src/keymanagement.c
author Edouard Tisserant
Sat, 30 Apr 2016 17:59:16 +0200
changeset 559 32811e6a231c
parent 544 ffc3632ee799
child 560 61966cd2d7a7
permissions -rw-r--r--
Fixed Primary Key of identity table. Was (address) and know is (address, user_id). Added 'virtual' user_id (const string + address) as a side effect, in case user_id isn't given and no user have been created with same address.
vb@130
     1
#include "platform.h"
vb@0
     2
vb@0
     3
#include <string.h>
vb@0
     4
#include <stdio.h>
vb@0
     5
#include <stdlib.h>
vb@0
     6
#include <assert.h>
Edouard@512
     7
#include <ctype.h>
vb@0
     8
vb@217
     9
#include "pEp_internal.h"
vb@0
    10
#include "keymanagement.h"
vb@0
    11
Edouard@439
    12
#ifndef EMPTYSTR
roker@500
    13
#define EMPTYSTR(STR) ((STR) == NULL || (STR)[0] == '\0')
vb@8
    14
#endif
vb@8
    15
vb@214
    16
#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
vb@214
    17
Edouard@512
    18
// Space tolerant and case insensitive fingerprint string compare
Edouard@512
    19
static int _same_fpr(
Edouard@512
    20
        const char* fpra,
Edouard@512
    21
        size_t fpras,
Edouard@512
    22
        const char* fprb,
Edouard@512
    23
        size_t fprbs
Edouard@512
    24
    )
Edouard@512
    25
{
Edouard@512
    26
    size_t ai = 0;
Edouard@512
    27
    size_t bi = 0;
Edouard@512
    28
    
Edouard@544
    29
    do
Edouard@544
    30
    {
Edouard@544
    31
        if(fpra[ai] == 0 || fprb[bi] == 0)
Edouard@544
    32
        {
Edouard@512
    33
            return 0;
Edouard@544
    34
        }
Edouard@544
    35
        else if(fpra[ai] == ' ')
Edouard@544
    36
        {
Edouard@512
    37
            ai++;
Edouard@544
    38
        }
Edouard@544
    39
        else if(fprb[bi] == ' ')
Edouard@544
    40
        {
Edouard@512
    41
            bi++;
Edouard@544
    42
        }
Edouard@544
    43
        else if(toupper(fpra[ai]) == toupper(fprb[bi]))
Edouard@544
    44
        {
Edouard@512
    45
            ai++;
Edouard@512
    46
            bi++;
Edouard@512
    47
        }
Edouard@544
    48
        else
Edouard@544
    49
        {
Edouard@544
    50
            return 0;
Edouard@544
    51
        }
Edouard@544
    52
        
Edouard@544
    53
    }
Edouard@544
    54
    while(ai < fpras && bi < fprbs);
Edouard@512
    55
    
Edouard@512
    56
    return ai == fpras && bi == fprbs;
Edouard@512
    57
}
Edouard@512
    58
vb@0
    59
DYNAMIC_API PEP_STATUS update_identity(
vb@0
    60
        PEP_SESSION session, pEp_identity * identity
vb@0
    61
    )
vb@0
    62
{
vb@0
    63
    pEp_identity *stored_identity;
vb@0
    64
    PEP_STATUS status;
vb@0
    65
vb@0
    66
    assert(session);
vb@0
    67
    assert(identity);
Edouard@439
    68
    assert(!EMPTYSTR(identity->address));
vb@0
    69
Edouard@439
    70
    if (!(session && identity && !EMPTYSTR(identity->address)))
vb@191
    71
        return PEP_ILLEGAL_VALUE;
vb@191
    72
Edouard@559
    73
    int _no_user_id = EMPTYSTR(identity->user_id);
Edouard@559
    74
Edouard@559
    75
    if (_no_user_id)
Edouard@559
    76
    {
Edouard@559
    77
        free(identity->user_id);
Edouard@559
    78
Edouard@559
    79
        status = get_best_user(session,
Edouard@559
    80
                              identity->address,
Edouard@559
    81
                              &identity->user_id);
Edouard@559
    82
Edouard@559
    83
        // Default user_id, aka Virtual user_id
Edouard@559
    84
        if (status == PEP_CANNOT_FIND_IDENTITY)
Edouard@559
    85
        {
Edouard@559
    86
            identity->user_id = calloc(1, identity->address_size + 5);
Edouard@559
    87
            if (!identity->user_id)
Edouard@559
    88
            {
Edouard@559
    89
