repos/pEpEngine: src/keymanagement.c@688b925c3e73 (annotated)

vb@1517	1	// This file is under GNU General Public License 3.0
vb@1517	2	// see LICENSE.txt
vb@1517	3
vb@130	4	#include "platform.h"
vb@0	5
vb@0	6	#include <string.h>
vb@0	7	#include <stdio.h>
vb@0	8	#include <stdlib.h>
vb@0	9	#include <assert.h>
Edouard@512	10	#include <ctype.h>
vb@0	11
vb@217	12	#include "pEp_internal.h"
vb@0	13	#include "keymanagement.h"
vb@0	14
krista@2288	15	#include "sync_fsm.h"
krista@1253	16	#include "blacklist.h"
edouard@1195	17
Edouard@439	18	#ifndef EMPTYSTR
roker@500	19	#define EMPTYSTR(STR) ((STR) == NULL \|\| (STR)[0] == '\0')
vb@8	20	#endif
vb@8	21
vb@214	22	#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
vb@214	23
krista@2311	24
Edouard@774	25	PEP_STATUS elect_pubkey(
Edouard@755	26	PEP_SESSION session, pEp_identity * identity
Edouard@755	27	)
Edouard@755	28	{
Edouard@755	29	PEP_STATUS status;
roker@1559	30	stringlist_t *keylist = NULL;
krista@1342	31	char *_fpr = "";
Edouard@755	32	identity->comm_type = PEP_ct_unknown;
Edouard@755	33
Edouard@755	34	status = find_keys(session, identity->address, &keylist);
Edouard@755	35	assert(status != PEP_OUT_OF_MEMORY);
Edouard@755	36	if (status == PEP_OUT_OF_MEMORY)
Edouard@755	37	return PEP_OUT_OF_MEMORY;
Edouard@755	38
Edouard@755	39	stringlist_t *_keylist;
Edouard@755	40	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
Edouard@755	41	PEP_comm_type _comm_type_key;
Edouard@755	42
Edouard@755	43	status = get_key_rating(session, _keylist->value, &_comm_type_key);
Edouard@755	44	assert(status != PEP_OUT_OF_MEMORY);
Edouard@755	45	if (status == PEP_OUT_OF_MEMORY) {
Edouard@755	46	free_stringlist(keylist);
Edouard@755	47	return PEP_OUT_OF_MEMORY;
Edouard@755	48	}
Edouard@755	49
Edouard@755	50	if (_comm_type_key != PEP_ct_compromized &&
Edouard@755	51	_comm_type_key != PEP_ct_unknown)
Edouard@755	52	{
Edouard@755	53	if (identity->comm_type == PEP_ct_unknown \|\|
Edouard@755	54	_comm_type_key > identity->comm_type)
Edouard@755	55	{
krista@1275	56	bool blacklisted;
krista@1275	57	status = blacklist_is_listed(session, _keylist->value, &blacklisted);
krista@1275	58	if (status == PEP_STATUS_OK && !blacklisted) {
krista@1275	59	identity->comm_type = _comm_type_key;
krista@1275	60	_fpr = _keylist->value;
krista@1275	61	}
Edouard@755	62	}
Edouard@755	63	}
Edouard@755	64	}
krista@1342	65
krista@1342	66	// if (_fpr) {
krista@1342	67	free(identity->fpr);
Edouard@755	68
krista@1342	69	identity->fpr = strdup(_fpr);
krista@1342	70	if (identity->fpr == NULL) {
krista@1342	71	free_stringlist(keylist);
krista@1342	72	return PEP_OUT_OF_MEMORY;
Edouard@755	73	}
krista@1342	74	// }
Edouard@755	75	free_stringlist(keylist);
Edouard@755	76	return PEP_STATUS_OK;
Edouard@755	77	}
Edouard@755	78
krista@2311	79	static PEP_STATUS validate_fpr(PEP_SESSION session, pEp_identity* ident) {
krista@2311	80
krista@2311	81	char* fpr = ident->fpr;
krista@2311	82	PEP_comm_type ct = ident->comm_type;
krista@2311	83	bool done = false;
krista@2311	84
krista@2311	85	bool revoked, expired;
krista@2311	86	status = key_revoked(session, fpr, &revoked);
krista@2311	87
krista@2311	88	assert(status == PEP_STATUS_OK);
krista@2311	89	if (status != PEP_STATUS_OK) {
krista@2311	90	// only happens when there was a problem
krista@2311	91	// retrieving key.
krista@2311	92	ADD_TO_LOG(status);
krista@2311	93	}
krista@2311	94
krista@2311	95	status = key_expired(session, identity->fpr,
krista@2311	96	time(NULL) + (7243600), // In a week
krista@2311	97	&expired);
krista@2311	98
krista@2311	99	assert(status == PEP_STATUS_OK);
krista@2311	100	if (status != PEP_STATUS_OK)
krista@2311	101	ADD_TO_LOG(status);
krista@2311	102
krista@2311	103	char* retval = fpr;
krista@2311	104
krista@2311	105	// FIXME: bits for pEp
krista@2311	106	if (ident->me && (ct == PEP_ct_pEp) && !revoked && expired) {
krista@2311	107	// extend key
krista@2311	108	timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
krista@2311	109	status = renew_key(session, fpr, ts);
krista@2311	110	free_timestamp(ts);
krista@2311	111
krista@2311	112	if (status == PEP_STATUS_OK) {
krista@2311	113	// if key is valid (second check because pEp key might be extended above)
krista@2311	114	// Return fpr
krista@2311	115	status = key_expired(session, fpr, &expired);
krista@2311	116	// communicate key(?)
krista@2311	117	done = true;
krista@2311	118	}
krista@2311	119	}
krista@2311	120
krista@2311	121	if (revoked)
krista@2311	122	ct = PEP_ct_revoked; // not to be stored. To be used here.
krista@2311	123	else if (expired)
krista@2311	124	ct = PEP_ct_expired;
krista@2311	125
krista@2311	126	switch (ct) {
krista@2311	127	case PEP_ct_key_expired:
krista@2311	128	case PEP_ct_key_revoked
krista@2311	129	case PEP_ct_key_b0rken:
krista@2311	130	// delete key from being default key for all users/identities
krista@2311	131	ident->fpr = NULL;
krista@2311	132	default:
krista@2311	133	break;
krista@2311	134	}
krista@2311	135
krista@2311	136	if (!(revoked \|\| expired \|\| !done))
krista@2311	137	return PEP_STATUS_OK;
krista@2311	138
krista@2311	139	return PEP_UNKNOWN_ERROR; // FIXME - better error
krista@2311	140	}
krista@2311	141
krista@2311	142	// Only call on retrieval of previously stored identity!
krista@2311	143	// Also, we presume that if the stored_identity was sent in
krista@2311	144	// without an fpr, there wasn't one in the trust DB for this
krista@2311	145	// identity.
krista@2311	146	PEP_STATUS get_valid_pubkey(PEP_STATUS session,
krista@2311	147	PEP_STATUS stored_identity) {
krista@2311	148
krista@2311	149	PEP_STATUS status = PEP_STATUS_OK;
krista@2311	150
krista@2311	151	if (!stored_identity \|\| !stored_identity->user_id)
krista@2311	152	return PEP_ILLEGAL_VALUE;
krista@2311	153
krista@2311	154	char* stored_fpr = stored_identity->fpr;
krista@2311	155	// Input: stored identity retrieved from database
krista@2311	156	// if stored identity contains a default key
krista@2311	157	if (stored_fpr) {
krista@2311	158	status = validate_fpr(session, stored_identity);
krista@2311	159	if (status == PEP_STATUS_OK && stored_identity->fpr)
krista@2311	160	return status;
krista@2311	161	}
krista@2311	162	// if no valid default stored identity key found
krista@2311	163	// try to get default key for user_data
krista@2311	164	sqlite3_reset(session->get_user_default_key);
krista@2311	165	sqlite3_bind_text(session->get_user_default_key, 1, stored_identity->user_id,
krista@2311	166	-1, SQLITE_STATIC);
krista@2311	167
krista@2311	168	const int result = sqlite3_step(session->get_user_default_key);
krista@2311	169	const char* user_fpr;
krista@2311	170	bool found = false;
krista@2311	171	if (result == SQLITE_ROW) {
krista@2311	172	user_fpr =
krista@2311	173	(const char *) sqlite3_column_text(session->get_user_default_key, 0);
krista@2311	174	if (user_fpr)
krista@2311	175	found = true;
krista@2311	176	}
krista@2311	177	if (!found)
krista@2311	178	return NULL;
krista@2311	179
krista@2311	180	// There exists a default key for user, so validate
krista@2311	181	// FIXME: we have to be able to validate comm_type too.
