src/keymanagement.c
author Edouard Tisserant
Mon, 02 May 2016 01:50:58 +0200
changeset 560 61966cd2d7a7
parent 559 32811e6a231c
child 562 fe56206d4630
permissions -rw-r--r--
Made myself() re-use already selected fpr from pre-existing identity if not explicitely given. More restriction while selecting gpg ring's key should still be enforced.
vb@130
     1
#include "platform.h"
vb@0
     2
vb@0
     3
#include <string.h>
vb@0
     4
#include <stdio.h>
vb@0
     5
#include <stdlib.h>
vb@0
     6
#include <assert.h>
Edouard@512
     7
#include <ctype.h>
vb@0
     8
vb@217
     9
#include "pEp_internal.h"
vb@0
    10
#include "keymanagement.h"
vb@0
    11
Edouard@439
    12
#ifndef EMPTYSTR
roker@500
    13
#define EMPTYSTR(STR) ((STR) == NULL || (STR)[0] == '\0')
vb@8
    14
#endif
vb@8
    15
vb@214
    16
#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
vb@214
    17
Edouard@512
    18
// Space tolerant and case insensitive fingerprint string compare
Edouard@512
    19
static int _same_fpr(
Edouard@512
    20
        const char* fpra,
Edouard@512
    21
        size_t fpras,
Edouard@512
    22
        const char* fprb,
Edouard@512
    23
        size_t fprbs
Edouard@512
    24
    )
Edouard@512
    25
{
Edouard@512
    26
    size_t ai = 0;
Edouard@512
    27
    size_t bi = 0;
Edouard@512
    28
    
Edouard@544
    29
    do
Edouard@544
    30
    {
Edouard@544
    31
        if(fpra[ai] == 0 || fprb[bi] == 0)
Edouard@544
    32
        {
Edouard@512
    33
            return 0;
Edouard@544
    34
        }
Edouard@544
    35
        else if(fpra[ai] == ' ')
Edouard@544
    36
        {
Edouard@512
    37
            ai++;
Edouard@544
    38
        }
Edouard@544
    39
        else if(fprb[bi] == ' ')
Edouard@544
    40
        {
Edouard@512
    41
            bi++;
Edouard@544
    42
        }
Edouard@544
    43
        else if(toupper(fpra[ai]) == toupper(fprb[bi]))
Edouard@544
    44
        {
Edouard@512
    45
            ai++;
Edouard@512
    46
            bi++;
Edouard@512
    47
        }
Edouard@544
    48
        else
Edouard@544
    49
        {
Edouard@544
    50
            return 0;
Edouard@544
    51
        }
Edouard@544
    52
        
Edouard@544
    53
    }
Edouard@544
    54
    while(ai < fpras && bi < fprbs);
Edouard@512
    55
    
Edouard@512
    56
    return ai == fpras && bi == fprbs;
Edouard@512
    57
}
Edouard@512
    58
vb@0
    59
DYNAMIC_API PEP_STATUS update_identity(
vb@0
    60
        PEP_SESSION session, pEp_identity * identity
vb@0
    61
    )
vb@0
    62
{
vb@0
    63
    pEp_identity *stored_identity;
vb@0
    64
    PEP_STATUS status;
vb@0
    65
vb@0
    66
    assert(session);
vb@0
    67
    assert(identity);
Edouard@439
    68
    assert(!EMPTYSTR(identity->address));
vb@0
    69
Edouard@439
    70
    if (!(session && identity && !EMPTYSTR(identity->address)))
vb@191
    71
        return PEP_ILLEGAL_VALUE;
vb@191
    72
Edouard@559
    73
    int _no_user_id = EMPTYSTR(identity->user_id);
Edouard@559
    74
Edouard@559
    75
    if (_no_user_id)
Edouard@559
    76
    {
Edouard@559
    77
        free(identity->user_id);
Edouard@559
    78
Edouard@559
    79
        status = get_best_user(session,
Edouard@559
    80
                              identity->address,
Edouard@559
    81
                              &identity->user_id);
Edouard@559
    82
Edouard@559
    83
        // Default user_id, aka Virtual user_id
Edouard@559
    84
        if (status == PEP_CANNOT_FIND_IDENTITY)
Edouard@559
    85
        {
Edouard@559
    86
            identity->user_id = calloc(1, identity->address_size + 5);
Edouard@559
    87
            if (!identity->user_id)
Edouard@559
    88
            {
Edouard@559
    89
                return PEP_OUT_OF_MEMORY;
Edouard@559
    90
            }
Edouard@559
    91
            snprintf(identity->user_id, identity->address_size + 5,
Edouard@559
    92
                     "TOFU_%s", identity->address);
Edouard@559
    93
        }
Edouard@559
    94
        else if (status != PEP_STATUS_OK)
Edouard@559
    95
        {
Edouard@559
    96
            return status;
Edouard@559
    97
        }
Edouard@559
    98
        
