ENGINE-398: removal of key from db after reset ENGINE-398
authorKrista Bennett <krista@pep-project.org>
Mon, 17 Sep 2018 15:31:48 +0200
branchENGINE-398
changeset 29483f66f366dc5f
parent 2947 4b525ec0f95c
child 2950 753276eb09ec
ENGINE-398: removal of key from db after reset
src/key_reset.c
src/key_reset.h
src/pEpEngine.c
src/pEpEngine.h
src/pEp_internal.h
     1.1 --- a/src/key_reset.c	Fri Sep 14 20:18:53 2018 +0200
     1.2 +++ b/src/key_reset.c	Mon Sep 17 15:31:48 2018 +0200
     1.3 @@ -456,15 +456,20 @@
     1.4                  
     1.5          }
     1.6          else { // not is_me
     1.7 +            // TODO: Decide what this means. We have a non-own identity, we don't
     1.8 +            //       have an fpr. Do we reset all keys for that identity?
     1.9 +            if (EMPTYSTR(fpr_copy)) {
    1.10 +                NOT_IMPLEMENTED
    1.11 +            }
    1.12 +                
    1.13              // remove fpr from all identities
    1.14              // remove fpr from all users
    1.15              if (status == PEP_STATUS_OK)
    1.16                  status = remove_fpr_as_default(session, fpr_copy);
    1.17              // delete key from DB
    1.18 -            if (status == PEP_STATUS_OK) {};
    1.19 -//                status = delete_keypair(session, fpr_copy);
    1.20 -            // N.B. If this key is being replaced by something else, it
    1.21 -            // is done outside of this function.    
    1.22 +            if (status == PEP_STATUS_OK) {
    1.23 +                status = remove_key(session, fpr_copy);
    1.24 +            };
    1.25          }
    1.26      }
    1.27      
     2.1 --- a/src/key_reset.h	Fri Sep 14 20:18:53 2018 +0200
     2.2 +++ b/src/key_reset.h	Mon Sep 17 15:31:48 2018 +0200
     2.3 @@ -15,48 +15,33 @@
     2.4  extern "C" {
     2.5  #endif
     2.6  
     2.7 -// FIXME: Proper docs!
     2.8 -//  Algorithm:
     2.9 -// 
    2.10 -//     Key Reset trigger; either manually or in another protocol, parameter key (optional)
    2.11 -// 
    2.12 -//     if identity given:
    2.13 -// 
    2.14 -//     key reset for one identity
    2.15 -// 
    2.16 -//     else
    2.17 -// 
    2.18 -//     For identity in own identities
    2.19 -// 
    2.20 -//     key reset for one identitiy
    2.21 -// 
    2.22 -//     Key Reset for identity:
    2.23 -// 
    2.24 -//     if own identity:
    2.25 -// 
    2.26 -//     Create revocation
    2.27 -// 
    2.28 -//     add to revocation list
    2.29 -// 
    2.30 -//     mistrust fpr from trust
    2.31 -// 
    2.32 -//     Remove fpr from ALL identities
    2.33 -// 
    2.34 -//     Remove fpr from ALL users
    2.35 -// 
    2.36 -//     generate new key
    2.37 -// 
    2.38 -//     for all active communication partners:
    2.39 -// 
    2.40 -//     active_send revocation
    2.41 -// 
    2.42 -//     else
    2.43 -// 
    2.44 -//     remove fpr from all identities
    2.45 -// 
    2.46 -//     remove fpr from all users
    2.47 -// 
    2.48 -//     delete key from key ring
    2.49 +// key_reset() - reset the database status for a key, removing all trust information
    2.50 +//               and default database connections. For own keys, also revoke the key
    2.51 +//               and communicate the revocation and new key to partners we have sent
    2.52 +//               mail to recently from the specific identity (i.e. address/user_id)
    2.53 +//               that contacted them. We also in this case set up information so that
    2.54 +//               if someone we mail uses the wrong key and wasn't yet contacted,
    2.55 +//               we can send them the reset information from the right address.
    2.56 +//
    2.57 +//               Can be called manually or through another protocol.
    2.58 +//
    2.59 +//  parameters:
    2.60 +//      session (in)            session handle
    2.61 +//      fpr (in)                fingerprint of key to reset. If NULL and ident is NULL,
    2.62 +//                              we reset all keys for the own user. If NULL and ident is
    2.63 +//                              an own identity, we reset the default key for that
    2.64 +//                              identity. If that own identity has no default key, we
    2.65 +//                              reset the user default.
    2.66 +//                              if it is NULL and there is a non-own identity, this is
    2.67 +//                              currently undefined and will return an error. Later, we
    2.68 +//                              may decide on semantics for it (e.g. remove all keys
    2.69 +//                              in the DB for that identity)
    2.70 +//      ident (in)              identity for which the key reset should occur.
    2.71 +//                              if NULL and fpr is non-NULL, we'll reset the key for all
    2.72 +//                              associated identities. If both ident and fpr are NULL, see 
    2.73 +//                              the fpr arg documentation.
