src/keymanagement.c
author Edouard Tisserant
Tue, 10 May 2016 11:49:37 +0200
changeset 584 3f175e8668b3
parent 562 fe56206d4630
child 588 b7f954296900
permissions -rw-r--r--
Own keys (SQL and accessors functions)
vb@130
     1
#include "platform.h"
vb@0
     2
vb@0
     3
#include <string.h>
vb@0
     4
#include <stdio.h>
vb@0
     5
#include <stdlib.h>
vb@0
     6
#include <assert.h>
Edouard@512
     7
#include <ctype.h>
vb@0
     8
vb@217
     9
#include "pEp_internal.h"
vb@0
    10
#include "keymanagement.h"
vb@0
    11
Edouard@439
    12
#ifndef EMPTYSTR
roker@500
    13
#define EMPTYSTR(STR) ((STR) == NULL || (STR)[0] == '\0')
vb@8
    14
#endif
vb@8
    15
vb@214
    16
#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
vb@214
    17
Edouard@512
    18
// Space tolerant and case insensitive fingerprint string compare
Edouard@512
    19
static int _same_fpr(
Edouard@512
    20
        const char* fpra,
Edouard@512
    21
        size_t fpras,
Edouard@512
    22
        const char* fprb,
Edouard@512
    23
        size_t fprbs
Edouard@512
    24
    )
Edouard@512
    25
{
Edouard@512
    26
    size_t ai = 0;
Edouard@512
    27
    size_t bi = 0;
Edouard@512
    28
    
Edouard@544
    29
    do
Edouard@544
    30
    {
Edouard@544
    31
        if(fpra[ai] == 0 || fprb[bi] == 0)
Edouard@544
    32
        {
Edouard@512
    33
            return 0;
Edouard@544
    34
        }
Edouard@544
    35
        else if(fpra[ai] == ' ')
Edouard@544
    36
        {
Edouard@512
    37
            ai++;
Edouard@544
    38
        }
Edouard@544
    39
        else if(fprb[bi] == ' ')
Edouard@544
    40
        {
Edouard@512
    41
            bi++;
Edouard@544
    42
        }
Edouard@544
    43
        else if(toupper(fpra[ai]) == toupper(fprb[bi]))
Edouard@544
    44
        {
Edouard@512
    45
            ai++;
Edouard@512
    46
            bi++;
Edouard@512
    47
        }
Edouard@544
    48
        else
Edouard@544
    49
        {
Edouard@544
    50
            return 0;
Edouard@544
    51
        }
Edouard@544
    52
        
Edouard@544
    53
    }
Edouard@544
    54
    while(ai < fpras && bi < fprbs);
Edouard@512
    55
    
Edouard@512
    56
    return ai == fpras && bi == fprbs;
Edouard@512
    57
}
Edouard@512
    58
vb@0
    59
DYNAMIC_API PEP_STATUS update_identity(
vb@0
    60
        PEP_SESSION session, pEp_identity * identity
vb@0
    61
    )
vb@0
    62
{
vb@0
    63
    pEp_identity *stored_identity;
vb@0
    64
    PEP_STATUS status;
vb@0
    65
vb@0
    66
    assert(session);
vb@0
    67
    assert(identity);
Edouard@439
    68
    assert(!EMPTYSTR(identity->address));
vb@0
    69
Edouard@439
    70
    if (!(session && identity && !EMPTYSTR(identity->address)))
vb@191
    71
        return PEP_ILLEGAL_VALUE;
vb@191
    72
Edouard@559
    73
    int _no_user_id = EMPTYSTR(identity->user_id);
Edouard@559
    74
Edouard@559
    75
    if (_no_user_id)
Edouard@559
    76
    {
Edouard@559
    77
        free(identity->user_id);
Edouard@559
    78
Edouard@562
    79
        identity->user_id = calloc(1, identity->address_size + 6);
Edouard@562
    80
        if (!identity->user_id)
Edouard@562
    81
        {
Edouard@562
    82
            return PEP_OUT_OF_MEMORY;
Edouard@562
    83
        }
Edouard@562
    84
        snprintf(identity->user_id, identity->address_size + 5,
Edouard@562
    85
                 "TOFU_%s", identity->address);
Edouard@559
    86
Edouard@559
    87
        if(identity->user_id)
Edouard@559
    88
        {
Edouard@559
    89
            identity->user_id_size = strlen(identity->user_id);
Edouard@559
    90
        }
Edouard@559
    91
    }
Edouard@559
    92
    
