repos/pEpEngine: src/keymanagement.c@b80dd91c8869 (annotated)

vb@1517	1	// This file is under GNU General Public License 3.0
vb@1517	2	// see LICENSE.txt
vb@1517	3
vb@130	4	#include "platform.h"
vb@0	5
vb@0	6	#include <string.h>
vb@0	7	#include <stdio.h>
vb@0	8	#include <stdlib.h>
vb@0	9	#include <assert.h>
Edouard@512	10	#include <ctype.h>
vb@0	11
vb@217	12	#include "pEp_internal.h"
vb@0	13	#include "keymanagement.h"
vb@0	14
krista@2288	15	#include "sync_fsm.h"
krista@1253	16	#include "blacklist.h"
edouard@1195	17
Edouard@439	18	#ifndef EMPTYSTR
roker@500	19	#define EMPTYSTR(STR) ((STR) == NULL \|\| (STR)[0] == '\0')
vb@8	20	#endif
vb@8	21
vb@214	22	#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
vb@214	23
krista@2311	24
Edouard@774	25	PEP_STATUS elect_pubkey(
Edouard@755	26	PEP_SESSION session, pEp_identity * identity
Edouard@755	27	)
Edouard@755	28	{
Edouard@755	29	PEP_STATUS status;
roker@1559	30	stringlist_t *keylist = NULL;
krista@1342	31	char *_fpr = "";
Edouard@755	32	identity->comm_type = PEP_ct_unknown;
Edouard@755	33
Edouard@755	34	status = find_keys(session, identity->address, &keylist);
Edouard@755	35	assert(status != PEP_OUT_OF_MEMORY);
Edouard@755	36	if (status == PEP_OUT_OF_MEMORY)
Edouard@755	37	return PEP_OUT_OF_MEMORY;
Edouard@755	38
Edouard@755	39	stringlist_t *_keylist;
Edouard@755	40	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
Edouard@755	41	PEP_comm_type _comm_type_key;
Edouard@755	42
Edouard@755	43	status = get_key_rating(session, _keylist->value, &_comm_type_key);
Edouard@755	44	assert(status != PEP_OUT_OF_MEMORY);
Edouard@755	45	if (status == PEP_OUT_OF_MEMORY) {
Edouard@755	46	free_stringlist(keylist);
Edouard@755	47	return PEP_OUT_OF_MEMORY;
Edouard@755	48	}
Edouard@755	49
Edouard@755	50	if (_comm_type_key != PEP_ct_compromized &&
Edouard@755	51	_comm_type_key != PEP_ct_unknown)
Edouard@755	52	{
Edouard@755	53	if (identity->comm_type == PEP_ct_unknown \|\|
Edouard@755	54	_comm_type_key > identity->comm_type)
Edouard@755	55	{
krista@1275	56	bool blacklisted;
krista@1275	57	status = blacklist_is_listed(session, _keylist->value, &blacklisted);
krista@1275	58	if (status == PEP_STATUS_OK && !blacklisted) {
krista@1275	59	identity->comm_type = _comm_type_key;
krista@1275	60	_fpr = _keylist->value;
krista@1275	61	}
Edouard@755	62	}
Edouard@755	63	}
Edouard@755	64	}
krista@1342	65
krista@1342	66	// if (_fpr) {
krista@1342	67	free(identity->fpr);
Edouard@755	68
krista@1342	69	identity->fpr = strdup(_fpr);
krista@1342	70	if (identity->fpr == NULL) {
krista@1342	71	free_stringlist(keylist);
krista@1342	72	return PEP_OUT_OF_MEMORY;
Edouard@755	73	}
krista@1342	74	// }
Edouard@755	75	free_stringlist(keylist);
Edouard@755	76	return PEP_STATUS_OK;
Edouard@755	77	}
Edouard@755	78
krista@2311	79	static PEP_STATUS validate_fpr(PEP_SESSION session, pEp_identity* ident) {
krista@2311	80
krista@2311	81	char* fpr = ident->fpr;
krista@2311	82	PEP_comm_type ct = ident->comm_type;
krista@2311	83	bool done = false;
krista@2311	84
krista@2311	85	bool revoked, expired;
krista@2311	86	status = key_revoked(session, fpr, &revoked);
krista@2311	87
krista@2311	88	assert(status == PEP_STATUS_OK);
krista@2311	89	if (status != PEP_STATUS_OK) {
krista@2311	90	// only happens when there was a problem
krista@2311	91	// retrieving key.
krista@2311	92	ADD_TO_LOG(status);
krista@2311	93	}
krista@2311	94
krista@2311	95	status = key_expired(session, identity->fpr,
krista@2311	96	time(NULL) + (7243600), // In a week
krista@2311	97	&expired);
krista@2311	98
krista@2311	99	assert(status == PEP_STATUS_OK);
krista@2311	100	if (status != PEP_STATUS_OK)
krista@2311	101	ADD_TO_LOG(status);
krista@2311	102
krista@2311	103	char* retval = fpr;
krista@2311	104
krista@2311	105	// FIXME: bits for pEp
krista@2311	106	if (ident->me && (ct == PEP_ct_pEp) && !revoked && expired) {
krista@2311	107	// extend key
krista@2311	108	timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
krista@2311	109	status = renew_key(session, fpr, ts);
krista@2311	110	free_timestamp(ts);
krista@2311	111
krista@2311	112	if (status == PEP_STATUS_OK) {
krista@2311	113	// if key is valid (second check because pEp key might be extended above)
krista@2311	114	// Return fpr
krista@2311	115	status = key_expired(session, fpr, &expired);
krista@2311	116	// communicate key(?)
krista@2311	117	done = true;
krista@2311	118	}
krista@2311	119	}
krista@2311	120
krista@2311	121	if (revoked)
krista@2311	122	ct = PEP_ct_revoked; // not to be stored. To be used here.
krista@2311	123	else if (expired)
krista@2311	124	ct = PEP_ct_expired;
krista@2311	125
krista@2311	126	switch (ct) {
krista@2311	127	case PEP_ct_key_expired:
krista@2311	128	case PEP_ct_key_revoked
krista@2311	129	case PEP_ct_key_b0rken:
krista@2311	130	// delete key from being default key for all users/identities
krista@2311	131	ident->fpr = NULL;
krista@2311	132	default:
krista@2311	133	break;
krista@2311	134	}
krista@2311	135
krista@2311	136	if (!(revoked \|\| expired \|\| !done))
krista@2311	137	return PEP_STATUS_OK;
krista@2311	138
krista@2311	139	return PEP_UNKNOWN_ERROR; // FIXME - better error
krista@2311	140	}
krista@2311	141
krista@2311	142	// Only call on retrieval of previously stored identity!
krista@2311	143	// Also, we presume that if the stored_identity was sent in
krista@2311	144	// without an fpr, there wasn't one in the trust DB for this
krista@2311	145	// identity.
krista@2311	146	PEP_STATUS get_valid_pubkey(PEP_STATUS session,
krista@2311	147	PEP_STATUS stored_identity) {
krista@2311	148
krista@2311	149	PEP_STATUS status = PEP_STATUS_OK;
krista@2311	150
krista@2311	151	if (!stored_identity \|\| !stored_identity->user_id)
krista@2311	152	return PEP_ILLEGAL_VALUE;
krista@2311	153
krista@2311	154	char* stored_fpr = stored_identity->fpr;
krista@2311	155	// Input: stored identity retrieved from database
krista@2311	156	// if stored identity contains a default key
krista@2311	157	if (stored_fpr) {
krista@2311	158	status = validate_fpr(session, stored_identity);
krista@2311	159	if (status == PEP_STATUS_OK && stored_identity->fpr)
krista@2311	160	return status;
krista@2311	161	}
krista@2311	162	// if no valid default stored identity key found
krista@2311	163	// try to get default key for user_data
krista@2311	164	sqlite3_reset(session->get_user_default_key);
krista@2311	165	sqlite3_bind_text(session->get_user_default_key, 1, stored_identity->user_id,
krista@2311	166	-1, SQLITE_STATIC);
krista@2311	167
krista@2311	168	const int result = sqlite3_step(session->get_user_default_key);
krista@2311	169	const char* user_fpr;
krista@2311	170	bool found = false;
krista@2311	171	if (result == SQLITE_ROW) {
krista@2311	172	user_fpr =
krista@2311	173	(const char *) sqlite3_column_text(session->get_user_default_key, 0);
krista@2311	174	if (user_fpr)
krista@2311	175	found = true;
krista@2311	176	}
krista@2311	177	if (!found)
krista@2311	178	return NULL;
krista@2311	179
krista@2311	180	// There exists a default key for user, so validate
krista@2311	181	// FIXME: we have to be able to validate comm_type too.
