Automatically bumped RC in source for future release. Next RC after this one will be 2.1.0-RC17 **if released**.
1 // This file is under GNU General Public License 3.0
12 #include "pEp_internal.h"
13 #include "keymanagement.h"
15 #include "blacklist.h"
17 static bool key_matches_address(PEP_SESSION session, const char* address,
19 if (!session || !address || !fpr)
23 stringlist_t *keylist = NULL;
24 PEP_STATUS status = find_keys(session, address, &keylist);
25 if (status == PEP_STATUS_OK && keylist) {
26 stringlist_t* curr = keylist;
29 if (strcasecmp(curr->value, fpr)) {
38 free_stringlist(keylist);
42 PEP_STATUS elect_pubkey(
43 PEP_SESSION session, pEp_identity * identity, bool check_blacklist
47 stringlist_t *keylist = NULL;
49 identity->comm_type = PEP_ct_unknown;
51 status = find_keys(session, identity->address, &keylist);
52 assert(status != PEP_OUT_OF_MEMORY);
53 if (status == PEP_OUT_OF_MEMORY)
54 return PEP_OUT_OF_MEMORY;
56 if (!keylist || !keylist->value)
57 identity->comm_type = PEP_ct_key_not_found;
59 stringlist_t *_keylist;
60 for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
61 PEP_comm_type _comm_type_key;
63 status = get_key_rating(session, _keylist->value, &_comm_type_key);
64 assert(status != PEP_OUT_OF_MEMORY);
65 if (status == PEP_OUT_OF_MEMORY) {
66 free_stringlist(keylist);
67 return PEP_OUT_OF_MEMORY;
70 if (_comm_type_key != PEP_ct_compromised &&
71 _comm_type_key != PEP_ct_unknown)
73 if (identity->comm_type == PEP_ct_unknown ||
74 _comm_type_key > identity->comm_type)
76 bool blacklisted = false;
77 bool mistrusted = false;
78 status = is_mistrusted_key(session, _keylist->value, &mistrusted);
79 if (status == PEP_STATUS_OK && check_blacklist)
80 status = blacklist_is_listed(session, _keylist->value, &blacklisted);
81 if (status == PEP_STATUS_OK && !mistrusted && !blacklisted) {
82 identity->comm_type = _comm_type_key;
83 _fpr = _keylist->value;
91 if (!_fpr || _fpr[0] == '\0')
94 identity->fpr = strdup(_fpr);
95 if (identity->fpr == NULL) {
96 free_stringlist(keylist);
97 return PEP_OUT_OF_MEMORY;
101 free_stringlist(keylist);
102 return PEP_STATUS_OK;
106 // own_must_contain_private is usually true when calling;
107 // we only set it to false when we have the idea of
108 // possibly having an own pubkey that we need to check on its own
109 static PEP_STATUS validate_fpr(PEP_SESSION session,
111 bool check_blacklist,
112 bool own_must_contain_private) {
114 PEP_STATUS status = PEP_STATUS_OK;
116 if (!session || !ident || !ident->fpr || !ident->fpr[0])
117 return PEP_ILLEGAL_VALUE;
119 char* fpr = ident->fpr;
121 bool has_private = false;
122 status = contains_priv_key(session, fpr, &has_private);
124 if (ident->me && own_must_contain_private) {
125 if (status != PEP_STATUS_OK || !has_private)
126 return PEP_KEY_UNSUITABLE;
128 else if (status != PEP_STATUS_OK && has_private) // should never happen
131 status = get_trust(session, ident);
132 if (status != PEP_STATUS_OK)
133 ident->comm_type = PEP_ct_unknown;
135 PEP_comm_type ct = ident->comm_type;
137 if (ct == PEP_ct_unknown) {
138 // If status is bad, it's ok, we get the rating
139 // we should use then (PEP_ct_unknown)
140 get_key_rating(session, fpr, &ct);
141 ident->comm_type = ct;
143 else if (ct == PEP_ct_key_expired || ct == PEP_ct_key_expired_but_confirmed) {
144 PEP_comm_type ct_expire_check = PEP_ct_unknown;
145 get_key_rating(session, fpr, &ct_expire_check);
146 if (ct_expire_check >= PEP_ct_strong_but_unconfirmed) {
147 ident->comm_type = ct_expire_check;
148 if (ct == PEP_ct_key_expired_but_confirmed)
149 ident->comm_type |= PEP_ct_confirmed;
150 ct = ident->comm_type;
151 // We need to fix this trust in the DB.
152 status = set_trust(session, ident);
157 bool pEp_user = false;
159 is_pEp_user(session, ident, &pEp_user);
164 case PEP_ct_OpenPGP_unconfirmed:
165 ct += 0x47; // difference between PEP and OpenPGP values;
166 ident->comm_type = ct;
173 bool revoked, expired;
174 bool blacklisted = false;
176 status = key_revoked(session, fpr, &revoked);
178 if (status != PEP_STATUS_OK) {
183 time_t exp_time = (ident->me ?
184 time(NULL) + (7*24*3600) : time(NULL));
186 status = key_expired(session, fpr,
190 assert(status == PEP_STATUS_OK);
191 if (status != PEP_STATUS_OK)
194 if (check_blacklist && IS_PGP_CT(ct) &&
196 status = blacklist_is_listed(session,
200 if (status != PEP_STATUS_OK)
205 if (ident->me && has_private &&
206 (ct >= PEP_ct_strong_but_unconfirmed) &&
207 !revoked && expired) {
209 timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
210 status = renew_key(session, fpr, ts);
213 if (status == PEP_STATUS_OK) {
214 // if key is valid (second check because pEp key might be extended above)
216 status = key_expired(session, fpr, time(NULL), &expired);
217 if (status != PEP_STATUS_OK)
221 if (ident->comm_type & PEP_ct_confirmed || (ident->comm_type == PEP_ct_key_expired_but_confirmed))
222 ident->comm_type = PEP_ct_key_expired_but_confirmed;
224 ident->comm_type = PEP_ct_key_expired;
227 // communicate key(?)
232 ct = PEP_ct_key_revoked;
234 if (ident->comm_type & PEP_ct_confirmed || (ident->comm_type == PEP_ct_key_expired_but_confirmed))
235 ct = PEP_ct_key_expired_but_confirmed;
237 ct = PEP_ct_key_expired;
239 else if (blacklisted) { // never true for .me
240 ident->comm_type = ct = PEP_ct_key_not_found;
242 ident->fpr = strdup("");
243 status = PEP_KEY_BLACKLISTED;
247 case PEP_ct_key_expired:
248 case PEP_ct_key_expired_but_confirmed:
249 case PEP_ct_key_revoked:
250 case PEP_ct_key_b0rken:
251 // delete key from being default key for all users/identities
252 status = remove_fpr_as_default(session, fpr);
253 status = update_trust_for_fpr(session,
256 case PEP_ct_mistrusted:
259 ident->comm_type = ct;
260 status = PEP_KEY_UNSUITABLE;
268 PEP_STATUS get_all_keys_for_user(PEP_SESSION session,
270 stringlist_t** keys) {
272 if (!session || EMPTYSTR(user_id) || !keys)
273 return PEP_ILLEGAL_VALUE;
275 PEP_STATUS status = PEP_STATUS_OK;
278 stringlist_t* _kl = NULL;
280 sqlite3_reset(session->get_all_keys_for_user);
281 sqlite3_bind_text(session->get_all_keys_for_user, 1, user_id, -1, SQLITE_STATIC);
285 while ((result = sqlite3_step(session->get_all_keys_for_user)) == SQLITE_ROW) {
286 const char* keyres = (const char *) sqlite3_column_text(session->get_all_keys_for_user, 0);
289 stringlist_add(_kl, keyres);
291 _kl = new_stringlist(keyres);
296 return PEP_KEY_NOT_FOUND;
300 sqlite3_reset(session->get_all_keys_for_user);
305 PEP_STATUS get_user_default_key(PEP_SESSION session, const char* user_id,
306 char** default_key) {
310 if (!session || !user_id)
311 return PEP_ILLEGAL_VALUE;
313 PEP_STATUS status = PEP_STATUS_OK;
315 // try to get default key for user_data
316 sqlite3_reset(session->get_user_default_key);
317 sqlite3_bind_text(session->get_user_default_key, 1, user_id,
320 const int result = sqlite3_step(session->get_user_default_key);
321 char* user_fpr = NULL;
322 if (result == SQLITE_ROW) {
324 (char *) sqlite3_column_text(session->get_user_default_key, 0);
326 user_fpr = strdup(u_fpr);
329 status = PEP_GET_KEY_FAILED;
331 sqlite3_reset(session->get_user_default_key);
333 *default_key = user_fpr;
337 // Only call on retrieval of previously stored identity!