Edouard@559
    99
        if(identity->user_id)
Edouard@559
   100
        {
Edouard@559
   101
            identity->user_id_size = strlen(identity->user_id);
Edouard@559
   102
        }
Edouard@559
   103
    }
Edouard@559
   104
    
Edouard@559
   105
    status = get_identity(session,
Edouard@559
   106
                          identity->address,
Edouard@559
   107
                          identity->user_id,
Edouard@559
   108
                          &stored_identity);
Edouard@559
   109
    
vb@0
   110
    assert(status != PEP_OUT_OF_MEMORY);
vb@0
   111
    if (status == PEP_OUT_OF_MEMORY)
vb@0
   112
        return PEP_OUT_OF_MEMORY;
vb@0
   113
vb@14
   114
    if (stored_identity) {
vb@14
   115
        PEP_comm_type _comm_type_key;
vb@14
   116
        status = get_key_rating(session, stored_identity->fpr, &_comm_type_key);
vb@14
   117
        assert(status != PEP_OUT_OF_MEMORY);
vb@14
   118
        if (status == PEP_OUT_OF_MEMORY)
vb@14
   119
            return PEP_OUT_OF_MEMORY;
vb@10
   120
Edouard@439
   121
        if (EMPTYSTR(identity->username)) {
vb@22
   122
            free(identity->username);
Edouard@498
   123
            identity->username = strndup(stored_identity->username, stored_identity->username_size);
Edouard@498
   124
            assert(identity->username);
vb@22
   125
            if (identity->username == NULL)
vb@22
   126
                return PEP_OUT_OF_MEMORY;
vb@22
   127
            identity->username_size = stored_identity->username_size;
vb@22
   128
        }
vb@22
   129
Edouard@439
   130
        if (EMPTYSTR(identity->fpr)) {
Edouard@498
   131
            identity->fpr = strndup(stored_identity->fpr, stored_identity->fpr_size);
vb@8
   132
            assert(identity->fpr);
vb@8
   133
            if (identity->fpr == NULL)
vb@8
   134
                return PEP_OUT_OF_MEMORY;
Edouard@406
   135
            identity->fpr_size = stored_identity->fpr_size;
vb@14
   136
            if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
vb@14
   137
                identity->comm_type = _comm_type_key;
vb@14
   138
            }
vb@14
   139
            else {
vb@14
   140
                identity->comm_type = stored_identity->comm_type;
vb@14
   141
            }
vb@8
   142
        }
Edouard@439
   143
        else /* !EMPTYSTR(identity->fpr) */ {
Edouard@512
   144
            if (_same_fpr(identity->fpr,
Edouard@512
   145
                          identity->fpr_size,
Edouard@512
   146
                          stored_identity->fpr,
Edouard@512
   147
                          stored_identity->fpr_size)) {
vb@14
   148
                if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
vb@14
   149
                    identity->comm_type = _comm_type_key;
Edouard@488
   150
                }else{
Edouard@488
   151
                    identity->comm_type = stored_identity->comm_type;
Edouard@488
   152
                    if (identity->comm_type == PEP_ct_unknown) {
Edouard@488
   153
                        identity->comm_type = _comm_type_key;
vb@8
   154
                    }
vb@8
   155
                }
vb@496
   156
            } else {
Edouard@488
   157
                status = get_trust(session, identity);
Edouard@488
   158
                assert(status != PEP_OUT_OF_MEMORY);
Edouard@488
   159
                if (status == PEP_OUT_OF_MEMORY)
Edouard@488
   160
                    return PEP_OUT_OF_MEMORY;
vb@496
   161
                if (identity->comm_type < stored_identity->comm_type)
vb@496
   162
                    identity->comm_type = PEP_ct_unknown;
vb@8
   163
            }
vb@8
   164
        }
vb@8
   165
vb@21
   166
        if (identity->lang[0] == 0) {
vb@21
   167
            identity->lang[0] = stored_identity->lang[0];
vb@21
   168
            identity->lang[1] = stored_identity->lang[1];
vb@21
   169
            identity->lang[2] = 0;
vb@21
   170
        }
vb@21
   171
    }
vb@21
   172
    else /* stored_identity == NULL */ {
Edouard@439
   173
        if (!EMPTYSTR(identity->fpr)) {
vb@21
   174
            PEP_comm_type _comm_type_key;
vb@21
   175
vb@21
   176
            status = get_key_rating(session, identity->fpr, &_comm_type_key);
vb@21
   177
            assert(status != PEP_OUT_OF_MEMORY);
vb@21
   178
            if (status == PEP_OUT_OF_MEMORY)
vb@21
   179
                return PEP_OUT_OF_MEMORY;
vb@21
   180
vb@21
   181
            identity->comm_type = _comm_type_key;
vb@21
   182
        }
Edouard@439
   183
        else /* EMPTYSTR(identity->fpr) */ {
vb@21
   184
            PEP_STATUS status;
vb@21
   185
            stringlist_t *keylist;
vb@21
   186
            char *_fpr = NULL;
vb@21
   187
            identity->comm_type = PEP_ct_unknown;
vb@21
   188
vb@21
   189