krista@2311	182	retval = validate_fpr(session, user_fpr, WTF,
krista@2311	183	stored_identity->me);
krista@2311	184
krista@2311	185	if (!retval) {
krista@2311	186
krista@2311	187	}
krista@2311	188
krista@2311	189	return retval;
krista@2311	190	}
krista@2311	191
edouard@1406	192	PEP_STATUS _myself(PEP_SESSION session, pEp_identity * identity, bool do_keygen, bool ignore_flags);
edouard@1385	193
edouard@1385	194	DYNAMIC_API PEP_STATUS update_identity(
edouard@1385	195	PEP_SESSION session, pEp_identity * identity
vb@0	196	)
vb@0	197	{
roker@1559	198	pEp_identity *stored_identity = NULL;
roker@1559	199	pEp_identity *temp_id = NULL;
vb@0	200	PEP_STATUS status;
vb@0	201
vb@0	202	assert(session);
vb@0	203	assert(identity);
Edouard@439	204	assert(!EMPTYSTR(identity->address));
vb@0	205
Edouard@439	206	if (!(session && identity && !EMPTYSTR(identity->address)))
roker@1853	207	return ADD_TO_LOG(PEP_ILLEGAL_VALUE);
vb@191	208
krista@2311	209	char* own_id = NULL;
krista@2311	210	status = get_own_userid(session, &own_id);
krista@2311	211
krista@2311	212	// Is this me, temporary or not? If so, _myself() is the right call.
krista@2311	213	if (identity->me \|\|
krista@2311	214	(own_id && identity->user_id && (strcmp(own_id, identity->user_id) == 0)))
krista@2311	215	{
krista@2311	216	status = _myself(session, identity, false, true);
krista@2311	217	free(own_id);
krista@2311	218	return status;
vb@1078	219	}
vb@1078	220
krista@2311	221	// We have, at least, an address.
krista@2311	222	// Retrieve stored identity information!
krista@2311	223	pEp_identity* stored_ident = NULL;
krista@2311	224	if (identity->user_id) {
krista@2311	225	// (we're gonna update the trust/fpr anyway, so we user the no-fpr variant)
krista@2311	226	// * do get_identity() to retrieve stored identity information
krista@2317	227	status = get_identity_without_fpr(session, identity->address, identity->user_id, &stored_ident);
krista@2317	228
krista@2317	229	// Before we start - if there was no stored identity, we should check to make sure we don't
krista@2317	230	// have a stored identity with a temporary user_id that differs from the input user_id. This
krista@2317	231	// happens in multithreaded environments sometimes.
krista@2317	232	if (!stored_ident) {
krista@2317	233	identity_list* id_list = NULL;
krista@2317	234	status = get_identities_by_address(session, identity->address, &id_list);
krista@2317	235
krista@2317	236	if (id_list) {
krista@2317	237	identity_list* id_curr = id_list;
krista@2317	238	while (id_curr) {
krista@2317	239	pEp_identity* this_id = id_curr->ident;
krista@2317	240	if (this_id) {
krista@2317	241	char* this_uid = this_id->user_id;
krista@2317	242	if (this_uid && (strstr(this_uid, "TOFU_") == this_uid)) {
krista@2317	243	// FIXME: should we also be fixing pEp_own_userId in this
krista@2317	244	// function here?
krista@2317	245
krista@2317	246	// Ok, we have a temp ID. We have to replace this
krista@2317	247	// with the real ID.
krista@2317	248	status = replace_userid(this_uid, identity->user_id);
krista@2317	249	if (status != PEP_STATUS_OK) {
krista@2317	250	free_identity_list(id_list);
krista@2317	251	return status;
krista@2317	252	}
krista@2317	253
krista@2317	254	free(this_uid);
krista@2317	255
krista@2317	256	// Reflect the change we just made to the DB
krista@2317	257	this_id->user_id = strdup(identity->user_id);
krista@2317	258	stored_ident = this_id;
krista@2317	259	// FIXME: free list.
krista@2317	260	break;
krista@2317	261	}
krista@2317	262	}
krista@2317	263	id_curr = id_curr->next;
krista@2317	264	}
krista@2317	265	}
krista@2317	266	}
krista@2311	267
krista@2317	268	// Ok, now we start the real algorithm:
krista@2311	269	if (identity->username) {
krista@2311	270	/*
krista@2311	271	* Retrieving information of an identity with username supplied
krista@2311	272	* Input: user_id, address, username
krista@2311	273	*/
krista@2311	274	if (status == PEP_STATUS_OK && stored_ident) {
krista@2311	275	// * if identity available
krista@2311	276	// * patch it with username
krista@2311	277	// (note: this will happen when
krista@2311	278	// setting automatically below...)
krista@2317	279	// * elect valid key for identity
krista@2317	280	// * if valid key existS
krista@2317	281	// * set return value's fpr
krista@2317	282	status = get_valid_pubkey(session, stored_ident);
krista@2317	283	if (status == PEP_STATUS_OK && stored_ident->fpr) {
krista@2311	284	// * set identity comm_type from trust db (user_id, FPR)
krista@2317	285	status = get_trust(session, stored_ident);
krista@2317	286	if (status != PEP_STATUS_OK)
krista@2317	287	return status; // FIXME - free mem
krista@2317	288	if (identity->fpr &&
krista@2317	289	strcasecmp(stored_ident->fpr, identity->fpr) != 0) {
krista@2317	290	free(identity->fpr);
krista@2317	291	strdup(identity->fpr, stored_ident->fpr);
krista@2317	292	identity->comm_type = stored_ident->comm_type;
krista@2317	293	}
krista@2317	294	}
krista@2317	295	else {
krista@2317	296	return status; // Couldn't find a key.
krista@2317	297	}
krista@2311	298	// * call set_identity() to store
krista@2311	299	status = set_identity(identity);
krista@2317	300	}
krista@2311	301	// * else (identity unavailable)
krista@2317	302	else {
krista@2311	303	// * create identity with user_id, address, username
krista@2311	304	// * search for a temporary identity for address and username
krista@2311	305	// * if temporary identity available
krista@2311	306	// * modify identity with username
krista@2311	307	// * else
krista@2311	308	// * call set_identity() to store
krista@2311	309	// * Return: modified or created identity
krista@2311	310	//
krista@2317	311	}
krista@2311	312	}
krista@2311	313	else {
krista@2311	314	/*
krista@2311	315	* Retrieving information of an identity without username supplied
krista@2311	316	* Input: user_id, address
krista@2311	317	*/
krista@2311	318	// * doing get_identity() to retrieve stored identity information
krista@2311	319	// * if identity not available
krista@2311	320	// * return error status (identity not found)
krista@2311	321	// * else
krista@2311	322	// * elect valid key for identity (see below)
krista@2311	323	// * if valid key exists
krista@2311	324	// * set identity comm_type from trust db (user_id, FPR)
krista@2311	325	// * set return value's fpr
krista@2311	326	// * ...? (do we also set the stored fpr?)
krista@2311	327	// * Return: identity if available
krista@2311	328
krista@2311	329
krista@2311	330	}
krista@2311	331	}
krista@2311	332	else if (identity->username) {
krista@2311	333	/*
krista@2311	334	* Temporary identity information with username supplied
krista@2311	335	* Input: address, username (no others)
krista@2311	336	*/
krista@2311	337
krista@2311	338	// * Search for an identity with non-temporary user_id with that mapping
krista@2311	339	// * if one found
krista@2311	340	// * find valid key for identity (see below)
krista@2311	341	// * if valid key exists
krista@2311	342	// * set identity comm_type from trust db (user_id, FPR)
krista@2311	343	// * set return value's fpr
krista@2311	344	// * ...? (do we also set the stored fpr?)
krista@2311	345	// * Return this identity
krista@2311	346	// * if many found
krista@2311	347	// * Return the one with newest modification date (yes, this is a heuristics)
krista@2311	348	// * else
krista@2311	349	// * create temporary identity, store it, and Return this
krista@2311	350	}
krista@2311	351	else {
krista@2311	352	/*
krista@2311	353	* Temporary identity information without username suplied
krista@2311	354	* Input: address (no others)
krista@2311	355	*/
krista@2311	356
krista@2311	357	// * Search for identity with this address
krista@2311	358	// * If exactly one found
krista@2311	359	// * elect valid key for identity (see below)
krista@2311	360	// * if valid key exists
krista@2311	361	// * set identity comm_type from trust db (user_id, FPR)
krista@2311	362	// * set return value's fpr
krista@2311	363	// * ...? (do we also set the stored fpr?)