338 // Also, we presume that if the stored_identity was sent in
339 // without an fpr, there wasn't one in the trust DB for this
341 PEP_STATUS get_valid_pubkey(PEP_SESSION session,
342 pEp_identity* stored_identity,
343 bool* is_identity_default,
344 bool* is_user_default,
345 bool* is_address_default,
346 bool check_blacklist) {
348 PEP_STATUS status = PEP_STATUS_OK;
350 if (!stored_identity || EMPTYSTR(stored_identity->user_id)
351 || !is_identity_default || !is_user_default || !is_address_default)
352 return PEP_ILLEGAL_VALUE;
354 *is_identity_default = *is_user_default = *is_address_default = false;
356 PEP_comm_type first_reject_comm_type = PEP_ct_key_not_found;
357 PEP_STATUS first_reject_status = PEP_KEY_NOT_FOUND;
359 char* stored_fpr = stored_identity->fpr;
360 // Input: stored identity retrieved from database
361 // if stored identity contains a default key
362 if (!EMPTYSTR(stored_fpr)) {
363 status = validate_fpr(session, stored_identity, check_blacklist, true);
364 if (status == PEP_STATUS_OK && !EMPTYSTR(stored_identity->fpr)) {
365 *is_identity_default = *is_address_default = true;
368 else if (status != PEP_KEY_NOT_FOUND) {
369 first_reject_status = status;
370 first_reject_comm_type = stored_identity->comm_type;
373 // if no valid default stored identity key found
374 free(stored_identity->fpr);
375 stored_identity->fpr = NULL;
377 char* user_fpr = NULL;
378 status = get_user_default_key(session, stored_identity->user_id, &user_fpr);
380 if (!EMPTYSTR(user_fpr)) {
381 // There exists a default key for user, so validate
382 stored_identity->fpr = user_fpr;
383 status = validate_fpr(session, stored_identity, check_blacklist, true);
384 if (status == PEP_STATUS_OK && stored_identity->fpr) {
385 *is_user_default = true;
386 *is_address_default = key_matches_address(session,
387 stored_identity->address,
388 stored_identity->fpr);
391 else if (status != PEP_KEY_NOT_FOUND && first_reject_status != PEP_KEY_NOT_FOUND) {
392 first_reject_status = status;
393 first_reject_comm_type = stored_identity->comm_type;
397 status = elect_pubkey(session, stored_identity, check_blacklist);
398 if (status == PEP_STATUS_OK) {
399 if (!EMPTYSTR(stored_identity->fpr))
400 validate_fpr(session, stored_identity, false, true); // blacklist already filtered of needed
402 else if (status != PEP_KEY_NOT_FOUND && first_reject_status != PEP_KEY_NOT_FOUND) {
403 first_reject_status = status;
404 first_reject_comm_type = stored_identity->comm_type;
407 switch (stored_identity->comm_type) {
408 case PEP_ct_key_revoked:
409 case PEP_ct_key_b0rken:
410 case PEP_ct_key_expired:
411 case PEP_ct_key_expired_but_confirmed:
412 case PEP_ct_compromised:
413 case PEP_ct_mistrusted:
414 // this only happens when it's all there is
415 status = first_reject_status;
416 free(stored_identity->fpr);
417 stored_identity->fpr = NULL;
418 stored_identity->comm_type = first_reject_comm_type;
421 if (check_blacklist && status == PEP_KEY_BLACKLISTED) {
422 free(stored_identity->fpr);
423 stored_identity->fpr = NULL;
424 stored_identity->comm_type = PEP_ct_key_not_found;
431 static void transfer_ident_lang_and_flags(pEp_identity* new_ident,
432 pEp_identity* stored_ident) {
433 if (new_ident->lang[0] == 0) {
434 new_ident->lang[0] = stored_ident->lang[0];
435 new_ident->lang[1] = stored_ident->lang[1];
436 new_ident->lang[2] = 0;
439 new_ident->flags = stored_ident->flags;
440 new_ident->me = new_ident->me || stored_ident->me;
443 static void adjust_pEp_trust_status(PEP_SESSION session, pEp_identity* identity) {
447 if (identity->comm_type < PEP_ct_strong_but_unconfirmed ||
448 (identity->comm_type | PEP_ct_confirmed) == PEP_ct_pEp)
453 is_pEp_user(session, identity, &pEp_user);
456 PEP_comm_type confirmation_status = identity->comm_type & PEP_ct_confirmed;
457 identity->comm_type = PEP_ct_pEp_unconfirmed | confirmation_status;
458 if (identity->major_ver == 0) {
459 identity->major_ver = 2;
460 identity->minor_ver = 0;
466 static PEP_STATUS prepare_updated_identity(PEP_SESSION session,
467 pEp_identity* return_id,
468 pEp_identity* stored_ident,
471 if (!session || !return_id || !stored_ident)
472 return PEP_ILLEGAL_VALUE;
476 bool is_identity_default, is_user_default, is_address_default;
477 bool no_stored_default = EMPTYSTR(stored_ident->fpr);
479 status = get_valid_pubkey(session, stored_ident,
480 &is_identity_default,
485 if (status == PEP_STATUS_OK && stored_ident->fpr && *(stored_ident->fpr) != '\0') {
486 // set identity comm_type from trust db (user_id, FPR)
487 status = get_trust(session, stored_ident);
488 if (status == PEP_CANNOT_FIND_IDENTITY || stored_ident->comm_type == PEP_ct_unknown) {
489 // This is OK - there is no trust DB entry, but we
490 // found a key. We won't store this, but we'll
492 PEP_comm_type ct = PEP_ct_unknown;
493 status = get_key_rating(session, stored_ident->fpr, &ct);
494 stored_ident->comm_type = ct;
497 else if (status != PEP_STATUS_OK) {
498 free(stored_ident->fpr);
499 stored_ident->fpr = NULL;
500 stored_ident->comm_type = PEP_ct_key_not_found;
502 else { // no key returned, but status ok?
503 if (stored_ident->comm_type == PEP_ct_unknown)
504 stored_ident->comm_type = PEP_ct_key_not_found;
506 free(return_id->fpr);
507 return_id->fpr = NULL;
508 if (status == PEP_STATUS_OK && !EMPTYSTR(stored_ident->fpr))
509 return_id->fpr = strdup(stored_ident->fpr);
511 return_id->comm_type = stored_ident->comm_type;
513 // We patch the DB with the input username, but if we didn't have
514 // one, we pull it out of storage if available.
