From ce683786ce6ad9d0f5723b4438bb9054f4a49d77 Mon Sep 17 00:00:00 2001
From: Michał Górny <mgorny@gentoo.org>
Date: Thu, 1 Oct 2020 13:34:55 +0200
Subject: openpgp: Fix handling connection errors in WKD refresh
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bug: https://bugs.gentoo.org/745771
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 gemato/openpgp.py     | 12 ++++++++----
 tests/test_openpgp.py | 17 +++++++++++------
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/gemato/openpgp.py b/gemato/openpgp.py
index 8663f02..a6fbfa8 100644
--- a/gemato/openpgp.py
+++ b/gemato/openpgp.py
@@ -416,10 +416,14 @@ debug-level guru
             }
         for a in addrs:
             url = get_wkd_url(a)
-            resp = requests.get(url, proxies=proxies)
-            if resp.status_code != 200:
-                logging.debug(f'refresh_keys_wkd(): failing due to failed'
-                              f'request for {url}: {resp}')
+            try:
+                resp = requests.get(url, proxies=proxies)
+                resp.raise_for_status()
+            except (requests.exceptions.ConnectionError,
+                    requests.exceptions.HTTPError,
+                    ) as e:
+                logging.debug(f'refresh_keys_wkd(): failing due to failed '
+                              f'request for {url}: {e}')
                 return False
             data += resp.content
 
diff --git a/tests/test_openpgp.py b/tests/test_openpgp.py
index 6bce97d..c57a612 100644
--- a/tests/test_openpgp.py
+++ b/tests/test_openpgp.py
@@ -5,6 +5,7 @@
 
 import datetime
 import io
+import logging
 import os
 import shlex
 import signal
@@ -875,22 +876,26 @@ def test_refresh_wkd(openpgp_env_with_refresh,
             pytest.skip(str(e))
 
 
+@pytest.mark.parametrize('status', [401, 404, 500, ConnectionError])
 def test_refresh_wkd_fallback_to_hkp(openpgp_env_with_refresh,
-                                     hkp_server):
+                                     hkp_server, caplog, status):
     """Test whether WKD refresh failure falls back to HKP"""
     with pytest.importorskip('responses').RequestsMock() as responses:
         try:
             with io.BytesIO(VALID_PUBLIC_KEY) as f:
                 openpgp_env_with_refresh.import_key(f)
             hkp_server.keys[KEY_FINGERPRINT] = REVOKED_PUBLIC_KEY
-            responses.add(
-                responses.GET,
-                'https://example.com/.well-known/openpgpkey/hu/'
-                '5x66h616iaskmnadrm86ndo6xnxbxjxb?l=gemato',
-                status=404)
+            if status is not ConnectionError:
+                responses.add(
+                    responses.GET,
+                    'https://example.com/.well-known/openpgpkey/hu/'
+                    '5x66h616iaskmnadrm86ndo6xnxbxjxb?l=gemato',
+                    status=status)
 
+            caplog.set_level(logging.DEBUG)
             openpgp_env_with_refresh.refresh_keys(
                 allow_wkd=True, keyserver=hkp_server.addr)
+            assert 'failing due to failed request' in caplog.text
 
             with pytest.raises(OpenPGPRevokedKeyFailure):
                 with io.StringIO(SIGNED_MANIFEST) as f:
-- 
cgit v1.2.3