2 files changed, 34 insertions, 0 deletions

diff --git a/gemato/openpgp.py b/gemato/openpgp.py
index 2efef8d..6b7ec3f 100644
--- a/gemato/openpgp.py
+++ b/gemato/openpgp.py
@@ -3,15 +3,18 @@
 # (c) 2017-2020 Michał Górny
 # Licensed under the terms of 2-clause BSD license
 
+import base64
 import datetime
 import email.utils
 import errno
+import hashlib
 import logging
 import os
 import os.path
 import shutil
 import subprocess
 import tempfile
+import urllib.parse
 
 import gemato.exceptions
 
@@ -260,6 +263,21 @@ debug-level guru
         if exitst != 0:
             raise gemato.exceptions.OpenPGPKeyImportError(err.decode('utf8'))
 
+    zbase32_translate = bytes.maketrans(
+        b'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567',
+        b'ybndrfg8ejkmcpqxot1uwisza345h769')
+
+    @classmethod
+    def get_wkd_url(cls, email):
+        localname, domain = email.encode('utf8').split(b'@', 1)
+        b32 = (base64.b32encode(
+                hashlib.sha1(localname.lower()).digest())
+            .translate(cls.zbase32_translate).decode())
+        uenc = urllib.parse.quote(localname)
+        ldomain = domain.lower().decode('utf8')
+        return (f'https://{ldomain}/.well-known/openpgpkey/hu/'
+                f'{b32}?l={uenc}')
+
     def refresh_keys_wkd(self):
         """
         Attempt to fetch updated keys using WKD.  Returns true if *all*
diff --git a/tests/test_openpgp.py b/tests/test_openpgp.py
index 51f9e16..815de7e 100644
--- a/tests/test_openpgp.py
+++ b/tests/test_openpgp.py
@@ -1514,3 +1514,19 @@ class OpenPGPForgedUnexpireRefreshTest(HKPServerTestCase):
                         self.env.verify_file, f)
         except gemato.exceptions.OpenPGPNoImplementation as e:
             raise unittest.SkipTest(str(e))
+
+
+class WKDUrlTests(unittest.TestCase):
+    """Tests for get_wkd_url() helper"""
+
+    def test_get_wkd_url(self):
+        self.assertEqual(
+            gemato.openpgp.OpenPGPEnvironment.get_wkd_url(
+                'gemato@example.com'),
+            'https://example.com/.well-known/openpgpkey/hu/'
+            '5x66h616iaskmnadrm86ndo6xnxbxjxb?l=gemato')
+        self.assertEqual(
+            gemato.openpgp.OpenPGPEnvironment.get_wkd_url(
+                'Joe.Doe@Example.ORG'),
+            'https://example.org/.well-known/openpgpkey/hu/'
+            'iy9q119eutrkn8s1mk4r39qejnbu3n5q?l=Joe.Doe')