515 if (!EMPTYSTR(stored_ident->username)) {
516 if (!EMPTYSTR(return_id->username) &&
517 (strcasecmp(return_id->username, return_id->address) == 0)) {
518 free(return_id->username);
519 return_id->username = NULL;
521 if (EMPTYSTR(return_id->username)) {
522 free(return_id->username);
523 return_id->username = strdup(stored_ident->username);
527 if (EMPTYSTR(return_id->username))
528 return_id->username = strdup(return_id->address);
531 return_id->me = stored_ident->me;
533 return_id->major_ver = stored_ident->major_ver;
534 return_id->minor_ver = stored_ident->minor_ver;
536 // FIXME: Do we ALWAYS do this? We probably should...
537 if (EMPTYSTR(return_id->user_id)) {
538 free(return_id->user_id);
539 return_id->user_id = strdup(stored_ident->user_id);
542 adjust_pEp_trust_status(session, return_id);
544 // Call set_identity() to store
545 if ((is_identity_default || is_user_default) &&
546 is_address_default) {
547 // if we got an fpr which is default for either user
548 // or identity AND is valid for this address, set in DB
550 status = set_identity(session, return_id);
552 else if (no_stored_default && !EMPTYSTR(return_id->fpr)
553 && return_id->comm_type != PEP_ct_key_revoked
554 && return_id->comm_type != PEP_ct_key_expired
555 && return_id->comm_type != PEP_ct_key_expired_but_confirmed
556 && return_id->comm_type != PEP_ct_mistrusted
557 && return_id->comm_type != PEP_ct_key_b0rken) {
558 // We would have stored this anyway for a first-time elected key. We just have an ident w/ no default already.
559 status = set_identity(session, return_id);
561 else { // this is a key other than the default, but there IS a default (FIXME: fdik, do we really want behaviour below?)
562 // Store without default fpr/ct, but return the fpr and ct
564 char* save_fpr = return_id->fpr;
565 PEP_comm_type save_ct = return_id->comm_type;
566 return_id->fpr = NULL;
567 return_id->comm_type = PEP_ct_unknown;
568 PEP_STATUS save_status = status;
569 status = set_identity(session, return_id);
570 if (save_status != PEP_STATUS_OK)
571 status = save_status;
572 return_id->fpr = save_fpr;
573 return_id->comm_type = save_ct;
576 transfer_ident_lang_and_flags(return_id, stored_ident);
577 return_id->enc_format = stored_ident->enc_format;
579 if (return_id->comm_type == PEP_ct_unknown)
580 return_id->comm_type = PEP_ct_key_not_found;
585 DYNAMIC_API PEP_STATUS update_identity(
586 PEP_SESSION session, pEp_identity * identity
593 assert(!EMPTYSTR(identity->address));
595 if (!(session && identity && !EMPTYSTR(identity->address)))
596 return PEP_ILLEGAL_VALUE;
598 char* default_own_id = NULL;
599 status = get_default_own_userid(session, &default_own_id);
601 bool is_own_user = identity->me;
603 // Is this me, temporary or not? If so, BAIL.
605 if (default_own_id) {
606 if (!EMPTYSTR(identity->user_id)) {
607 if (strcmp(default_own_id, identity->user_id) == 0) {
612 if (get_userid_alias_default(session, identity->user_id, &alias) == PEP_STATUS_OK) {
613 if (alias && strcmp(default_own_id, alias) == 0)
620 // Check if own address. For now, this is a special case;
621 // we try to require apps to send in user_ids, but must prevent
622 // writes to an own identity from within THIS function
623 // NOTE: These semantics MAY CHANGE.
624 bool _own_addr = false;
625 is_own_address(session, identity->address, &_own_addr);
627 // N.B. KB: I would prefer consistent semantics here - that is to say,
628 // we also set is_own_user here and force PEP_ILLEGAL_VALUE
630 free(identity->user_id);
631 identity->user_id = strdup(default_own_id);
632 return _myself(session, identity, false, false, true);
636 // Otherwise, we don't even HAVE an own user yet, so we're ok.
640 free(default_own_id);
641 return PEP_ILLEGAL_VALUE;
644 // We have, at least, an address.
645 // Retrieve stored identity information!
646 pEp_identity* stored_ident = NULL;
648 if (!EMPTYSTR(identity->user_id)) {
649 // (we're gonna update the trust/fpr anyway, so we use the no-fpr-from-trust-db variant)
650 // * do get_identity() to retrieve stored identity information
651 status = get_identity_without_trust_check(session, identity->address, identity->user_id, &stored_ident);
653 // Before we start - if there was no stored identity, we should check to make sure we don't
654 // have a stored identity with a temporary user_id that differs from the input user_id. This
655 // happens in multithreaded environments sometimes.
657 identity_list* id_list = NULL;
658 status = get_identities_by_address(session, identity->address, &id_list);
661 identity_list* id_curr = id_list;
662 bool input_is_TOFU = (strstr(identity->user_id, "TOFU_") == identity->user_id);
664 pEp_identity* this_id = id_curr->ident;
666 char* this_uid = this_id->user_id;
667 bool curr_is_TOFU = false;
668 // this_uid should never be NULL, as this is half of the ident
670 assert(!EMPTYSTR(this_uid));
672 curr_is_TOFU = (strstr(this_uid, "TOFU_") == this_uid);
673 if (curr_is_TOFU && !input_is_TOFU) {
674 // FIXME: should we also be fixing pEp_own_userId in this
677 // if usernames match, we replace the userid.
678 // FIXME: do we need to create an address match function which
679 // matches the whole dot-and-case rigamarole from
680 if (EMPTYSTR(this_id->username) ||
681 strcasecmp(this_id->username, this_id->address) == 0 ||
682 (identity->username &&
683 strcasecmp(identity->username,
684 this_id->username) == 0)) {
686 // Ok, we have a temp ID. We have to replace this
688 status = replace_userid(session,
691 if (status != PEP_STATUS_OK) {
692 free_identity_list(id_list);
693 free(default_own_id);
700 // Reflect the change we just made to the DB
701 this_id->user_id = strdup(identity->user_id);
702 stored_ident = this_id;
707 else if (input_is_TOFU && !curr_is_TOFU) {
708 // Replace ruthlessly - this is NOT supposed to happen.
709 // BAD APP BEHAVIOUR.
710 free(identity->user_id);
711 identity->user_id = strdup(this_id->user_id);
712 stored_ident = this_id;
717 id_curr = id_curr->next;
722 if (status == PEP_STATUS_OK && stored_ident) {
723 // * if identity available
724 // * patch it with username
725 // (note: this will happen when
726 // setting automatically below...)
727 // * elect valid key for identity
728 // * if valid key exists
729 // * set return value's fpr
730 status = prepare_updated_identity(session,
734 // * else (identity unavailable)
736 status = PEP_STATUS_OK;
738 // FIXME: We may need to roll this back.
739 // FIXME: change docs if we don't
740 // if we only have user_id and address and identity not available
741 // * return error status (identity not found)
742 if (EMPTYSTR(identity->username)) {
743 free(identity->username);
744 identity->username = strdup(identity->address);
747 // Otherwise, if we had user_id, address, and username:
748 // * create identity with user_id, address, username
749 // (this is the input id without the fpr + comm type!)
