redundanet 2.0.0__py3-none-any.whl

redundanet/__init__.py

@@ -0,0 +1,16 @@
+"""RedundaNet - Distributed encrypted storage on a mesh VPN network."""
+
+__version__ = "2.0.0"
+__author__ = "Alessandro De Filippo"
+__email__ = "alessandro@example.com"
+
+from redundanet.core.config import NetworkConfig, NodeConfig, TahoeConfig
+from redundanet.core.manifest import Manifest
+
+__all__ = [
+    "__version__",
+    "NetworkConfig",
+    "NodeConfig",
+    "TahoeConfig",
+    "Manifest",
+]

redundanet/__main__.py

@@ -0,0 +1,6 @@
+"""Entry point for running redundanet as a module: python -m redundanet."""
+
+from redundanet.cli.main import app
+
+if __name__ == "__main__":
+    app()

redundanet/auth/__init__.py

@@ -0,0 +1,9 @@
+"""GPG authentication module for RedundaNet."""
+
+from redundanet.auth.gpg import GPGManager
+from redundanet.auth.keyserver import KeyServerClient
+
+__all__ = [
+    "GPGManager",
+    "KeyServerClient",
+]

redundanet/auth/gpg.py

@@ -0,0 +1,323 @@
+"""GPG key management for RedundaNet node authentication."""
+
+from __future__ import annotations
+
+from dataclasses import dataclass
+from pathlib import Path
+from typing import Any
+
+import gnupg
+
+from redundanet.core.exceptions import GPGError
+from redundanet.utils.files import ensure_dir
+from redundanet.utils.logging import get_logger
+
+logger = get_logger(__name__)
+
+
+@dataclass
+class GPGKeyInfo:
+    """Information about a GPG key."""
+
+    key_id: str
+    fingerprint: str
+    user_id: str
+    email: str | None = None
+    created: str | None = None
+    expires: str | None = None
+    trust: str | None = None
+
+    @classmethod
+    def from_gpg_key(cls, key: dict[str, Any]) -> GPGKeyInfo:
+        """Create GPGKeyInfo from gnupg key dict."""
+        uids = key.get("uids", [])
+        user_id = uids[0] if uids else ""
+
+        # Parse email from user_id
+        email = None
+        if "<" in user_id and ">" in user_id:
+            email = user_id.split("<")[1].split(">")[0]
+
+        return cls(
+            key_id=key.get("keyid", ""),
+            fingerprint=key.get("fingerprint", ""),
+            user_id=user_id,
+            email=email,
+            created=key.get("date", None),
+            expires=key.get("expires", None),
+            trust=key.get("trust", None),
+        )
+
+
+class GPGManager:
+    """Manages GPG keys for node authentication."""
+
+    def __init__(
+        self,
+        gnupg_home: Path | str | None = None,
+        node_name: str = "",
+    ) -> None:
+        """Initialize GPG manager.
+
+        Args:
+            gnupg_home: Path to GPG home directory
+            node_name: Name of the local node
+        """
+        self.node_name = node_name
+        self._gnupg_home: Path | None = None
+
+        if gnupg_home:
+            self._gnupg_home = Path(gnupg_home)
+            ensure_dir(self._gnupg_home, mode=0o700)
+
+        self._gpg = gnupg.GPG(gnupghome=str(self._gnupg_home) if self._gnupg_home else None)
+
+    def generate_key(
+        self,
+        name: str,
+        email: str,
+        passphrase: str | None = None,
+        key_type: str = "RSA",
+        key_length: int = 4096,
+        expire_date: str = "0",  # Never expire
+    ) -> GPGKeyInfo:
+        """Generate a new GPG keypair.
+
+        Args:
+            name: Real name for the key
+            email: Email address for the key
+            passphrase: Optional passphrase (None for no passphrase)
+            key_type: Key algorithm (RSA, DSA, etc.)
+            key_length: Key length in bits
+            expire_date: Expiration (0 = never, 1y, 2m, etc.)
+
+        Returns:
+            Information about the generated key
+        """
+        logger.info("Generating GPG key", name=name, email=email)
+
+        input_data = self._gpg.gen_key_input(
+            key_type=key_type,
+            key_length=key_length,
+            name_real=name,
+            name_email=email,
+            expire_date=expire_date,
+            passphrase=passphrase,
+        )
+
+        key = self._gpg.gen_key(input_data)
+
+        if not key.ok:
+            raise GPGError(f"Failed to generate GPG key: {key.status}")
+
+        logger.info("GPG key generated", fingerprint=str(key))
+
+        # Get full key info
+        keys = self._gpg.list_keys(keys=[str(key)])
+        if not keys:
+            raise GPGError("Key generated but could not be retrieved")
+
+        return GPGKeyInfo.from_gpg_key(keys[0])
+
+    def import_key(self, key_data: str) -> GPGKeyInfo:
+        """Import a GPG public key.
+
+        Args:
+            key_data: ASCII-armored public key
+
+        Returns:
+            Information about the imported key
+        """
+        result = self._gpg.import_keys(key_data)
+
+        if not result.ok:
+            raise GPGError(f"Failed to import key: {result.status}")
+
+        if not result.fingerprints:
+            raise GPGError("No keys imported")
+
+        fingerprint = result.fingerprints[0]
+        logger.info("Imported GPG key", fingerprint=fingerprint)
+
+        # Get key info
+        keys = self._gpg.list_keys(keys=[fingerprint])
+        if not keys:
+            raise GPGError("Key imported but could not be retrieved")
+
+        return GPGKeyInfo.from_gpg_key(keys[0])
+
+    def export_public_key(self, key_id: str) -> str:
+        """Export a public key in ASCII-armored format.
+
+        Args:
+            key_id: Key ID or fingerprint
+
+        Returns:
+            ASCII-armored public key
+        """
+        result = self._gpg.export_keys(key_id, armor=True)
+
+        if not result:
+            raise GPGError(f"Failed to export public key: {key_id}")
+
+        return str(result)
+
+    def export_private_key(self, key_id: str, passphrase: str | None = None) -> str:
+        """Export a private key in ASCII-armored format.
+
+        Args:
+            key_id: Key ID or fingerprint
+            passphrase: Passphrase for the key
+
+        Returns:
+            ASCII-armored private key
+        """
+        result = self._gpg.export_keys(key_id, secret=True, armor=True, passphrase=passphrase)
+
+        if not result:
+            raise GPGError(f"Failed to export private key: {key_id}")
+
+        return str(result)
+
+    def list_keys(self, secret: bool = False) -> list[GPGKeyInfo]:
+        """List all keys in the keyring.
+
+        Args:
+            secret: If True, list secret keys instead of public keys
+
+        Returns:
+            List of key information
+        """
+        keys = self._gpg.list_keys(secret=secret)
+        return [GPGKeyInfo.from_gpg_key(k) for k in keys]
+
+    def get_key(self, key_id: str) -> GPGKeyInfo | None:
+        """Get information about a specific key.
+
+        Args:
+            key_id: Key ID or fingerprint
+
+        Returns:
+            Key information or None if not found
+        """
+        keys = self._gpg.list_keys(keys=[key_id])
+        if not keys:
+            return None
+        return GPGKeyInfo.from_gpg_key(keys[0])
+
+    def delete_key(self, key_id: str, secret: bool = False) -> bool:
+        """Delete a key from the keyring.
+
+        Args:
+            key_id: Key ID or fingerprint
+            secret: If True, delete secret key first
+
+        Returns:
+            True if deleted successfully
+        """
+        if secret:
+            result = self._gpg.delete_keys(key_id, secret=True)
+            if not result.ok:
+                logger.warning("Failed to delete secret key", key_id=key_id)
+                return False
+
+        result = self._gpg.delete_keys(key_id)
+        return bool(result.ok)
+
+    def sign_data(self, data: str | bytes, key_id: str, passphrase: str | None = None) -> str:
+        """Sign data with a private key.
+
+        Args:
+            data: Data to sign
+            key_id: Key ID to sign with
+            passphrase: Key passphrase
+
+        Returns:
+            ASCII-armored signature
+        """
+        if isinstance(data, str):
+            data = data.encode()
+
+        result = self._gpg.sign(data, keyid=key_id, passphrase=passphrase, detach=True)
+
+        if not result.ok:
+            raise GPGError(f"Failed to sign data: {result.status}")
+
+        return str(result)
+
+    def verify_signature(self, data: str | bytes, signature: str) -> bool:
+        """Verify a detached signature.
+
+        Args:
+            data: Original data
+            signature: Detached signature
+
+        Returns:
+            True if signature is valid
+        """
+        if isinstance(data, str):
+            data = data.encode()
+
+        # Write data to temp file for verification
+        import tempfile
+
+        with tempfile.NamedTemporaryFile(delete=False) as f:
+            f.write(data)
+            data_file = f.name
+
+        try:
+            result = self._gpg.verify_data(signature, data)
+            return bool(result.valid)
+        finally:
+            Path(data_file).unlink(missing_ok=True)
+
+    def encrypt(
+        self,
+        data: str | bytes,
+        recipients: list[str],
+        sign: bool = False,
+        passphrase: str | None = None,
+    ) -> str:
+        """Encrypt data for one or more recipients.
+
+        Args:
+            data: Data to encrypt
+            recipients: List of recipient key IDs
+            sign: Whether to sign the encrypted data
+            passphrase: Signing key passphrase (if signing)
+
+        Returns:
+            ASCII-armored encrypted data
+        """
+        if isinstance(data, str):
+            data = data.encode()
+
+        result = self._gpg.encrypt(
+            data,
+            recipients,
+            sign=sign,
+            passphrase=passphrase,
+            armor=True,
+        )
+
+        if not result.ok:
+            raise GPGError(f"Failed to encrypt data: {result.status}")
+
+        return str(result)
+
+    def decrypt(self, data: str, passphrase: str | None = None) -> str:
+        """Decrypt data.
+
+        Args:
+            data: Encrypted data
+            passphrase: Decryption key passphrase
+
+        Returns:
+            Decrypted data
+        """
+        result = self._gpg.decrypt(data, passphrase=passphrase)
+
+        if not result.ok:
+            raise GPGError(f"Failed to decrypt data: {result.status}")
+
+        return str(result)