                return PEP_OUT_OF_MEMORY;
Edouard@559
    90
            }
Edouard@559
    91
            snprintf(identity->user_id, identity->address_size + 5,
Edouard@559
    92
                     "TOFU_%s", identity->address);
Edouard@559
    93
        }
Edouard@559
    94
        else if (status != PEP_STATUS_OK)
Edouard@559
    95
        {
Edouard@559
    96
            return status;
Edouard@559
    97
        }
Edouard@559
    98
        
Edouard@559
    99
        if(identity->user_id)
Edouard@559
   100
        {
Edouard@559
   101
            identity->user_id_size = strlen(identity->user_id);
Edouard@559
   102
        }
Edouard@559
   103
    }
Edouard@559
   104
    
Edouard@559
   105
    status = get_identity(session,
Edouard@559
   106
                          identity->address,
Edouard@559
   107
                          identity->user_id,
Edouard@559
   108
                          &stored_identity);
Edouard@559
   109
    
vb@0
   110
    assert(status != PEP_OUT_OF_MEMORY);
vb@0
   111
    if (status == PEP_OUT_OF_MEMORY)
vb@0
   112
        return PEP_OUT_OF_MEMORY;
vb@0
   113
vb@14
   114
    if (stored_identity) {
vb@14
   115
        PEP_comm_type _comm_type_key;
vb@14
   116
        status = get_key_rating(session, stored_identity->fpr, &_comm_type_key);
vb@14
   117
        assert(status != PEP_OUT_OF_MEMORY);
vb@14
   118
        if (status == PEP_OUT_OF_MEMORY)
vb@14
   119
            return PEP_OUT_OF_MEMORY;
vb@10
   120
Edouard@439
   121
        if (EMPTYSTR(identity->username)) {
vb@22
   122
            free(identity->username);
Edouard@498
   123
            identity->username = strndup(stored_identity->username, stored_identity->username_size);
Edouard@498
   124
            assert(identity->username);
vb@22
   125
            if (identity->username == NULL)
vb@22
   126
                return PEP_OUT_OF_MEMORY;
vb@22
   127
            identity->username_size = stored_identity->username_size;
vb@22
   128
        }
vb@22
   129
Edouard@439
   130
        if (EMPTYSTR(identity->fpr)) {
Edouard@498
   131
            identity->fpr = strndup(stored_identity->fpr, stored_identity->fpr_size);
vb@8
   132
            assert(identity->fpr);
vb@8
   133
            if (identity->fpr == NULL)
vb@8
   134
                return PEP_OUT_OF_MEMORY;
Edouard@406
   135
            identity->fpr_size = stored_identity->fpr_size;
vb@14
   136
            if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
vb@14
   137
                identity->comm_type = _comm_type_key;
vb@14
   138
            }
vb@14
   139
            else {
vb@14
   140
                identity->comm_type = stored_identity->comm_type;
vb@14
   141
            }
vb@8
   142
        }
Edouard@439
   143
        else /* !EMPTYSTR(identity->fpr) */ {
Edouard@512
   144
            if (_same_fpr(identity->fpr,
Edouard@512
   145
                          identity->fpr_size,
Edouard@512
   146
                          stored_identity->fpr,
Edouard@512
   147
                          stored_identity->fpr_size)) {
vb@14
   148
                if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
vb@14
   149
                    identity->comm_type = _comm_type_key;
Edouard@488
   150
                }else{
Edouard@488
   151
                    identity->comm_type = stored_identity->comm_type;
Edouard@488
   152
                    if (identity->comm_type == PEP_ct_unknown) {
Edouard@488
   153
                        identity->comm_type = _comm_type_key;
vb@8
   154
                    }
vb@8
   155
                }
vb@496
   156
            } else {
Edouard@488
   157
                status = get_trust(session, identity);
Edouard@488
   158
                assert(status != PEP_OUT_OF_MEMORY);
Edouard@488
   159