krista@2311	182	retval = validate_fpr(session, user_fpr, WTF,
krista@2311	183	stored_identity->me);
krista@2311	184
krista@2311	185	if (!retval) {
krista@2311	186
krista@2311	187	}
krista@2311	188
krista@2311	189	return retval;
krista@2311	190	}
krista@2311	191
edouard@1406	192	PEP_STATUS _myself(PEP_SESSION session, pEp_identity * identity, bool do_keygen, bool ignore_flags);
edouard@1385	193
edouard@1385	194	DYNAMIC_API PEP_STATUS update_identity(
edouard@1385	195	PEP_SESSION session, pEp_identity * identity
vb@0	196	)
vb@0	197	{
roker@1559	198	pEp_identity *stored_identity = NULL;
roker@1559	199	pEp_identity *temp_id = NULL;
vb@0	200	PEP_STATUS status;
vb@0	201
vb@0	202	assert(session);
vb@0	203	assert(identity);
Edouard@439	204	assert(!EMPTYSTR(identity->address));
vb@0	205
Edouard@439	206	if (!(session && identity && !EMPTYSTR(identity->address)))
roker@1853	207	return ADD_TO_LOG(PEP_ILLEGAL_VALUE);
vb@191	208
krista@2311	209	char* own_id = NULL;
krista@2311	210	status = get_own_userid(session, &own_id);
krista@2311	211
krista@2311	212	// Is this me, temporary or not? If so, _myself() is the right call.
krista@2311	213	if (identity->me \|\|
krista@2311	214	(own_id && identity->user_id && (strcmp(own_id, identity->user_id) == 0)))
krista@2311	215	{
krista@2311	216	status = _myself(session, identity, false, true);
krista@2311	217	free(own_id);
krista@2311	218	return status;
vb@1078	219	}
vb@1078	220
krista@2311	221	// We have, at least, an address.
krista@2311	222	// Retrieve stored identity information!
krista@2311	223	pEp_identity* stored_ident = NULL;
krista@2311	224	if (identity->user_id) {
krista@2311	225	// (we're gonna update the trust/fpr anyway, so we user the no-fpr variant)
krista@2311	226	// * do get_identity() to retrieve stored identity information
krista@2311	227	status = get_identity_without_fpr(session, &stored_ident);
krista@2311	228
krista@2311	229	if (identity->username) {
krista@2311	230	/*
krista@2311	231	* Retrieving information of an identity with username supplied
krista@2311	232	* Input: user_id, address, username
krista@2311	233	*/
krista@2311	234	if (status == PEP_STATUS_OK && stored_ident) {
krista@2311	235	// * if identity available
krista@2311	236	// * patch it with username
krista@2311	237	// (note: this will happen when
krista@2311	238	// setting automatically below...)
krista@2311	239	// * elect valid key for identity (see below)
krista@2311	240	// * if valid key exists
krista@2311	241	// * set identity comm_type from trust db (user_id, FPR)
krista@2311	242	// * set return value's fpr
krista@2311	243	// * call set_identity() to store
krista@2311	244	status = set_identity(identity);
krista@2311	245	// * else (identity unavailable)
krista@2311	246	// * create identity with user_id, address, username
krista@2311	247	// * search for a temporary identity for address and username
krista@2311	248	// * if temporary identity available
krista@2311	249	// * modify identity with username
krista@2311	250	// * else
krista@2311	251	// * call set_identity() to store
krista@2311	252	// * Return: modified or created identity
krista@2311	253	//
krista@2311	254	}
krista@2311	255	else {
krista@2311	256	/*
krista@2311	257	* Retrieving information of an identity without username supplied
krista@2311	258	* Input: user_id, address
krista@2311	259	*/
krista@2311	260	// * doing get_identity() to retrieve stored identity information
krista@2311	261	// * if identity not available
krista@2311	262	// * return error status (identity not found)
krista@2311	263	// * else
krista@2311	264	// * elect valid key for identity (see below)
krista@2311	265	// * if valid key exists
krista@2311	266	// * set identity comm_type from trust db (user_id, FPR)
krista@2311	267	// * set return value's fpr
krista@2311	268	// * ...? (do we also set the stored fpr?)
krista@2311	269	// * Return: identity if available
krista@2311	270
krista@2311	271
krista@2311	272	}
krista@2311	273	}
krista@2311	274	else if (identity->username) {
krista@2311	275	/*
krista@2311	276	* Temporary identity information with username supplied
krista@2311	277	* Input: address, username (no others)
krista@2311	278	*/
krista@2311	279
krista@2311	280	// * Search for an identity with non-temporary user_id with that mapping
krista@2311	281	// * if one found
krista@2311	282	// * find valid key for identity (see below)
krista@2311	283	// * if valid key exists
krista@2311	284	// * set identity comm_type from trust db (user_id, FPR)
krista@2311	285	// * set return value's fpr
krista@2311	286	// * ...? (do we also set the stored fpr?)
krista@2311	287	// * Return this identity
krista@2311	288	// * if many found
krista@2311	289	// * Return the one with newest modification date (yes, this is a heuristics)
krista@2311	290	// * else
krista@2311	291	// * create temporary identity, store it, and Return this
krista@2311	292	}
krista@2311	293	else {
krista@2311	294	/*
krista@2311	295	* Temporary identity information without username suplied
krista@2311	296	* Input: address (no others)
krista@2311	297	*/
krista@2311	298
krista@2311	299	// * Search for identity with this address
krista@2311	300	// * If exactly one found
krista@2311	301	// * elect valid key for identity (see below)
krista@2311	302	// * if valid key exists
krista@2311	303	// * set identity comm_type from trust db (user_id, FPR)
krista@2311	304	// * set return value's fpr
krista@2311	305	// * ...? (do we also set the stored fpr?)
krista@2311	306	// * Return this identity
krista@2311	307	// * else
krista@2311	308	// * return error status (too little information)
krista@2311	309	}
krista@2311	310
krista@2311	311
Edouard@559	312	int _no_user_id = EMPTYSTR(identity->user_id);
edouard@1164	313	int _did_elect_new_key = 0;
Edouard@559	314
Edouard@559	315	if (_no_user_id)
Edouard@559	316	{
krista@2303	317	char* own_id = NULL;
krista@2303	318	status = get_own_userid(session, &own_id);
krista@2303	319	if (status == PEP_STATUS_OK && own_id) {
krista@2303	320	status = get_identity(session, identity->address, own_id,
krista@2303	321	&stored_identity);
krista@2303	322	if (status == PEP_STATUS_OK) {
krista@2303	323	free_identity(stored_identity);
krista@2303	324	identity->user_id = own_id;
krista@2303	325	return _myself(session, identity, false, true);
krista@2303	326	}
vb@1015	327	}
krista@2303	328
Edouard@559	329	free(identity->user_id);
Edouard@559	330
vb@591	331	identity->user_id = calloc(1, strlen(identity->address) + 6);
Edouard@562	332	if (!identity->user_id)
Edouard@559	333	{
Edouard@562	334	return PEP_OUT_OF_MEMORY;
Edouard@559	335	}
vb@983	336	snprintf(identity->user_id, strlen(identity->address) + 6,
Edouard@562	337	"TOFU_%s", identity->address);
Edouard@559	338	}
vb@934	339
Edouard@559	340	status = get_identity(session,
Edouard@559	341	identity->address,
Edouard@559	342	identity->user_id,
Edouard@559	343	&stored_identity);
Edouard@559	344
vb@0	345	assert(status != PEP_OUT_OF_MEMORY);
vb@0	346	if (status == PEP_OUT_OF_MEMORY)
Edouard@829	347	goto exit_free;
vb@0	348
krista@1224	349	temp_id = identity_dup(identity);
krista@1220	350
edouard@1501	351	/* We don't take given fpr.
