enforce signing rules sync
authorVolker Birk <vb@pep.foundation>
Tue, 20 Nov 2018 22:39:36 +0100
branchsync
changeset 31466135edc3ee6b
parent 3145 e8562bd82a1d
child 3147 a76766d1ed47
enforce signing rules
sync/gen_statemachine.ysl2
     1.1 --- a/sync/gen_statemachine.ysl2	Tue Nov 20 17:56:04 2018 +0100
     1.2 +++ b/sync/gen_statemachine.ysl2	Tue Nov 20 22:39:36 2018 +0100
     1.3 @@ -625,10 +625,14 @@
     1.4              switch (event) {
     1.5          ||
     1.6          if "message[@security='unencrypted']" {
     1.7 -            |         // these messages are going untested
     1.8 +            |         // these messages require a detached signature
     1.9              for "message[@security='unencrypted']"
    1.10                  |>> case «../@name»__payload_PR_«yml:mixedCase(@name)»:
    1.11              ||
    1.12 +                        if (!fpr) {
    1.13 +                            status = PEP_«yml:ucase(ancestor::protocol/@name)»_ILLEGAL_MESSAGE;
    1.14 +                            goto the_end;
    1.15 +                        }
    1.16                          break;
    1.17  
    1.18              ||
    1.19 @@ -637,7 +641,7 @@
    1.20          ||
    1.21                  // these messages must arrive encrypted
    1.22          `` for "message[@security='untrusted']" |>> case «../@name»__payload_PR_«yml:mixedCase(@name)»:
    1.23 -                    if (rating < PEP_rating_reliable) {
    1.24 +                    if (fpr || rating < PEP_rating_reliable) {
    1.25                          status = PEP_«yml:ucase(ancestor::protocol/@name)»_ILLEGAL_MESSAGE;
    1.26                          goto the_end;
    1.27                      }
    1.28 @@ -648,7 +652,7 @@
    1.29          ||
    1.30                  // these messages must come through a trusted channel
    1.31          `` for "message[@security='trusted']" |>> case «ancestor::fsm/@name»__payload_PR_«yml:mixedCase(@name)»:
    1.32 -                    if (rating < PEP_rating_trusted) {
    1.33 +                    if (fpr || rating < PEP_rating_trusted) {
    1.34                          status = PEP_«yml:ucase(ancestor::protocol/@name)»_ILLEGAL_MESSAGE;
    1.35                          goto the_end;
    1.36                      }