diff --git a/hkp/urls.py b/hkp/urls.py
index 0437ef515cb2bf4e0e0421e8404ea8f4f9b8f42d..fd6d15a0489bf6c5927d90d37dece4a259e0eb52 100644
--- a/hkp/urls.py
+++ b/hkp/urls.py
@@ -18,5 +18,5 @@ from django.urls import path
from . import views
urlpatterns = [
- path("lookup", views.lookup, name="hkp-lookup"),
+ path("lookup", views.lookup, name="key-lookup"),
]
diff --git a/hkp/views.py b/hkp/views.py
index 1e12a927e2a5b3248bad88c8bef319708b54efad..ae42b4f045f98644b4fb820c4e3212da063a8466 100644
--- a/hkp/views.py
+++ b/hkp/views.py
@@ -1,5 +1,5 @@
from django.shortcuts import render, get_object_or_404
-from django.http import HttpResponse
+from django.http import HttpResponse, Http404
from django.views.decorators.http import require_safe
from pgp import models
@@ -19,4 +19,7 @@ def lookup(request):
search = search[2:]
key = get_object_or_404(models.PublicKey, keyid__endswith=search)
+ if not request.user.has_perm("pgp.view_publickey", key):
+ raise Http404()
+
return HttpResponse(key.armor, content_type="application/pgp-keys")
diff --git a/pgp/models.py b/pgp/models.py
index 052cc08c2d69d75d4bb941edf6b95920f1df14b4..e373042368c44c83e14ca2b230926fc03ba5ffd1 100644
--- a/pgp/models.py
+++ b/pgp/models.py
@@ -20,9 +20,13 @@ class PublicKey(models.Model):
fingerprint = self.decoded.fingerprint
self.keyid = re.sub("\s+", "", fingerprint).lower()
+ def wkddomain(self):
+ local, domain = self.email.rsplit("@", 1)
+ return domain.lower()
+
def set_wkdid(self):
local, domain = self.email.rsplit("@", 1)
- digest = hashlib.sha1(local.encode()).digest()
+ digest = hashlib.sha1(local.lower().encode()).digest()
self.wkdid = zbase32.encode(digest).decode()
def save(self, *args, **kwds):
diff --git a/pgp/templates/pgp/publickey_detail.html b/pgp/templates/pgp/publickey_detail.html
index f5d42f1a375c4be3e0d288fa1517dbe27b655ee7..337f0209f2832274cd75addbae53189415d87e7c 100644
--- a/pgp/templates/pgp/publickey_detail.html
+++ b/pgp/templates/pgp/publickey_detail.html
@@ -6,6 +6,10 @@
gpg2 --keyserver hkp://{{ request.get_host }} --recv-key 0x{{ publickey.details.id }}
</pre>
<p>
+<a href="{% url 'key-lookup' %}?op=get&search=0x{{ publickey.details.id }}">HPK download</a>
+<a href="{% url 'wkd-advanced-lookup' publickey.wkddomain publickey.wkdid %}">WKD download</a>
+</p>
+<p>
<span style="font-family: monospace; font-weight: bold">{{ publickey.details.fingerprint }}
{% for sig in publickey.details.signatures %}
<span style="font-family: monospace">{{ sig.signer }}</span>
diff --git a/pgp/views.py b/pgp/views.py
index bf6513ec993d492eb81fd716e3f25fce7944bc18..25038c0b666d66cc2dc69fb8843b892747303f0c 100644
--- a/pgp/views.py
+++ b/pgp/views.py
@@ -10,11 +10,6 @@ from . import forms
from django import template
-register = template.Library()
-@register.simple_tag
-def get_private_attribute(model_instance, attrib_name):
- return getattr(model_instance, attrib_name, '')
-
class PublicKeyListView(PermissionListMixin, ListView):
model = models.PublicKey
permission_required = ['view_publickey']
diff --git a/wkd/views.py b/wkd/views.py
index 0e74993ce00a97b765a578de8687eb68968f65ca..aa50f646ec435c45fc9b4392ba02dc947ea9bad9 100644
--- a/wkd/views.py
+++ b/wkd/views.py
@@ -1,18 +1,25 @@
from django.shortcuts import render, get_object_or_404
-from django.http import HttpResponse
+from django.http import HttpResponse, Http404
from pgp import models
-def policy(request):
- return HttpResponse("", content_type="text/plain")
+def policy(request, domain=None):
+ if domain is None:
+ domain = request.get_host().rsplit(":", 1)[0]
+ return HttpResponse(f"# WKD policy file for {domain}",
+ content_type="text/plain")
def lookup(request, zbase, domain=None):
if domain is None:
domain = request.get_host().rsplit(":", 1)[0]
- publickey = get_object_or_404(models.PublicKey, wkdid=zbase)
- publickey._decode()
+ publickey = get_object_or_404(models.PublicKey,
+ wkdid=zbase,
+ email__endswith=f"@{domain}")
+ if not request.user.has_perm("pgp.view_publickey", publickey):
+ raise Http404()
+ publickey._decode()
encoded = publickey.decoded.ascii_unarmor(str(publickey.decoded))
return HttpResponse(bytes(encoded["body"]),