                if (status == PEP_OUT_OF_MEMORY)
Edouard@488
   160
                    return PEP_OUT_OF_MEMORY;
vb@496
   161
                if (identity->comm_type < stored_identity->comm_type)
vb@496
   162
                    identity->comm_type = PEP_ct_unknown;
vb@8
   163
            }
vb@8
   164
        }
vb@8
   165
vb@21
   166
        if (identity->lang[0] == 0) {
vb@21
   167
            identity->lang[0] = stored_identity->lang[0];
vb@21
   168
            identity->lang[1] = stored_identity->lang[1];
vb@21
   169
            identity->lang[2] = 0;
vb@21
   170
        }
vb@21
   171
    }
vb@21
   172
    else /* stored_identity == NULL */ {
Edouard@439
   173
        if (!EMPTYSTR(identity->fpr)) {
vb@21
   174
            PEP_comm_type _comm_type_key;
vb@21
   175
vb@21
   176
            status = get_key_rating(session, identity->fpr, &_comm_type_key);
vb@21
   177
            assert(status != PEP_OUT_OF_MEMORY);
vb@21
   178
            if (status == PEP_OUT_OF_MEMORY)
vb@21
   179
                return PEP_OUT_OF_MEMORY;
vb@21
   180
vb@21
   181
            identity->comm_type = _comm_type_key;
vb@21
   182
        }
Edouard@439
   183
        else /* EMPTYSTR(identity->fpr) */ {
vb@21
   184
            PEP_STATUS status;
vb@21
   185
            stringlist_t *keylist;
vb@21
   186
            char *_fpr = NULL;
vb@21
   187
            identity->comm_type = PEP_ct_unknown;
vb@21
   188
vb@21
   189
            status = find_keys(session, identity->address, &keylist);
vb@21
   190
            assert(status != PEP_OUT_OF_MEMORY);
vb@21
   191
            if (status == PEP_OUT_OF_MEMORY)
vb@21
   192
                return PEP_OUT_OF_MEMORY;
vb@21
   193
vb@21
   194
            stringlist_t *_keylist;
vb@21
   195
            for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
vb@21
   196
                PEP_comm_type _comm_type_key;
vb@21
   197
vb@21
   198
                status = get_key_rating(session, _keylist->value, &_comm_type_key);
vb@21
   199
                assert(status != PEP_OUT_OF_MEMORY);
vb@21
   200
                if (status == PEP_OUT_OF_MEMORY) {
vb@21
   201
                    free_stringlist(keylist);
vb@21
   202
                    return PEP_OUT_OF_MEMORY;
vb@21
   203
                }
vb@21
   204
vb@21
   205
                if (identity->comm_type == PEP_ct_unknown) {
vb@21
   206
                    if (_comm_type_key != PEP_ct_compromized && _comm_type_key != PEP_ct_unknown) {
vb@21
   207
                        identity->comm_type = _comm_type_key;
vb@21
   208
                        _fpr = _keylist->value;
vb@21
   209
                    }
vb@21
   210
                }
vb@21
   211
                else {
vb@21
   212
                    if (_comm_type_key != PEP_ct_compromized && _comm_type_key != PEP_ct_unknown) {
vb@21
   213
                        if (_comm_type_key > identity->comm_type) {
vb@21
   214
                            identity->comm_type = _comm_type_key;
vb@21
   215
                            _fpr = _keylist->value;
vb@21
   216
                        }
vb@21
   217
                    }
vb@21
   218
                }
vb@21
   219
            }
vb@21
   220
vb@21
   221
            if (_fpr) {
vb@21
   222
                free(identity->fpr);
vb@21
   223
vb@21
   224
                identity->fpr = strdup(_fpr);
vb@21
   225
                if (identity->fpr == NULL) {
vb@21
   226
                    free_stringlist(keylist);
vb@21
   227
                    return PEP_OUT_OF_MEMORY;
vb@21
   228
                }
vb@21
   229
                identity->fpr_size = strlen(identity->fpr);
vb@21
   230
            }
vb@21
   231
            free_stringlist(keylist);
vb@21
   232
        }
vb@21
   233
    }
vb@21
   234
vb@21
   235
    status = PEP_STATUS_OK;