Edouard@559
    93
    status = get_identity(session,
Edouard@559
    94
                          identity->address,
Edouard@559
    95
                          identity->user_id,
Edouard@559
    96
                          &stored_identity);
Edouard@559
    97
    
vb@0
    98
    assert(status != PEP_OUT_OF_MEMORY);
vb@0
    99
    if (status == PEP_OUT_OF_MEMORY)
vb@0
   100
        return PEP_OUT_OF_MEMORY;
vb@0
   101
vb@14
   102
    if (stored_identity) {
vb@14
   103
        PEP_comm_type _comm_type_key;
vb@14
   104
        status = get_key_rating(session, stored_identity->fpr, &_comm_type_key);
vb@14
   105
        assert(status != PEP_OUT_OF_MEMORY);
vb@14
   106
        if (status == PEP_OUT_OF_MEMORY)
vb@14
   107
            return PEP_OUT_OF_MEMORY;
vb@10
   108
Edouard@439
   109
        if (EMPTYSTR(identity->username)) {
vb@22
   110
            free(identity->username);
Edouard@498
   111
            identity->username = strndup(stored_identity->username, stored_identity->username_size);
Edouard@498
   112
            assert(identity->username);
vb@22
   113
            if (identity->username == NULL)
vb@22
   114
                return PEP_OUT_OF_MEMORY;
vb@22
   115
            identity->username_size = stored_identity->username_size;
vb@22
   116
        }
vb@22
   117
Edouard@439
   118
        if (EMPTYSTR(identity->fpr)) {
Edouard@498
   119
            identity->fpr = strndup(stored_identity->fpr, stored_identity->fpr_size);
vb@8
   120
            assert(identity->fpr);
vb@8
   121
            if (identity->fpr == NULL)
vb@8
   122
                return PEP_OUT_OF_MEMORY;
Edouard@406
   123
            identity->fpr_size = stored_identity->fpr_size;
vb@14
   124
            if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
vb@14
   125
                identity->comm_type = _comm_type_key;
vb@14
   126
            }
vb@14
   127
            else {
vb@14
   128
                identity->comm_type = stored_identity->comm_type;
vb@14
   129
            }
vb@8
   130
        }
Edouard@439
   131
        else /* !EMPTYSTR(identity->fpr) */ {
Edouard@512
   132
            if (_same_fpr(identity->fpr,
Edouard@512
   133
                          identity->fpr_size,
Edouard@512
   134
                          stored_identity->fpr,
Edouard@512
   135
                          stored_identity->fpr_size)) {
vb@14
   136
                if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
vb@14
   137
                    identity->comm_type = _comm_type_key;
Edouard@488
   138
                }else{
Edouard@488
   139
                    identity->comm_type = stored_identity->comm_type;
Edouard@488
   140
                    if (identity->comm_type == PEP_ct_unknown) {
Edouard@488
   141
                        identity->comm_type = _comm_type_key;
vb@8
   142
                    }
vb@8
   143
                }
vb@496
   144
            } else {
Edouard@488
   145
                status = get_trust(session, identity);
Edouard@488
   146
                assert(status != PEP_OUT_OF_MEMORY);
Edouard@488
   147
                if (status == PEP_OUT_OF_MEMORY)
Edouard@488
   148
                    return PEP_OUT_OF_MEMORY;
vb@496
   149
                if (identity->comm_type < stored_identity->comm_type)
vb@496
   150
                    identity->comm_type = PEP_ct_unknown;
vb@8
   151
            }
vb@8
   152
        }
vb@8
   153
vb@21
   154
        if (identity->lang[0] == 0) {
vb@21
   155
            identity->lang[0] = stored_identity->lang[0];
vb@21
   156
            identity->lang[1] = stored_identity->lang[1];
vb@21
   157
            identity->lang[2] = 0;
vb@21
   158
        }
vb@21
   159
    }
vb@21
   160
    else /* stored_identity == NULL */ {
Edouard@439
   161
        if (!EMPTYSTR(identity->fpr)) {
vb@21
   162
            PEP_comm_type _comm_type_key;
vb@21
   163
vb@21
   164
            status = get_key_rating(session, identity->fpr, &_comm_type_key);
vb@21
   165
            assert(status != PEP_OUT_OF_MEMORY);
vb@21
   166
            if (status == PEP_OUT_OF_MEMORY)
vb@21
   167
                return PEP_OUT_OF_MEMORY;
vb@21
   168
vb@21
   169
            identity->comm_type = _comm_type_key;
vb@21
   170
        }
Edouard@439
   171
        else /* EMPTYSTR(identity->fpr) */ {
vb@21
   172
            PEP_STATUS status;
vb@21
   173
            stringlist_t *keylist;
vb@21
   174
            char *_fpr = NULL;
vb@21
   175
            identity->comm_type = PEP_ct_unknown;
vb@21
   176
vb@21
   177
            status = find_keys(session, identity->address, &keylist);
vb@21
   178
            assert(status != PEP_OUT_OF_MEMORY);