            status = find_keys(session, identity->address, &keylist);
vb@21
   190
            assert(status != PEP_OUT_OF_MEMORY);
vb@21
   191
            if (status == PEP_OUT_OF_MEMORY)
vb@21
   192
                return PEP_OUT_OF_MEMORY;
vb@21
   193
vb@21
   194
            stringlist_t *_keylist;
vb@21
   195
            for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
vb@21
   196
                PEP_comm_type _comm_type_key;
vb@21
   197
vb@21
   198
                status = get_key_rating(session, _keylist->value, &_comm_type_key);
vb@21
   199
                assert(status != PEP_OUT_OF_MEMORY);
vb@21
   200
                if (status == PEP_OUT_OF_MEMORY) {
vb@21
   201
                    free_stringlist(keylist);
vb@21
   202
                    return PEP_OUT_OF_MEMORY;
vb@21
   203
                }
vb@21
   204
vb@21
   205
                if (identity->comm_type == PEP_ct_unknown) {
vb@21
   206
                    if (_comm_type_key != PEP_ct_compromized && _comm_type_key != PEP_ct_unknown) {
vb@21
   207
                        identity->comm_type = _comm_type_key;
vb@21
   208
                        _fpr = _keylist->value;
vb@21
   209
                    }
vb@21
   210
                }
vb@21
   211
                else {
vb@21
   212
                    if (_comm_type_key != PEP_ct_compromized && _comm_type_key != PEP_ct_unknown) {
vb@21
   213
                        if (_comm_type_key > identity->comm_type) {
vb@21
   214
                            identity->comm_type = _comm_type_key;
vb@21
   215
                            _fpr = _keylist->value;
vb@21
   216
                        }
vb@21
   217
                    }
vb@21
   218
                }
vb@21
   219
            }
vb@21
   220
vb@21
   221
            if (_fpr) {
vb@21
   222
                free(identity->fpr);
vb@21
   223
vb@21
   224
                identity->fpr = strdup(_fpr);
vb@21
   225
                if (identity->fpr == NULL) {
vb@21
   226
                    free_stringlist(keylist);
vb@21
   227
                    return PEP_OUT_OF_MEMORY;
vb@21
   228
                }
vb@21
   229
                identity->fpr_size = strlen(identity->fpr);
vb@21
   230
            }
vb@21
   231
            free_stringlist(keylist);
vb@21
   232
        }
vb@21
   233
    }
vb@21
   234
vb@21
   235
    status = PEP_STATUS_OK;
vb@21
   236
Edouard@439
   237
    if (identity->comm_type != PEP_ct_unknown && !EMPTYSTR(identity->user_id)) {
Edouard@439
   238
        assert(!EMPTYSTR(identity->username)); // this should not happen
vb@22
   239
Edouard@439
   240
        if (EMPTYSTR(identity->username)) { // mitigate
vb@0
   241
            free(identity->username);
vb@22
   242
            identity->username = strdup("anonymous");
vb@8
   243
            if (identity->username == NULL)
vb@8
   244
                return PEP_OUT_OF_MEMORY;
vb@22
   245
            identity->username_size = 9;
vb@0
   246
        }
vb@8
   247
Edouard@559
   248
        // Identity doesn't get stored if is was just about checking existing
Edouard@559
   249
        // user by address (i.e. no user id but already stored)
Edouard@559
   250
        if (!(_no_user_id && stored_identity))
Edouard@559
   251
        {
Edouard@559
   252
            status = set_identity(session, identity);
Edouard@559
   253
            assert(status == PEP_STATUS_OK);
Edouard@559
   254
            if (status != PEP_STATUS_OK) {
Edouard@559
   255
                return status;
Edouard@559
   256
            }
Edouard@499
   257
        }
vb@8
   258
    }
vb@8
   259
vb@297
   260
    if (identity->comm_type != PEP_ct_compromized &&
vb@297
   261
            identity->comm_type < PEP_ct_strong_but_unconfirmed)
vb@297
   262
        if (session->examine_identity)
vb@297
   263
            session->examine_identity(identity, session->examine_management);
vb@297
   264
vb@8
   265
    return status;
vb@0
   266
}
vb@0
   267
vb@0
   268
DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
vb@0
   269
{
Edouard@560
   270
    pEp_identity *stored_identity;
vb@0
   271
    PEP_STATUS status;
vb@46
   272
    stringlist_t *keylist = NULL;
vb@0
   273
vb@0
   274
    assert(session);
vb@0
   275
    assert(identity);
vb@0
   276
    assert(identity->address);
vb@0
   277
    assert(identity->username);
vb@0
   278
    assert(identity->user_id);
vb@0
   279
vb@191
   280
    if (!(session && identity && identity->address && identity->username &&
vb@191
   281
                identity->user_id))
vb@191
   282
        return PEP_ILLEGAL_VALUE;
vb@191
   283
vb@0
   284
    identity->comm_type = PEP_ct_pEp;
vb@0
   285
    identity->me = true;
vb@0
   286
vb@215
   287
    DEBUG_LOG("myself", "debug", identity->address);
vb@0
   288
Edouard@560
   289
    