redundanet/auth/keyserver.py

@@ -0,0 +1,219 @@
+"""Keyserver interactions for RedundaNet."""
+
+from __future__ import annotations
+
+from typing import TYPE_CHECKING
+
+import httpx
+
+from redundanet.core.exceptions import KeyServerError
+from redundanet.utils.logging import get_logger
+
+if TYPE_CHECKING:
+    from redundanet.auth.gpg import GPGManager
+
+logger = get_logger(__name__)
+
+# Well-known keyservers
+DEFAULT_KEYSERVERS = [
+    "keys.openpgp.org",
+    "keyserver.ubuntu.com",
+    "pgp.mit.edu",
+]
+
+
+class KeyServerClient:
+    """Client for interacting with GPG keyservers."""
+
+    def __init__(
+        self,
+        gpg_manager: GPGManager,
+        keyservers: list[str] | None = None,
+        timeout: float = 30.0,
+    ) -> None:
+        """Initialize keyserver client.
+
+        Args:
+            gpg_manager: GPG manager instance
+            keyservers: List of keyserver hostnames
+            timeout: HTTP request timeout in seconds
+        """
+        self.gpg = gpg_manager
+        self.keyservers = keyservers or DEFAULT_KEYSERVERS
+        self.timeout = timeout
+        self._client = httpx.Client(timeout=timeout)
+
+    def __del__(self) -> None:
+        """Clean up HTTP client."""
+        if hasattr(self, "_client"):
+            self._client.close()
+
+    def search_key(self, search_term: str) -> list[dict[str, str]]:
+        """Search for keys on keyservers.
+
+        Args:
+            search_term: Email, key ID, or name to search for
+
+        Returns:
+            List of matching keys with their info
+        """
+        results = []
+
+        for server in self.keyservers:
+            try:
+                url = f"https://{server}/pks/lookup"
+                params = {
+                    "op": "index",
+                    "search": search_term,
+                    "options": "mr",  # Machine readable
+                }
+
+                response = self._client.get(url, params=params)
+                response.raise_for_status()
+
+                # Parse machine-readable output
+                for line in response.text.split("\n"):
+                    if line.startswith("pub:"):
+                        parts = line.split(":")
+                        if len(parts) >= 5:
+                            results.append(
+                                {
+                                    "key_id": parts[1],
+                                    "created": parts[4],
+                                    "keyserver": server,
+                                }
+                            )
+                    elif line.startswith("uid:"):
+                        parts = line.split(":")
+                        if len(parts) >= 2 and results:
+                            results[-1]["uid"] = parts[1]
+
+                if results:
+                    break  # Found results, no need to try other servers
+
+            except httpx.HTTPError as e:
+                logger.debug("Keyserver search failed", server=server, error=str(e))
+                continue
+
+        return results
+
+    def fetch_key(self, key_id: str) -> str | None:
+        """Fetch a key from keyservers.
+
+        Args:
+            key_id: Key ID or fingerprint
+
+        Returns:
+            ASCII-armored public key, or None if not found
+        """
+        # Clean up key ID
+        key_id = key_id.replace(" ", "").upper()
+        if not key_id.startswith("0x"):