vb@21
   179
            if (status == PEP_OUT_OF_MEMORY)
vb@21
   180
                return PEP_OUT_OF_MEMORY;
vb@21
   181
vb@21
   182
            stringlist_t *_keylist;
vb@21
   183
            for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
vb@21
   184
                PEP_comm_type _comm_type_key;
vb@21
   185
vb@21
   186
                status = get_key_rating(session, _keylist->value, &_comm_type_key);
vb@21
   187
                assert(status != PEP_OUT_OF_MEMORY);
vb@21
   188
                if (status == PEP_OUT_OF_MEMORY) {
vb@21
   189
                    free_stringlist(keylist);
vb@21
   190
                    return PEP_OUT_OF_MEMORY;
vb@21
   191
                }
vb@21
   192
vb@21
   193
                if (identity->comm_type == PEP_ct_unknown) {
vb@21
   194
                    if (_comm_type_key != PEP_ct_compromized && _comm_type_key != PEP_ct_unknown) {
vb@21
   195
                        identity->comm_type = _comm_type_key;
vb@21
   196
                        _fpr = _keylist->value;
vb@21
   197
                    }
vb@21
   198
                }
vb@21
   199
                else {
vb@21
   200
                    if (_comm_type_key != PEP_ct_compromized && _comm_type_key != PEP_ct_unknown) {
vb@21
   201
                        if (_comm_type_key > identity->comm_type) {
vb@21
   202
                            identity->comm_type = _comm_type_key;
vb@21
   203
                            _fpr = _keylist->value;
vb@21
   204
                        }
vb@21
   205
                    }
vb@21
   206
                }
vb@21
   207
            }
vb@21
   208
vb@21
   209
            if (_fpr) {
vb@21
   210
                free(identity->fpr);
vb@21
   211
vb@21
   212
                identity->fpr = strdup(_fpr);
vb@21
   213
                if (identity->fpr == NULL) {
vb@21
   214
                    free_stringlist(keylist);
vb@21
   215
                    return PEP_OUT_OF_MEMORY;
vb@21
   216
                }
vb@21
   217
                identity->fpr_size = strlen(identity->fpr);
vb@21
   218
            }
vb@21
   219
            free_stringlist(keylist);
vb@21
   220
        }
vb@21
   221
    }
vb@21
   222
vb@21
   223
    status = PEP_STATUS_OK;
vb@21
   224
Edouard@439
   225
    if (identity->comm_type != PEP_ct_unknown && !EMPTYSTR(identity->user_id)) {
Edouard@439
   226
        assert(!EMPTYSTR(identity->username)); // this should not happen
vb@22
   227
Edouard@439
   228
        if (EMPTYSTR(identity->username)) { // mitigate
vb@0
   229
            free(identity->username);
vb@22
   230
            identity->username = strdup("anonymous");
vb@8
   231
            if (identity->username == NULL)
vb@8
   232
                return PEP_OUT_OF_MEMORY;
vb@22
   233
            identity->username_size = 9;
vb@0
   234
        }
vb@8
   235
Edouard@559
   236
        // Identity doesn't get stored if is was just about checking existing
Edouard@559
   237
        // user by address (i.e. no user id but already stored)
Edouard@559
   238
        if (!(_no_user_id && stored_identity))
Edouard@559
   239
        {
Edouard@559
   240
            status = set_identity(session, identity);
Edouard@559
   241
            assert(status == PEP_STATUS_OK);
Edouard@559
   242
            if (status != PEP_STATUS_OK) {
Edouard@559
   243
                return status;
Edouard@559
   244
            }
Edouard@499
   245
        }
vb@8
   246
    }
vb@8
   247
vb@297
   248
    if (identity->comm_type != PEP_ct_compromized &&
vb@297
   249
            identity->comm_type < PEP_ct_strong_but_unconfirmed)
vb@297
   250
        if (session->examine_identity)
vb@297
   251
            session->examine_identity(identity, session->examine_management);
vb@297
   252
vb@8
   253
    return status;
vb@0
   254
}
vb@0
   255
vb@0
   256
DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
vb@0
   257
{
Edouard@560
   258
    pEp_identity *stored_identity;
vb@0
   259
    PEP_STATUS status;
vb@46
   260
    stringlist_t *keylist = NULL;
vb@0
   261
vb@0
   262
    assert(session);
vb@0
   263
    assert(identity);
vb@0
   264
    assert(identity->address);
vb@0
   265
    assert(identity->username);
vb@0
   266
    assert(identity->user_id);
vb@0
   267
vb@191
   268
    if (!(session && identity && identity->address && identity->username &&
vb@191
   269
                identity->user_id))
vb@191
   270
        return PEP_ILLEGAL_VALUE;
vb@191
   271
vb@0
   272
    identity->comm_type = PEP_ct_pEp;
vb@0
   273
    identity->me = true;
vb@0
   274
vb@215
   275
    DEBUG_LOG("myself", "debug", identity->address);
vb@0
   276
Edouard@560
   277
    