Edouard@560
   290
    status = get_identity(session,
Edouard@560
   291
                          identity->address,
Edouard@560
   292
                          identity->user_id,
Edouard@560
   293
                          &stored_identity);
Edouard@560
   294
    
vb@0
   295
    assert(status != PEP_OUT_OF_MEMORY);
vb@0
   296
    if (status == PEP_OUT_OF_MEMORY)
vb@0
   297
        return PEP_OUT_OF_MEMORY;
Edouard@560
   298
    
Edouard@560
   299
    if (stored_identity)
Edouard@560
   300
    {
Edouard@560
   301
        if (EMPTYSTR(identity->fpr)) {
Edouard@560
   302
            identity->fpr = strndup(stored_identity->fpr, stored_identity->fpr_size);
Edouard@560
   303
            assert(identity->fpr);
Edouard@560
   304
            if (identity->fpr == NULL)
Edouard@560
   305
            {
Edouard@560
   306
                return PEP_OUT_OF_MEMORY;
Edouard@560
   307
            }
Edouard@560
   308
            identity->fpr_size = stored_identity->fpr_size;
Edouard@560
   309
        }
Edouard@560
   310
    }
Edouard@560
   311
    else
Edouard@560
   312
    {
Edouard@560
   313
        free(identity->fpr);
Edouard@560
   314
        identity->fpr_size = 0;
Edouard@560
   315
        
