def __age_keypair(self, source_id, dest_id):
"""
Migrate a signing key and an encryption key from the source_id slot
into the dest_id slot. Afterwards, the source slot gets a new keypair.
"""
for key_type in ["sign", "encrypt"]:
section = key_type + "_" + source_id
if not self.config.has_section(section):
self.__create_slotpair(source_id)
# If keypair is malformed, just make a new one
# Then there will be no need to age it
if self.config.get(section, "date") == '':
self.__regen_keypair(source_id)
break
else:
keydate = self.config.getint(section, "date")
# syslog.syslog("age id %s keydate: %s expiry: %s"
# % (source_id, str(keydate), str(keydate + self.lifetime)))
if self.time > (keydate + self.sunset):
syslog.syslog("aging keyid " + source_id + " into " + dest_id)
self.__age_key(key_type, source_id, dest_id)
评论列表
文章目录
