checking if own key is expired and renew it
authorVolker Birk <vb@pep-project.org>
Tue, 21 Apr 2015 15:19:47 +0200
changeset 21479333debeee0
parent 213 625698a486a1
child 215 fac4aa582acf
checking if own key is expired and renew it
on demand
src/cryptotech.c
src/cryptotech.h
src/keymanagement.c
src/pEpEngine.c
src/pEpEngine.h
src/pgp_gpg.c
src/pgp_gpg.h
     1.1 --- a/src/cryptotech.c	Tue Apr 21 08:56:53 2015 +0200
     1.2 +++ b/src/cryptotech.c	Tue Apr 21 15:19:47 2015 +0200
     1.3 @@ -40,6 +40,7 @@
     1.4          cryptotech[PEP_crypt_OpenPGP].send_key = pgp_send_key;
     1.5          cryptotech[PEP_crypt_OpenPGP].renew_key = pgp_renew_key;
     1.6          cryptotech[PEP_crypt_OpenPGP].revoke_key = pgp_revoke_key;
     1.7 +        cryptotech[PEP_crypt_OpenPGP].key_expired = pgp_key_expired;
     1.8      }
     1.9  
    1.10      session->cryptotech = cryptotech;
     2.1 --- a/src/cryptotech.h	Tue Apr 21 08:56:53 2015 +0200
     2.2 +++ b/src/cryptotech.h	Tue Apr 21 15:19:47 2015 +0200
     2.3 @@ -54,12 +54,15 @@
     2.4  
     2.5  typedef PEP_STATUS (*send_key_t)(PEP_SESSION session, const char *pattern);
     2.6  
     2.7 -typedef PEP_STATUS (*renew_key_t)(PEP_SESSION session, const char *key_id,
     2.8 +typedef PEP_STATUS (*renew_key_t)(PEP_SESSION session, const char *fpr,
     2.9          const timestamp *ts);
    2.10  
    2.11 -typedef PEP_STATUS (*revoke_key_t)(PEP_SESSION session, const char *key_id,
    2.12 +typedef PEP_STATUS (*revoke_key_t)(PEP_SESSION session, const char *fpr,
    2.13          const char *reason);
    2.14  
    2.15 +typedef PEP_STATUS (*key_expired_t)(PEP_SESSION session, const char *fpr,
    2.16 +        bool *expired);
    2.17 +
    2.18  typedef struct _PEP_cryptotech_t {
    2.19      uint8_t id;
    2.20      // the following are default values; comm_type may vary with key length or b0rken crypto
    2.21 @@ -78,6 +81,7 @@
    2.22      send_key_t send_key;
    2.23      renew_key_t renew_key;
    2.24      revoke_key_t revoke_key;
    2.25 +    key_expired_t key_expired;
    2.26  } PEP_cryptotech_t;
    2.27  
    2.28  typedef uint64_t cryptotech_mask;
     3.1 --- a/src/keymanagement.c	Tue Apr 21 08:56:53 2015 +0200
     3.2 +++ b/src/keymanagement.c	Tue Apr 21 15:19:47 2015 +0200
     3.3 @@ -17,6 +17,8 @@
     3.4  #define EMPTY(STR) ((STR == NULL) || (STR)[0] == 0)
     3.5  #endif
     3.6  
     3.7 +#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
     3.8 +
     3.9  DYNAMIC_API PEP_STATUS update_identity(
    3.10          PEP_SESSION session, pEp_identity * identity
    3.11      )
    3.12 @@ -231,6 +233,17 @@
    3.13  
    3.14          assert(keylist);
    3.15      }
    3.16 +    else {
    3.17 +        bool expired;
    3.18 +        status = key_expired(session, keylist->value, &expired);
    3.19 +        assert(status == PEP_STATUS_OK);
    3.20 +
    3.21 +        if (status == PEP_STATUS_OK && expired) {
    3.22 +            timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
    3.23 +            renew_key(session, keylist->value, ts);
    3.24 +            free_timestamp(ts);
    3.25 +        }
    3.26 +    }
    3.27  
    3.28      if (identity->fpr)
    3.29          free(identity->fpr);
     4.1 --- a/src/pEpEngine.c	Tue Apr 21 08:56:53 2015 +0200
     4.2 +++ b/src/pEpEngine.c	Tue Apr 21 15:19:47 2015 +0200
     4.3 @@ -925,6 +925,24 @@
     4.4      if (!(session && fpr))
     4.5          return PEP_ILLEGAL_VALUE;
     4.6  
     4.7 -    return session->cryptotech[PEP_crypt_OpenPGP].revoke_key(session, fpr, reason);