krista@2311	364	// * Return this identity
krista@2311	365	// * else
krista@2311	366	// * return error status (too little information)
krista@2311	367	}
krista@2311	368
krista@2311	369
Edouard@559	370	int _no_user_id = EMPTYSTR(identity->user_id);
edouard@1164	371	int _did_elect_new_key = 0;
Edouard@559	372
Edouard@559	373	if (_no_user_id)
Edouard@559	374	{
krista@2303	375	char* own_id = NULL;
krista@2303	376	status = get_own_userid(session, &own_id);
krista@2303	377	if (status == PEP_STATUS_OK && own_id) {
krista@2303	378	status = get_identity(session, identity->address, own_id,
krista@2303	379	&stored_identity);
krista@2303	380	if (status == PEP_STATUS_OK) {
krista@2303	381	free_identity(stored_identity);
krista@2303	382	identity->user_id = own_id;
krista@2303	383	return _myself(session, identity, false, true);
krista@2303	384	}
vb@1015	385	}
krista@2303	386
Edouard@559	387	free(identity->user_id);
Edouard@559	388
vb@591	389	identity->user_id = calloc(1, strlen(identity->address) + 6);
Edouard@562	390	if (!identity->user_id)
Edouard@559	391	{
Edouard@562	392	return PEP_OUT_OF_MEMORY;
Edouard@559	393	}
vb@983	394	snprintf(identity->user_id, strlen(identity->address) + 6,
Edouard@562	395	"TOFU_%s", identity->address);
Edouard@559	396	}
vb@934	397
Edouard@559	398	status = get_identity(session,
Edouard@559	399	identity->address,
Edouard@559	400	identity->user_id,
Edouard@559	401	&stored_identity);
Edouard@559	402
vb@0	403	assert(status != PEP_OUT_OF_MEMORY);
vb@0	404	if (status == PEP_OUT_OF_MEMORY)
Edouard@829	405	goto exit_free;
vb@0	406
krista@1224	407	temp_id = identity_dup(identity);
krista@1220	408
edouard@1501	409	/* We don't take given fpr.
edouard@1501	410	In case there's no acceptable stored fpr, it will be elected. */
edouard@1501	411	free(temp_id->fpr);
edouard@1501	412	temp_id->fpr = NULL;
edouard@1501	413	temp_id->comm_type = PEP_ct_unknown;
edouard@1501	414
edouard@1501	415	if (stored_identity) {
krista@1188	416
edouard@1501	417	bool dont_use_stored_fpr = true;
krista@1220	418
krista@1220	419	/* if we have a stored_identity fpr */
edouard@1501	420	if (!EMPTYSTR(stored_identity->fpr)) {
krista@1791	421	bool revoked = false;
krista@1791	422	status = key_revoked(session, stored_identity->fpr, &revoked);
krista@1791	423
krista@1791	424	if (status != PEP_STATUS_OK \|\| revoked)
krista@1791	425	dont_use_stored_fpr = true;
krista@1791	426
krista@1791	427	if (revoked) {
krista@1791	428	// Do stuff
krista@1799	429	status = update_trust_for_fpr(session, stored_identity->fpr, PEP_ct_key_revoked);
krista@1791	430	// What to do on failure? FIXME
krista@1799	431	status = replace_identities_fpr(session, stored_identity->fpr, "");
krista@1791	432	}
krista@1797	433	else {
krista@1797	434	status = blacklist_is_listed(session, stored_identity->fpr, &dont_use_stored_fpr);
krista@1797	435	if (status != PEP_STATUS_OK)
krista@1797	436	dont_use_stored_fpr = true;
krista@1797	437	}
krista@1220	438	}
krista@1188	439
krista@1220	440
edouard@1501	441	if (!dont_use_stored_fpr) {
edouard@1501	442	/* Check stored comm_type */
edouard@1501	443	PEP_comm_type _comm_type_key;
edouard@1522	444	status = get_key_rating(session, stored_identity->fpr, &_comm_type_key);
edouard@1501	445	assert(status != PEP_OUT_OF_MEMORY);
edouard@1522	446	if (status == PEP_OUT_OF_MEMORY) {
edouard@1501	447	goto exit_free;
edouard@1522	448	}
edouard@1522	449	if (status == PEP_KEY_NOT_FOUND){
edouard@1522	450	/* stored key was deleted from keyring. any other candidate ?*/
edouard@1522	451	status = elect_pubkey(session, temp_id);
edouard@1522	452	if (status != PEP_STATUS_OK) {
edouard@1522	453	goto exit_free;
edouard@1522	454	} else {
edouard@1522	455	_did_elect_new_key = 1;
edouard@1522	456	}
edouard@1501	457	} else {
edouard@1522	458	temp_id->fpr = strdup(stored_identity->fpr);
edouard@1522	459	assert(temp_id->fpr);
edouard@1522	460	if (temp_id->fpr == NULL) {
edouard@1522	461	status = PEP_OUT_OF_MEMORY;
edouard@1522	462	goto exit_free;
edouard@1522	463	}
edouard@1522	464
edouard@1522	465	if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
edouard@1522	466	/* if key not good anymore,
edouard@1522	467	downgrade eventually trusted comm_type */
edouard@1501	468	temp_id->comm_type = _comm_type_key;
edouard@1522	469	} else {
edouard@1738	470	/* otherwise take stored comm_type as-is except if
edouard@1738	471	is unknown or is expired (but key not expired anymore) */
edouard@1522	472	temp_id->comm_type = stored_identity->comm_type;
edouard@1738	473	if (temp_id->comm_type == PEP_ct_unknown \|\|
edouard@1738	474	temp_id->comm_type == PEP_ct_key_expired) {
edouard@1522	475	temp_id->comm_type = _comm_type_key;
edouard@1522	476	}
edouard@1501	477	}
edouard@1501	478	}
krista@1220	479	}
edouard@1501	480	else {
edouard@1501	481	status = elect_pubkey(session, temp_id);
edouard@1522	482	if (status != PEP_STATUS_OK){
edouard@1501	483	goto exit_free;
edouard@1522	484	} else {
krista@1188	485	_did_elect_new_key = 1;
krista@1188	486	}
krista@1188	487	}
krista@1188	488
krista@1220	489	/* ok, from here on out, use temp_id */
krista@1220	490
krista@1220	491
krista@1220	492	/* At this point, we either have a non-blacklisted fpr we can work */
roker@1559	493	/* with, or we've got nada. */
edouard@1501	494
edouard@1501	495	if (EMPTYSTR(temp_id->fpr)) {
edouard@1501	496	/* nada : set comm_type accordingly */
krista@1243	497	temp_id->comm_type = PEP_ct_key_not_found;
krista@1243	498	}
krista@1243	499
krista@1220	500	if (EMPTYSTR(temp_id->username)) {
krista@1220	501	free(temp_id->username);
krista@1220	502	temp_id->username = strdup(stored_identity->username);
krista@1220	503	assert(temp_id->username);
krista@1220	504	if (temp_id->username == NULL){
Edouard@829	505	status = PEP_OUT_OF_MEMORY;
Edouard@829	506	goto exit_free;
Edouard@829	507	}
vb@22	508	}
vb@22	509
krista@1220	510	if (temp_id->lang[0] == 0) {
krista@1220	511	temp_id->lang[0] = stored_identity->lang[0];
krista@1220	512	temp_id->lang[1] = stored_identity->lang[1];
krista@1220	513	temp_id->lang[2] = 0;
vb@21	514	}
vb@932	515
krista@1220	516	temp_id->flags = stored_identity->flags;
vb@21	517	}
vb@21	518	else /* stored_identity == NULL */ {
krista@1220	519	temp_id->flags = 0;
vb@934	520
edouard@1501	521	/* We elect a pubkey */
edouard@1501	522	status = elect_pubkey(session, temp_id);
edouard@1501	523	if (status != PEP_STATUS_OK)
edouard@1501	524	goto exit_free;
edouard@1501	525
edouard@1501	526	/* Work with the elected key */
krista@1220	527	if (!EMPTYSTR(temp_id->fpr)) {
krista@1196	528
edouard@1502	529	PEP_comm_type _comm_type_key = temp_id->comm_type;
edouard@1502	530
edouard@1502	531	_did_elect_new_key = 1;
edouard@1501	532
edouard@1502	533	// We don't want to lose a previous trust entry!!!