edouard@1501	352	In case there's no acceptable stored fpr, it will be elected. */
edouard@1501	353	free(temp_id->fpr);
edouard@1501	354	temp_id->fpr = NULL;
edouard@1501	355	temp_id->comm_type = PEP_ct_unknown;
edouard@1501	356
edouard@1501	357	if (stored_identity) {
krista@1188	358
edouard@1501	359	bool dont_use_stored_fpr = true;
krista@1220	360
krista@1220	361	/* if we have a stored_identity fpr */
edouard@1501	362	if (!EMPTYSTR(stored_identity->fpr)) {
krista@1791	363	bool revoked = false;
krista@1791	364	status = key_revoked(session, stored_identity->fpr, &revoked);
krista@1791	365
krista@1791	366	if (status != PEP_STATUS_OK \|\| revoked)
krista@1791	367	dont_use_stored_fpr = true;
krista@1791	368
krista@1791	369	if (revoked) {
krista@1791	370	// Do stuff
krista@1799	371	status = update_trust_for_fpr(session, stored_identity->fpr, PEP_ct_key_revoked);
krista@1791	372	// What to do on failure? FIXME
krista@1799	373	status = replace_identities_fpr(session, stored_identity->fpr, "");
krista@1791	374	}
krista@1797	375	else {
krista@1797	376	status = blacklist_is_listed(session, stored_identity->fpr, &dont_use_stored_fpr);
krista@1797	377	if (status != PEP_STATUS_OK)
krista@1797	378	dont_use_stored_fpr = true;
krista@1797	379	}
krista@1220	380	}
krista@1188	381
krista@1220	382
edouard@1501	383	if (!dont_use_stored_fpr) {
edouard@1501	384	/* Check stored comm_type */
edouard@1501	385	PEP_comm_type _comm_type_key;
edouard@1522	386	status = get_key_rating(session, stored_identity->fpr, &_comm_type_key);
edouard@1501	387	assert(status != PEP_OUT_OF_MEMORY);
edouard@1522	388	if (status == PEP_OUT_OF_MEMORY) {
edouard@1501	389	goto exit_free;
edouard@1522	390	}
edouard@1522	391	if (status == PEP_KEY_NOT_FOUND){
edouard@1522	392	/* stored key was deleted from keyring. any other candidate ?*/
edouard@1522	393	status = elect_pubkey(session, temp_id);
edouard@1522	394	if (status != PEP_STATUS_OK) {
edouard@1522	395	goto exit_free;
edouard@1522	396	} else {
edouard@1522	397	_did_elect_new_key = 1;
edouard@1522	398	}
edouard@1501	399	} else {
edouard@1522	400	temp_id->fpr = strdup(stored_identity->fpr);
edouard@1522	401	assert(temp_id->fpr);
edouard@1522	402	if (temp_id->fpr == NULL) {
edouard@1522	403	status = PEP_OUT_OF_MEMORY;
edouard@1522	404	goto exit_free;
edouard@1522	405	}
edouard@1522	406
edouard@1522	407	if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
edouard@1522	408	/* if key not good anymore,
edouard@1522	409	downgrade eventually trusted comm_type */
edouard@1501	410	temp_id->comm_type = _comm_type_key;
edouard@1522	411	} else {
edouard@1738	412	/* otherwise take stored comm_type as-is except if
edouard@1738	413	is unknown or is expired (but key not expired anymore) */
edouard@1522	414	temp_id->comm_type = stored_identity->comm_type;
edouard@1738	415	if (temp_id->comm_type == PEP_ct_unknown \|\|
edouard@1738	416	temp_id->comm_type == PEP_ct_key_expired) {
edouard@1522	417	temp_id->comm_type = _comm_type_key;
edouard@1522	418	}
edouard@1501	419	}
edouard@1501	420	}
krista@1220	421	}
edouard@1501	422	else {
edouard@1501	423	status = elect_pubkey(session, temp_id);
edouard@1522	424	if (status != PEP_STATUS_OK){
edouard@1501	425	goto exit_free;
edouard@1522	426	} else {
krista@1188	427	_did_elect_new_key = 1;
krista@1188	428	}
krista@1188	429	}
krista@1188	430
krista@1220	431	/* ok, from here on out, use temp_id */
krista@1220	432
krista@1220	433
krista@1220	434	/* At this point, we either have a non-blacklisted fpr we can work */
roker@1559	435	/* with, or we've got nada. */
edouard@1501	436
edouard@1501	437	if (EMPTYSTR(temp_id->fpr)) {
edouard@1501	438	/* nada : set comm_type accordingly */
krista@1243	439	temp_id->comm_type = PEP_ct_key_not_found;
krista@1243	440	}
krista@1243	441
krista@1220	442	if (EMPTYSTR(temp_id->username)) {
krista@1220	443	free(temp_id->username);
krista@1220	444	temp_id->username = strdup(stored_identity->username);
krista@1220	445	assert(temp_id->username);
krista@1220	446	if (temp_id->username == NULL){
Edouard@829	447	status = PEP_OUT_OF_MEMORY;
Edouard@829	448	goto exit_free;
Edouard@829	449	}
vb@22	450	}
vb@22	451
krista@1220	452	if (temp_id->lang[0] == 0) {
krista@1220	453	temp_id->lang[0] = stored_identity->lang[0];
krista@1220	454	temp_id->lang[1] = stored_identity->lang[1];
krista@1220	455	temp_id->lang[2] = 0;
vb@21	456	}
vb@932	457
krista@1220	458	temp_id->flags = stored_identity->flags;
vb@21	459	}
vb@21	460	else /* stored_identity == NULL */ {
krista@1220	461	temp_id->flags = 0;
vb@934	462
edouard@1501	463	/* We elect a pubkey */
edouard@1501	464	status = elect_pubkey(session, temp_id);
edouard@1501	465	if (status != PEP_STATUS_OK)
edouard@1501	466	goto exit_free;
edouard@1501	467
edouard@1501	468	/* Work with the elected key */
krista@1220	469	if (!EMPTYSTR(temp_id->fpr)) {
krista@1196	470
edouard@1502	471	PEP_comm_type _comm_type_key = temp_id->comm_type;
edouard@1502	472
edouard@1502	473	_did_elect_new_key = 1;
edouard@1501	474
edouard@1502	475	// We don't want to lose a previous trust entry!!!