Edouard@560
   278
    status = get_identity(session,
Edouard@560
   279
                          identity->address,
Edouard@560
   280
                          identity->user_id,
Edouard@560
   281
                          &stored_identity);
Edouard@560
   282
    
vb@0
   283
    assert(status != PEP_OUT_OF_MEMORY);
vb@0
   284
    if (status == PEP_OUT_OF_MEMORY)
vb@0
   285
        return PEP_OUT_OF_MEMORY;
Edouard@560
   286
    
Edouard@560
   287
    if (stored_identity)
Edouard@560
   288
    {
Edouard@560
   289
        if (EMPTYSTR(identity->fpr)) {
Edouard@560
   290
            identity->fpr = strndup(stored_identity->fpr, stored_identity->fpr_size);
Edouard@560
   291
            assert(identity->fpr);
Edouard@560
   292
            if (identity->fpr == NULL)
Edouard@560
   293
            {
Edouard@560
   294
                return PEP_OUT_OF_MEMORY;
Edouard@560
   295
            }
Edouard@560
   296
            identity->fpr_size = stored_identity->fpr_size;
Edouard@560
   297
        }
Edouard@560
   298
    }
Edouard@560
   299
    else
Edouard@560
   300
    {
Edouard@560
   301
        free(identity->fpr);
Edouard@560
   302
        identity->fpr_size = 0;
Edouard@560
   303
        
Edouard@560
   304
        status = find_keys(session, identity->address, &keylist);
Edouard@560
   305
        assert(status != PEP_OUT_OF_MEMORY);
Edouard@560
   306
        if (status == PEP_OUT_OF_MEMORY)
Edouard@560
   307
            return PEP_OUT_OF_MEMORY;
Edouard@560
   308
        
Edouard@560
   309
        if (keylist != NULL && keylist->value != NULL)
Edouard@560
   310
        {
Edouard@560
   311
            // BUG : Vulnerable to auto-key-import poisoning.
Edouard@560
   312
            //       Attacker's key with forged userId could have been
Edouard@560
   313
            //       auto imported from already received email and be used here
Edouard@560
   314
            
Edouard@560
   315
            // TODO : iterate over list to elect best key
Edouard@560
   316
            // TODO : discard keys which aren't private
Edouard@560
   317
            // TODO : discard keys which aren't either
Edouard@560
   318
            //             - own generated key
Edouard@560
   319
            //             - own from synchronized device group
Edouard@560
   320
            //             - already fully trusted as a public key of known
Edouard@560
   321
            //               identity, for that same address
Edouard@560
   322
            //               (case of imported key for mailing lists)
Edouard@560
   323
            