    2.74 +//
    2.75 +//
    2.76  DYNAMIC_API PEP_STATUS key_reset(
    2.77          PEP_SESSION session,
    2.78          const char* fpr,
     3.1 --- a/src/pEpEngine.c	Fri Sep 14 20:18:53 2018 +0200
     3.2 +++ b/src/pEpEngine.c	Mon Sep 17 15:31:48 2018 +0200
     3.3 @@ -199,6 +199,11 @@
     3.4      "update person set id = ?1 " 
     3.5      "   where id = ?2;";
     3.6  
     3.7 +// Hopefully this cascades and removes trust entries...
     3.8 +static const char *sql_delete_key =
     3.9 +    "delete from pgp_keypair "
    3.10 +    "   where fpr = ?1 ; ";
    3.11 +
    3.12  static const char *sql_replace_main_user_fpr =  
    3.13      "update person "
    3.14      "   set main_key_id = ?1 "
    3.15 @@ -1205,6 +1210,10 @@
    3.16              (int)strlen(sql_replace_userid), &_session->replace_userid, NULL);
    3.17      assert(int_result == SQLITE_OK);
    3.18  
    3.19 +    int_result = sqlite3_prepare_v2(_session->db, sql_delete_key,
    3.20 +            (int)strlen(sql_delete_key), &_session->delete_key, NULL);
    3.21 +    assert(int_result == SQLITE_OK);
    3.22 +
    3.23      int_result = sqlite3_prepare_v2(_session->db, sql_replace_main_user_fpr,
    3.24              (int)strlen(sql_replace_main_user_fpr), &_session->replace_main_user_fpr, NULL);
    3.25      assert(int_result == SQLITE_OK);
    3.26 @@ -1615,6 +1624,8 @@
    3.27                  sqlite3_finalize(session->i18n_token);
    3.28              if (session->replace_userid)
    3.29                  sqlite3_finalize(session->replace_userid);
    3.30 +            if (session->delete_key)
    3.31 +                sqlite3_finalize(session->delete_key);                
    3.32              if (session->replace_main_user_fpr)
    3.33                  sqlite3_finalize(session->replace_main_user_fpr);                
    3.34              if (session->get_main_user_fpr)
    3.35 @@ -3228,6 +3239,27 @@
    3.36      return PEP_STATUS_OK;
    3.37  }
    3.38  
    3.39 +PEP_STATUS remove_key(PEP_SESSION session, const char* fpr) {
    3.40 +    assert(session);
    3.41 +    assert(fpr);
    3.42 +    
    3.43 +    if (!session || EMPTYSTR(fpr))
    3.44 +        return PEP_ILLEGAL_VALUE;
    3.45 +
    3.46 +    int result;
    3.47 +
    3.48 +    sqlite3_reset(session->delete_key);
    3.49 +    sqlite3_bind_text(session->delete_key, 1, fpr, -1,
    3.50 +            SQLITE_STATIC);
    3.51 +    result = sqlite3_step(session->delete_key);
    3.52 +    sqlite3_reset(session->delete_key);
    3.53 +    if (result != SQLITE_DONE)
    3.54 +        return PEP_CANNOT_SET_PGP_KEYPAIR;
    3.55 +
    3.56 +    return PEP_STATUS_OK;
    3.57 +}
    3.58 +
    3.59 +
    3.60  PEP_STATUS refresh_userid_default_key(PEP_SESSION session, const char* user_id) {
    3.61      assert(session);
    3.62      assert(user_id);
     4.1 --- a/src/pEpEngine.h	Fri Sep 14 20:18:53 2018 +0200
     4.2 +++ b/src/pEpEngine.h	Mon Sep 17 15:31:48 2018 +0200
     4.3 @@ -1263,6 +1263,8 @@
     4.4  PEP_STATUS replace_userid(PEP_SESSION session, const char* old_uid,
     4.5                                const char* new_uid);
     4.6                                
     4.7 +PEP_STATUS remove_key(PEP_SESSION session, const char* fpr);
     4.8 +                              
     4.9  PEP_STATUS remove_fpr_as_default(PEP_SESSION session, 
    4.10                                      const char* fpr);
    4.11                                
     5.1 --- a/src/pEp_internal.h	Fri Sep 14 20:18:53 2018 +0200
     5.2 +++ b/src/pEp_internal.h	Mon Sep 17 15:31:48 2018 +0200
     5.3 @@ -139,6 +139,7 @@
     5.4      sqlite3_stmt *replace_main_user_fpr;
     5.5      sqlite3_stmt *get_main_user_fpr;
     5.6      sqlite3_stmt *refresh_userid_default_key;
     5.7 +    sqlite3_stmt *delete_key;
     5.8      sqlite3_stmt *remove_fpr_as_default;
     5.9      sqlite3_stmt *set_person;
    5.10      sqlite3_stmt *update_person;