edouard@1502	476	status = get_trust(session, temp_id);
vb@21	477
edouard@1502	478	bool has_trust_status = (status == PEP_STATUS_OK);
edouard@1502	479
edouard@1502	480	if (!has_trust_status)
edouard@1502	481	temp_id->comm_type = _comm_type_key;
vb@21	482	}
vb@21	483	}
vb@21	484
edouard@1501	485	if (temp_id->fpr == NULL) {
krista@1220	486	temp_id->fpr = strdup("");
edouard@1501	487	if (temp_id->fpr == NULL) {
edouard@1501	488	status = PEP_OUT_OF_MEMORY;
edouard@1501	489	goto exit_free;
edouard@1501	490	}
edouard@1501	491	}
krista@1193	492
krista@1193	493
vb@21	494	status = PEP_STATUS_OK;
vb@21	495
krista@1220	496	if (temp_id->comm_type != PEP_ct_unknown && !EMPTYSTR(temp_id->user_id)) {
vb@22	497
krista@1220	498	if (EMPTYSTR(temp_id->username)) { // mitigate
krista@1220	499	free(temp_id->username);
krista@2288	500	temp_id->username = strdup("Anonymous");
krista@1220	501	assert(temp_id->username);
krista@1220	502	if (temp_id->username == NULL){
Edouard@829	503	status = PEP_OUT_OF_MEMORY;
Edouard@829	504	goto exit_free;
Edouard@829	505	}
vb@0	506	}
vb@8	507
Edouard@755	508	// Identity doesn't get stored if call was just about checking existing
Edouard@755	509	// user by address (i.e. no user id given but already stored)
krista@1223	510	if (!(_no_user_id && stored_identity) \|\| _did_elect_new_key)
Edouard@559	511	{
krista@1220	512	status = set_identity(session, temp_id);
Edouard@559	513	assert(status == PEP_STATUS_OK);
Edouard@559	514	if (status != PEP_STATUS_OK) {
Edouard@829	515	goto exit_free;
Edouard@559	516	}
Edouard@499	517	}
vb@8	518	}
vb@8	519
krista@1220	520	if (temp_id->comm_type != PEP_ct_compromized &&
krista@1220	521	temp_id->comm_type < PEP_ct_strong_but_unconfirmed)
vb@297	522	if (session->examine_identity)
krista@1220	523	session->examine_identity(temp_id, session->examine_management);
krista@1220	524
krista@1220	525	/* ok, we got to the end. So we can assign the output identity */
krista@1220	526	free(identity->address);
krista@1220	527	identity->address = strdup(temp_id->address);
krista@1220	528	free(identity->fpr);
krista@1220	529	identity->fpr = strdup(temp_id->fpr);
krista@1220	530	free(identity->user_id);
krista@1220	531	identity->user_id = strdup(temp_id->user_id);
krista@1220	532	free(identity->username);
krista@2288	533	identity->username = strdup(temp_id->username ? temp_id->username : "Anonymous");
krista@1220	534	identity->comm_type = temp_id->comm_type;
krista@1220	535	identity->lang[0] = temp_id->lang[0];
krista@1220	536	identity->lang[1] = temp_id->lang[1];
krista@1220	537	identity->lang[2] = 0;
krista@2288	538	identity->me = temp_id->me;
krista@1220	539	identity->flags = temp_id->flags;
vb@297	540
Edouard@829	541	exit_free :
roker@1559	542	free_identity(stored_identity);
roker@1559	543	free_identity(temp_id);
krista@1220	544
roker@1853	545	return ADD_TO_LOG(status);
vb@0	546	}
vb@0	547
Edouard@774	548	PEP_STATUS elect_ownkey(
krista@1194	549	PEP_SESSION session, pEp_identity * identity
Edouard@774	550	)
Edouard@774	551	{
Edouard@774	552	PEP_STATUS status;
Edouard@774	553	stringlist_t *keylist = NULL;
Edouard@774	554
Edouard@774	555	free(identity->fpr);
Edouard@774	556	identity->fpr = NULL;
Edouard@774	557
krista@1357	558	status = find_private_keys(session, identity->address, &keylist);
Edouard@774	559	assert(status != PEP_OUT_OF_MEMORY);
Edouard@774	560	if (status == PEP_OUT_OF_MEMORY)
Edouard@774	561	return PEP_OUT_OF_MEMORY;
Edouard@774	562
Edouard@774	563	if (keylist != NULL && keylist->value != NULL)
Edouard@774	564	{
Edouard@774	565	char *_fpr = NULL;
Edouard@774	566	identity->comm_type = PEP_ct_unknown;
Edouard@774	567
Edouard@774	568	stringlist_t *_keylist;
Edouard@774	569	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
Edouard@774	570	bool is_own = false;
Edouard@774	571
edouard@1752	572	status = own_key_is_listed(session, _keylist->value, &is_own);
edouard@1752	573	assert(status == PEP_STATUS_OK);
edouard@1752	574	if (status != PEP_STATUS_OK) {
edouard@1752	575	free_stringlist(keylist);
edouard@1752	576	return status;
Edouard@774	577	}
Edouard@774	578
edouard@1752	579	if (is_own)
Edouard@774	580	{
Edouard@774	581	PEP_comm_type _comm_type_key;
Edouard@774	582
Edouard@774	583	status = get_key_rating(session, _keylist->value, &_comm_type_key);
Edouard@774	584	assert(status != PEP_OUT_OF_MEMORY);
Edouard@774	585	if (status == PEP_OUT_OF_MEMORY) {
Edouard@774	586	free_stringlist(keylist);
Edouard@774	587	return PEP_OUT_OF_MEMORY;
Edouard@774	588	}
Edouard@774	589
Edouard@774	590	if (_comm_type_key != PEP_ct_compromized &&
Edouard@774	591	_comm_type_key != PEP_ct_unknown)
Edouard@774	592	{
Edouard@774	593	if (identity->comm_type == PEP_ct_unknown \|\|
Edouard@774	594	_comm_type_key > identity->comm_type)
Edouard@774	595	{
Edouard@774	596	identity->comm_type = _comm_type_key;
Edouard@774	597	_fpr = _keylist->value;
Edouard@774	598	}
Edouard@774	599	}
Edouard@774	600	}
Edouard@774	601	}
Edouard@774	602
Edouard@774	603	if (_fpr)
Edouard@774	604	{
Edouard@774	605	identity->fpr = strdup(_fpr);
Edouard@774	606	assert(identity->fpr);
Edouard@774	607	if (identity->fpr == NULL)
Edouard@774	608	{
Edouard@774	609	free_stringlist(keylist);
Edouard@774	610	return PEP_OUT_OF_MEMORY;
Edouard@774	611	}
Edouard@774	612	}
Edouard@774	613	free_stringlist(keylist);
Edouard@774	614	}
Edouard@774	615	return PEP_STATUS_OK;
Edouard@774	616	}
Edouard@774	617
krista@1357	618	PEP_STATUS _has_usable_priv_key(PEP_SESSION session, char* fpr,
krista@1357	619	bool* is_usable) {
krista@1357	620
krista@1357	621	bool dont_use_fpr = true;
krista@1357	622
krista@1357	623	PEP_STATUS status = blacklist_is_listed(session, fpr, &dont_use_fpr);
krista@1371	624	if (status == PEP_STATUS_OK && !dont_use_fpr) {
krista@1357	625	// Make sure there is a private key associated with this fpr
krista@1357	626	bool has_private = false;
krista@1357	627	status = contains_priv_key(session, fpr, &has_private);
krista@1371	628
krista@1371	629	if (status == PEP_STATUS_OK)
krista@1371	630	dont_use_fpr = !has_private;
krista@1357	631	}
krista@1357	632
krista@1357	633	*is_usable = !dont_use_fpr;
krista@1357	634
roker@1853	635	return ADD_TO_LOG(status);
krista@1357	636	}
krista@1357	637
edouard@1406	638	PEP_STATUS _myself(PEP_SESSION session, pEp_identity * identity, bool do_keygen, bool ignore_flags)
vb@0	639	{
roker@1559	640	pEp_identity *stored_identity = NULL;
vb@0	641	PEP_STATUS status;
vb@0	642
vb@0	643	assert(session);
vb@0	644	assert(identity);
vb@1044	645	assert(!EMPTYSTR(identity->address));
vb@1043	646
krista@2303	647	char* own_id = NULL;
krista@2303	648	status = get_own_userid(session, &own_id);
krista@2303	649
krista@2308	650
Edouard@658	651	assert(EMPTYSTR(identity->user_id) \|\|
krista@2305	652	(own_id && strcmp(identity->user_id, own_id) == 0) \|\|
krista@2305	653	!own_id);
vb@0	654
vb@1044	655	if (!(session && identity && !EMPTYSTR(identity->address) &&
vb@1043	656	(EMPTYSTR(identity->user_id) \|\|
krista@2305	657	(own_id && strcmp(identity->user_id, own_id) == 0) \|\|
krista@2305	658	!own_id)))
roker@1853	659	return ADD_TO_LOG(PEP_ILLEGAL_VALUE);
vb@191	660
krista@2308	661	if (!own_id) {
krista@2308	662	// check to see if we have ANY identity for this address... could have
krista@2308	663	// happened due to race condition
krista@2308	664	}
krista@2308	665
vb@0	666	identity->comm_type = PEP_ct_pEp;
krista@2288	667	identity->me = true;
edouard@1406	668	if(ignore_flags)
edouard@1406	669	identity->flags = 0;
Edouard@658	670
vb@1043	671	if (EMPTYSTR(identity->user_id))
Edouard@658	672	{
Edouard@658	673	free(identity->user_id);
krista@2303	674	identity->user_id = (own_id ? own_id : strdup(PEP_OWN_USERID));
Edouard@658	675	assert(identity->user_id);
Edouard@658	676	if (identity->user_id == NULL)
Edouard@658	677	return PEP_OUT_OF_MEMORY;
Edouard@658	678	}
vb@0	679
edouard@1488	680	if (EMPTYSTR(identity->username))
edouard@1488	681	{
edouard@1488	682	free(identity->username);
krista@2219	683	identity->username = strdup("Anonymous");
edouard@1488	684	assert(identity->username);
edouard@1488	685	if (identity->username == NULL)
edouard@1488	686	return PEP_OUT_OF_MEMORY;
edouard@1488	687	}
edouard@1488	688
vb@215	689	DEBUG_LOG("myself", "debug", identity->address);
vb@1044	690
Edouard@560	691	status = get_identity(session,
Edouard@560	692	identity->address,
Edouard@560	693	identity->user_id,
Edouard@560	694	&stored_identity);
Edouard@560	695
vb@0	696	assert(status != PEP_OUT_OF_MEMORY);
vb@0	697	if (status == PEP_OUT_OF_MEMORY)
vb@0	698	return PEP_OUT_OF_MEMORY;
krista@1357	699
krista@1357	700	bool dont_use_stored_fpr = true;
krista@1357	701	bool dont_use_input_fpr = true;
krista@1359	702
Edouard@560	703	if (stored_identity)
Edouard@560	704	{
Edouard@560	705	if (EMPTYSTR(identity->fpr)) {
krista@1352	706
krista@1357	707	bool has_private = false;
krista@1352	708
krista@1357	709	status = _has_usable_priv_key(session, stored_identity->fpr, &has_private);
krista@1352	710
krista@1371	711	// N.B. has_private is never true if the returned status is not PEP_STATUS_OK
krista@1357	712	if (has_private) {
krista@1357	713	identity->fpr = strdup(stored_identity->fpr);
krista@1357	714	assert(identity->fpr);
krista@1357	715	if (identity->fpr == NULL)
krista@1357	716	{
krista@1357	717	return PEP_OUT_OF_MEMORY;
krista@1357	718	}
krista@1357	719	dont_use_stored_fpr = false;
Edouard@560	720	}
Edouard@560	721	}
krista@1357	722
edouard@1406	723	identity->flags = (identity->flags & 255) \| stored_identity->flags;
edouard@1367	724	free_identity(stored_identity);
Edouard@588	725	}
krista@1357	726
krista@1357	727	if (dont_use_stored_fpr && !EMPTYSTR(identity->fpr))
Edouard@588	728	{
Edouard@588	729	// App must have a good reason to give fpr, such as explicit
Edouard@588	730	// import of private key, or similar.