Edouard@560
   316
        status = find_keys(session, identity->address, &keylist);
Edouard@560
   317
        assert(status != PEP_OUT_OF_MEMORY);
Edouard@560
   318
        if (status == PEP_OUT_OF_MEMORY)
Edouard@560
   319
            return PEP_OUT_OF_MEMORY;
Edouard@560
   320
        
Edouard@560
   321
        if (keylist != NULL && keylist->value != NULL)
Edouard@560
   322
        {
Edouard@560
   323
            // BUG : Vulnerable to auto-key-import poisoning.
Edouard@560
   324
            //       Attacker's key with forged userId could have been
Edouard@560
   325
            //       auto imported from already received email and be used here
Edouard@560
   326
            
Edouard@560
   327
            // TODO : iterate over list to elect best key
Edouard@560
   328
            // TODO : discard keys which aren't private
Edouard@560
   329
            // TODO : discard keys which aren't either
Edouard@560
   330
            //             - own generated key
Edouard@560
   331
            //             - own from synchronized device group
Edouard@560
   332
            //             - already fully trusted as a public key of known
Edouard@560
   333
            //               identity, for that same address
Edouard@560
   334
            //               (case of imported key for mailing lists)
Edouard@560
   335
            
Edouard@560
   336
            identity->fpr = strdup(keylist->value);
Edouard@560
   337
            assert(identity->fpr);
Edouard@560
   338
            if (identity->fpr == NULL)
Edouard@560
   339
            {
Edouard@560
   340
                return PEP_OUT_OF_MEMORY;
Edouard@560
   341
            }
Edouard@560
   342
            identity->fpr_size = strlen(identity->fpr);
Edouard@560
   343
        }
Edouard@560
   344
        
Edouard@560
   345
    }
Edouard@560
   346
    
Edouard@560
   347
    // TODO : Check key for revoked state
Edouard@560
   348
    
Edouard@560
   349
    if (EMPTYSTR(identity->fpr) /* or revoked */)
Edouard@560
   350
    {
Edouard@560
   351
        
vb@215
   352
        DEBUG_LOG("generating key pair", "debug", identity->address);
vb@0
   353
        status = generate_keypair(session, identity);
vb@0
   354
        assert(status != PEP_OUT_OF_MEMORY);
vb@0
   355
        if (status != PEP_STATUS_OK) {
vb@0
   356
            char buf[11];
vb@0
   357
            snprintf(buf, 11, "%d", status);
vb@215
   358
            DEBUG_LOG("generating key pair failed", "debug", buf);
vb@0
   359
            return status;
vb@0
   360
        }
Edouard@560
   361
        
vb@0
   362
        status = find_keys(session, identity->address, &keylist);
vb@0
   363
        assert(status != PEP_OUT_OF_MEMORY);
vb@0
   364
        if (status == PEP_OUT_OF_MEMORY)
vb@0
   365
            return PEP_OUT_OF_MEMORY;
Edouard@560
   366
        