751 elect_pubkey(session, identity, false);
753 // * We've already checked and retrieved
754 // any applicable temporary identities above. If we're
755 // here, none of them fit.
756 // * call set_identity() to store
757 // FIXME: Do we set if we had to copy in the address?
758 adjust_pEp_trust_status(session, identity);
759 status = set_identity(session, identity);
760 // * Return: created identity
763 else if (!EMPTYSTR(identity->username)) {
765 * Temporary identity information with username supplied
766 * Input: address, username (no others)
769 // * See if there is an own identity that uses this address. If so, we'll
773 if (default_own_id) {
774 status = get_identity(session,
779 // If there isn't an own identity, search for a non-temp stored ident
780 // with this address.
781 if (status == PEP_CANNOT_FIND_IDENTITY || !stored_ident) {
783 identity_list* id_list = NULL;
784 status = get_identities_by_address(session, identity->address, &id_list);
787 identity_list* id_curr = id_list;
789 pEp_identity* this_id = id_curr->ident;
791 char* this_uid = this_id->user_id;
792 assert(!EMPTYSTR(this_uid));
793 // Should never be NULL - DB primary key
795 if (strstr(this_uid, "TOFU_") != this_uid) {
796 // if usernames match, we replace the userid.
797 if (identity->username &&
798 strcasecmp(identity->username,
799 this_id->username) == 0) {
801 // Ok, we have a real ID. Copy it!
802 identity->user_id = strdup(this_uid);
803 assert(identity->user_id);
804 if (!identity->user_id)
807 stored_ident = this_id;
813 id_curr = id_curr->next;
819 status = prepare_updated_identity(session,
824 identity->user_id = calloc(1, strlen(identity->address) + 6);
825 if (!identity->user_id)
828 snprintf(identity->user_id, strlen(identity->address) + 6,
829 "TOFU_%s", identity->address);
831 status = get_identity(session,
836 if (status == PEP_STATUS_OK && stored_ident) {
837 status = prepare_updated_identity(session,
843 // * We've already checked and retrieved
844 // any applicable temporary identities above. If we're
845 // here, none of them fit.
847 status = elect_pubkey(session, identity, false);
849 // * call set_identity() to store
851 // it is still possible we have DB information on this key. Better check.
852 status = get_trust(session, identity);
853 PEP_comm_type db_ct = identity->comm_type;
854 status = get_key_rating(session, identity->fpr, &identity->comm_type);
855 PEP_comm_type key_ct = identity->comm_type;
857 if (status == PEP_STATUS_OK) {
859 case PEP_ct_key_expired:
860 if (db_ct == PEP_ct_key_expired_but_confirmed)
861 identity->comm_type = db_ct;
865 case PEP_ct_key_expired_but_confirmed:
866 if (key_ct >= PEP_ct_strong_but_unconfirmed)
867 identity->comm_type |= PEP_ct_confirmed;
869 case PEP_ct_mistrusted:
870 case PEP_ct_compromised:
871 case PEP_ct_key_b0rken:
872 identity->comm_type = db_ct;
880 // * call set_identity() to store
881 adjust_pEp_trust_status(session, identity);
882 status = set_identity(session, identity);
888 * Input: address (no others)
889 * Temporary identity information without username suplied
892 // * Again, see if there is an own identity that uses this address. If so, we'll
896 if (default_own_id) {
897 status = get_identity(session,
902 // If there isn't an own identity, search for a non-temp stored ident
903 // with this address.
904 if (status == PEP_CANNOT_FIND_IDENTITY || !stored_ident) {
906 identity_list* id_list = NULL;
907 // * Search for identity with this address
908 status = get_identities_by_address(session, identity->address, &id_list);
910 // Results are ordered by timestamp descending, so this covers
911 // both the one-result and multi-result cases
913 if (stored_ident) // unlikely
914 free_identity(stored_ident);
915 stored_ident = id_list->ident;
919 status = prepare_updated_identity(session, identity,
920 stored_ident, false);
922 // too little info. BUT. We see if we can find a key; if so, we create a
923 // temp identity, look for a key, and store.
925 // create temporary identity, store it, and Return this
926 // This means TOFU_ user_id
927 identity->user_id = calloc(1, strlen(identity->address) + 6);
928 if (!identity->user_id)
931 snprintf(identity->user_id, strlen(identity->address) + 6,
932 "TOFU_%s", identity->address);
934 identity->username = strdup(identity->address);
935 if (!identity->address)
939 identity->fpr = NULL;
940 identity->comm_type = PEP_ct_unknown;
942 status = elect_pubkey(session, identity, false);
945 status = get_key_rating(session, identity->fpr, &identity->comm_type);
947 // * call set_identity() to store
948 adjust_pEp_trust_status(session, identity);
949 status = set_identity(session, identity);
954 // FIXME: This is legacy. I presume it's a notification for the caller...
955 // Revisit once I can talk to Volker
956 if (identity->comm_type != PEP_ct_compromised &&
957 identity->comm_type < PEP_ct_strong_but_unconfirmed)
958 if (session->examine_identity)
959 session->examine_identity(identity, session->examine_management);
964 status = PEP_OUT_OF_MEMORY;
967 free(default_own_id);
968 free_identity(stored_ident);
972 PEP_STATUS elect_ownkey(
973 PEP_SESSION session, pEp_identity * identity
977 stringlist_t *keylist = NULL;
980 identity->fpr = NULL;
982 status = find_private_keys(session, identity->address, &keylist);
983 assert(status != PEP_OUT_OF_MEMORY);
984 if (status == PEP_OUT_OF_MEMORY)
985 return PEP_OUT_OF_MEMORY;
987 if (keylist != NULL && keylist->value != NULL)
990 identity->comm_type = PEP_ct_unknown;
992 stringlist_t *_keylist;
993 for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
996 status = own_key_is_listed(session, _keylist->value, &is_own);
997 assert(status == PEP_STATUS_OK);
998 if (status != PEP_STATUS_OK) {
999 free_stringlist(keylist);
1005 PEP_comm_type _comm_type_key;
1007 status = get_key_rating(session, _keylist->value, &_comm_type_key);
1008 assert(status != PEP_OUT_OF_MEMORY);
1009 if (status == PEP_OUT_OF_MEMORY) {
1010 free_stringlist(keylist);
1011 return PEP_OUT_OF_MEMORY;
1014 if (_comm_type_key != PEP_ct_compromised &&
1015 _comm_type_key != PEP_ct_unknown)
1017 if (identity->comm_type == PEP_ct_unknown ||
1018 _comm_type_key > identity->comm_type)
1020 identity->comm_type = _comm_type_key;
1021 _fpr = _keylist->value;
1029 identity->fpr = strdup(_fpr);
1030 assert(identity->fpr);
1031 if (identity->fpr == NULL)
1033 free_stringlist(keylist);
1034 return PEP_OUT_OF_MEMORY;
1037 free_stringlist(keylist);
1039 return PEP_STATUS_OK;
1042 PEP_STATUS _has_usable_priv_key(PEP_SESSION session, char* fpr,
1045 bool has_private = false;
1046 PEP_STATUS status = contains_priv_key(session, fpr, &has_private);
1048 *is_usable = has_private;
1053 PEP_STATUS _myself(PEP_SESSION session,
1054 pEp_identity * identity,
1064 assert(!EMPTYSTR(identity->address));
1066 if (!session || EMPTYSTR(identity->address))
1067 return PEP_ILLEGAL_VALUE;
1069 // this is leading to crashes otherwise
1071 if (!(identity->user_id && identity->user_id[0])) {
1072 free(identity->user_id);
1073 identity->user_id = strdup(PEP_OWN_USERID);
1074 assert(identity->user_id);
1075 if (!identity->user_id)
1076 return PEP_OUT_OF_MEMORY;
1079 pEp_identity *stored_identity = NULL;
1080 char* revoked_fpr = NULL;
1081 bool valid_key_found = false;
1083 char* default_own_id = NULL;
1084 status = get_default_own_userid(session, &default_own_id);
1086 // Deal with non-default user_ids.
