ENGINE-289: added propagation of initial key retrieval failure (when != PEP_KEY_NOT_FOUND) and no good key is found - when revoked/expired, PEP_KEY_UNSUITABLE + PEP_ct_key_{expired,revoked} returned ENGINE-289
authorKrista Bennett <krista@pep-project.org>
Thu, 18 Jan 2018 00:03:23 +0100
branchENGINE-289
changeset 240794524e2377b9
parent 2406 be9932cba368
child 2408 489d984ff68f
ENGINE-289: added propagation of initial key retrieval failure (when != PEP_KEY_NOT_FOUND) and no good key is found - when revoked/expired, PEP_KEY_UNSUITABLE + PEP_ct_key_{expired,revoked} returned
src/keymanagement.c
test/external_revoke_test.cc
test/new_update_id_and_myself_test.cc
     1.1 --- a/src/keymanagement.c	Wed Jan 17 23:00:00 2018 +0100
     1.2 +++ b/src/keymanagement.c	Thu Jan 18 00:03:23 2018 +0100
     1.3 @@ -265,6 +265,9 @@
     1.4          
     1.5      *is_identity_default = *is_user_default = *is_address_default = false;
     1.6  
     1.7 +    PEP_comm_type first_reject_comm_type = PEP_ct_key_not_found;
     1.8 +    PEP_STATUS first_reject_status = PEP_KEY_NOT_FOUND;
     1.9 +    
    1.10      char* stored_fpr = stored_identity->fpr;
    1.11      // Input: stored identity retrieved from database
    1.12      // if stored identity contains a default key
    1.13 @@ -274,6 +277,10 @@
    1.14              *is_identity_default = *is_address_default = true;
    1.15              return status;
    1.16          }
    1.17 +        else if (status != PEP_KEY_NOT_FOUND) {
    1.18 +            first_reject_status = status;
    1.19 +            first_reject_comm_type = stored_identity->comm_type;
    1.20 +        }
    1.21      }
    1.22      // if no valid default stored identity key found
    1.23      free(stored_identity->fpr);
    1.24 @@ -293,6 +300,10 @@
    1.25                                                        stored_identity->fpr);
    1.26              return status;
    1.27          }        
    1.28 +        else if (status != PEP_KEY_NOT_FOUND && first_reject_status != PEP_KEY_NOT_FOUND) {
    1.29 +            first_reject_status = status;
    1.30 +            first_reject_comm_type = stored_identity->comm_type;
    1.31 +        }
    1.32      }
    1.33      
    1.34      status = elect_pubkey(session, stored_identity);
    1.35 @@ -300,6 +311,10 @@
    1.36          if (stored_identity->fpr)
    1.37              validate_fpr(session, stored_identity);
    1.38      }    
    1.39 +    else if (status != PEP_KEY_NOT_FOUND && first_reject_status != PEP_KEY_NOT_FOUND) {
    1.40 +        first_reject_status = status;
    1.41 +        first_reject_comm_type = stored_identity->comm_type;
    1.42 +    }
    1.43      
    1.44      switch (stored_identity->comm_type) {
    1.45          case PEP_ct_key_revoked:
    1.46 @@ -308,10 +323,10 @@
    1.47          case PEP_ct_compromized:
    1.48          case PEP_ct_mistrusted:
    1.49              // this only happens when it's all there is
    1.50 -            status = PEP_KEY_NOT_FOUND;
    1.51 +            status = first_reject_status;
    1.52              free(stored_identity->fpr);
    1.53              stored_identity->fpr = NULL;
    1.54 -            stored_identity->comm_type = PEP_ct_unknown;
    1.55 +            stored_identity->comm_type = first_reject_comm_type;
    1.56              break;    
    1.57          default:
    1.58              break;
    1.59 @@ -369,7 +384,7 @@
    1.60      else {
    1.61          free(return_id->fpr);
    1.62          return_id->fpr = NULL;
    1.63 -        return_id->comm_type = PEP_ct_key_not_found;
    1.64 +        return_id->comm_type = stored_ident->comm_type;
    1.65          return status; // Couldn't find a key.