Edouard@588	731
Edouard@658	732	// Take given fpr as-is.
vb@934	733
krista@1357	734	// BUT:
krista@1357	735	// First check to see if it's blacklisted or private part is missing?
krista@1357	736	bool has_private = false;
krista@1357	737
krista@1357	738	status = _has_usable_priv_key(session, identity->fpr, &has_private);
krista@1357	739
krista@1371	740	// N.B. has_private is never true if the returned status is not PEP_STATUS_OK
krista@1357	741	if (has_private) {
krista@1357	742	dont_use_input_fpr = false;
krista@1357	743	}
Edouard@560	744	}
krista@1357	745
krista@1357	746	// Ok, we failed to get keys either way, so let's elect one.
krista@1357	747	if (dont_use_input_fpr && dont_use_stored_fpr)
Edouard@560	748	{
Edouard@774	749	status = elect_ownkey(session, identity);
Edouard@774	750	assert(status == PEP_STATUS_OK);
Edouard@774	751	if (status != PEP_STATUS_OK) {
roker@1853	752	return ADD_TO_LOG(status);
Edouard@560	753	}
vb@934	754
krista@1357	755	bool has_private = false;
krista@1359	756	if (identity->fpr) {
krista@1359	757	// ok, we elected something.
krista@1359	758	// elect_ownkey only returns private keys, so we don't check again.
krista@1359	759	// Check to see if it's blacklisted
krista@1359	760	bool listed;
krista@1359	761	status = blacklist_is_listed(session, identity->fpr, &listed);
krista@1371	762
krista@1371	763	if (status == PEP_STATUS_OK)
krista@1371	764	has_private = !listed;
krista@1359	765	}
krista@1357	766
krista@1357	767	if (has_private) {
krista@1357	768	dont_use_input_fpr = false;
krista@1357	769	}
krista@1357	770	else { // OK, we've tried everything. Time to generate new keys.
krista@1359	771	free(identity->fpr); // It can stay in this state (unallocated) because we'll generate a new key
krista@1359	772	identity->fpr = NULL;
krista@1357	773	}
Edouard@560	774	}
Edouard@695	775
Edouard@695	776	bool revoked = false;
Edouard@695	777	char *r_fpr = NULL;
Edouard@695	778	if (!EMPTYSTR(identity->fpr))
Edouard@695	779	{
Edouard@695	780	status = key_revoked(session, identity->fpr, &revoked);
Edouard@775	781
edouard@1752	782	if (status != PEP_STATUS_OK)
Edouard@775	783	{
roker@1853	784	return ADD_TO_LOG(status);
Edouard@695	785	}
Edouard@695	786	}
edouard@1140	787
Edouard@695	788	if (EMPTYSTR(identity->fpr) \|\| revoked)
roker@1734	789	{
edouard@1385	790	if(!do_keygen){
roker@1853	791	return ADD_TO_LOG(PEP_GET_KEY_FAILED);
edouard@1385	792	}
edouard@1385	793
Edouard@695	794	if(revoked)
Edouard@695	795	{
Edouard@697	796	r_fpr = identity->fpr;
Edouard@697	797	identity->fpr = NULL;
Edouard@695	798	}
Edouard@560	799
vb@215	800	DEBUG_LOG("generating key pair", "debug", identity->address);
vb@0	801	status = generate_keypair(session, identity);
vb@0	802	assert(status != PEP_OUT_OF_MEMORY);
vb@0	803	if (status != PEP_STATUS_OK) {
vb@0	804	char buf[11];
vb@0	805	snprintf(buf, 11, "%d", status);
vb@215	806	DEBUG_LOG("generating key pair failed", "debug", buf);
Edouard@695	807	if(revoked && r_fpr)
Edouard@695	808	free(r_fpr);
roker@1853	809	return ADD_TO_LOG(status);
vb@0	810	}
edouard@1140	811
Edouard@560	812
Edouard@695	813	if(revoked)
Edouard@695	814	{
Edouard@695	815	status = set_revoked(session, r_fpr,
Edouard@695	816	identity->fpr, time(NULL));
Edouard@695	817	free(r_fpr);
Edouard@695	818	if (status != PEP_STATUS_OK) {
roker@1853	819	return ADD_TO_LOG(status);
Edouard@695	820	}
Edouard@371	821	}
vb@0	822	}
Edouard@560	823	else
Edouard@560	824	{
vb@214	825	bool expired;
Edouard@701	826	status = key_expired(session, identity->fpr,
Edouard@701	827	time(NULL) + (7243600), // In a week
Edouard@701	828	&expired);
Edouard@701	829
vb@214	830	assert(status == PEP_STATUS_OK);
Edouard@499	831	if (status != PEP_STATUS_OK) {
roker@1853	832	return ADD_TO_LOG(status);
Edouard@499	833	}
vb@214	834
vb@214	835	if (status == PEP_STATUS_OK && expired) {
vb@214	836	timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
Edouard@560	837	renew_key(session, identity->fpr, ts);
vb@214	838	free_timestamp(ts);
vb@214	839	}
vb@214	840	}
vb@0	841
krista@1353	842	if (!identity->username)
krista@1353	843	identity->username = strdup("");
krista@1353	844
vb@0	845	status = set_identity(session, identity);
vb@0	846	assert(status == PEP_STATUS_OK);
Edouard@499	847	if (status != PEP_STATUS_OK) {
Edouard@588	848	return status;
Edouard@499	849	}
vb@0	850
roker@1853	851	return ADD_TO_LOG(PEP_STATUS_OK);
vb@0	852	}
vb@0	853
krista@2308	854	DYNAMIC_API PEP_STATUS initialise_own_identities(PEP_SESSION session,
krista@2308	855	identity_list* my_idents) {
krista@2308	856	PEP_STATUS status = PEP_STATUS_OK;
krista@2308	857	if (!session)
krista@2308	858	return PEP_ILLEGAL_VALUE;
krista@2308	859
krista@2308	860	char* stored_own_userid = NULL;
krista@2308	861	get_own_userid(session, &stored_own_userid);
krista@2308	862
krista@2308	863	identity_list* ident_curr = my_idents;
krista@2308	864	while (ident_curr) {
krista@2308	865	pEp_identity* ident = ident_curr->ident;
krista@2308	866	if (!ident)
krista@2308	867	return PEP_ILLEGAL_VALUE;
krista@2308	868
krista@2308	869	if (stored_own_userid) {
krista@2308	870	if (!ident->user_id)
krista@2308	871	ident->user_id = strdup(stored_own_userid);
krista@2308	872	else if (strcmp(stored_own_userid, ident->user_id) != 0)
krista@2308	873	return PEP_ILLEGAL_VALUE;
krista@2308	874	}
krista@2308	875	else if (!ident->user_id) {
krista@2308	876	stored_own_userid = PEP_OWN_USERID;
krista@2308	877	ident->user_id = strdup(PEP_OWN_USERID);
krista@2308	878	}
krista@2308	879
krista@2308	880	ident->me = true; // Just in case.