1087 // FIXME: if non-default and read-only, reject totally?
1088 if (default_own_id && strcmp(default_own_id, identity->user_id) != 0) {
1090 free(identity->user_id);
1091 identity->user_id = strdup(default_own_id);
1092 assert(identity->user_id);
1093 if (!identity->user_id)
1094 return PEP_OUT_OF_MEMORY;
1097 status = set_userid_alias(session, default_own_id, identity->user_id);
1098 // Do we want this to be fatal? For now, we'll do it...
1099 if (status != PEP_STATUS_OK)
1102 free(identity->user_id);
1103 identity->user_id = strdup(default_own_id);
1104 assert(identity->user_id);
1105 if (identity->user_id == NULL) {
1106 status = PEP_OUT_OF_MEMORY;
1112 // NOTE: IF WE DON'T YET HAVE AN OWN_ID, WE IGNORE REFERENCES TO THIS ADDRESS IN THE
1113 // DB (WHICH MAY HAVE BEEN SET BEFORE MYSELF WAS CALLED BY RECEIVING AN EMAIL FROM
1114 // THIS ADDRESS), AS IT IS NOT AN OWN_IDENTITY AND HAS NO INFORMATION WE NEED OR WHAT TO
1117 // Ok, so now, set up the own_identity:
1118 identity->comm_type = PEP_ct_pEp;
1119 identity->me = true;
1121 identity->flags = 0;
1123 // Let's see if we have an identity record in the DB for
1124 // this user_id + address
1125 // DEBUG_LOG("myself", "debug", identity->address);
1127 // This will grab the actual flags from the db
1128 status = get_identity(session,
1133 assert(status != PEP_OUT_OF_MEMORY);
1134 if (status == PEP_OUT_OF_MEMORY) {
1135 status = PEP_OUT_OF_MEMORY;
1139 // Set usernames - priority is input username > stored name > address
1140 // If there's an input username, we always patch the username with that
1142 if (EMPTYSTR(identity->username) || read_only) {
1143 bool stored_uname = (stored_identity && !EMPTYSTR(stored_identity->username));
1144 char* uname = (stored_uname ? stored_identity->username : identity->address);
1146 free(identity->username);
1147 identity->username = strdup(uname);
1148 assert(identity->username);
1149 if (identity->username == NULL) {
1150 status = PEP_OUT_OF_MEMORY;
1158 if (identity->fpr) {
1159 free(identity->fpr);
1160 identity->fpr = NULL;
1163 // check stored identity
1164 if (stored_identity) {
1165 if (!EMPTYSTR(stored_identity->fpr)) {
1166 // Fall back / retrieve
1167 status = validate_fpr(session, stored_identity, false, true);
1168 if (status == PEP_OUT_OF_MEMORY)
1170 if (status == PEP_STATUS_OK) {
1171 if (stored_identity->comm_type >= PEP_ct_strong_but_unconfirmed) {
1172 identity->fpr = strdup(stored_identity->fpr);
1173 assert(identity->fpr);
1174 if (!identity->fpr) {
1175 status = PEP_OUT_OF_MEMORY;
1178 valid_key_found = true;
1181 bool revoked = false;
1182 status = key_revoked(session, stored_identity->fpr, &revoked);
1186 revoked_fpr = strdup(stored_identity->fpr);
1187 assert(revoked_fpr);
1189 status = PEP_OUT_OF_MEMORY;
1196 // reconcile language, flags
1197 transfer_ident_lang_and_flags(identity, stored_identity);
1200 // Nothing left to do but generate a key
1201 if (!valid_key_found) {
1202 if (!do_keygen || read_only)
1203 status = PEP_GET_KEY_FAILED;
1205 // / DEBUG_LOG("Generating key pair", "debug", identity->address);
1207 free(identity->fpr);
1208 identity->fpr = NULL;
1209 status = generate_keypair(session, identity);
1210 assert(status != PEP_OUT_OF_MEMORY);
1212 if (status != PEP_STATUS_OK) {
1214 snprintf(buf, 11, "%d", status); // uh, this is kludgey. FIXME
1215 // DEBUG_LOG("Generating key pair failed", "debug", buf);
1218 valid_key_found = true;
1220 status = set_revoked(session, revoked_fpr,
1221 stored_identity->fpr, time(NULL));
1222 assert(status == PEP_STATUS_OK);
1228 if (valid_key_found) {
1229 identity->comm_type = PEP_ct_pEp;
1230 status = PEP_STATUS_OK;
1233 free(identity->fpr);
1234 identity->fpr = NULL;
1235 identity->comm_type = PEP_ct_unknown;
1238 unsigned int major_ver = 0;
1239 unsigned int minor_ver = 0;
1240 pEp_version_major_minor(PEP_VERSION, &major_ver, &minor_ver);
1241 identity->major_ver = major_ver;
1242 identity->minor_ver = minor_ver;
1244 // We want to set an identity in the DB even if a key isn't found, but we have to preserve the status if
1247 PEP_STATUS set_id_status = set_identity(session, identity);
1248 if (set_id_status == PEP_STATUS_OK)
1249 set_id_status = set_as_pEp_user(session, identity);
1251 status = (status == PEP_STATUS_OK ? set_id_status : status);
1255 free(default_own_id);
1257 free_identity(stored_identity);
1261 DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
1263 return _myself(session, identity, true, false, false);
1266 DYNAMIC_API PEP_STATUS register_examine_function(
1267 PEP_SESSION session,
1268 examine_identity_t examine_identity,
1274 return PEP_ILLEGAL_VALUE;
1276 session->examine_management = management;
1277 session->examine_identity = examine_identity;
1279 return PEP_STATUS_OK;
1282 DYNAMIC_API PEP_STATUS do_keymanagement(
1283 retrieve_next_identity_t retrieve_next_identity,
1287 PEP_SESSION session;
1288 pEp_identity *identity;
1289 PEP_STATUS status = init(&session, NULL, NULL);
1294 assert(session && retrieve_next_identity);
1295 if (!(session && retrieve_next_identity))
1296 return PEP_ILLEGAL_VALUE;
1298 log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);
1300 while ((identity = retrieve_next_identity(management)))
1302 assert(identity->address);
1303 if(identity->address)
1305 DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);
1308 status = myself(session, identity);
1310 status = recv_key(session, identity->address);
1313 assert(status != PEP_OUT_OF_MEMORY);
1314 if(status == PEP_OUT_OF_MEMORY)
1315 return PEP_OUT_OF_MEMORY;
1317 free_identity(identity);
1320 log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);
1322 return PEP_STATUS_OK;
1325 DYNAMIC_API PEP_STATUS key_mistrusted(
1326 PEP_SESSION session,
1330 PEP_STATUS status = PEP_STATUS_OK;
1334 assert(!EMPTYSTR(ident->fpr));
1336 if (!(session && ident && ident->fpr))
1337 return PEP_ILLEGAL_VALUE;
1339 bool has_private = false;
1341 status = contains_priv_key(session, ident->fpr, &has_private);
1343 if (status != PEP_STATUS_OK && status != PEP_KEY_NOT_FOUND)
1346 // See if key is revoked already
1348 bool revoked = false;
1349 status = key_revoked(session, ident->fpr, &revoked);
1352 revoke_key(session, ident->fpr, NULL);
1356 // Make sure there was a default in the DB for this identity;
1357 // if not, set one, even though we're going to mistrust this. Otherwise,
1359 pEp_identity* stored_ident = NULL;
1360 get_identity(session, ident->address, ident->user_id, &stored_ident);
1361 bool set_in_db = true;
1363 stored_ident = identity_dup(ident);
1364 else if (!stored_ident->fpr)
1365 stored_ident->fpr = strdup(ident->fpr);
1370 status = set_identity(session, stored_ident);
1372 free_identity(stored_ident);
1373 if (status != PEP_STATUS_OK)
1378 // double-check to be sure key is even in the DB
1380 status = set_pgp_keypair(session, ident->fpr);
1382 // We set this temporarily but will grab it back from the cache afterwards
1383 ident->comm_type = PEP_ct_mistrusted;
1384 status = set_trust(session, ident);
1386 if (status == PEP_STATUS_OK)
1387 // cascade that mistrust for anyone using this key
1388 status = mark_as_compromised(session, ident->fpr);
1389 if (status == PEP_STATUS_OK)
1390 status = add_mistrusted_key(session, ident->fpr);
1395 DYNAMIC_API PEP_STATUS key_reset_trust(
1396 PEP_SESSION session,
1400 PEP_STATUS status = PEP_STATUS_OK;
1404 assert(!EMPTYSTR(ident->fpr));
1405 assert(!EMPTYSTR(ident->address));
1406 assert(!EMPTYSTR(ident->user_id));
1408 if (!(session && ident && ident->fpr && ident->fpr[0] != '\0' && ident->address &&
1410 return PEP_ILLEGAL_VALUE;
1412 // we do not change the input struct at ALL.