Edouard@560
   324
            identity->fpr = strdup(keylist->value);
Edouard@560
   325
            assert(identity->fpr);
Edouard@560
   326
            if (identity->fpr == NULL)
Edouard@560
   327
            {
Edouard@560
   328
                return PEP_OUT_OF_MEMORY;
Edouard@560
   329
            }
Edouard@560
   330
            identity->fpr_size = strlen(identity->fpr);
Edouard@560
   331
        }
Edouard@560
   332
        
Edouard@560
   333
    }
Edouard@560
   334
    
Edouard@560
   335
    // TODO : Check key for revoked state
Edouard@560
   336
    
Edouard@560
   337
    if (EMPTYSTR(identity->fpr) /* or revoked */)
Edouard@560
   338
    {
Edouard@560
   339
        
vb@215
   340
        DEBUG_LOG("generating key pair", "debug", identity->address);
vb@0
   341
        status = generate_keypair(session, identity);
vb@0
   342
        assert(status != PEP_OUT_OF_MEMORY);
vb@0
   343
        if (status != PEP_STATUS_OK) {
vb@0
   344
            char buf[11];
vb@0
   345
            snprintf(buf, 11, "%d", status);
vb@215
   346
            DEBUG_LOG("generating key pair failed", "debug", buf);
vb@0
   347
            return status;
vb@0
   348
        }
Edouard@560
   349
        
vb@0
   350
        status = find_keys(session, identity->address, &keylist);
vb@0
   351
        assert(status != PEP_OUT_OF_MEMORY);
vb@0
   352
        if (status == PEP_OUT_OF_MEMORY)
vb@0
   353
            return PEP_OUT_OF_MEMORY;
Edouard@560
   354
        
