ENGINE-473: all's well that ends well. We now keep track of trust bits when expiring and restore them when the key is renewed. ENGINE-473
authorKrista Bennett <krista@pep-project.org>
Fri, 19 Oct 2018 13:25:50 +0200
branchENGINE-473
changeset 3092389d6b6c204c
parent 3072 a02a5b80c92a
child 3093 916946918d04
child 3094 b10015f2a05e
ENGINE-473: all's well that ends well. We now keep track of trust bits when expiring and restore them when the key is renewed.
src/keymanagement.c
test/src/engine_tests/CheckRenewedExpiredKeyTrustStatusTests.cc
     1.1 --- a/src/keymanagement.c	Fri Oct 19 11:33:45 2018 +0200
     1.2 +++ b/src/keymanagement.c	Fri Oct 19 13:25:50 2018 +0200
     1.3 @@ -744,9 +744,36 @@
     1.4                  status = elect_pubkey(session, identity, false);
     1.5                               
     1.6                  //    * call set_identity() to store
     1.7 -                if (identity->fpr)
     1.8 +                if (identity->fpr) {
     1.9 +                    // it is still possible we have DB information on this key. Better check.
    1.10 +                    status = get_trust(session, identity);
    1.11 +                    PEP_comm_type db_ct = identity->comm_type;
    1.12                      status = get_key_rating(session, identity->fpr, &identity->comm_type);
    1.13 -            
    1.14 +                    PEP_comm_type key_ct = identity->comm_type;
    1.15 +                                        
    1.16 +                    if (status == PEP_STATUS_OK) {
    1.17 +                        switch (key_ct) {
    1.18 +                            case PEP_ct_key_expired:
    1.19 +                                if (db_ct == PEP_ct_key_expired_but_confirmed)
    1.20 +                                    identity->comm_type = db_ct;
    1.21 +                                break;    
    1.22 +                            default:
    1.23 +                                switch(db_ct) {
    1.24 +                                    case PEP_ct_key_expired_but_confirmed:
    1.25 +                                        if (key_ct >= PEP_ct_strong_but_unconfirmed)
    1.26 +                                            identity->comm_type |= PEP_ct_confirmed;
    1.27 +                                        break;
    1.28 +                                    case PEP_ct_mistrusted:
    1.29 +                                    case PEP_ct_compromised:
    1.30 +                                    case PEP_ct_key_b0rken:
    1.31 +                                        identity->comm_type = db_ct;
    1.32 +                                    default:
    1.33 +                                        break;
    1.34 +                                }    
    1.35 +                                break;
    1.36 +                        }
    1.37 +                    }
    1.38 +                }
    1.39                  //    * call set_identity() to store
    1.40                  adjust_pep_trust_status(session, identity);            
    1.41                  status = set_identity(session, identity);
     2.1 --- a/test/src/engine_tests/CheckRenewedExpiredKeyTrustStatusTests.cc	Fri Oct 19 11:33:45 2018 +0200
     2.2 +++ b/test/src/engine_tests/CheckRenewedExpiredKeyTrustStatusTests.cc	Fri Oct 19 13:25:50 2018 +0200
     2.3 @@ -94,12 +94,14 @@
     2.4      TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
     2.5  
     2.6      const char* inquisitor_fpr = "8E8D2381AE066ABE1FEE509821BA977CA4728718";
     2.7 -    pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "Skyhold", "Lady Claire Trevelyan");
     2.8 +    pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "TOFU_inquisitor@darthmama.org", "Lady Claire Trevelyan");
     2.9      status = set_identity(session, expired_inquisitor);
    2.10      TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
    2.11      expired_inquisitor->comm_type = PEP_ct_OpenPGP; // confirmed 
    2.12      status = set_trust(session, expired_inquisitor);
    2.13      TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
    2.14 +    status = get_trust(session, expired_inquisitor);
    2.15 +    TEST_ASSERT_MSG(expired_inquisitor->comm_type == PEP_ct_OpenPGP, tl_ct_string(expired_inquisitor->comm_type));
    2.16      
    2.17      // Ok, now update_identity - we'll discover it's expired
    2.18      status = update_identity(session, expired_inquisitor);
    2.19 @@ -164,7 +166,7 @@
    2.20      TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
    2.21  
    2.22      const char* inquisitor_fpr = "8E8D2381AE066ABE1FEE509821BA977CA4728718";
    2.23 -    pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "Skyhold", "Lady Claire Trevelyan");
    2.24 +    pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "TOFU_inquisitor@darthmama.org", "Lady Claire Trevelyan");
    2.25      status = set_identity(session, expired_inquisitor);
    2.26      TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
    2.27      expired_inquisitor->comm_type = PEP_ct_pEp_unconfirmed;  
    2.28 @@ -229,12 +231,14 @@
    2.29      TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
    2.30  
    2.31      const char* inquisitor_fpr = "8E8D2381AE066ABE1FEE509821BA977CA4728718";
    2.32 -    pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "Skyhold", "Lady Claire Trevelyan");
    2.33 +    pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "TOFU_inquisitor@darthmama.org", "Lady Claire Trevelyan");
    2.34      status = set_identity(session, expired_inquisitor);
    2.35      TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
    2.36      expired_inquisitor->comm_type = PEP_ct_pEp; // confirmed 
    2.37      status = set_trust(session, expired_inquisitor);
    2.38      TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
    2.39 +    status = get_trust(session, expired_inquisitor);
    2.40 +    TEST_ASSERT_MSG(expired_inquisitor->comm_type == PEP_ct_pEp, tl_ct_string(expired_inquisitor->comm_type));
    2.41  
    2.42      bool pEp_user = false;
    2.43      status = is_pep_user(session, expired_inquisitor, &pEp_user);