ENGINE-137 make update_identity question stored fpr if there may be a more trustworthy key associated with that user_id
authorEdouard Tisserant <edouard@pep-project.org>
Wed, 21 Dec 2016 10:47:27 +0100
changeset 1508ab010a3b7894
parent 1507 cee84fad7f33
child 1509 d184c458f099
child 1511 a88feb39c96a
ENGINE-137 make update_identity question stored fpr if there may be a more trustworthy key associated with that user_id
src/keymanagement.c
src/pEpEngine.c
     1.1 --- a/src/keymanagement.c	Wed Dec 21 02:02:11 2016 +0100
     1.2 +++ b/src/keymanagement.c	Wed Dec 21 10:47:27 2016 +0100
     1.3 @@ -46,6 +46,20 @@
     1.4          if (_comm_type_key != PEP_ct_compromized &&
     1.5              _comm_type_key != PEP_ct_unknown)
     1.6          {
     1.7 +            pEp_identity *temp_id = new_identity(NULL, _keylist->value, identity->user_id, NULL);
     1.8 +            
     1.9 +            status = get_trust(session, temp_id);
    1.10 +            assert(status != PEP_OUT_OF_MEMORY);
    1.11 +            if (status == PEP_OUT_OF_MEMORY) {
    1.12 +                free_identity(temp_id);
    1.13 +                return PEP_OUT_OF_MEMORY;
    1.14 +            }
    1.15 +
    1.16 +            if (status == PEP_STATUS_OK && temp_id->comm_type > _comm_type_key)
    1.17 +                _comm_type_key = temp_id->comm_type;
    1.18 +
    1.19 +            free_identity(temp_id);
    1.20 +
    1.21              if (identity->comm_type == PEP_ct_unknown ||
    1.22                  _comm_type_key > identity->comm_type)
    1.23              {
    1.24 @@ -58,9 +72,7 @@
    1.25              }
    1.26          }
    1.27      }
    1.28 -
    1.29      
    1.30 -//    if (_fpr) {
    1.31      free(identity->fpr);
    1.32  
    1.33      identity->fpr = strdup(_fpr);
    1.34 @@ -68,7 +80,33 @@
    1.35          free_stringlist(keylist);
    1.36          return PEP_OUT_OF_MEMORY;
    1.37      }
    1.38 -//    }
    1.39 +    free_stringlist(keylist);
    1.40 +
    1.41 +    return PEP_STATUS_OK;
    1.42 +}
    1.43 +
    1.44 +PEP_STATUS identity_key_questionable(
    1.45 +        PEP_SESSION session, 
    1.46 +        pEp_identity * identity,
    1.47 +        bool *questionable
    1.48 +    )
    1.49 +{
    1.50 +    PEP_STATUS status;
    1.51 +    stringlist_t *keylist;
    1.52 +
    1.53 +    status = greater_trust_keys(session, 
    1.54 +                                identity->user_id,
    1.55 +                                identity->comm_type,
    1.56 +                                &keylist);
    1.57 +
    1.58 +    assert(status != PEP_OUT_OF_MEMORY);
    1.59 +    if (status == PEP_OUT_OF_MEMORY)
    1.60 +        return PEP_OUT_OF_MEMORY;
    1.61 +
    1.62 +    if(keylist && keylist->value) {
    1.63 +        *questionable = true;
    1.64 +    }
    1.65 +    
    1.66      free_stringlist(keylist);
    1.67      return PEP_STATUS_OK;
    1.68  }
    1.69 @@ -183,6 +221,24 @@
    1.70                          temp_id->comm_type = _comm_type_key;
    1.71                      }
    1.72                  }
    1.73 +
    1.74 +                bool questionable_fpr;
    1.75 +                status = identity_key_questionable(session, 
    1.76 +                                                   temp_id, 
    1.77 +                                                   &questionable_fpr);
    1.78 +                assert(status != PEP_OUT_OF_MEMORY);
    1.79 +                if (status == PEP_OUT_OF_MEMORY) {
    1.80 +                    goto exit_free;
    1.81 +                }
    1.82 +                if (questionable_fpr){
    1.83 +                    /* there may be key available with higher trust rating */
    1.84 +                    status = elect_pubkey(session, temp_id);
    1.85 +                    if (status != PEP_STATUS_OK) {
    1.86 +                        goto exit_free;
    1.87 +                    } else {
    1.88 +                        _did_elect_new_key = 1;
    1.89 +                    }
    1.90 +                }
    1.91              }
    1.92          }
    1.93          else {
    1.94 @@ -228,23 +284,10 @@
    1.95  
    1.96          /* We elect a pubkey */
    1.97          status = elect_pubkey(session, temp_id);
    1.98 -        if (status != PEP_STATUS_OK)
    1.99 +        if (status != PEP_STATUS_OK){
   1.100              goto exit_free;
   1.101 -        
   1.102 -        /* Work with the elected key */
   1.103 -        if (!EMPTYSTR(temp_id->fpr)) {
   1.104 -            
   1.105 -            PEP_comm_type _comm_type_key = temp_id->comm_type;
   1.106 -            
   1.107 +        } else {
   1.108              _did_elect_new_key = 1;
   1.109 -
   1.110 -            // We don't want to lose a previous trust entry!!!
   1.111 -            status = get_trust(session, temp_id);
   1.112 -
   1.113 -            bool has_trust_status = (status == PEP_STATUS_OK);
   1.114 -
   1.115 -            if (!has_trust_status)
   1.116 -                temp_id->comm_type = _comm_type_key;
   1.117          }
   1.118      }
   1.119  
     2.1 --- a/src/pEpEngine.c	Wed Dec 21 02:02:11 2016 +0100
     2.2 +++ b/src/pEpEngine.c	Wed Dec 21 10:47:27 2016 +0100
     2.3 @@ -386,8 +386,12 @@
     2.4                          "and pgp_keypair_fpr = upper(replace(?2,' ','')) ;";
     2.5  
     2.6          sql_greater_trust_keys = "select pgp_keypair_fpr from trust"
     2.7 -                                 "    where user_id = ?1"
     2.8 -                                 "      and comm_type > ?2;";
     2.9 +                                 "  where user_id = ?1"
    2.10 +                                 "    and comm_type > ?2"
    2.11 +                                 "    and (select count(*) from identity"
    2.12 +                                 "           where user_id = identity.user_id"
    2.13 +                                 "             and pgp_keypair_fpr = identity.main_key_id"
    2.14 +                                 "        ) = 0;";
    2.15  
    2.16          sql_least_trust = "select min(comm_type) from trust where pgp_keypair_fpr = upper(replace(?1,' ','')) ;";
    2.17