vb@372
   367
        assert(keylist && keylist->value);
Edouard@371
   368
        if (keylist == NULL || keylist->value == NULL) {
Edouard@371
   369
            return PEP_UNKNOWN_ERROR;
Edouard@371
   370
        }
vb@0
   371
    }
Edouard@560
   372
    else
Edouard@560
   373
    {
vb@214
   374
        bool expired;
Edouard@560
   375
        status = key_expired(session, identity->fpr, &expired);
vb@214
   376
        assert(status == PEP_STATUS_OK);
Edouard@499
   377
        if (status != PEP_STATUS_OK) {
Edouard@499
   378
            goto free_keylist;
Edouard@499
   379
        }
vb@214
   380
vb@214
   381
        if (status == PEP_STATUS_OK && expired) {
vb@214
   382
            timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
Edouard@560
   383
            renew_key(session, identity->fpr, ts);
vb@214
   384
            free_timestamp(ts);
vb@214
   385
        }
vb@214
   386
    }
vb@0
   387
vb@0
   388
    status = set_identity(session, identity);
vb@0
   389
    assert(status == PEP_STATUS_OK);
Edouard@499
   390
    if (status != PEP_STATUS_OK) {
Edouard@499
   391
        goto free_keylist;
Edouard@499
   392
    }
vb@0
   393
vb@0
   394
    return PEP_STATUS_OK;
Edouard@499
   395
Edouard@499
   396
free_keylist:
Edouard@499
   397
    free_stringlist(keylist);
Edouard@499
   398
    return status;
vb@0
   399
}
vb@0
   400
vb@296
   401
DYNAMIC_API PEP_STATUS register_examine_function(
vb@292
   402
        PEP_SESSION session, 
vb@292
   403
        examine_identity_t examine_identity,
vb@292
   404
        void *management
vb@292
   405
    )
vb@292
   406
{
vb@292
   407
    assert(session);
vb@292
   408
    if (!session)
vb@292
   409
        return PEP_ILLEGAL_VALUE;
vb@292
   410
vb@292
   411
    session->examine_management = management;
vb@292
   412
    session->examine_identity = examine_identity;
vb@292
   413
vb@292
   414
    return PEP_STATUS_OK;
vb@292
   415
}
vb@292
   416
vb@0
   417
DYNAMIC_API PEP_STATUS do_keymanagement(
vb@0
   418
        retrieve_next_identity_t retrieve_next_identity,
vb@0
   419
        void *management
vb@0
   420
    )
vb@0
   421
{
vb@0
   422
    PEP_SESSION session;
vb@0
   423
    pEp_identity *identity;
Edouard@499
   424
    PEP_STATUS status;
vb@0
   425
Edouard@499
   426
    assert(retrieve_next_identity);
Edouard@499
   427
    assert(management);
Edouard@499
   428
Edouard@499
   429
    if (!retrieve_next_identity || !management)
Edouard@499
   430
        return PEP_ILLEGAL_VALUE;
Edouard@499
   431
Edouard@499
   432
    status = init(&session);
vb@0
   433
    assert(status == PEP_STATUS_OK);
vb@0
   434
    if (status != PEP_STATUS_OK)
vb@0
   435
        return status;
vb@0
   436
vb@0
   437
    log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);
vb@0
   438
Edouard@499
   439
    while ((identity = retrieve_next_identity(management))) 
Edouard@499
   440
    {
vb@0
   441
        assert(identity->address);
Edouard@499
   442
        if(identity->address)
Edouard@499
   443
        {
Edouard@499
   444
            DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);
Edouard@499
   445
Edouard@499
   446
            if (identity->me) {
Edouard@499
   447
                status = myself(session, identity);
Edouard@499
   448
            } else {
Edouard@499
   449
                status = recv_key(session, identity->address);
Edouard@499
   450
            }
Edouard@499
   451
vb@0
   452
            assert(status != PEP_OUT_OF_MEMORY);
Edouard@499
   453
            if(status == PEP_OUT_OF_MEMORY)
Edouard@499
   454
                return PEP_OUT_OF_MEMORY;
vb@0
   455
        }
vb@0
   456
        free_identity(identity);
vb@0
   457
    }
vb@0
   458
vb@0
   459
    log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);
