == 1
- # make sure we can sign + logging.info("Testing signature created with GnuPG key...") message = StringIO('Test') - signature = StringIO() - try: - new_sigs = ctx.sign(message, signature, gpgme.SIG_MODE_CLEAR) - except gpgme.GpgmeError as error: - logging.error(error.message) - return None - - assert len(new_sigs) == 1, "Testing signature creation failed" - - # return the ctx - return ctx - - except IOError, e: - # exit noisily if keyfile not found - exit(e) - except AssertionError as error: - logging.error(error.message) - # exit noisily if key does not pass tests - exit('Invalid GPG Signing Key') + new_sigs = ctx.sign(message, StringIO(), gpgme.SIG_MODE_CLEAR) + if not len(new_sigs) == 1: + raise gpgme.GpgmeError( + "Testing was unable to produce a signature with GnuPG key.") + + except (IOError, OSError) as error: + logging.debug(error) + logging.error("Could not open or read from GnuPG key file %r!" + % cfg.EMAIL_GPG_SIGNING_KEY) + ctx = None + except gpgme.GpgmeError as error: + logging.exception(error) + ctx = None + finally: + if keyfile and not keyfile.closed: + keyfile.close() + + return ctx