+            key_id = f"0x{key_id}"
+
+        for server in self.keyservers:
+            try:
+                url = f"https://{server}/pks/lookup"
+                params = {
+                    "op": "get",
+                    "search": key_id,
+                    "options": "mr",
+                }
+
+                response = self._client.get(url, params=params)
+                response.raise_for_status()
+
+                if "BEGIN PGP PUBLIC KEY BLOCK" in response.text:
+                    logger.info("Fetched key from keyserver", key_id=key_id, server=server)
+                    return response.text
+
+            except httpx.HTTPError as e:
+                logger.debug("Keyserver fetch failed", server=server, error=str(e))
+                continue
+
+        logger.warning("Key not found on any keyserver", key_id=key_id)
+        return None
+
+    def upload_key(self, key_id: str) -> bool:
+        """Upload a public key to keyservers.
+
+        Args:
+            key_id: Key ID to upload
+
+        Returns:
+            True if upload succeeded
+        """
+        try:
+            public_key = self.gpg.export_public_key(key_id)
+        except Exception as e:
+            raise KeyServerError(f"Failed to export key: {e}") from e
+
+        uploaded = False
+
+        for server in self.keyservers:
+            try:
+                url = f"https://{server}/pks/add"
+                data = {"keytext": public_key}
+
+                response = self._client.post(url, data=data)
+                response.raise_for_status()
+
+                logger.info("Uploaded key to keyserver", key_id=key_id, server=server)
+                uploaded = True
+
+            except httpx.HTTPError as e:
+                logger.debug("Keyserver upload failed", server=server, error=str(e))
+                continue
+
+        return uploaded
+
+    def import_key_from_server(self, key_id: str) -> bool:
+        """Fetch a key from keyservers and import it.
+
+        Args:
+            key_id: Key ID to fetch and import
+
+        Returns:
+            True if import succeeded
+        """
+        key_data = self.fetch_key(key_id)
+
+        if not key_data:
+            return False
+
+        try:
+            self.gpg.import_key(key_data)
+            return True
+        except Exception as e:
+            logger.error("Failed to import key", key_id=key_id, error=str(e))
+            return False
+
+    def verify_key_on_server(self, key_id: str) -> bool:
+        """Verify that a key exists on keyservers.
+
+        Args:
+            key_id: Key ID to verify
+
+        Returns:
+            True if key exists on at least one keyserver
+        """
+        return self.fetch_key(key_id) is not None
+
+    def refresh_keys(self, key_ids: list[str] | None = None) -> dict[str, bool]:
+        """Refresh keys from keyservers.
+
+        Args:
+            key_ids: List of key IDs to refresh, or None for all keys
+
+        Returns:
+            Dictionary mapping key ID to success status
+        """
+        if key_ids is None:
+            key_ids = [k.key_id for k in self.gpg.list_keys()]
+
+        results = {}
+
+        for key_id in key_ids:
+            results[key_id] = self.import_key_from_server(key_id)
+
+        return results

redundanet/cli/__init__.py

@@ -0,0 +1,5 @@
+"""CLI module for RedundaNet."""
+
+from redundanet.cli.main import app
+
+__all__ = ["app"]