krista@2308	881
krista@2308	882	// Ok, do it...
krista@2308	883	status = set_identity(session, ident);
krista@2308	884	if (status != PEP_STATUS_OK)
krista@2308	885	return status;
krista@2308	886
krista@2308	887	ident_curr = ident_curr->next;
krista@2308	888	}
krista@2308	889
krista@2308	890	return status;
krista@2308	891	}
krista@2308	892
edouard@1385	893	DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
edouard@1385	894	{
roker@1853	895	return ADD_TO_LOG(_myself(session, identity, true, false));
edouard@1385	896	}
edouard@1385	897
vb@296	898	DYNAMIC_API PEP_STATUS register_examine_function(
vb@292	899	PEP_SESSION session,
vb@292	900	examine_identity_t examine_identity,
vb@292	901	void *management
vb@292	902	)
vb@292	903	{
vb@292	904	assert(session);
vb@292	905	if (!session)
vb@292	906	return PEP_ILLEGAL_VALUE;
vb@292	907
vb@292	908	session->examine_management = management;
vb@292	909	session->examine_identity = examine_identity;
vb@292	910
vb@292	911	return PEP_STATUS_OK;
vb@292	912	}
vb@292	913
vb@0	914	DYNAMIC_API PEP_STATUS do_keymanagement(
vb@0	915	retrieve_next_identity_t retrieve_next_identity,
vb@0	916	void *management
vb@0	917	)
vb@0	918	{
vb@0	919	PEP_SESSION session;
vb@0	920	pEp_identity *identity;
Edouard@499	921	PEP_STATUS status;
vb@0	922
vb@24	923	assert(retrieve_next_identity);
vb@24	924	assert(management);
vb@24	925
Edouard@499	926	if (!retrieve_next_identity \|\| !management)
Edouard@499	927	return PEP_ILLEGAL_VALUE;
Edouard@499	928
Edouard@499	929	status = init(&session);
Edouard@499	930	assert(status == PEP_STATUS_OK);
Edouard@499	931	if (status != PEP_STATUS_OK)
Edouard@499	932	return status;
Edouard@499	933
vb@0	934	log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);
vb@0	935
Edouard@499	936	while ((identity = retrieve_next_identity(management)))
Edouard@499	937	{
vb@0	938	assert(identity->address);
Edouard@499	939	if(identity->address)
Edouard@499	940	{
Edouard@499	941	DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);
Edouard@499	942
edouard@1945	943	if (_identity_me(identity)) {
Edouard@499	944	status = myself(session, identity);
Edouard@499	945	} else {
Edouard@499	946	status = recv_key(session, identity->address);
Edouard@499	947	}
Edouard@499	948
vb@0	949	assert(status != PEP_OUT_OF_MEMORY);
Edouard@499	950	if(status == PEP_OUT_OF_MEMORY)
Edouard@499	951	return PEP_OUT_OF_MEMORY;
vb@0	952	}
vb@0	953	free_identity(identity);
vb@0	954	}
vb@0	955
vb@0	956	log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);
vb@0	957
vb@0	958	release(session);
vb@0	959	return PEP_STATUS_OK;
vb@0	960	}
vb@0	961
krista@1213	962	DYNAMIC_API PEP_STATUS key_mistrusted(
vb@357	963	PEP_SESSION session,
vb@357	964	pEp_identity *ident
vb@357	965	)
vb@215	966	{
vb@218	967	PEP_STATUS status = PEP_STATUS_OK;
vb@218	968
vb@215	969	assert(session);
vb@357	970	assert(ident);
Edouard@439	971	assert(!EMPTYSTR(ident->fpr));
vb@215	972
vb@357	973	if (!(session && ident && ident->fpr))
vb@215	974	return PEP_ILLEGAL_VALUE;
vb@215	975
edouard@1945	976	if (_identity_me(ident))
Edouard@697	977	{
vb@357	978	revoke_key(session, ident->fpr, NULL);
Edouard@697	979	myself(session, ident);
Edouard@697	980	}
Edouard@697	981	else
Edouard@697	982	{
krista@2129	983	// for undo
krista@2129	984	if (session->cached_mistrusted)
krista@2129	985	free(session->cached_mistrusted);
krista@2129	986	session->cached_mistrusted = identity_dup(ident);
Edouard@697	987	status = mark_as_compromized(session, ident->fpr);
Edouard@697	988	}
vb@218	989
vb@218	990	return status;
vb@215	991	}
vb@215	992
krista@2129	993	DYNAMIC_API PEP_STATUS undo_last_mistrust(PEP_SESSION session) {
krista@2129	994	assert(session);
krista@2129	995
krista@2129	996	if (!session)
krista@2129	997	return PEP_ILLEGAL_VALUE;
krista@2129	998
krista@2129	999	PEP_STATUS status = PEP_STATUS_OK;
krista@2129	1000
krista@2129	1001	pEp_identity* cached_ident = session->cached_mistrusted;
krista@2129	1002
krista@2129	1003	if (!cached_ident)
krista@2129	1004	status = PEP_CANNOT_FIND_IDENTITY;
krista@2129	1005	else {
krista@2129	1006	status = set_identity(session, cached_ident);
krista@2129	1007	free_identity(session->cached_mistrusted);
krista@2129	1008	}
krista@2129	1009
krista@2129	1010	session->cached_mistrusted = NULL;
krista@2129	1011
krista@2129	1012	return status;
krista@2129	1013	}
krista@2129	1014
Edouard@410	1015	DYNAMIC_API PEP_STATUS key_reset_trust(
Edouard@410	1016	PEP_SESSION session,
Edouard@410	1017	pEp_identity *ident
Edouard@410	1018	)
Edouard@410	1019	{
Edouard@410	1020	PEP_STATUS status = PEP_STATUS_OK;
Edouard@410	1021
Edouard@410	1022	assert(session);
Edouard@410	1023	assert(ident);
edouard@1945	1024	assert(!_identity_me(ident));
Edouard@439	1025	assert(!EMPTYSTR(ident->fpr));
Edouard@439	1026	assert(!EMPTYSTR(ident->address));
Edouard@439	1027	assert(!EMPTYSTR(ident->user_id));
Edouard@410	1028
edouard@1945	1029	if (!(session && ident && !_identity_me(ident) && ident->fpr && ident->address &&
vb@420	1030	ident->user_id))
Edouard@410	1031	return PEP_ILLEGAL_VALUE;
Edouard@410	1032
vb@420	1033	status = update_identity(session, ident);
vb@420	1034	if (status != PEP_STATUS_OK)
vb@420	1035	return status;
Edouard@410	1036
Edouard@442	1037	if (ident->comm_type == PEP_ct_mistrusted)
vb@421	1038	ident->comm_type = PEP_ct_unknown;
vb@421	1039	else
vb@421	1040	ident->comm_type &= ~PEP_ct_confirmed;
vb@421	1041
vb@420	1042	status = set_identity(session, ident);
vb@421	1043	if (status != PEP_STATUS_OK)
vb@421	1044	return status;
vb@421	1045
vb@422	1046	if (ident->comm_type == PEP_ct_unknown)
vb@422	1047	status = update_identity(session, ident);
Edouard@410	1048	return status;
Edouard@410	1049	}
Edouard@410	1050
vb@354	1051	DYNAMIC_API PEP_STATUS trust_personal_key(
vb@354	1052	PEP_SESSION session,
vb@354	1053	pEp_identity *ident
vb@354	1054	)
vb@354	1055	{
vb@354	1056	PEP_STATUS status = PEP_STATUS_OK;
vb@354	1057
vb@354	1058	assert(session);
vb@354	1059	assert(ident);
Edouard@439	1060	assert(!EMPTYSTR(ident->address));
Edouard@439	1061	assert(!EMPTYSTR(ident->user_id));
Edouard@439	1062	assert(!EMPTYSTR(ident->fpr));
vb@354	1063
Edouard@439	1064	if (!ident \|\| EMPTYSTR(ident->address) \|\| EMPTYSTR(ident->user_id) \|\|