    1.66      }
    1.67                  
     2.1 --- a/test/external_revoke_test.cc	Wed Jan 17 23:00:00 2018 +0100
     2.2 +++ b/test/external_revoke_test.cc	Thu Jan 18 00:03:23 2018 +0100
     2.3 @@ -179,10 +179,10 @@
     2.4  
     2.5      status = encrypt_message(session, outgoing_msg, NULL, &encrypted_outgoing_msg, PEP_enc_PGP_MIME, 0);
     2.6      cout << "Encryption returns with status " << tl_status_string(status) << endl;
     2.7 -    assert (status == PEP_KEY_NOT_FOUND);
     2.8 +    assert (status == PEP_KEY_UNSUITABLE);
     2.9      assert (encrypted_outgoing_msg == NULL);
    2.10      status = update_identity(session, recip1);
    2.11 -    assert (recip1->comm_type = PEP_ct_key_not_found);
    2.12 +    assert (recip1->comm_type = PEP_ct_key_revoked);
    2.13  
    2.14      cout << endl << "---------------------------------------------------------" << endl;
    2.15      cout << "2c. Check trust of recip, whose only key has been revoked, once an encryption attempt has been made." << endl;
     3.1 --- a/test/new_update_id_and_myself_test.cc	Wed Jan 17 23:00:00 2018 +0100
     3.2 +++ b/test/new_update_id_and_myself_test.cc	Thu Jan 18 00:03:23 2018 +0100
     3.3 @@ -444,9 +444,42 @@
     3.4      cout << "****************************************************************************************" << endl << endl;
     3.5  
     3.6      cout << "****************************************************************************************" << endl;
     3.7 -    cout << "* III: key election:  " << endl;
     3.8 +    cout << "* III: key election: get identity for user with expired key" << endl;
     3.9      cout << "****************************************************************************************" << endl << endl;
    3.10  
    3.11 +    // 1. create identity
    3.12 +    const char* bernd_address = "bernd.das.brot@darthmama.org";
    3.13 +    const char* bernd_fpr = "F8CE0F7E24EB190A2FCBFD38D4B088A7CAFAA422";
    3.14 +    const char* bernd_userid = "BERND_ID"; // simulate temp ID
    3.15 +    const char* bernd_username = "Bernd das Brot der Ultimative Testkandidat";
    3.16 +    const string bernd_pub_key = slurp("test_keys/pub/bernd.das.brot-0xCAFAA422_pub.asc");
    3.17 +    
    3.18 +    statuspub = import_key(session, bernd_pub_key.c_str(), bernd_pub_key.length(), NULL);
    3.19 +    assert(statuspub == PEP_STATUS_OK);
    3.20 +
    3.21 +    pEp_identity* bernd = new_identity(bernd_address, bernd_fpr, bernd_userid, bernd_username);
    3.22 +    
    3.23 +    // 2. set identity
    3.24 +    status = set_identity(session, bernd);
    3.25 +    assert(status == PEP_STATUS_OK);
    3.26 +    free_identity(bernd);
    3.27 +                
    3.28 +    bernd = new_identity(bernd_address, NULL, bernd_userid, bernd_username); 
    3.29 +    status = update_identity(session, bernd);
    3.30 +    assert(status != PEP_STATUS_OK);
    3.31 +    assert(!bernd->fpr || bernd->fpr[0] == '\0');
    3.32 +    assert(bernd->username);
    3.33 +    assert(strcmp(bernd->username, bernd_username) == 0);
    3.34 +    assert(bernd->user_id);
    3.35 +    assert(strcmp(bernd->user_id, bernd_userid) == 0); // ???
    3.36 +    assert(!bernd->me); 
    3.37 +//    assert(bernd->comm_type == PEP_ct_OpenPGP_unconfirmed);
    3.38 +    assert(strcmp(bernd->address, bernd_address) == 0);
    3.39 +
    3.40 +    cout << "PASS: update_identity() correctly rejected expired key" << endl << endl;
    3.41 +    free_identity(bernd);
    3.42 +
    3.43 +
    3.44      cout << "****************************************************************************************" << endl;
    3.45      cout << "* III: key election:  " << endl;
    3.46      cout << "****************************************************************************************" << endl << endl;