vb@372
   355
        assert(keylist && keylist->value);
Edouard@371
   356
        if (keylist == NULL || keylist->value == NULL) {
Edouard@371
   357
            return PEP_UNKNOWN_ERROR;
Edouard@371
   358
        }
vb@0
   359
    }
Edouard@560
   360
    else
Edouard@560
   361
    {
vb@214
   362
        bool expired;
Edouard@560
   363
        status = key_expired(session, identity->fpr, &expired);
vb@214
   364
        assert(status == PEP_STATUS_OK);
Edouard@499
   365
        if (status != PEP_STATUS_OK) {
Edouard@499
   366
            goto free_keylist;
Edouard@499
   367
        }
vb@214
   368
vb@214
   369
        if (status == PEP_STATUS_OK && expired) {
vb@214
   370
            timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
Edouard@560
   371
            renew_key(session, identity->fpr, ts);
vb@214
   372
            free_timestamp(ts);
vb@214
   373
        }
vb@214
   374
    }
vb@0
   375
vb@0
   376
    status = set_identity(session, identity);
vb@0
   377
    assert(status == PEP_STATUS_OK);
Edouard@499
   378
    if (status != PEP_STATUS_OK) {
Edouard@499
   379
        goto free_keylist;
Edouard@499
   380
    }
vb@0
   381
vb@0
   382
    return PEP_STATUS_OK;
Edouard@499
   383
Edouard@499
   384
free_keylist:
Edouard@499
   385
    free_stringlist(keylist);
Edouard@499
   386
    return status;
vb@0
   387
}
vb@0
   388
vb@296
   389
DYNAMIC_API PEP_STATUS register_examine_function(
vb@292
   390
        PEP_SESSION session, 
vb@292
   391
        examine_identity_t examine_identity,
vb@292
   392
        void *management
vb@292
   393
    )
vb@292
   394
{
vb@292
   395
    assert(session);
vb@292
   396
    if (!session)
vb@292
   397
        return PEP_ILLEGAL_VALUE;
vb@292
   398
vb@292
   399
    session->examine_management = management;
vb@292
   400
    session->examine_identity = examine_identity;
vb@292
   401
vb@292
   402
    return PEP_STATUS_OK;
vb@292
   403
}
vb@292
   404
vb@0
   405
DYNAMIC_API PEP_STATUS do_keymanagement(
vb@0
   406
        retrieve_next_identity_t retrieve_next_identity,
vb@0
   407
        void *management
vb@0
   408
    )
vb@0
   409
{
vb@0
   410
    PEP_SESSION session;
vb@0
   411
    pEp_identity *identity;
Edouard@499
   412
    PEP_STATUS status;
vb@0
   413
Edouard@499
   414
    assert(retrieve_next_identity);
Edouard@499
   415
    assert(management);
Edouard@499
   416
Edouard@499
   417
    if (!retrieve_next_identity || !management)
Edouard@499
   418
        return PEP_ILLEGAL_VALUE;
Edouard@499
   419
Edouard@499
   420
    status = init(&session);
vb@0
   421
    assert(status == PEP_STATUS_OK);
vb@0
   422
    if (status != PEP_STATUS_OK)
vb@0
   423
        return status;
vb@0
   424
vb@0
   425
    log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);
vb@0
   426
Edouard@499
   427
    while ((identity = retrieve_next_identity(management))) 
Edouard@499
   428
    {
vb@0
   429
        assert(identity->address);
Edouard@499
   430
        if(identity->address)
Edouard@499
   431
        {
Edouard@499
   432
            DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);
Edouard@499
   433
Edouard@499
   434
            if (identity->me) {
Edouard@499
   435
                status = myself(session, identity);
Edouard@499
   436
            } else {
Edouard@499
   437
                status = recv_key(session, identity->address);
Edouard@499
   438
            }
Edouard@499
   439
vb@0
   440
            assert(status != PEP_OUT_OF_MEMORY);
Edouard@499
   441
            if(status == PEP_OUT_OF_MEMORY)
Edouard@499
   442
                return PEP_OUT_OF_MEMORY;
vb@0
   443
        }
vb@0
   444
        free_identity(identity);
vb@0
   445
    }
vb@0
   446
vb@0
   447
    log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);
vb@0
   448
vb@0
   449
    release(session);
vb@0
   450
    return PEP_STATUS_OK;
vb@0
   451
}
vb@0
   452
vb@357
   453
DYNAMIC_API PEP_STATUS key_compromized(
vb@357
   454
        PEP_SESSION session,
vb@357
   455
        pEp_identity *ident
vb@357
   456
    )
vb@215
   457
{
vb@218
   458
    PEP_STATUS status = PEP_STATUS_OK;
vb@218
   459
vb@215
   460
    assert(session);
vb@357
   461
    assert(ident);
Edouard@439
   462
    assert(!EMPTYSTR(ident->fpr));
vb@215
   463
vb@357
   464
    if (!(session && ident && ident->fpr))
vb@215
   465
        return PEP_ILLEGAL_VALUE;
vb@215
   466
vb@357
   467
    if (ident->me)
vb@357
   468
        revoke_key(session, ident->fpr, NULL);
vb@357
   469
    status = mark_as_compromized(session, ident->fpr);
vb@218
   470
vb@218
   471
    return status;
vb@215
   472
}
vb@215
   473
Edouard@410
   474
DYNAMIC_API PEP_STATUS key_reset_trust(
Edouard@410
   475
        PEP_SESSION session,
Edouard@410
   476
        pEp_identity *ident
Edouard@410
   477
    )
Edouard@410
   478
{
Edouard@410
   479
    PEP_STATUS status = PEP_STATUS_OK;
Edouard@410
   480
Edouard@410
   481
    assert(session);
Edouard@410
   482
    assert(ident);
vb@420
   483
    assert(!ident->me);
Edouard@439
   484
    assert(!EMPTYSTR(ident->fpr));
Edouard@439
   485
    assert(!EMPTYSTR(ident->address));
Edouard@439
   486
    assert(!EMPTYSTR(ident->user_id));
Edouard@410
   487
vb@420
   488
    if (!(session && ident && !ident->me && ident->fpr && ident->address &&
vb@420
   489
            ident->user_id))
Edouard@410
   490
        return PEP_ILLEGAL_VALUE;
Edouard@410
   491
vb@420
   492
    status = update_identity(session, ident);
vb@420
   493
    if (status != PEP_STATUS_OK)
vb@420
   494
        return status;
Edouard@410
   495
Edouard@442
   496
    if (ident->comm_type == PEP_ct_mistrusted)
vb@421
   497
        ident->comm_type = PEP_ct_unknown;
vb@421
   498
    else
vb@421
   499
        ident->comm_type &= ~PEP_ct_confirmed;
vb@421
   500
vb@420
   501
    status = set_identity(session, ident);
vb@421
   502
    if (status != PEP_STATUS_OK)
vb@421
   503
        return status;
vb@421
   504
vb@422
   505
    if (ident->comm_type == PEP_ct_unknown)
vb@422
   506
        status = update_identity(session, ident);
Edouard@410
   507
    return status;
Edouard@410
   508
}
Edouard@410
   509
vb@354
   510
DYNAMIC_API PEP_STATUS trust_personal_key(
vb@354
   511
        PEP_SESSION session,
vb@354
   512
        pEp_identity *ident
vb@354
   513
    )
vb@354
   514
{
vb@354
   515
    PEP_STATUS status = PEP_STATUS_OK;
vb@354
   516
vb@354
   517
    assert(session);
vb@354
   518
    assert(ident);
Edouard@439
   519
    assert(!EMPTYSTR(ident->address));
Edouard@439
   520
    assert(!EMPTYSTR(ident->user_id));
Edouard@439
   521
    assert(!EMPTYSTR(ident->fpr));
vb@354
   522
    assert(!ident->me);
vb@354
   523
Edouard@439
   524
    if (!ident || EMPTYSTR(ident->address) || EMPTYSTR(ident->user_id) ||
Edouard@439
   525
            EMPTYSTR(ident->fpr) || ident->me)
vb@354
   526
        return PEP_ILLEGAL_VALUE;
vb@354
   527
vb@354
   528
    status = update_identity(session, ident);
vb@354
   529
    if (status != PEP_STATUS_OK)
vb@354
   530
        return status;
vb@354
   531
vb@356
   532
    if (ident->comm_type > PEP_ct_strong_but_unconfirmed) {
vb@356
   533
        ident->comm_type |= PEP_ct_confirmed;
Edouard@488
   534
        status = set_identity(session, ident);
vb@356
   535
    }
vb@356
   536
    else {
vb@356
   537
        // MISSING: S/MIME has to be handled depending on trusted CAs
vb@370
   538
        status = PEP_CANNOT_SET_TRUST;
vb@356
   539
    }
vb@354
   540
vb@354
   541
    return status;
vb@354
   542
}
vb@354
   543
Edouard@584
   544
DYNAMIC_API PEP_STATUS own_key_add(PEP_SESSION session, const char *fpr)
Edouard@584
   545
{
Edouard@584
   546
    PEP_STATUS status = PEP_STATUS_OK;
Edouard@584
   547
    