1413 pEp_identity* input_copy = identity_dup(ident);
1415 pEp_identity* tmp_ident = NULL;
1417 status = get_trust(session, input_copy);
1419 if (status != PEP_STATUS_OK)
1422 PEP_comm_type new_trust = PEP_ct_unknown;
1423 status = get_key_rating(session, ident->fpr, &new_trust);
1424 if (status != PEP_STATUS_OK)
1427 bool pEp_user = false;
1429 status = is_pEp_user(session, ident, &pEp_user);
1431 if (pEp_user && new_trust >= PEP_ct_unconfirmed_encryption)
1432 input_copy->comm_type = PEP_ct_pEp_unconfirmed;
1434 input_copy->comm_type = new_trust;
1436 status = set_trust(session, input_copy);
1438 if (status != PEP_STATUS_OK)
1441 bool mistrusted_key = false;
1443 status = is_mistrusted_key(session, ident->fpr, &mistrusted_key);
1445 if (status != PEP_STATUS_OK)
1449 status = delete_mistrusted_key(session, ident->fpr);
1451 if (status != PEP_STATUS_OK)
1454 tmp_ident = new_identity(ident->address, NULL, ident->user_id, NULL);
1457 return PEP_OUT_OF_MEMORY;
1459 if (is_me(session, tmp_ident))
1460 status = myself(session, tmp_ident);
1462 status = update_identity(session, tmp_ident);
1464 if (status != PEP_STATUS_OK)
1467 // remove as default if necessary
1468 if (!EMPTYSTR(tmp_ident->fpr) && strcmp(tmp_ident->fpr, ident->fpr) == 0) {
1469 free(tmp_ident->fpr);
1470 tmp_ident->fpr = NULL;
1471 tmp_ident->comm_type = PEP_ct_unknown;
1472 status = set_identity(session, tmp_ident);
1473 if (status != PEP_STATUS_OK)
1477 char* user_default = NULL;
1478 get_main_user_fpr(session, tmp_ident->user_id, &user_default);
1480 if (!EMPTYSTR(user_default)) {
1481 if (strcmp(user_default, ident->fpr) == 0)
1482 status = refresh_userid_default_key(session, ident->user_id);
1483 if (status != PEP_STATUS_OK)
1488 free_identity(tmp_ident);
1489 free_identity(input_copy);
1493 DYNAMIC_API PEP_STATUS trust_personal_key(
1494 PEP_SESSION session,
1498 PEP_STATUS status = PEP_STATUS_OK;
1502 assert(!EMPTYSTR(ident->address));
1503 assert(!EMPTYSTR(ident->user_id));
1504 assert(!EMPTYSTR(ident->fpr));
1506 if (!ident || EMPTYSTR(ident->address) || EMPTYSTR(ident->user_id) ||
1507 EMPTYSTR(ident->fpr))
1508 return PEP_ILLEGAL_VALUE;
1510 if (is_me(session, ident))
1511 return PEP_ILLEGAL_VALUE;
1513 char* ident_default_fpr = NULL;
1515 // Before we do anything, be sure the input fpr is even eligible to be trusted
1516 PEP_comm_type input_default_ct = PEP_ct_unknown;
1517 status = get_key_rating(session, ident->fpr, &input_default_ct);
1518 if (input_default_ct < PEP_ct_strong_but_unconfirmed)
1519 return PEP_KEY_UNSUITABLE;
1521 status = set_pgp_keypair(session, ident->fpr);
1522 if (status != PEP_STATUS_OK)
1525 pEp_identity* ident_copy = identity_dup(ident);
1526 char* cached_fpr = NULL;
1528 // for setting up a temp trusted identity for the input fpr
1529 pEp_identity* tmp_id = NULL;
1531 // For later, in case we need to check the user default key
1532 pEp_identity* tmp_user_ident = NULL;
1534 // Save the input fpr, which we already tested as non-NULL
1535 cached_fpr = strdup(ident->fpr);
1537 // Set up a temp trusted identity for the input fpr without a comm type;
1538 tmp_id = new_identity(ident->address, ident->fpr, ident->user_id, NULL);
1540 status = validate_fpr(session, tmp_id, false, true);
1542 if (status == PEP_STATUS_OK) {
1543 // Validate fpr gets trust DB or, when that fails, key comm type. we checked
1544 // above that the key was ok. (not revoked or expired), but we want the max.
1545 tmp_id->comm_type = _MAX(tmp_id->comm_type, input_default_ct) | PEP_ct_confirmed;
1547 // Get the default identity without setting the fpr
1548 status = update_identity(session, ident_copy);
1550 ident_default_fpr = (EMPTYSTR(ident_copy->fpr) ? NULL : strdup(ident_copy->fpr));
1552 if (status == PEP_STATUS_OK) {
1553 bool trusted_default = false;
1555 // If there's no default, or the default is different from the input...
1556 if (EMPTYSTR(ident_default_fpr) || strcmp(cached_fpr, ident_default_fpr) != 0) {
1558 // If the default fpr (if there is one) is trusted and key is strong enough,
1559 // don't replace, we just set the trusted bit on this key for this user_id...
1560 // (If there's no default fpr, this won't be true anyway.)