edouard@1945	1065	EMPTYSTR(ident->fpr))
vb@354	1066	return PEP_ILLEGAL_VALUE;
vb@354	1067
vb@354	1068	status = update_identity(session, ident);
vb@354	1069	if (status != PEP_STATUS_OK)
vb@354	1070	return status;
vb@354	1071
vb@356	1072	if (ident->comm_type > PEP_ct_strong_but_unconfirmed) {
vb@356	1073	ident->comm_type \|= PEP_ct_confirmed;
Edouard@488	1074	status = set_identity(session, ident);
vb@356	1075	}
vb@356	1076	else {
vb@356	1077	// MISSING: S/MIME has to be handled depending on trusted CAs
vb@370	1078	status = PEP_CANNOT_SET_TRUST;
vb@356	1079	}
vb@354	1080
vb@354	1081	return status;
vb@354	1082	}
vb@354	1083
Edouard@584	1084	DYNAMIC_API PEP_STATUS own_key_is_listed(
vb@955	1085	PEP_SESSION session,
vb@955	1086	const char *fpr,
vb@955	1087	bool *listed
vb@955	1088	)
Edouard@584	1089	{
Edouard@584	1090	PEP_STATUS status = PEP_STATUS_OK;
Edouard@584	1091	int count;
Edouard@584	1092
Edouard@584	1093	assert(session && fpr && fpr[0] && listed);
Edouard@584	1094
Edouard@584	1095	if (!(session && fpr && fpr[0] && listed))
Edouard@584	1096	return PEP_ILLEGAL_VALUE;
Edouard@584	1097
Edouard@584	1098	*listed = false;
Edouard@584	1099
Edouard@584	1100	sqlite3_reset(session->own_key_is_listed);
Edouard@584	1101	sqlite3_bind_text(session->own_key_is_listed, 1, fpr, -1, SQLITE_STATIC);
Edouard@584	1102
Edouard@584	1103	int result;
Edouard@584	1104
Edouard@584	1105	result = sqlite3_step(session->own_key_is_listed);
Edouard@584	1106	switch (result) {
Edouard@584	1107	case SQLITE_ROW:
Edouard@584	1108	count = sqlite3_column_int(session->own_key_is_listed, 0);
Edouard@584	1109	*listed = count > 0;
krista@2288	1110	status = PEP_STATUS_OK;
Edouard@584	1111	break;
Edouard@584	1112
Edouard@584	1113	default:
Edouard@584	1114	status = PEP_UNKNOWN_ERROR;
Edouard@584	1115	}
Edouard@584	1116
Edouard@584	1117	sqlite3_reset(session->own_key_is_listed);
Edouard@584	1118	return status;
Edouard@584	1119	}
Edouard@584	1120
edouard@1412	1121	PEP_STATUS _own_identities_retrieve(
vb@955	1122	PEP_SESSION session,
edouard@1412	1123	identity_list **own_identities,
edouard@1412	1124	identity_flags_t excluded_flags
vb@955	1125	)
Edouard@584	1126	{
Edouard@584	1127	PEP_STATUS status = PEP_STATUS_OK;
Edouard@584	1128
vb@955	1129	assert(session && own_identities);
vb@955	1130	if (!(session && own_identities))
Edouard@584	1131	return PEP_ILLEGAL_VALUE;
Edouard@584	1132
vb@955	1133	*own_identities = NULL;
vb@955	1134	identity_list *_own_identities = new_identity_list(NULL);
vb@955	1135	if (_own_identities == NULL)
Edouard@584	1136	goto enomem;
Edouard@584	1137
vb@955	1138	sqlite3_reset(session->own_identities_retrieve);
Edouard@584	1139
Edouard@584	1140	int result;
vb@955	1141	// address, fpr, username, user_id, comm_type, lang, flags
vb@955	1142	const char *address = NULL;
Edouard@584	1143	const char *fpr = NULL;
vb@955	1144	const char *username = NULL;
vb@955	1145	const char *user_id = NULL;
vb@955	1146	PEP_comm_type comm_type = PEP_ct_unknown;
vb@955	1147	const char *lang = NULL;
vb@955	1148	unsigned int flags = 0;
Edouard@584	1149
vb@955	1150	identity_list *_bl = _own_identities;
Edouard@584	1151	do {
edouard@1412	1152	sqlite3_bind_int(session->own_identities_retrieve, 1, excluded_flags);
vb@955	1153	result = sqlite3_step(session->own_identities_retrieve);
Edouard@584	1154	switch (result) {
Edouard@584	1155	case SQLITE_ROW:
vb@955	1156	address = (const char *)
vb@955	1157	sqlite3_column_text(session->own_identities_retrieve, 0);
vb@955	1158	fpr = (const char *)
vb@955	1159	sqlite3_column_text(session->own_identities_retrieve, 1);
krista@2301	1160	user_id = (const char *)
krista@2301	1161	sqlite3_column_text(session->own_identities_retrieve, 2);
vb@1071	1162	username = (const char *)
krista@2301	1163	sqlite3_column_text(session->own_identities_retrieve, 3);
vb@1071	1164	comm_type = PEP_ct_pEp;
vb@1071	1165	lang = (const char *)
krista@2301	1166	sqlite3_column_text(session->own_identities_retrieve, 4);
vb@1071	1167	flags = (unsigned int)
krista@2301	1168	sqlite3_column_int(session->own_identities_retrieve, 5);
vb@955	1169
vb@1078	1170	pEp_identity *ident = new_identity(address, fpr, user_id, username);
vb@1079	1171	if (!ident)
Edouard@584	1172	goto enomem;
vb@955	1173	ident->comm_type = comm_type;
vb@955	1174	if (lang && lang[0]) {
vb@955	1175	ident->lang[0] = lang[0];
vb@955	1176	ident->lang[1] = lang[1];
vb@1078	1177	ident->lang[2] = 0;
vb@955	1178	}
krista@2288	1179	ident->me = true;
vb@955	1180	ident->flags = flags;
vb@955	1181
vb@955	1182	_bl = identity_list_add(_bl, ident);
vb@1080	1183	if (_bl == NULL) {
vb@1080	1184	free_identity(ident);
Edouard@584	1185	goto enomem;
vb@1080	1186	}
Edouard@584	1187
Edouard@584	1188	break;
Edouard@584	1189
Edouard@584	1190	case SQLITE_DONE:
Edouard@584	1191	break;
Edouard@584	1192
Edouard@584	1193	default:
Edouard@584	1194	status = PEP_UNKNOWN_ERROR;
Edouard@584	1195	result = SQLITE_DONE;
Edouard@584	1196	}
Edouard@584	1197	} while (result != SQLITE_DONE);
Edouard@584	1198
vb@955	1199	sqlite3_reset(session->own_identities_retrieve);
Edouard@584	1200	if (status == PEP_STATUS_OK)
vb@955	1201	*own_identities = _own_identities;
Edouard@584	1202	else
vb@955	1203	free_identity_list(_own_identities);
Edouard@584	1204
Edouard@584	1205	goto the_end;
Edouard@584	1206
Edouard@584	1207	enomem:
vb@955	1208	free_identity_list(_own_identities);
Edouard@584	1209	status = PEP_OUT_OF_MEMORY;
Edouard@584	1210
Edouard@584	1211	the_end:
Edouard@584	1212	return status;
Edouard@584	1213	}
vb@955	1214
edouard@1412	1215	DYNAMIC_API PEP_STATUS own_identities_retrieve(
edouard@1364	1216	PEP_SESSION session,
edouard@1412	1217	identity_list **own_identities
edouard@1412	1218	)
edouard@1412	1219	{
edouard@1412	1220	return _own_identities_retrieve(session, own_identities, 0);
edouard@1412	1221	}
edouard@1412	1222
edouard@1412	1223	PEP_STATUS _own_keys_retrieve(
edouard@1412	1224	PEP_SESSION session,
edouard@1412	1225	stringlist_t **keylist,
edouard@1412	1226	identity_flags_t excluded_flags
edouard@1364	1227	)
edouard@1364	1228	{
edouard@1364	1229	PEP_STATUS status = PEP_STATUS_OK;
edouard@1364	1230
edouard@1364	1231	assert(session && keylist);