Edouard@584
   548
    assert(session && fpr && fpr[0]);
Edouard@584
   549
    
Edouard@584
   550
    if (!(session && fpr && fpr[0]))
Edouard@584
   551
        return PEP_ILLEGAL_VALUE;
Edouard@584
   552
    
Edouard@584
   553
    sqlite3_reset(session->own_key_add);
Edouard@584
   554
    sqlite3_bind_text(session->own_key_add, 1, fpr, -1, SQLITE_STATIC);
Edouard@584
   555
    
Edouard@584
   556
    int result;
Edouard@584
   557
    
Edouard@584
   558
    result = sqlite3_step(session->own_key_add);
Edouard@584
   559
    switch (result) {
Edouard@584
   560
        case SQLITE_DONE:
Edouard@584
   561
            status = PEP_STATUS_OK;
Edouard@584
   562
            break;
Edouard@584
   563
            
Edouard@584
   564
        default:
Edouard@584
   565
            status = PEP_UNKNOWN_ERROR;
Edouard@584
   566
    }
Edouard@584
   567
    
Edouard@584
   568
    sqlite3_reset(session->own_key_add);
Edouard@584
   569
    return status;
Edouard@584
   570
}
Edouard@584
   571
Edouard@584
   572
DYNAMIC_API PEP_STATUS own_key_is_listed(
Edouard@584
   573
                                           PEP_SESSION session,
Edouard@584
   574
                                           const char *fpr,
Edouard@584
   575
                                           bool *listed
Edouard@584
   576
                                           )
Edouard@584
   577
{
Edouard@584
   578
    PEP_STATUS status = PEP_STATUS_OK;
Edouard@584
   579
    int count;
Edouard@584
   580
    
Edouard@584
   581
    assert(session && fpr && fpr[0] && listed);
Edouard@584
   582
    
Edouard@584
   583
    if (!(session && fpr && fpr[0] && listed))
Edouard@584
   584
        return PEP_ILLEGAL_VALUE;
Edouard@584
   585
    