vb@21
   236
Edouard@439
   237
    if (identity->comm_type != PEP_ct_unknown && !EMPTYSTR(identity->user_id)) {
Edouard@439
   238
        assert(!EMPTYSTR(identity->username)); // this should not happen
vb@22
   239
Edouard@439
   240
        if (EMPTYSTR(identity->username)) { // mitigate
vb@0
   241
            free(identity->username);
vb@22
   242
            identity->username = strdup("anonymous");
vb@8
   243
            if (identity->username == NULL)
vb@8
   244
                return PEP_OUT_OF_MEMORY;
vb@22
   245
            identity->username_size = 9;
vb@0
   246
        }
vb@8
   247
Edouard@559
   248
        // Identity doesn't get stored if is was just about checking existing
Edouard@559
   249
        // user by address (i.e. no user id but already stored)
Edouard@559
   250
        if (!(_no_user_id && stored_identity))
Edouard@559
   251
        {
Edouard@559
   252
            status = set_identity(session, identity);
Edouard@559
   253
            assert(status == PEP_STATUS_OK);
Edouard@559
   254
            if (status != PEP_STATUS_OK) {
Edouard@559
   255
                return status;
Edouard@559
   256
            }
Edouard@499
   257
        }
vb@8
   258
    }
vb@8
   259
vb@297
   260
    if (identity->comm_type != PEP_ct_compromized &&
vb@297
   261
            identity->comm_type < PEP_ct_strong_but_unconfirmed)
vb@297
   262
        if (session->examine_identity)
vb@297
   263
            session->examine_identity(identity, session->examine_management);
vb@297
   264
vb@8
   265
    return status;
vb@0
   266
}
vb@0
   267
vb@0
   268
DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
vb@0
   269
{
vb@0
   270
    PEP_STATUS status;
vb@46
   271
    stringlist_t *keylist = NULL;
vb@0
   272
vb@0
   273
    assert(session);
vb@0
   274
    assert(identity);
vb@0
   275
    assert(identity->address);
vb@0
   276
    assert(identity->username);
vb@0
   277
    assert(identity->user_id);
vb@0
   278
vb@191
   279
    if (!(session && identity && identity->address && identity->username &&
vb@191
   280
                identity->user_id))
vb@191
   281
        return PEP_ILLEGAL_VALUE;
vb@191
   282
vb@0
   283
    identity->comm_type = PEP_ct_pEp;
vb@0
   284
    identity->me = true;
vb@0
   285
vb@215
   286
    DEBUG_LOG("myself", "debug", identity->address);
vb@0
   287
vb@0
   288
    status = find_keys(session, identity->address, &keylist);
vb@0
   289
    assert(status != PEP_OUT_OF_MEMORY);
vb@0
   290
    if (status == PEP_OUT_OF_MEMORY)
vb@0
   291
        return PEP_OUT_OF_MEMORY;
vb@0
   292
vb@0
   293
    if (keylist == NULL || keylist->value == NULL) {
vb@215
   294
        DEBUG_LOG("generating key pair", "debug", identity->address);
vb@0
   295
        status = generate_keypair(session, identity);
vb@0
   296
        assert(status != PEP_OUT_OF_MEMORY);
vb@0
   297
        if (status != PEP_STATUS_OK) {
vb@0
   298
            char buf[11];
vb@0
   299
            snprintf(buf, 11, "%d", status);
vb@215
   300
            DEBUG_LOG("generating key pair failed", "debug", buf);
vb@0
   301
            return status;
vb@0
   302
        }
vb@0
   303
vb@0
   304
        status = find_keys(session, identity->address, &keylist);
vb@0
   305
        assert(status != PEP_OUT_OF_MEMORY);
vb@0
   306
        if (status == PEP_OUT_OF_MEMORY)
vb@0
   307
            return PEP_OUT_OF_MEMORY;
vb@0
   308
vb@372
   309
        assert(keylist && keylist->value);
Edouard@371
   310
        if (keylist == NULL || keylist->value == NULL) {
Edouard@371
   311
            return PEP_UNKNOWN_ERROR;
Edouard@371
   312
        }
vb@0
   313
    }
vb@214
   314
    else {
vb@214
   315
        bool expired;
vb@214
   316
        status = key_expired(session, keylist->value, &expired);