edouard@1364	1232	if (!(session && keylist))
edouard@1364	1233	return PEP_ILLEGAL_VALUE;
edouard@1364	1234
edouard@1364	1235	*keylist = NULL;
edouard@1364	1236	stringlist_t *_keylist = NULL;
edouard@1364	1237
edouard@1394	1238	sqlite3_reset(session->own_keys_retrieve);
edouard@1364	1239
edouard@1364	1240	int result;
edouard@1364	1241	char *fpr = NULL;
edouard@1364	1242
edouard@1364	1243	stringlist_t *_bl = _keylist;
edouard@1364	1244	do {
edouard@1412	1245	sqlite3_bind_int(session->own_keys_retrieve, 1, excluded_flags);
edouard@1394	1246	result = sqlite3_step(session->own_keys_retrieve);
edouard@1364	1247	switch (result) {
edouard@1364	1248	case SQLITE_ROW:
edouard@1394	1249	fpr = strdup((const char *) sqlite3_column_text(session->own_keys_retrieve, 0));
edouard@1364	1250	if(fpr == NULL)
edouard@1364	1251	goto enomem;
edouard@1364	1252
edouard@1364	1253	_bl = stringlist_add(_bl, fpr);
edouard@1364	1254	if (_bl == NULL) {
edouard@1364	1255	free(fpr);
edouard@1364	1256	goto enomem;
edouard@1364	1257	}
edouard@1364	1258	if (_keylist == NULL)
edouard@1364	1259	_keylist = _bl;
edouard@1364	1260
edouard@1364	1261	break;
edouard@1364	1262
edouard@1364	1263	case SQLITE_DONE:
edouard@1364	1264	break;
edouard@1364	1265
edouard@1364	1266	default:
edouard@1364	1267	status = PEP_UNKNOWN_ERROR;
edouard@1364	1268	result = SQLITE_DONE;
edouard@1364	1269	}
edouard@1364	1270	} while (result != SQLITE_DONE);
edouard@1364	1271
edouard@1394	1272	sqlite3_reset(session->own_keys_retrieve);
edouard@1364	1273	if (status == PEP_STATUS_OK)
edouard@1364	1274	*keylist = _keylist;
edouard@1364	1275	else
edouard@1364	1276	free_stringlist(_keylist);
edouard@1364	1277
edouard@1364	1278	goto the_end;
edouard@1364	1279
edouard@1364	1280	enomem:
edouard@1364	1281	free_stringlist(_keylist);
edouard@1364	1282	status = PEP_OUT_OF_MEMORY;
edouard@1364	1283
edouard@1364	1284	the_end:
edouard@1364	1285	return status;
edouard@1364	1286	}
edouard@1364	1287
edouard@1412	1288	DYNAMIC_API PEP_STATUS own_keys_retrieve(PEP_SESSION session, stringlist_t **keylist)
edouard@1412	1289	{
edouard@1412	1290	return _own_keys_retrieve(session, keylist, 0);
edouard@1412	1291	}
edouard@1412	1292
edouard@1760	1293	// FIXME: should it be be used when sync receive old keys ? (ENGINE-145)
edouard@1394	1294	DYNAMIC_API PEP_STATUS set_own_key(
edouard@1394	1295	PEP_SESSION session,
edouard@1394	1296	const char *address,
edouard@1394	1297	const char *fpr
edouard@1394	1298	)
edouard@1394	1299	{
edouard@1394	1300	PEP_STATUS status = PEP_STATUS_OK;
edouard@1394	1301
edouard@1394	1302	assert(session &&
edouard@1760	1303	address &&
edouard@1394	1304	fpr && fpr[0]
edouard@1394	1305	);
edouard@1394	1306
edouard@1394	1307	if (!(session &&
edouard@1760	1308	address &&
edouard@1394	1309	fpr && fpr[0]
edouard@1394	1310	))
edouard@1394	1311	return PEP_ILLEGAL_VALUE;
krista@2301	1312
krista@2301	1313
krista@2301	1314	// First see if we have it in own identities already, AND we retrieve
krista@2301	1315	// our own user_id
krista@2301	1316	pEp_identity* my_id = NULL;
krista@2301	1317	identity_list* my_identities = NULL;
krista@2301	1318	char* my_user_id = NULL;
krista@2301	1319	status = own_identities_retrieve(session, &my_identities);
edouard@1394	1320
krista@2301	1321	if (status == PEP_STATUS_OK) {
krista@2301	1322	if (my_identities) {
krista@2301	1323	if (!(my_identities->ident && my_identities->ident->user_id))
krista@2301	1324	return PEP_ILLEGAL_VALUE;
krista@2301	1325
krista@2301	1326	my_user_id = strdup(my_identities->ident->user_id);
krista@2301	1327
krista@2301	1328	if (!my_user_id)
krista@2301	1329	return PEP_OUT_OF_MEMORY;
krista@2301	1330
krista@2301	1331	// Probably cheaper than all the strcmps if there are many,
krista@2301	1332	// plus this avoids the capitalisation and . problems:
krista@2301	1333
krista@2301	1334	status = get_identity(session, my_user_id, address, &my_id);
krista@2301	1335
krista@2301	1336	if (status == PEP_STATUS_OK && my_id) {
krista@2304	1337	if (my_id->fpr && strcasecmp(my_id->fpr, fpr) == 0) {
krista@2301	1338	// We're done. It was already here.
krista@2301	1339	// FIXME: Do we check trust/revocation/?
krista@2301	1340	goto pep_free;
krista@2301	1341	}
krista@2301	1342	}
krista@2301	1343
krista@2301	1344	// Otherwise, we see if there's a binding for this user_id/key
krista@2301	1345	// in the trust DB
edouard@1394	1346
krista@2301	1347	// If there's an id w/ user_id + address
krista@2301	1348	if (my_id) {
krista@2301	1349	free(my_id->fpr);
krista@2301	1350	my_id->fpr = my_user_id;
krista@2304	1351	my_id->comm_type = PEP_ct_pEp;
krista@2304	1352	my_id->me = true; // just in case?
krista@2301	1353	}
krista@2301	1354	else { // Else, we need a new identity
krista@2304	1355	my_id = new_identity(address, fpr, my_user_id, NULL);
krista@2301	1356	if (status != PEP_STATUS_OK)
krista@2301	1357	goto pep_free;
krista@2304	1358	my_id->me = true;
krista@2304	1359	my_id->comm_type = PEP_ct_pEp;
krista@2301	1360	}
krista@2301	1361	}
krista@2301	1362	else {
krista@2301	1363	// I think the prerequisite should be that at least one own identity
krista@2301	1364	// already in the DB, so REALLY look at this.
krista@2301	1365	return PEP_CANNOT_FIND_IDENTITY;
krista@2301	1366	}
krista@2301	1367
krista@2301	1368	status = set_identity(session, my_id);
krista@2301	1369	}
edouard@1394	1370
krista@2301	1371	pep_free:
krista@2301	1372	free(my_id);
krista@2301	1373	free(my_user_id);
edouard@1394	1374	return status;
edouard@1394	1375	}
krista@1357	1376
krista@1357	1377	PEP_STATUS contains_priv_key(PEP_SESSION session, const char *fpr,
krista@1357	1378	bool *has_private) {
krista@1357	1379
krista@1357	1380	assert(session);
krista@1357	1381	assert(fpr);
krista@1357	1382	assert(has_private);
krista@1357	1383
krista@1357	1384	if (!(session && fpr && has_private))
krista@1357	1385	return PEP_ILLEGAL_VALUE;
krista@1357	1386
krista@1357	1387	return session->cryptotech[PEP_crypt_OpenPGP].contains_priv_key(session, fpr, has_private);
edouard@1385	1388	}

author	Krista Bennett <krista@pep-project.org>
	Wed, 13 Dec 2017 11:42:23 +0100
branch	ENGINE-289
changeset 2311	688b925c3e73
parent 2308	b7ef1c9005ae
child 2317	b80dd91c8869
permissions	-rw-r--r--