edouard@1502	534	status = get_trust(session, temp_id);
vb@21	535
edouard@1502	536	bool has_trust_status = (status == PEP_STATUS_OK);
edouard@1502	537
edouard@1502	538	if (!has_trust_status)
edouard@1502	539	temp_id->comm_type = _comm_type_key;
vb@21	540	}
vb@21	541	}
vb@21	542
edouard@1501	543	if (temp_id->fpr == NULL) {
krista@1220	544	temp_id->fpr = strdup("");
edouard@1501	545	if (temp_id->fpr == NULL) {
edouard@1501	546	status = PEP_OUT_OF_MEMORY;
edouard@1501	547	goto exit_free;
edouard@1501	548	}
edouard@1501	549	}
krista@1193	550
krista@1193	551
vb@21	552	status = PEP_STATUS_OK;
vb@21	553
krista@1220	554	if (temp_id->comm_type != PEP_ct_unknown && !EMPTYSTR(temp_id->user_id)) {
vb@22	555
krista@1220	556	if (EMPTYSTR(temp_id->username)) { // mitigate
krista@1220	557	free(temp_id->username);
krista@2288	558	temp_id->username = strdup("Anonymous");
krista@1220	559	assert(temp_id->username);
krista@1220	560	if (temp_id->username == NULL){
Edouard@829	561	status = PEP_OUT_OF_MEMORY;
Edouard@829	562	goto exit_free;
Edouard@829	563	}
vb@0	564	}
vb@8	565
Edouard@755	566	// Identity doesn't get stored if call was just about checking existing
Edouard@755	567	// user by address (i.e. no user id given but already stored)
krista@1223	568	if (!(_no_user_id && stored_identity) \|\| _did_elect_new_key)
Edouard@559	569	{
krista@1220	570	status = set_identity(session, temp_id);
Edouard@559	571	assert(status == PEP_STATUS_OK);
Edouard@559	572	if (status != PEP_STATUS_OK) {
Edouard@829	573	goto exit_free;
Edouard@559	574	}
Edouard@499	575	}
vb@8	576	}
vb@8	577
krista@1220	578	if (temp_id->comm_type != PEP_ct_compromized &&
krista@1220	579	temp_id->comm_type < PEP_ct_strong_but_unconfirmed)
vb@297	580	if (session->examine_identity)
krista@1220	581	session->examine_identity(temp_id, session->examine_management);
krista@1220	582
krista@1220	583	/* ok, we got to the end. So we can assign the output identity */
krista@1220	584	free(identity->address);
krista@1220	585	identity->address = strdup(temp_id->address);
krista@1220	586	free(identity->fpr);
krista@1220	587	identity->fpr = strdup(temp_id->fpr);
krista@1220	588	free(identity->user_id);
krista@1220	589	identity->user_id = strdup(temp_id->user_id);
krista@1220	590	free(identity->username);
krista@2288	591	identity->username = strdup(temp_id->username ? temp_id->username : "Anonymous");
krista@1220	592	identity->comm_type = temp_id->comm_type;
krista@1220	593	identity->lang[0] = temp_id->lang[0];
krista@1220	594	identity->lang[1] = temp_id->lang[1];
krista@1220	595	identity->lang[2] = 0;
krista@2288	596	identity->me = temp_id->me;
krista@1220	597	identity->flags = temp_id->flags;
vb@297	598
Edouard@829	599	exit_free :
roker@1559	600	free_identity(stored_identity);
roker@1559	601	free_identity(temp_id);
krista@1220	602
roker@1853	603	return ADD_TO_LOG(status);
vb@0	604	}
vb@0	605
Edouard@774	606	PEP_STATUS elect_ownkey(
krista@1194	607	PEP_SESSION session, pEp_identity * identity
Edouard@774	608	)
Edouard@774	609	{
Edouard@774	610	PEP_STATUS status;
Edouard@774	611	stringlist_t *keylist = NULL;
Edouard@774	612
Edouard@774	613	free(identity->fpr);
Edouard@774	614	identity->fpr = NULL;
Edouard@774	615
krista@1357	616	status = find_private_keys(session, identity->address, &keylist);
Edouard@774	617	assert(status != PEP_OUT_OF_MEMORY);
Edouard@774	618	if (status == PEP_OUT_OF_MEMORY)
Edouard@774	619	return PEP_OUT_OF_MEMORY;
Edouard@774	620
Edouard@774	621	if (keylist != NULL && keylist->value != NULL)
Edouard@774	622	{
Edouard@774	623	char *_fpr = NULL;
Edouard@774	624	identity->comm_type = PEP_ct_unknown;
Edouard@774	625
Edouard@774	626	stringlist_t *_keylist;
Edouard@774	627	for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
Edouard@774	628	bool is_own = false;
Edouard@774	629
edouard@1752	630	status = own_key_is_listed(session, _keylist->value, &is_own);
edouard@1752	631	assert(status == PEP_STATUS_OK);
edouard@1752	632	if (status != PEP_STATUS_OK) {
edouard@1752	633	free_stringlist(keylist);
edouard@1752	634	return status;
Edouard@774	635	}
Edouard@774	636
edouard@1752	637	if (is_own)
Edouard@774	638	{
Edouard@774	639	PEP_comm_type _comm_type_key;
Edouard@774	640
Edouard@774	641	status = get_key_rating(session, _keylist->value, &_comm_type_key);
Edouard@774	642	assert(status != PEP_OUT_OF_MEMORY);
Edouard@774	643	if (status == PEP_OUT_OF_MEMORY) {
Edouard@774	644	free_stringlist(keylist);
Edouard@774	645	return PEP_OUT_OF_MEMORY;
Edouard@774	646	}
Edouard@774	647
Edouard@774	648	if (_comm_type_key != PEP_ct_compromized &&
Edouard@774	649	_comm_type_key != PEP_ct_unknown)
Edouard@774	650	{
Edouard@774	651	if (identity->comm_type == PEP_ct_unknown \|\|
Edouard@774	652	_comm_type_key > identity->comm_type)
Edouard@774	653	{
Edouard@774	654	identity->comm_type = _comm_type_key;
Edouard@774	655	_fpr = _keylist->value;
Edouard@774	656	}
Edouard@774	657	}
Edouard@774	658	}
Edouard@774	659	}
Edouard@774	660
Edouard@774	661	if (_fpr)
Edouard@774	662	{
Edouard@774	663	identity->fpr = strdup(_fpr);
Edouard@774	664	assert(identity->fpr);
Edouard@774	665	if (identity->fpr == NULL)
Edouard@774	666	{
Edouard@774	667	free_stringlist(keylist);
Edouard@774	668	return PEP_OUT_OF_MEMORY;
Edouard@774	669	}
Edouard@774	670	}
Edouard@774	671	free_stringlist(keylist);
Edouard@774	672	}
Edouard@774	673	return PEP_STATUS_OK;
Edouard@774	674	}
Edouard@774	675
krista@1357	676	PEP_STATUS _has_usable_priv_key(PEP_SESSION session, char* fpr,
krista@1357	677	bool* is_usable) {
krista@1357	678
krista@1357	679	bool dont_use_fpr = true;
krista@1357	680
krista@1357	681	PEP_STATUS status = blacklist_is_listed(session, fpr, &dont_use_fpr);
krista@1371	682	if (status == PEP_STATUS_OK && !dont_use_fpr) {
krista@1357	683	// Make sure there is a private key associated with this fpr
krista@1357	684	bool has_private = false;
krista@1357	685	status = contains_priv_key(session, fpr, &has_private);
krista@1371	686
krista@1371	687	if (status == PEP_STATUS_OK)
krista@1371	688	dont_use_fpr = !has_private;
krista@1357	689	}
krista@1357	690
krista@1357	691	*is_usable = !dont_use_fpr;
krista@1357	692
roker@1853	693	return ADD_TO_LOG(status);
krista@1357	694	}
krista@1357	695
edouard@1406	696	PEP_STATUS _myself(PEP_SESSION session, pEp_identity * identity, bool do_keygen, bool ignore_flags)
vb@0	697	{
roker@1559	698	pEp_identity *stored_identity = NULL;
vb@0	699	PEP_STATUS status;
vb@0	700
vb@0	701	assert(session);
vb@0	702	assert(identity);
vb@1044	703	assert(!EMPTYSTR(identity->address));
vb@1043	704
krista@2303	705	char* own_id = NULL;
krista@2303	706	status = get_own_userid(session, &own_id);
krista@2303	707
krista@2308	708
Edouard@658	709	assert(EMPTYSTR(identity->user_id) \|\|
krista@2305	710	(own_id && strcmp(identity->user_id, own_id) == 0) \|\|
krista@2305	711	!own_id);
vb@0	712
vb@1044	713	if (!(session && identity && !EMPTYSTR(identity->address) &&
vb@1043	714	(EMPTYSTR(identity->user_id) \|\|
krista@2305	715	(own_id && strcmp(identity->user_id, own_id) == 0) \|\|
krista@2305	716	!own_id)))
roker@1853	717	return ADD_TO_LOG(PEP_ILLEGAL_VALUE);
vb@191	718
krista@2308	719	if (!own_id) {
krista@2308	720	// check to see if we have ANY identity for this address... could have
krista@2308	721	// happened due to race condition
krista@2308	722	}
krista@2308	723
vb@0	724	identity->comm_type = PEP_ct_pEp;
krista@2288	725	identity->me = true;
edouard@1406	726	if(ignore_flags)
edouard@1406	727	identity->flags = 0;
Edouard@658	728
vb@1043	729	if (EMPTYSTR(identity->user_id))
Edouard@658	730	{
Edouard@658	731	free(identity->user_id);
krista@2303	732	identity->user_id = (own_id ? own_id : strdup(PEP_OWN_USERID));