vb@214
   317
        assert(status == PEP_STATUS_OK);
Edouard@499
   318
        if (status != PEP_STATUS_OK) {
Edouard@499
   319
            goto free_keylist;
Edouard@499
   320
        }
vb@214
   321
vb@214
   322
        if (status == PEP_STATUS_OK && expired) {
vb@214
   323
            timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
vb@214
   324
            renew_key(session, keylist->value, ts);
vb@214
   325
            free_timestamp(ts);
vb@214
   326
        }
vb@214
   327
    }
vb@0
   328
vb@0
   329
    if (identity->fpr)
vb@0
   330
        free(identity->fpr);
vb@0
   331
    identity->fpr = strdup(keylist->value);
vb@0
   332
    assert(identity->fpr);
Edouard@499
   333
    if (identity->fpr == NULL){
Edouard@499
   334
        status = PEP_OUT_OF_MEMORY;
Edouard@499
   335
        goto free_keylist;
Edouard@499
   336
    }
vb@8
   337
    identity->fpr_size = strlen(identity->fpr);
vb@0
   338
vb@0
   339
    status = set_identity(session, identity);
vb@0
   340
    assert(status == PEP_STATUS_OK);
Edouard@499
   341
    if (status != PEP_STATUS_OK) {
Edouard@499
   342
        goto free_keylist;
Edouard@499
   343
    }
vb@0
   344
vb@0
   345
    return PEP_STATUS_OK;
Edouard@499
   346
Edouard@499
   347
free_keylist:
Edouard@499
   348
    free_stringlist(keylist);
Edouard@499
   349
    return status;
vb@0
   350
}
vb@0
   351
vb@296
   352
DYNAMIC_API PEP_STATUS register_examine_function(
vb@292
   353
        PEP_SESSION session, 
vb@292
   354
        examine_identity_t examine_identity,
vb@292
   355
        void *management
vb@292
   356
    )
vb@292
   357
{
vb@292
   358
    assert(session);
vb@292
   359
    if (!session)
vb@292
   360
        return PEP_ILLEGAL_VALUE;
vb@292
   361
vb@292
   362
    session->examine_management = management;
vb@292
   363
    session->examine_identity = examine_identity;
vb@292
   364
vb@292
   365
    return PEP_STATUS_OK;
vb@292
   366
}
vb@292
   367
vb@0
   368
DYNAMIC_API PEP_STATUS do_keymanagement(
vb@0
   369
        retrieve_next_identity_t retrieve_next_identity,
vb@0
   370
        void *management
vb@0
   371
    )
vb@0
   372
{
vb@0
   373
    PEP_SESSION session;
vb@0
   374
    pEp_identity *identity;
Edouard@499
   375
    PEP_STATUS status;
vb@0
   376
vb@24
   377
    assert(retrieve_next_identity);
vb@24
   378
    assert(management);
vb@24
   379
Edouard@499
   380
    if (!retrieve_next_identity || !management)
Edouard@499
   381
        return PEP_ILLEGAL_VALUE;
Edouard@499
   382
Edouard@499
   383
    status = init(&session);
Edouard@499
   384
    assert(status == PEP_STATUS_OK);
Edouard@499
   385
    if (status != PEP_STATUS_OK)
Edouard@499
   386
        return status;
Edouard@499
   387
vb@0
   388
    log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);
vb@0
   389
Edouard@499
   390
    while ((identity = retrieve_next_identity(management))) 
Edouard@499
   391
    {
vb@0
   392
        assert(identity->address);
Edouard@499
   393
        if(identity->address)
Edouard@499
   394
        {
Edouard@499
   395
            DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);
Edouard@499
   396
Edouard@499
   397
            if (identity->me) {
Edouard@499
   398
                status = myself(session, identity);
Edouard@499
   399
            } else {
Edouard@499
   400
                status = recv_key(session, identity->address);
Edouard@499
   401
            }
Edouard@499
   402
vb@0
   403
            assert(status != PEP_OUT_OF_MEMORY);
Edouard@499
   404
            if(status == PEP_OUT_OF_MEMORY)
Edouard@499
   405
                return PEP_OUT_OF_MEMORY;
vb@0
   406
        }
vb@0
   407
        free_identity(identity);
vb@0
   408
    }
vb@0
   409
vb@0
   410
    log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);