Edouard@584
   586
    *listed = false;
Edouard@584
   587
    
Edouard@584
   588
    sqlite3_reset(session->own_key_is_listed);
Edouard@584
   589
    sqlite3_bind_text(session->own_key_is_listed, 1, fpr, -1, SQLITE_STATIC);
Edouard@584
   590
    
Edouard@584
   591
    int result;
Edouard@584
   592
    
Edouard@584
   593
    result = sqlite3_step(session->own_key_is_listed);
Edouard@584
   594
    switch (result) {
Edouard@584
   595
        case SQLITE_ROW:
Edouard@584
   596
            count = sqlite3_column_int(session->own_key_is_listed, 0);
Edouard@584
   597
            *listed = count > 0;
Edouard@584
   598
            status = PEP_STATUS_OK;
Edouard@584
   599
            break;
Edouard@584
   600
            
Edouard@584
   601
        default:
Edouard@584
   602
            status = PEP_UNKNOWN_ERROR;
Edouard@584
   603
    }
Edouard@584
   604
    
Edouard@584
   605
    sqlite3_reset(session->own_key_is_listed);
Edouard@584
   606
    return status;
Edouard@584
   607
}
Edouard@584
   608
Edouard@584
   609
DYNAMIC_API PEP_STATUS own_key_retrieve(
Edouard@584
   610
                                          PEP_SESSION session,
Edouard@584
   611
                                          stringlist_t **own_key
Edouard@584
   612
                                          )
Edouard@584
   613
{
Edouard@584
   614
    PEP_STATUS status = PEP_STATUS_OK;
Edouard@584
   615
    
Edouard@584
   616
    assert(session);
Edouard@584
   617
    assert(own_key);
Edouard@584
   618
    
Edouard@584
   619
    if (!(session && own_key))
Edouard@584
   620
        return PEP_ILLEGAL_VALUE;
Edouard@584
   621
    
Edouard@584
   622
    *own_key = NULL;
Edouard@584
   623
    stringlist_t *_own_key = new_stringlist(NULL);
Edouard@584
   624
    if (_own_key == NULL)
Edouard@584
   625
        goto enomem;
Edouard@584
   626
    
Edouard@584
   627
    sqlite3_reset(session->own_key_retrieve);
Edouard@584
   628
    
Edouard@584
   629
    int result;
Edouard@584
   630
    const char *fpr = NULL;
Edouard@584
   631
    
Edouard@584
   632
    stringlist_t *_bl = _own_key;
Edouard@584
   633
    do {
Edouard@584
   634
        result = sqlite3_step(session->own_key_retrieve);
Edouard@584
   635
        switch (result) {
Edouard@584
   636
            case SQLITE_ROW:
Edouard@584
   637
                fpr = (const char *) sqlite3_column_text(session->own_key_retrieve, 0);
Edouard@584
   638
                
Edouard@584
   639
                _bl = stringlist_add(_bl, fpr);
Edouard@584
   640
                if (_bl == NULL)
Edouard@584
   641
                    goto enomem;
Edouard@584
   642
                
Edouard@584
   643
                break;
Edouard@584
   644
                
Edouard@584
   645
            case SQLITE_DONE:
Edouard@584
   646
                break;
Edouard@584
   647
                
Edouard@584
   648
            default:
Edouard@584
   649
                status = PEP_UNKNOWN_ERROR;
Edouard@584
   650
                result = SQLITE_DONE;
Edouard@584
   651
        }
Edouard@584
   652
    } while (result != SQLITE_DONE);
Edouard@584
   653
    
Edouard@584
   654
    sqlite3_reset(session->own_key_retrieve);
Edouard@584
   655
    if (status == PEP_STATUS_OK)
Edouard@584
   656
        *own_key = _own_key;
Edouard@584
   657
    else
Edouard@584
   658
        free_stringlist(_own_key);
Edouard@584
   659
    
Edouard@584
   660
    goto the_end;
Edouard@584
   661
    
Edouard@584
   662
enomem:
Edouard@584
   663
    free_stringlist(_own_key);
Edouard@584
   664
    status = PEP_OUT_OF_MEMORY;
Edouard@584
   665
    
Edouard@584
   666
the_end:
Edouard@584
   667
    return status;
Edouard@584
   668
}