vb@0
   460
vb@0
   461
    release(session);
vb@0
   462
    return PEP_STATUS_OK;
vb@0
   463
}
vb@0
   464
vb@357
   465
DYNAMIC_API PEP_STATUS key_compromized(
vb@357
   466
        PEP_SESSION session,
vb@357
   467
        pEp_identity *ident
vb@357
   468
    )
vb@215
   469
{
vb@218
   470
    PEP_STATUS status = PEP_STATUS_OK;
vb@218
   471
vb@215
   472
    assert(session);
vb@357
   473
    assert(ident);
Edouard@439
   474
    assert(!EMPTYSTR(ident->fpr));
vb@215
   475
vb@357
   476
    if (!(session && ident && ident->fpr))
vb@215
   477
        return PEP_ILLEGAL_VALUE;
vb@215
   478
vb@357
   479
    if (ident->me)
vb@357
   480
        revoke_key(session, ident->fpr, NULL);
vb@357
   481
    status = mark_as_compromized(session, ident->fpr);
vb@218
   482
vb@218
   483
    return status;
vb@215
   484
}
vb@215
   485
Edouard@410
   486
DYNAMIC_API PEP_STATUS key_reset_trust(
Edouard@410
   487
        PEP_SESSION session,
Edouard@410
   488
        pEp_identity *ident
Edouard@410
   489
    )
Edouard@410
   490
{
Edouard@410
   491
    PEP_STATUS status = PEP_STATUS_OK;
Edouard@410
   492
Edouard@410
   493
    assert(session);
Edouard@410
   494
    assert(ident);
vb@420
   495
    assert(!ident->me);
Edouard@439
   496
    assert(!EMPTYSTR(ident->fpr));
Edouard@439
   497
    assert(!EMPTYSTR(ident->address));
Edouard@439
   498
    assert(!EMPTYSTR(ident->user_id));
Edouard@410
   499
vb@420
   500
    if (!(session && ident && !ident->me && ident->fpr && ident->address &&
vb@420
   501
            ident->user_id))
Edouard@410
   502
        return PEP_ILLEGAL_VALUE;
Edouard@410
   503
vb@420
   504
    status = update_identity(session, ident);
vb@420
   505
    if (status != PEP_STATUS_OK)
vb@420
   506
        return status;
Edouard@410
   507
Edouard@442
   508
    if (ident->comm_type == PEP_ct_mistrusted)
vb@421
   509
        ident->comm_type = PEP_ct_unknown;
vb@421
   510
    else
vb@421
   511
        ident->comm_type &= ~PEP_ct_confirmed;
vb@421
   512
vb@420
   513
    status = set_identity(session, ident);
vb@421
   514
    if (status != PEP_STATUS_OK)
vb@421
   515
        return status;
vb@421
   516
vb@422
   517
    if (ident->comm_type == PEP_ct_unknown)
vb@422
   518
        status = update_identity(session, ident);
Edouard@410
   519
    return status;
Edouard@410
   520
}
Edouard@410
   521
vb@354
   522
DYNAMIC_API PEP_STATUS trust_personal_key(
vb@354
   523
        PEP_SESSION session,
vb@354
   524
        pEp_identity *ident
vb@354
   525
    )
vb@354
   526
{
vb@354
   527
    PEP_STATUS status = PEP_STATUS_OK;
vb@354
   528
vb@354
   529
    assert(session);
vb@354
   530
    assert(ident);
Edouard@439
   531
    assert(!EMPTYSTR(ident->address));
Edouard@439
   532
    assert(!EMPTYSTR(ident->user_id));
Edouard@439
   533
    assert(!EMPTYSTR(ident->fpr));
vb@354
   534
    assert(!ident->me);
vb@354
   535
Edouard@439
   536
    if (!ident || EMPTYSTR(ident->address) || EMPTYSTR(ident->user_id) ||
Edouard@439
   537
            EMPTYSTR(ident->fpr) || ident->me)
vb@354
   538
        return PEP_ILLEGAL_VALUE;
vb@354
   539
vb@354
   540
    status = update_identity(session, ident);
vb@354
   541
    if (status != PEP_STATUS_OK)
vb@354
   542
        return status;
vb@354
   543
vb@356
   544
    if (ident->comm_type > PEP_ct_strong_but_unconfirmed) {
vb@356
   545
        ident->comm_type |= PEP_ct_confirmed;
Edouard@488
   546
        status = set_identity(session, ident);
vb@356
   547
    }
vb@356
   548
    else {
vb@356
   549
        // MISSING: S/MIME has to be handled depending on trusted CAs
vb@370
   550
        status = PEP_CANNOT_SET_TRUST;
vb@356
   551
    }
vb@354
   552
vb@354
   553
    return status;
vb@354
   554
}
vb@354
   555