Edouard@658	733	assert(identity->user_id);
Edouard@658	734	if (identity->user_id == NULL)
Edouard@658	735	return PEP_OUT_OF_MEMORY;
Edouard@658	736	}
vb@0	737
edouard@1488	738	if (EMPTYSTR(identity->username))
edouard@1488	739	{
edouard@1488	740	free(identity->username);
krista@2219	741	identity->username = strdup("Anonymous");
edouard@1488	742	assert(identity->username);
edouard@1488	743	if (identity->username == NULL)
edouard@1488	744	return PEP_OUT_OF_MEMORY;
edouard@1488	745	}
edouard@1488	746
vb@215	747	DEBUG_LOG("myself", "debug", identity->address);
vb@1044	748
Edouard@560	749	status = get_identity(session,
Edouard@560	750	identity->address,
Edouard@560	751	identity->user_id,
Edouard@560	752	&stored_identity);
Edouard@560	753
vb@0	754	assert(status != PEP_OUT_OF_MEMORY);
vb@0	755	if (status == PEP_OUT_OF_MEMORY)
vb@0	756	return PEP_OUT_OF_MEMORY;
krista@1357	757
krista@1357	758	bool dont_use_stored_fpr = true;
krista@1357	759	bool dont_use_input_fpr = true;
krista@1359	760
Edouard@560	761	if (stored_identity)
Edouard@560	762	{
Edouard@560	763	if (EMPTYSTR(identity->fpr)) {
krista@1352	764
krista@1357	765	bool has_private = false;
krista@1352	766
krista@1357	767	status = _has_usable_priv_key(session, stored_identity->fpr, &has_private);
krista@1352	768
krista@1371	769	// N.B. has_private is never true if the returned status is not PEP_STATUS_OK
krista@1357	770	if (has_private) {
krista@1357	771	identity->fpr = strdup(stored_identity->fpr);
krista@1357	772	assert(identity->fpr);
krista@1357	773	if (identity->fpr == NULL)
krista@1357	774	{
krista@1357	775	return PEP_OUT_OF_MEMORY;
krista@1357	776	}
krista@1357	777	dont_use_stored_fpr = false;
Edouard@560	778	}
Edouard@560	779	}
krista@1357	780
edouard@1406	781	identity->flags = (identity->flags & 255) \| stored_identity->flags;
edouard@1367	782	free_identity(stored_identity);
Edouard@588	783	}
krista@1357	784
krista@1357	785	if (dont_use_stored_fpr && !EMPTYSTR(identity->fpr))
Edouard@588	786	{
Edouard@588	787	// App must have a good reason to give fpr, such as explicit
Edouard@588	788	// import of private key, or similar.
Edouard@588	789
Edouard@658	790	// Take given fpr as-is.
vb@934	791
krista@1357	792	// BUT:
krista@1357	793	// First check to see if it's blacklisted or private part is missing?
krista@1357	794	bool has_private = false;
krista@1357	795
krista@1357	796	status = _has_usable_priv_key(session, identity->fpr, &has_private);
krista@1357	797
krista@1371	798	// N.B. has_private is never true if the returned status is not PEP_STATUS_OK
krista@1357	799	if (has_private) {
krista@1357	800	dont_use_input_fpr = false;
krista@1357	801	}
Edouard@560	802	}
krista@1357	803
krista@1357	804	// Ok, we failed to get keys either way, so let's elect one.
krista@1357	805	if (dont_use_input_fpr && dont_use_stored_fpr)
Edouard@560	806	{
Edouard@774	807	status = elect_ownkey(session, identity);
Edouard@774	808	assert(status == PEP_STATUS_OK);
Edouard@774	809	if (status != PEP_STATUS_OK) {
roker@1853	810	return ADD_TO_LOG(status);
Edouard@560	811	}
vb@934	812
krista@1357	813	bool has_private = false;
krista@1359	814	if (identity->fpr) {
krista@1359	815	// ok, we elected something.
krista@1359	816	// elect_ownkey only returns private keys, so we don't check again.
krista@1359	817	// Check to see if it's blacklisted
krista@1359	818	bool listed;
krista@1359	819	status = blacklist_is_listed(session, identity->fpr, &listed);
krista@1371	820
krista@1371	821	if (status == PEP_STATUS_OK)
krista@1371	822	has_private = !listed;
krista@1359	823	}
krista@1357	824
krista@1357	825	if (has_private) {
krista@1357	826	dont_use_input_fpr = false;
krista@1357	827	}
krista@1357	828	else { // OK, we've tried everything. Time to generate new keys.
krista@1359	829	free(identity->fpr); // It can stay in this state (unallocated) because we'll generate a new key
krista@1359	830	identity->fpr = NULL;
krista@1357	831	}
Edouard@560	832	}
Edouard@695	833
Edouard@695	834	bool revoked = false;
Edouard@695	835	char *r_fpr = NULL;
Edouard@695	836	if (!EMPTYSTR(identity->fpr))
Edouard@695	837	{
Edouard@695	838	status = key_revoked(session, identity->fpr, &revoked);
Edouard@775	839
edouard@1752	840	if (status != PEP_STATUS_OK)
Edouard@775	841	{
roker@1853	842	return ADD_TO_LOG(status);
Edouard@695	843	}
Edouard@695	844	}
edouard@1140	845
Edouard@695	846	if (EMPTYSTR(identity->fpr) \|\| revoked)
roker@1734	847	{
edouard@1385	848	if(!do_keygen){
roker@1853	849	return ADD_TO_LOG(PEP_GET_KEY_FAILED);
edouard@1385	850	}
edouard@1385	851
Edouard@695	852	if(revoked)
Edouard@695	853	{
Edouard@697	854	r_fpr = identity->fpr;
Edouard@697	855	identity->fpr = NULL;
Edouard@695	856	}
Edouard@560	857
vb@215	858	DEBUG_LOG("generating key pair", "debug", identity->address);
vb@0	859	status = generate_keypair(session, identity);
vb@0	860	assert(status != PEP_OUT_OF_MEMORY);
vb@0	861	if (status != PEP_STATUS_OK) {
vb@0	862	char buf[11];
vb@0	863	snprintf(buf, 11, "%d", status);
vb@215	864	DEBUG_LOG("generating key pair failed", "debug", buf);
Edouard@695	865	if(revoked && r_fpr)
Edouard@695	866	free(r_fpr);
roker@1853	867	return ADD_TO_LOG(status);
vb@0	868	}
edouard@1140	869
Edouard@560	870
Edouard@695	871	if(revoked)
Edouard@695	872	{
Edouard@695	873	status = set_revoked(session, r_fpr,
Edouard@695	874	identity->fpr, time(NULL));
Edouard@695	875	free(r_fpr);
Edouard@695	876	if (status != PEP_STATUS_OK) {
roker@1853	877	return ADD_TO_LOG(status);
Edouard@695	878	}
Edouard@371	879	}
vb@0	880	}
Edouard@560	881	else
Edouard@560	882	{
vb@214	883	bool expired;
Edouard@701	884	status = key_expired(session, identity->fpr,
Edouard@701	885	time(NULL) + (7243600), // In a week
Edouard@701	886	&expired);
Edouard@701	887
vb@214	888	assert(status == PEP_STATUS_OK);
Edouard@499	889	if (status != PEP_STATUS_OK) {
roker@1853	890	return ADD_TO_LOG(status);
Edouard@499	891	}
vb@214	892
vb@214	893	if (status == PEP_STATUS_OK && expired) {
vb@214	894	timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
Edouard@560	895	renew_key(session, identity->fpr, ts);
vb@214	896	free_timestamp(ts);
vb@214	897	}
vb@214	898	}
vb@0	899
krista@1353	900	if (!identity->username)
krista@1353	901	identity->username = strdup("");
krista@1353	902
vb@0	903	status = set_identity(session, identity);
vb@0	904	assert(status == PEP_STATUS_OK);
Edouard@499	905	if (status != PEP_STATUS_OK) {
Edouard@588	906	return status;
Edouard@499	907	}
vb@0	908
roker@1853	909	return ADD_TO_LOG(PEP_STATUS_OK);
vb@0	910	}
vb@0	911
krista@2308	912	DYNAMIC_API PEP_STATUS initialise_own_identities(PEP_SESSION session,
krista@2308	913	identity_list* my_idents) {
krista@2308	914	PEP_STATUS status = PEP_STATUS_OK;
krista@2308	915	if (!session)
krista@2308	916	return PEP_ILLEGAL_VALUE;
krista@2308	917
krista@2308	918	char* stored_own_userid = NULL;
krista@2308	919	get_own_userid(session, &stored_own_userid);
krista@2308	920
krista@2308	921	identity_list* ident_curr = my_idents;
krista@2308	922	while (ident_curr) {
krista@2308	923	pEp_identity* ident = ident_curr->ident;
krista@2308	924	if (!ident)
krista@2308	925	return PEP_ILLEGAL_VALUE;
krista@2308	926
krista@2308	927	if (stored_own_userid) {
krista@2308	928	if (!ident->user_id)
krista@2308	929	ident->user_id = strdup(stored_own_userid);
krista@2308	930	else if (strcmp(stored_own_userid, ident->user_id) != 0)
krista@2308	931	return PEP_ILLEGAL_VALUE;
krista@2308	932	}
krista@2308	933	else if (!ident->user_id) {
krista@2308	934	stored_own_userid = PEP_OWN_USERID;
krista@2308	935	ident->user_id = strdup(PEP_OWN_USERID);
krista@2308	936	}
krista@2308	937
krista@2308	938	ident->me = true; // Just in case.