1561 if ((ident_copy->comm_type >= PEP_ct_strong_but_unconfirmed &&
1562 (ident_copy->comm_type & PEP_ct_confirmed))) {
1564 trusted_default = true;
1566 status = set_trust(session, tmp_id);
1567 input_default_ct = tmp_id->comm_type;
1570 free(ident_copy->fpr);
1571 ident_copy->fpr = strdup(cached_fpr);
1572 ident_copy->comm_type = tmp_id->comm_type;
1573 status = set_identity(session, ident_copy); // replace identity default
1574 if (status == PEP_STATUS_OK) {
1575 if ((ident_copy->comm_type | PEP_ct_confirmed) == PEP_ct_pEp)
1576 status = set_as_pEp_user(session, ident_copy);
1580 else { // we're setting this on the default fpr
1581 ident->comm_type = tmp_id->comm_type;
1582 status = set_identity(session, ident);
1583 trusted_default = true;
1585 if (status == PEP_STATUS_OK && !trusted_default) {
1586 // Ok, there wasn't a trusted default, so we replaced. Thus, we also
1587 // make sure there's a trusted default on the user_id. If there
1588 // is not, we make this the default.
1589 char* user_default = NULL;
1590 status = get_main_user_fpr(session, ident->user_id, &user_default);
1592 if (status == PEP_STATUS_OK && user_default) {
1593 tmp_user_ident = new_identity(ident->address,
1597 if (!tmp_user_ident)
1598 status = PEP_OUT_OF_MEMORY;
1600 status = validate_fpr(session, tmp_user_ident, false, true);
1602 if (status != PEP_STATUS_OK ||
1603 tmp_user_ident->comm_type < PEP_ct_strong_but_unconfirmed ||
1604 !(tmp_user_ident->comm_type & PEP_ct_confirmed))
1606 char* trusted_fpr = (trusted_default ? ident_default_fpr : cached_fpr);
1607 status = replace_main_user_fpr(session, ident->user_id, trusted_fpr);
1615 free(ident_default_fpr);
1617 free_identity(tmp_id);
1618 free_identity(ident_copy);
1619 free_identity(tmp_user_ident);
1623 DYNAMIC_API PEP_STATUS trust_own_key(
1624 PEP_SESSION session,
1630 assert(!EMPTYSTR(ident->address));
1631 assert(!EMPTYSTR(ident->user_id));
1632 assert(!EMPTYSTR(ident->fpr));
1634 if (!ident || EMPTYSTR(ident->address) || EMPTYSTR(ident->user_id) ||
1635 EMPTYSTR(ident->fpr))
1636 return PEP_ILLEGAL_VALUE;
1638 if (!is_me(session, ident))
1639 return PEP_ILLEGAL_VALUE;
1641 // don't check blacklist or require a private key
1642 PEP_STATUS status = validate_fpr(session, ident, false, false);
1644 if (status != PEP_STATUS_OK)
1647 status = set_pgp_keypair(session, ident->fpr);
1648 if (status != PEP_STATUS_OK)
1651 if (ident->comm_type < PEP_ct_strong_but_unconfirmed)
1652 return PEP_KEY_UNSUITABLE;
1654 ident->comm_type |= PEP_ct_confirmed;
1656 status = set_trust(session, ident);
1662 DYNAMIC_API PEP_STATUS own_key_is_listed(
1663 PEP_SESSION session,
1668 PEP_STATUS status = PEP_STATUS_OK;
1671 assert(session && fpr && fpr[0] && listed);
1673 if (!(session && fpr && fpr[0] && listed))
1674 return PEP_ILLEGAL_VALUE;
1678 sqlite3_reset(session->own_key_is_listed);
1679 sqlite3_bind_text(session->own_key_is_listed, 1, fpr, -1, SQLITE_STATIC);
1683 result = sqlite3_step(session->own_key_is_listed);
1686 count = sqlite3_column_int(session->own_key_is_listed, 0);
1687 *listed = count > 0;
1688 status = PEP_STATUS_OK;
1692 status = PEP_UNKNOWN_ERROR;
1695 sqlite3_reset(session->own_key_is_listed);
1699 PEP_STATUS _own_identities_retrieve(
1700 PEP_SESSION session,
1701 identity_list **own_identities,
1702 identity_flags_t excluded_flags
1705 PEP_STATUS status = PEP_STATUS_OK;
1707 assert(session && own_identities);
1708 if (!(session && own_identities))
1709 return PEP_ILLEGAL_VALUE;
1711 *own_identities = NULL;
1712 identity_list *_own_identities = new_identity_list(NULL);
1713 if (_own_identities == NULL)
1716 sqlite3_reset(session->own_identities_retrieve);
1719 // address, fpr, username, user_id, comm_type, lang, flags
1720 const char *address = NULL;
1721 const char *fpr = NULL;
1722 const char *username = NULL;
1723 const char *user_id = NULL;
1724 PEP_comm_type comm_type = PEP_ct_unknown;
1725 const char *lang = NULL;
1726 unsigned int flags = 0;
1728 identity_list *_bl = _own_identities;
1730 sqlite3_bind_int(session->own_identities_retrieve, 1, excluded_flags);
1733 result = sqlite3_step(session->own_identities_retrieve);
1736 address = (const char *)
1737 sqlite3_column_text(session->own_identities_retrieve, 0);
1738 fpr = (const char *)
1739 sqlite3_column_text(session->own_identities_retrieve, 1);
1740 user_id = (const char *)
1741 sqlite3_column_text(session->own_identities_retrieve, 2);
1742 username = (const char *)
1743 sqlite3_column_text(session->own_identities_retrieve, 3);
1744 comm_type = PEP_ct_pEp;
1745 lang = (const char *)
1746 sqlite3_column_text(session->own_identities_retrieve, 4);
1747 flags = (unsigned int)
1748 sqlite3_column_int(session->own_identities_retrieve, 5);
1750 pEp_identity *ident = new_identity(address, fpr, user_id, username);
1753 ident->comm_type = comm_type;
1754 if (lang && lang[0]) {
1755 ident->lang[0] = lang[0];
1756 ident->lang[1] = lang[1];
1760 ident->flags = flags;
1762 _bl = identity_list_add(_bl, ident);
1764 free_identity(ident);
1774 status = PEP_UNKNOWN_ERROR;
1775 result = SQLITE_DONE;
1777 } while (result != SQLITE_DONE);
1779 sqlite3_reset(session->own_identities_retrieve);
1780 if (status == PEP_STATUS_OK)
1781 *own_identities = _own_identities;
1783 free_identity_list(_own_identities);
1788 free_identity_list(_own_identities);
1789 status = PEP_OUT_OF_MEMORY;
1795 DYNAMIC_API PEP_STATUS own_identities_retrieve(
1796 PEP_SESSION session,
1797 identity_list **own_identities
1800 return _own_identities_retrieve(session, own_identities, 0);
1803 PEP_STATUS _own_keys_retrieve(
1804 PEP_SESSION session,
1805 stringlist_t **keylist,
1806 identity_flags_t excluded_flags,
1810 PEP_STATUS status = PEP_STATUS_OK;
1812 assert(session && keylist);
1813 if (!(session && keylist))
1814 return PEP_ILLEGAL_VALUE;
1817 stringlist_t *_keylist = NULL;
1819 sqlite3_reset(session->own_keys_retrieve);
1823 stringlist_t *_bl = _keylist;