     4.8 +    return session->cryptotech[PEP_crypt_OpenPGP].revoke_key(session, fpr,
     4.9 +            reason);
    4.10  }
    4.11  
    4.12 +DYNAMIC_API PEP_STATUS key_expired(
    4.13 +        PEP_SESSION session,
    4.14 +        const char *fpr,
    4.15 +        bool *expired
    4.16 +    )
    4.17 +{
    4.18 +    assert(session);
    4.19 +    assert(fpr);
    4.20 +    assert(expired);
    4.21 +
    4.22 +    if (!(session && fpr && expired))
    4.23 +        return PEP_ILLEGAL_VALUE;
    4.24 +
    4.25 +    return session->cryptotech[PEP_crypt_OpenPGP].key_expired(session, fpr,
    4.26 +            expired);
    4.27 +}
    4.28 +
     5.1 --- a/src/pEpEngine.h	Tue Apr 21 08:56:53 2015 +0200
     5.2 +++ b/src/pEpEngine.h	Tue Apr 21 15:19:47 2015 +0200
     5.3 @@ -611,7 +611,7 @@
     5.4  //
     5.5  //  parameters:
     5.6  //      session (in)            session handle
     5.7 -//      key_id (in)             ID of key to renew as UTF-8 string
     5.8 +//      fpr (in)                ID of key to renew as UTF-8 string
     5.9  //      ts (in)                 timestamp when key should expire or NULL for
    5.10  //                              default
    5.11  
    5.12 @@ -626,7 +626,7 @@
    5.13  //
    5.14  //  parameters:
    5.15  //      session (in)            session handle
    5.16 -//      key_id (in)             ID of key to revoke as UTF-8 string
    5.17 +//      fpr (in)                ID of key to revoke as UTF-8 string
    5.18  //      reason (in)             text with reason for revoke as UTF-8 string
    5.19  //                              or NULL if reason unknown
    5.20  //
    5.21 @@ -640,6 +640,20 @@
    5.22      );
    5.23  
    5.24  
    5.25 +// key_expired() - flags if a key is already expired
    5.26 +//
    5.27 +//  parameters:
    5.28 +//      session (in)            session handle
    5.29 +//      fpr (in)                ID of key to check as UTF-8 string
    5.30 +//      expired (out)           flag if key expired
    5.31 +
    5.32 +DYNAMIC_API PEP_STATUS key_expired(
    5.33 +        PEP_SESSION session,
    5.34 +        const char *fpr,
    5.35 +        bool *expired
    5.36 +    );
    5.37 +
    5.38 +
    5.39  #ifdef __cplusplus
    5.40  }
    5.41  #endif
     6.1 --- a/src/pgp_gpg.c	Tue Apr 21 08:56:53 2015 +0200
     6.2 +++ b/src/pgp_gpg.c	Tue Apr 21 15:19:47 2015 +0200
     6.3 @@ -1673,3 +1673,28 @@
     6.4      return PEP_STATUS_OK;
     6.5  }
     6.6  
     6.7 +PEP_STATUS pgp_key_expired(
     6.8 +        PEP_SESSION session,
     6.9 +        const char *fpr,
    6.10 +        bool *expired
    6.11 +    )
    6.12 +{
    6.13 +    PEP_STATUS status = PEP_STATUS_OK;
    6.14 +    gpgme_key_t key;
    6.15 +
    6.16 +    assert(session);
    6.17 +    assert(fpr);
    6.18 +    assert(expired);
    6.19 +
    6.20 +    *expired = false;
    6.21 +
    6.22 +    status = find_single_key(session, fpr, &key);
    6.23 +    assert(status != PEP_OUT_OF_MEMORY);
    6.24 +    if (status != PEP_STATUS_OK)
    6.25 +        return status;
    6.26 +
    6.27 +    *expired = key->subkeys->expired;
    6.28 +    gpg.gpgme_key_unref(key);
    6.29 +    return PEP_STATUS_OK;
    6.30 +}
    6.31 +
     7.1 --- a/src/pgp_gpg.h	Tue Apr 21 08:56:53 2015 +0200
     7.2 +++ b/src/pgp_gpg.h	Tue Apr 21 15:19:47 2015 +0200
     7.3 @@ -58,3 +58,9 @@
     7.4          const char *reason
     7.5      );
     7.6  
     7.7 +PEP_STATUS pgp_key_expired(
     7.8 +        PEP_SESSION session,
     7.9 +        const char *fpr,
    7.10 +        bool *expired
    7.11 +    );
    7.12 +