krista@2308	939
krista@2308	940	// Ok, do it...
krista@2308	941	status = set_identity(session, ident);
krista@2308	942	if (status != PEP_STATUS_OK)
krista@2308	943	return status;
krista@2308	944
krista@2308	945	ident_curr = ident_curr->next;
krista@2308	946	}
krista@2308	947
krista@2308	948	return status;
krista@2308	949	}
krista@2308	950
edouard@1385	951	DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
edouard@1385	952	{
roker@1853	953	return ADD_TO_LOG(_myself(session, identity, true, false));
edouard@1385	954	}
edouard@1385	955
vb@296	956	DYNAMIC_API PEP_STATUS register_examine_function(
vb@292	957	PEP_SESSION session,
vb@292	958	examine_identity_t examine_identity,
vb@292	959	void *management
vb@292	960	)
vb@292	961	{
vb@292	962	assert(session);
vb@292	963	if (!session)
vb@292	964	return PEP_ILLEGAL_VALUE;
vb@292	965
vb@292	966	session->examine_management = management;
vb@292	967	session->examine_identity = examine_identity;
vb@292	968
vb@292	969	return PEP_STATUS_OK;
vb@292	970	}
vb@292	971
vb@0	972	DYNAMIC_API PEP_STATUS do_keymanagement(
vb@0	973	retrieve_next_identity_t retrieve_next_identity,
vb@0	974	void *management
vb@0	975	)
vb@0	976	{
vb@0	977	PEP_SESSION session;
vb@0	978	pEp_identity *identity;
Edouard@499	979	PEP_STATUS status;
vb@0	980
vb@24	981	assert(retrieve_next_identity);
vb@24	982	assert(management);
vb@24	983
Edouard@499	984	if (!retrieve_next_identity \|\| !management)
Edouard@499	985	return PEP_ILLEGAL_VALUE;
Edouard@499	986
Edouard@499	987	status = init(&session);
Edouard@499	988	assert(status == PEP_STATUS_OK);
Edouard@499	989	if (status != PEP_STATUS_OK)
Edouard@499	990	return status;
Edouard@499	991
vb@0	992	log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);
vb@0	993
Edouard@499	994	while ((identity = retrieve_next_identity(management)))
Edouard@499	995	{
vb@0	996	assert(identity->address);
Edouard@499	997	if(identity->address)
Edouard@499	998	{
Edouard@499	999	DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);
Edouard@499	1000
edouard@1945	1001	if (_identity_me(identity)) {
Edouard@499	1002	status = myself(session, identity);
Edouard@499	1003	} else {
Edouard@499	1004	status = recv_key(session, identity->address);
Edouard@499	1005	}
Edouard@499	1006
vb@0	1007	assert(status != PEP_OUT_OF_MEMORY);
Edouard@499	1008	if(status == PEP_OUT_OF_MEMORY)
Edouard@499	1009	return PEP_OUT_OF_MEMORY;
vb@0	1010	}
vb@0	1011	free_identity(identity);
vb@0	1012	}
vb@0	1013
vb@0	1014	log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);
vb@0	1015
vb@0	1016	release(session);
vb@0	1017	return PEP_STATUS_OK;
vb@0	1018	}
vb@0	1019
krista@1213	1020	DYNAMIC_API PEP_STATUS key_mistrusted(
vb@357	1021	PEP_SESSION session,
vb@357	1022	pEp_identity *ident
vb@357	1023	)
vb@215	1024	{
vb@218	1025	PEP_STATUS status = PEP_STATUS_OK;
vb@218	1026
vb@215	1027	assert(session);
vb@357	1028	assert(ident);
Edouard@439	1029	assert(!EMPTYSTR(ident->fpr));
vb@215	1030
vb@357	1031	if (!(session && ident && ident->fpr))
vb@215	1032	return PEP_ILLEGAL_VALUE;
vb@215	1033
edouard@1945	1034	if (_identity_me(ident))
Edouard@697	1035	{
vb@357	1036	revoke_key(session, ident->fpr, NULL);
Edouard@697	1037	myself(session, ident);
Edouard@697	1038	}
Edouard@697	1039	else
Edouard@697	1040	{
krista@2129	1041	// for undo
krista@2129	1042	if (session->cached_mistrusted)
krista@2129	1043	free(session->cached_mistrusted);
krista@2129	1044	session->cached_mistrusted = identity_dup(ident);
Edouard@697	1045	status = mark_as_compromized(session, ident->fpr);
Edouard@697	1046	}
vb@218	1047
vb@218	1048	return status;
vb@215	1049	}
vb@215	1050
krista@2129	1051	DYNAMIC_API PEP_STATUS undo_last_mistrust(PEP_SESSION session) {
krista@2129	1052	assert(session);
krista@2129	1053
krista@2129	1054	if (!session)
krista@2129	1055	return PEP_ILLEGAL_VALUE;
krista@2129	1056
krista@2129	1057	PEP_STATUS status = PEP_STATUS_OK;
krista@2129	1058
krista@2129	1059	pEp_identity* cached_ident = session->cached_mistrusted;
krista@2129	1060
krista@2129	1061	if (!cached_ident)
krista@2129	1062	status = PEP_CANNOT_FIND_IDENTITY;
krista@2129	1063	else {
krista@2129	1064	status = set_identity(session, cached_ident);
krista@2129	1065	free_identity(session->cached_mistrusted);
krista@2129	1066	}
krista@2129	1067
krista@2129	1068	session->cached_mistrusted = NULL;
krista@2129	1069
krista@2129	1070	return status;
krista@2129	1071	}
krista@2129	1072
Edouard@410	1073	DYNAMIC_API PEP_STATUS key_reset_trust(
Edouard@410	1074	PEP_SESSION session,
Edouard@410	1075	pEp_identity *ident
Edouard@410	1076	)
Edouard@410	1077	{
Edouard@410	1078	PEP_STATUS status = PEP_STATUS_OK;
Edouard@410	1079
Edouard@410	1080	assert(session);
Edouard@410	1081	assert(ident);
edouard@1945	1082	assert(!_identity_me(ident));
Edouard@439	1083	assert(!EMPTYSTR(ident->fpr));
Edouard@439	1084	assert(!EMPTYSTR(ident->address));
Edouard@439	1085	assert(!EMPTYSTR(ident->user_id));
Edouard@410	1086
edouard@1945	1087	if (!(session && ident && !_identity_me(ident) && ident->fpr && ident->address &&
vb@420	1088	ident->user_id))
Edouard@410	1089	return PEP_ILLEGAL_VALUE;
Edouard@410	1090
vb@420	1091	status = update_identity(session, ident);
vb@420	1092	if (status != PEP_STATUS_OK)
vb@420	1093	return status;
Edouard@410	1094
Edouard@442	1095	if (ident->comm_type == PEP_ct_mistrusted)
vb@421	1096	ident->comm_type = PEP_ct_unknown;
vb@421	1097	else
vb@421	1098	ident->comm_type &= ~PEP_ct_confirmed;
vb@421	1099
vb@420	1100	status = set_identity(session, ident);
vb@421	1101	if (status != PEP_STATUS_OK)
vb@421	1102	return status;
vb@421	1103
vb@422	1104	if (ident->comm_type == PEP_ct_unknown)
vb@422	1105	status = update_identity(session, ident);
Edouard@410	1106	return status;
Edouard@410	1107	}
Edouard@410	1108
vb@354	1109	DYNAMIC_API PEP_STATUS trust_personal_key(
vb@354	1110	PEP_SESSION session,
vb@354	1111	pEp_identity *ident
vb@354	1112	)
vb@354	1113	{
vb@354	1114	PEP_STATUS status = PEP_STATUS_OK;
vb@354	1115
vb@354	1116	assert(session);
vb@354	1117	assert(ident);
Edouard@439	1118	assert(!EMPTYSTR(ident->address));
Edouard@439	1119	assert(!EMPTYSTR(ident->user_id));
Edouard@439	1120	assert(!EMPTYSTR(ident->fpr));
vb@354	1121