vb@0
   411
vb@0
   412
    release(session);
vb@0
   413
    return PEP_STATUS_OK;
vb@0
   414
}
vb@0
   415
vb@357
   416
DYNAMIC_API PEP_STATUS key_compromized(
vb@357
   417
        PEP_SESSION session,
vb@357
   418
        pEp_identity *ident
vb@357
   419
    )
vb@215
   420
{
vb@218
   421
    PEP_STATUS status = PEP_STATUS_OK;
vb@218
   422
vb@215
   423
    assert(session);
vb@357
   424
    assert(ident);
Edouard@439
   425
    assert(!EMPTYSTR(ident->fpr));
vb@215
   426
vb@357
   427
    if (!(session && ident && ident->fpr))
vb@215
   428
        return PEP_ILLEGAL_VALUE;
vb@215
   429
vb@357
   430
    if (ident->me)
vb@357
   431
        revoke_key(session, ident->fpr, NULL);
vb@357
   432
    status = mark_as_compromized(session, ident->fpr);
vb@218
   433
vb@218
   434
    return status;
vb@215
   435
}
vb@215
   436
Edouard@410
   437
DYNAMIC_API PEP_STATUS key_reset_trust(
Edouard@410
   438
        PEP_SESSION session,
Edouard@410
   439
        pEp_identity *ident
Edouard@410
   440
    )
Edouard@410
   441
{
Edouard@410
   442
    PEP_STATUS status = PEP_STATUS_OK;
Edouard@410
   443
Edouard@410
   444
    assert(session);
Edouard@410
   445
    assert(ident);
vb@420
   446
    assert(!ident->me);
Edouard@439
   447
    assert(!EMPTYSTR(ident->fpr));
Edouard@439
   448
    assert(!EMPTYSTR(ident->address));
Edouard@439
   449
    assert(!EMPTYSTR(ident->user_id));
Edouard@410
   450
vb@420
   451
    if (!(session && ident && !ident->me && ident->fpr && ident->address &&
vb@420
   452
            ident->user_id))
Edouard@410
   453
        return PEP_ILLEGAL_VALUE;
Edouard@410
   454
vb@420
   455
    status = update_identity(session, ident);
vb@420
   456
    if (status != PEP_STATUS_OK)
vb@420
   457
        return status;
Edouard@410
   458
Edouard@442
   459
    if (ident->comm_type == PEP_ct_mistrusted)
vb@421
   460
        ident->comm_type = PEP_ct_unknown;
vb@421
   461
    else
vb@421
   462
        ident->comm_type &= ~PEP_ct_confirmed;
vb@421
   463
vb@420
   464
    status = set_identity(session, ident);
vb@421
   465
    if (status != PEP_STATUS_OK)
vb@421
   466
        return status;
vb@421
   467
vb@422
   468
    if (ident->comm_type == PEP_ct_unknown)
vb@422
   469
        status = update_identity(session, ident);
Edouard@410
   470
    return status;
Edouard@410
   471
}
Edouard@410
   472
vb@354
   473
DYNAMIC_API PEP_STATUS trust_personal_key(
vb@354
   474
        PEP_SESSION session,
vb@354
   475
        pEp_identity *ident
vb@354
   476
    )
vb@354
   477
{
vb@354
   478
    PEP_STATUS status = PEP_STATUS_OK;
vb@354
   479
vb@354
   480
    assert(session);
vb@354
   481
    assert(ident);
Edouard@439
   482
    assert(!EMPTYSTR(ident->address));
Edouard@439
   483
    assert(!EMPTYSTR(ident->user_id));
Edouard@439
   484
    assert(!EMPTYSTR(ident->fpr));
vb@354
   485
    assert(!ident->me);
vb@354
   486
Edouard@439
   487
    if (!ident || EMPTYSTR(ident->address) || EMPTYSTR(ident->user_id) ||
Edouard@439
   488
            EMPTYSTR(ident->fpr) || ident->me)
vb@354
   489
        return PEP_ILLEGAL_VALUE;
vb@354
   490
vb@354
   491
    status = update_identity(session, ident);
vb@354
   492
    if (status != PEP_STATUS_OK)
vb@354
   493
        return status;
vb@354
   494
vb@356
   495
    if (ident->comm_type > PEP_ct_strong_but_unconfirmed) {
vb@356
   496
        ident->comm_type |= PEP_ct_confirmed;
Edouard@488
   497
        status = set_identity(session, ident);
vb@356
   498
    }
vb@356
   499
    else {
vb@356
   500
        // MISSING: S/MIME has to be handled depending on trusted CAs
vb@370
   501
        status = PEP_CANNOT_SET_TRUST;
vb@356
   502
    }
vb@354
   503
vb@354
   504
    return status;
vb@354
   505
}
vb@354
   506