1824 sqlite3_bind_int(session->own_keys_retrieve, 1, excluded_flags);
1827 result = sqlite3_step(session->own_keys_retrieve);
1830 _bl = stringlist_add(_bl, (const char *)
1831 sqlite3_column_text(session->own_keys_retrieve, 0));
1834 if (_keylist == NULL)
1842 status = PEP_UNKNOWN_ERROR;
1843 result = SQLITE_DONE;
1845 } while (result != SQLITE_DONE);
1847 sqlite3_reset(session->own_keys_retrieve);
1848 if (status == PEP_STATUS_OK) {
1849 dedup_stringlist(_keylist);
1851 stringlist_t* _kl = _keylist;
1852 stringlist_t* _kl_prev = NULL;
1854 bool has_private = false;
1855 contains_priv_key(session, _kl->value, &has_private);
1857 stringlist_t* _kl_tmp = _kl;
1859 _kl_prev->next = _kl->next;
1861 _keylist = _kl->next;
1865 _kl_tmp->next = NULL;
1866 free_stringlist(_kl_tmp);
1873 *keylist = _keylist;
1876 free_stringlist(_keylist);
1881 free_stringlist(_keylist);
1882 status = PEP_OUT_OF_MEMORY;
1888 DYNAMIC_API PEP_STATUS own_keys_retrieve(PEP_SESSION session, stringlist_t **keylist)
1890 return _own_keys_retrieve(session, keylist, 0, true);
1893 DYNAMIC_API PEP_STATUS set_own_key(
1894 PEP_SESSION session,
1899 PEP_STATUS status = PEP_STATUS_OK;
1901 assert(session && me);
1902 assert(!EMPTYSTR(fpr));
1903 assert(!EMPTYSTR(me->address));
1904 assert(!EMPTYSTR(me->user_id));
1905 assert(!EMPTYSTR(me->username));
1907 if (!session || !me || EMPTYSTR(fpr) || EMPTYSTR(me->address) ||
1908 EMPTYSTR(me->user_id) || EMPTYSTR(me->username))
1909 return PEP_ILLEGAL_VALUE;
1914 status = _myself(session, me, false, true, false);
1915 // we do not need a valid key but dislike other errors
1916 if (status != PEP_STATUS_OK && status != PEP_GET_KEY_FAILED && status != PEP_KEY_UNSUITABLE)
1918 status = PEP_STATUS_OK;
1920 bool private = false;
1921 status = contains_priv_key(session, fpr, &private);
1923 if (status != PEP_STATUS_OK)
1927 return PEP_KEY_UNSUITABLE;
1931 me->fpr = strdup(fpr);
1934 return PEP_OUT_OF_MEMORY;
1936 status = validate_fpr(session, me, false, true);
1940 me->comm_type = PEP_ct_pEp;
1941 status = set_identity(session, me);
1945 PEP_STATUS contains_priv_key(PEP_SESSION session, const char *fpr,
1946 bool *has_private) {
1950 assert(has_private);
1952 if (!(session && fpr && has_private))
1953 return PEP_ILLEGAL_VALUE;
1955 return session->cryptotech[PEP_crypt_OpenPGP].contains_priv_key(session, fpr, has_private);
1958 PEP_STATUS add_mistrusted_key(PEP_SESSION session, const char* fpr)
1962 assert(!EMPTYSTR(fpr));
1964 if (!(session) || EMPTYSTR(fpr))
1965 return PEP_ILLEGAL_VALUE;
1967 sqlite3_reset(session->add_mistrusted_key);
1968 sqlite3_bind_text(session->add_mistrusted_key, 1, fpr, -1,
1971 result = sqlite3_step(session->add_mistrusted_key);
1972 sqlite3_reset(session->add_mistrusted_key);
1974 if (result != SQLITE_DONE)
1975 return PEP_CANNOT_SET_PGP_KEYPAIR; // FIXME: Better status?
1977 return PEP_STATUS_OK;
1980 PEP_STATUS delete_mistrusted_key(PEP_SESSION session, const char* fpr)
1984 assert(!EMPTYSTR(fpr));
1986 if (!(session) || EMPTYSTR(fpr))
1987 return PEP_ILLEGAL_VALUE;
1989 sqlite3_reset(session->delete_mistrusted_key);
1990 sqlite3_bind_text(session->delete_mistrusted_key, 1, fpr, -1,
1993 result = sqlite3_step(session->delete_mistrusted_key);
1994 sqlite3_reset(session->delete_mistrusted_key);
1996 if (result != SQLITE_DONE)
1997 return PEP_UNKNOWN_ERROR; // FIXME: Better status?
1999 return PEP_STATUS_OK;
2002 PEP_STATUS is_mistrusted_key(PEP_SESSION session, const char* fpr,
2005 PEP_STATUS status = PEP_STATUS_OK;
2008 assert(!EMPTYSTR(fpr));
2010 if (!(session && fpr))
2011 return PEP_ILLEGAL_VALUE;
2013 *mistrusted = false;
2015 sqlite3_reset(session->is_mistrusted_key);
2016 sqlite3_bind_text(session->is_mistrusted_key, 1, fpr, -1, SQLITE_STATIC);
2020 result = sqlite3_step(session->is_mistrusted_key);
2023 *mistrusted = sqlite3_column_int(session->is_mistrusted_key, 0);
2024 status = PEP_STATUS_OK;
2028 status = PEP_UNKNOWN_ERROR;
2031 sqlite3_reset(session->is_mistrusted_key);
2035 static PEP_STATUS _wipe_default_key_if_invalid(PEP_SESSION session,
2036 pEp_identity* ident) {
2038 PEP_STATUS status = PEP_STATUS_OK;
2040 if (!ident->user_id)
2041 return PEP_ILLEGAL_VALUE;
2046 char* cached_fpr = strdup(ident->fpr);
2048 return PEP_OUT_OF_MEMORY;
2050 PEP_STATUS keystatus = validate_fpr(session, ident, true, false);
2051 switch (keystatus) {
2053 // Check for non-renewable expiry and
2054 // if so, fallthrough
2055 if (ident->comm_type != PEP_ct_key_expired_but_confirmed &&
2056 ident->comm_type != PEP_ct_key_expired) {
2059 case PEP_KEY_UNSUITABLE:
2060 case PEP_KEY_BLACKLISTED:
2061 // Remove key as default for all identities and users
2062 status = remove_fpr_as_default(session, cached_fpr);
2069 if (status == PEP_STATUS_OK)
2070 status = myself(session, ident);
2075 PEP_STATUS clean_own_key_defaults(PEP_SESSION session) {
2076 identity_list* idents = NULL;
2077 PEP_STATUS status = own_identities_retrieve(session, &idents);
2078 if (status != PEP_STATUS_OK)
2082 return PEP_STATUS_OK;
2084 if (!idents->ident && !idents->next) {
2085 free_identity_list(idents);
2086 return PEP_STATUS_OK;
2087 } // Kludge: FIX own_identities_retrieve. Should return NULL, not empty list
2089 identity_list* curr = idents;
2091 for ( ; curr ; curr = curr->next) {
2092 pEp_identity* ident = curr->ident;
2096 _wipe_default_key_if_invalid(session, ident);
2099 free_identity_list(idents);
2101 // Also remove invalid default user key
2102 char* own_id = NULL;
2104 status = get_default_own_userid(session, &own_id);
2106 if (status != PEP_STATUS_OK)
2110 char* user_default_key = NULL;
2111 status = get_user_default_key(session, own_id, &user_default_key);
2112 if (status != PEP_STATUS_OK) {
2114 if (status == PEP_KEY_NOT_FOUND)
2115 status = PEP_STATUS_OK;
2119 else if (user_default_key) {
2120 pEp_identity* empty_user = new_identity(NULL, user_default_key, NULL, own_id);
2121 _wipe_default_key_if_invalid(session, empty_user);
2122 free(user_default_key);