Edouard@439	1122	if (!ident \|\| EMPTYSTR(ident->address) \|\| EMPTYSTR(ident->user_id) \|\|
edouard@1945	1123	EMPTYSTR(ident->fpr))
vb@354	1124	return PEP_ILLEGAL_VALUE;
vb@354	1125
vb@354	1126	status = update_identity(session, ident);
vb@354	1127	if (status != PEP_STATUS_OK)
vb@354	1128	return status;
vb@354	1129
vb@356	1130	if (ident->comm_type > PEP_ct_strong_but_unconfirmed) {
vb@356	1131	ident->comm_type \|= PEP_ct_confirmed;
Edouard@488	1132	status = set_identity(session, ident);
vb@356	1133	}
vb@356	1134	else {
vb@356	1135	// MISSING: S/MIME has to be handled depending on trusted CAs
vb@370	1136	status = PEP_CANNOT_SET_TRUST;
vb@356	1137	}
vb@354	1138
vb@354	1139	return status;
vb@354	1140	}
vb@354	1141
Edouard@584	1142	DYNAMIC_API PEP_STATUS own_key_is_listed(
vb@955	1143	PEP_SESSION session,
vb@955	1144	const char *fpr,
vb@955	1145	bool *listed
vb@955	1146	)
Edouard@584	1147	{
Edouard@584	1148	PEP_STATUS status = PEP_STATUS_OK;
Edouard@584	1149	int count;
Edouard@584	1150
Edouard@584	1151	assert(session && fpr && fpr[0] && listed);
Edouard@584	1152
Edouard@584	1153	if (!(session && fpr && fpr[0] && listed))
Edouard@584	1154	return PEP_ILLEGAL_VALUE;
Edouard@584	1155
Edouard@584	1156	*listed = false;
Edouard@584	1157
Edouard@584	1158	sqlite3_reset(session->own_key_is_listed);
Edouard@584	1159	sqlite3_bind_text(session->own_key_is_listed, 1, fpr, -1, SQLITE_STATIC);
Edouard@584	1160
Edouard@584	1161	int result;
Edouard@584	1162
Edouard@584	1163	result = sqlite3_step(session->own_key_is_listed);
Edouard@584	1164	switch (result) {
Edouard@584	1165	case SQLITE_ROW:
Edouard@584	1166	count = sqlite3_column_int(session->own_key_is_listed, 0);
Edouard@584	1167	*listed = count > 0;
krista@2288	1168	status = PEP_STATUS_OK;
Edouard@584	1169	break;
Edouard@584	1170
Edouard@584	1171	default:
Edouard@584	1172	status = PEP_UNKNOWN_ERROR;
Edouard@584	1173	}
Edouard@584	1174
Edouard@584	1175	sqlite3_reset(session->own_key_is_listed);
Edouard@584	1176	return status;
Edouard@584	1177	}
Edouard@584	1178
edouard@1412	1179	PEP_STATUS _own_identities_retrieve(
vb@955	1180	PEP_SESSION session,
edouard@1412	1181	identity_list **own_identities,
edouard@1412	1182	identity_flags_t excluded_flags
vb@955	1183	)
Edouard@584	1184	{
Edouard@584	1185	PEP_STATUS status = PEP_STATUS_OK;
Edouard@584	1186
vb@955	1187	assert(session && own_identities);
vb@955	1188	if (!(session && own_identities))
Edouard@584	1189	return PEP_ILLEGAL_VALUE;
Edouard@584	1190
vb@955	1191	*own_identities = NULL;
vb@955	1192	identity_list *_own_identities = new_identity_list(NULL);
vb@955	1193	if (_own_identities == NULL)
Edouard@584	1194	goto enomem;
Edouard@584	1195
vb@955	1196	sqlite3_reset(session->own_identities_retrieve);
Edouard@584	1197
Edouard@584	1198	int result;
vb@955	1199	// address, fpr, username, user_id, comm_type, lang, flags
vb@955	1200	const char *address = NULL;
Edouard@584	1201	const char *fpr = NULL;
vb@955	1202	const char *username = NULL;
vb@955	1203	const char *user_id = NULL;
vb@955	1204	PEP_comm_type comm_type = PEP_ct_unknown;
vb@955	1205	const char *lang = NULL;
vb@955	1206	unsigned int flags = 0;
Edouard@584	1207
vb@955	1208	identity_list *_bl = _own_identities;
Edouard@584	1209	do {
edouard@1412	1210	sqlite3_bind_int(session->own_identities_retrieve, 1, excluded_flags);
vb@955	1211	result = sqlite3_step(session->own_identities_retrieve);
Edouard@584	1212	switch (result) {
Edouard@584	1213	case SQLITE_ROW:
vb@955	1214	address = (const char *)
vb@955	1215	sqlite3_column_text(session->own_identities_retrieve, 0);
vb@955	1216	fpr = (const char *)
vb@955	1217	sqlite3_column_text(session->own_identities_retrieve, 1);
krista@2301	1218	user_id = (const char *)
krista@2301	1219	sqlite3_column_text(session->own_identities_retrieve, 2);
vb@1071	1220	username = (const char *)
krista@2301	1221	sqlite3_column_text(session->own_identities_retrieve, 3);
vb@1071	1222	comm_type = PEP_ct_pEp;
vb@1071	1223	lang = (const char *)
krista@2301	1224	sqlite3_column_text(session->own_identities_retrieve, 4);
vb@1071	1225	flags = (unsigned int)
krista@2301	1226	sqlite3_column_int(session->own_identities_retrieve, 5);
vb@955	1227
vb@1078	1228	pEp_identity *ident = new_identity(address, fpr, user_id, username);
vb@1079	1229	if (!ident)
Edouard@584	1230	goto enomem;
vb@955	1231	ident->comm_type = comm_type;
vb@955	1232	if (lang && lang[0]) {
vb@955	1233	ident->lang[0] = lang[0];
vb@955	1234	ident->lang[1] = lang[1];
vb@1078	1235	ident->lang[2] = 0;
vb@955	1236	}
krista@2288	1237	ident->me = true;
vb@955	1238	ident->flags = flags;
vb@955	1239
vb@955	1240	_bl = identity_list_add(_bl, ident);
vb@1080	1241	if (_bl == NULL) {
vb@1080	1242	free_identity(ident);
Edouard@584	1243	goto enomem;
vb@1080	1244	}
Edouard@584	1245
Edouard@584	1246	break;
Edouard@584	1247
Edouard@584	1248	case SQLITE_DONE:
Edouard@584	1249	break;
Edouard@584	1250
Edouard@584	1251	default:
Edouard@584	1252	status = PEP_UNKNOWN_ERROR;
Edouard@584	1253	result = SQLITE_DONE;
Edouard@584	1254	}
Edouard@584	1255	} while (result != SQLITE_DONE);
Edouard@584	1256
vb@955	1257	sqlite3_reset(session->own_identities_retrieve);
Edouard@584	1258	if (status == PEP_STATUS_OK)
vb@955	1259	*own_identities = _own_identities;
Edouard@584	1260	else
vb@955	1261	free_identity_list(_own_identities);
Edouard@584	1262
Edouard@584	1263	goto the_end;
Edouard@584	1264
Edouard@584	1265	enomem:
vb@955	1266	free_identity_list(_own_identities);
Edouard@584	1267	status = PEP_OUT_OF_MEMORY;
Edouard@584	1268
Edouard@584	1269	the_end:
Edouard@584	1270	return status;
Edouard@584	1271	}
vb@955	1272
edouard@1412	1273	DYNAMIC_API PEP_STATUS own_identities_retrieve(
edouard@1364	1274	PEP_SESSION session,
edouard@1412	1275	identity_list **own_identities
edouard@1412	1276	)
edouard@1412	1277	{
edouard@1412	1278	return _own_identities_retrieve(session, own_identities, 0);
edouard@1412	1279	}
edouard@1412	1280
edouard@1412	1281	PEP_STATUS _own_keys_retrieve(
edouard@1412	1282	PEP_SESSION session,
edouard@1412	1283	stringlist_t **keylist,
edouard@1412	1284	identity_flags_t excluded_flags
edouard@1364	1285	)
edouard@1364	1286	{
edouard@1364	1287	PEP_STATUS status = PEP_STATUS_OK;
edouard@1364	1288
edouard@1364	1289	assert(session && keylist);
edouard@1364	1290	if (!(session && keylist))
edouard@1364	1291	return PEP_ILLEGAL_VALUE;
edouard@1364	1292
edouard@1364	1293	*keylist = NULL;
edouard@1364	1294	stringlist_t *_keylist = NULL;
edouard@1364	1295
edouard@1394	1296	sqlite3_reset(session->own_keys_retrieve);
edouard@1364	1297
edouard@1364	1298	int result;
edouard@1364	1299	char *fpr = NULL;
edouard@1364	1300
edouard@1364	1301	stringlist_t *_bl = _keylist;
edouard@1364	1302	do {
edouard@1412	1303	sqlite3_bind_int(session->own_keys_retrieve, 1, excluded_flags);
edouard@1394	1304	result = sqlite3_step(session->own_keys_retrieve);
edouard@1364	1305	switch (result) {
edouard@1364	1306	case SQLITE_ROW:
edouard@1394	1307	fpr = strdup((const char *) sqlite3_column_text(session->own_keys_retrieve, 0));
edouard@1364	1308	if(fpr == NULL)
edouard@1364	1309	goto enomem;
edouard@1364	1310
edouard@1364	1311	_bl = stringlist_add(_bl, fpr);
edouard@1364	1312	if (_bl == NULL) {
edouard@1364	1313	free(fpr);
edouard@1364	1314	goto enomem;
edouard@1364	1315	}
edouard@1364	1316	if (_keylist == NULL)
edouard@1364	1317	_keylist = _bl;
edouard@1364	1318
edouard@1364	1319	break;
edouard@1364	1320
edouard@1364	1321	case SQLITE_DONE:
edouard@1364	1322	break;
edouard@1364	1323
edouard@1364	1324	default:
edouard@1364	1325	status = PEP_UNKNOWN_ERROR;
edouard@1364	1326	result = SQLITE_DONE;
edouard@1364	1327	}
edouard@1364	1328	} while (result != SQLITE_DONE);
edouard@1364	1329
edouard@1394	1330	sqlite3_reset(session->own_keys_retrieve);
edouard@1364	1331	if (status == PEP_STATUS_OK)
edouard@1364	1332	*keylist = _keylist;
edouard@1364	1333	else
edouard@1364	1334	free_stringlist(_keylist);
edouard@1364	1335
edouard@1364	1336	goto the_end;
edouard@1364	1337
edouard@1364	1338	enomem:
edouard@1364	1339	free_stringlist(_keylist);
edouard@1364	1340	status = PEP_OUT_OF_MEMORY;
edouard@1364	1341
edouard@1364	1342	the_end:
edouard@1364	1343	return status;
edouard@1364	1344	}
edouard@1364	1345
edouard@1412	1346	DYNAMIC_API PEP_STATUS own_keys_retrieve(PEP_SESSION session, stringlist_t **keylist)
edouard@1412	1347	{
edouard@1412	1348	return _own_keys_retrieve(session, keylist, 0);
edouard@1412	1349	}
edouard@1412	1350
edouard@1760	1351	// FIXME: should it be be used when sync receive old keys ? (ENGINE-145)
edouard@1394	1352	DYNAMIC_API PEP_STATUS set_own_key(
edouard@1394	1353	PEP_SESSION session,
edouard@1394	1354	const char *address,
edouard@1394	1355	const char *fpr
edouard@1394	1356	)
edouard@1394	1357	{
edouard@1394	1358	PEP_STATUS status = PEP_STATUS_OK;
edouard@1394	1359
edouard@1394	1360	assert(session &&
edouard@1760	1361	address &&
edouard@1394	1362	fpr && fpr[0]
edouard@1394	1363	);
edouard@1394	1364
edouard@1394	1365	if (!(session &&
edouard@1760	1366	address &&
edouard@1394	1367	fpr && fpr[0]
edouard@1394	1368	))
edouard@1394	1369	return PEP_ILLEGAL_VALUE;
krista@2301	1370
krista@2301	1371
krista@2301	1372	// First see if we have it in own identities already, AND we retrieve
krista@2301	1373	// our own user_id
krista@2301	1374	pEp_identity* my_id = NULL;
krista@2301	1375	identity_list* my_identities = NULL;
krista@2301	1376	char* my_user_id = NULL;
krista@2301	1377	status = own_identities_retrieve(session, &my_identities);
edouard@1394	1378
krista@2301	1379	if (status == PEP_STATUS_OK) {
krista@2301	1380	if (my_identities) {
krista@2301	1381	if (!(my_identities->ident && my_identities->ident->user_id))
krista@2301	1382	return PEP_ILLEGAL_VALUE;
krista@2301	1383
krista@2301	1384	my_user_id = strdup(my_identities->ident->user_id);
krista@2301	1385
krista@2301	1386	if (!my_user_id)
krista@2301	1387	return PEP_OUT_OF_MEMORY;
krista@2301	1388
krista@2301	1389	// Probably cheaper than all the strcmps if there are many,
krista@2301	1390	// plus this avoids the capitalisation and . problems:
krista@2301	1391
krista@2301	1392	status = get_identity(session, my_user_id, address, &my_id);
krista@2301	1393
krista@2301	1394	if (status == PEP_STATUS_OK && my_id) {
krista@2304	1395	if (my_id->fpr && strcasecmp(my_id->fpr, fpr) == 0) {
krista@2301	1396	// We're done. It was already here.
krista@2301	1397	// FIXME: Do we check trust/revocation/?
krista@2301	1398	goto pep_free;
krista@2301	1399	}
krista@2301	1400	}
krista@2301	1401
krista@2301	1402	// Otherwise, we see if there's a binding for this user_id/key
krista@2301	1403	// in the trust DB
edouard@1394	1404
krista@2301	1405	// If there's an id w/ user_id + address
krista@2301	1406	if (my_id) {
krista@2301	1407	free(my_id->fpr);
krista@2301	1408	my_id->fpr = my_user_id;
krista@2304	1409	my_id->comm_type = PEP_ct_pEp;
krista@2304	1410	my_id->me = true; // just in case?
krista@2301	1411	}
krista@2301	1412	else { // Else, we need a new identity
krista@2304	1413	my_id = new_identity(address, fpr, my_user_id, NULL);
krista@2301	1414	if (status != PEP_STATUS_OK)
krista@2301	1415	goto pep_free;
krista@2304	1416	my_id->me = true;
krista@2304	1417	my_id->comm_type = PEP_ct_pEp;
krista@2301	1418	}
krista@2301	1419	}
krista@2301	1420	else {
krista@2301	1421	// I think the prerequisite should be that at least one own identity
krista@2301	1422	// already in the DB, so REALLY look at this.
krista@2301	1423	return PEP_CANNOT_FIND_IDENTITY;
krista@2301	1424	}
krista@2301	1425
krista@2301	1426	status = set_identity(session, my_id);
krista@2301	1427	}
edouard@1394	1428
krista@2301	1429	pep_free:
krista@2301	1430	free(my_id);
krista@2301	1431	free(my_user_id);
edouard@1394	1432	return status;
edouard@1394	1433	}
krista@1357	1434
krista@1357	1435	PEP_STATUS contains_priv_key(PEP_SESSION session, const char *fpr,
krista@1357	1436	bool *has_private) {
krista@1357	1437
krista@1357	1438	assert(session);
krista@1357	1439	assert(fpr);
krista@1357	1440	assert(has_private);
krista@1357	1441
krista@1357	1442	if (!(session && fpr && has_private))
krista@1357	1443	return PEP_ILLEGAL_VALUE;
krista@1357	1444
krista@1357	1445	return session->cryptotech[PEP_crypt_OpenPGP].contains_priv_key(session, fpr, has_private);
edouard@1385	1446	}

author	Krista Bennett <krista@pep-project.org>
	Fri, 15 Dec 2017 12:49:03 +0100
branch	ENGINE-289
changeset 2317	b80dd91c8869
parent 2311	688b925c3e73
child 2319	93c84d8281d2
permissions	-rw-r--r--