diff --git a/src/blacklist.c b/src/blacklist.c deleted file mode 100644 index ef0cdcc20..000000000 --- a/src/blacklist.c +++ /dev/null @@ -1,166 +0,0 @@ -/** @file */ -/** @brief File description for doxygen missing. FIXME */ - -// This file is under GNU General Public License 3.0 -// see LICENSE.txt - -#include "pEp_internal.h" -#include "blacklist.h" - -DYNAMIC_API PEP_STATUS blacklist_add(PEP_SESSION session, const char *fpr) -{ - PEP_STATUS status = PEP_STATUS_OK; - - assert(session && fpr && fpr[0]); - - if (!(session && fpr && fpr[0])) - return PEP_ILLEGAL_VALUE; - - sqlite3_exec(session->db, "BEGIN ;", NULL, NULL, NULL); - - sqlite3_reset(session->blacklist_add); - sqlite3_bind_text(session->blacklist_add, 1, fpr, -1, SQLITE_STATIC); - - int result; - - result = sqlite3_step(session->blacklist_add); - switch (result) { - case SQLITE_DONE: - status = PEP_STATUS_OK; - sqlite3_exec(session->db, "COMMIT ;", NULL, NULL, NULL); - break; - - default: - sqlite3_exec(session->db, "ROLLBACK ;", NULL, NULL, NULL); - status = PEP_UNKNOWN_ERROR; - } - - sqlite3_reset(session->blacklist_add); - return status; -} - -DYNAMIC_API PEP_STATUS blacklist_delete(PEP_SESSION session, const char *fpr) -{ - PEP_STATUS status = PEP_STATUS_OK; - - assert(session && fpr && fpr[0]); - - if (!(session && fpr && fpr[0])) - return PEP_ILLEGAL_VALUE; - - sqlite3_reset(session->blacklist_delete); - sqlite3_bind_text(session->blacklist_delete, 1, fpr, -1, SQLITE_STATIC); - - int result; - - result = sqlite3_step(session->blacklist_delete); - switch (result) { - case SQLITE_DONE: - status = PEP_STATUS_OK; - break; - - default: - status = PEP_UNKNOWN_ERROR; - } - - sqlite3_reset(session->blacklist_delete); - return status; -} - -DYNAMIC_API PEP_STATUS blacklist_is_listed( - PEP_SESSION session, - const char *fpr, - bool *listed - ) -{ - PEP_STATUS status = PEP_STATUS_OK; - int count; - - assert(session && fpr && fpr[0] && listed); - - if (!(session && fpr && fpr[0] && listed)) - return PEP_ILLEGAL_VALUE; - - *listed = false; - - sqlite3_reset(session->blacklist_is_listed); - sqlite3_bind_text(session->blacklist_is_listed, 1, fpr, -1, SQLITE_STATIC); - - int result; - - result = sqlite3_step(session->blacklist_is_listed); - switch (result) { - case SQLITE_ROW: - count = sqlite3_column_int(session->blacklist_is_listed, 0); - *listed = count > 0; - status = PEP_STATUS_OK; - break; - - default: - status = PEP_UNKNOWN_ERROR; - } - - sqlite3_reset(session->blacklist_is_listed); - return status; -} - -DYNAMIC_API PEP_STATUS blacklist_retrieve( - PEP_SESSION session, - stringlist_t **blacklist - ) -{ - PEP_STATUS status = PEP_STATUS_OK; - - assert(session); - assert(blacklist); - - if (!(session && blacklist)) - return PEP_ILLEGAL_VALUE; - - *blacklist = NULL; - stringlist_t *_blacklist = new_stringlist(NULL); - if (_blacklist == NULL) - goto enomem; - - sqlite3_reset(session->blacklist_retrieve); - - int result; - - stringlist_t *_bl = _blacklist; - do { - result = sqlite3_step(session->blacklist_retrieve); - switch (result) { - case SQLITE_ROW: - { - const char *fpr = (const char *) sqlite3_column_text(session->blacklist_retrieve, 0); - - _bl = stringlist_add(_bl, fpr); - if (_bl == NULL) - goto enomem; - - break; - } - case SQLITE_DONE: - break; - - default: - status = PEP_UNKNOWN_ERROR; - result = SQLITE_DONE; - } - } while (result != SQLITE_DONE); - - sqlite3_reset(session->blacklist_retrieve); - if (status == PEP_STATUS_OK) - *blacklist = _blacklist; - else - free_stringlist(_blacklist); - - goto the_end; - -enomem: - free_stringlist(_blacklist); - status = PEP_OUT_OF_MEMORY; - -the_end: - return status; -} diff --git a/src/blacklist.h b/src/blacklist.h deleted file mode 100644 index 76d576b98..000000000 --- a/src/blacklist.h +++ /dev/null @@ -1,107 +0,0 @@ -/** - * @file blacklist.h - * @brief Functions for maintaining a key blacklist for OpenPGP keys - * (i.e. keys received from OpenPGP partners). This is currently - * used by users when an OpenPGP partner has indicated that they - * do not want us to use a particular key we may have for them. - * This is marked as deprecated because we want users to use - * key reset instead, and this code will be in fact removed - * in Release 2.2.0 when key election is also removed. - * - * @deprecated These files are still in use as of Release 2.1 and will be removed with key election removal. - * - * @license GNU General Public License 3.0 - see LICENSE.txt - */ - -#ifndef BLACKLIST_H -#define BLACKLIST_H - -#include "pEpEngine.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * - * - * @deprecated As of Release 2.2.0 - * - * @brief Add to blacklist - * - * @param[in] session session to use - * @param[in] fpr fingerprint of key to blacklist - * - * @warning there is no point in blacklisting an own key; for any own - * identity, this will be ignored. The correct function to use - * for own keys in this event is "key_reset_trust". - * Also, this is only effective for OpenPGP-level trust. If - * this key is for a pEp user, the blacklist is ignored. - * - */ - -DYNAMIC_API PEP_STATUS blacklist_add(PEP_SESSION session, const char *fpr); - - -/** - * - * - * @deprecated As of Release 2.2.0 - * - * @brief Delete from blacklist - * - * @param[in] session session to use - * @param[in] fpr fingerprint of key to be removed from blacklist - * - * - */ - -DYNAMIC_API PEP_STATUS blacklist_delete(PEP_SESSION session, const char *fpr); - - -/** - * - * - * @deprecated As of Release 2.2.0 - * - * @brief Is listed in blacklist - * - * @param[in] session session to use - * @param[in] fpr fingerprint of key to blacklist - * @param[out] bool flags if key is blacklisted - * - * - */ - -DYNAMIC_API PEP_STATUS blacklist_is_listed( - PEP_SESSION session, - const char *fpr, - bool *listed - ); - - -/** - * - * - * @deprecated As of Release 2.2.0 - * - * @brief Retrieve full blacklist of key fingerprints - * - * @param[in] session session to use - * @param[out] blacklist copy of blacklist - * - * @ownership the ownership of the copy of blacklist goes to the caller - * - */ - -DYNAMIC_API PEP_STATUS blacklist_retrieve( - PEP_SESSION session, - stringlist_t **blacklist - ); - - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/src/engine_sql.c b/src/engine_sql.c index 95e08f77d..afdd250f9 100644 --- a/src/engine_sql.c +++ b/src/engine_sql.c @@ -807,10 +807,6 @@ static PEP_STATUS _create_group_tables(PEP_SESSION session) { static PEP_STATUS _create_supplementary_key_tables(PEP_SESSION session) { int int_result = sqlite3_exec( session->db, - // blacklist - "create table if not exists blacklist_keys (\n" - " fpr text primary key\n" - ");\n" "create table if not exists revoked_keys (\n" " revoked_fpr text primary key,\n" " replacement_fpr text not null\n" @@ -2249,44 +2245,6 @@ PEP_STATUS pEp_prepare_sql_stmts(PEP_SESSION session) { if (int_result != SQLITE_OK) return PEP_UNKNOWN_DB_ERROR; - - // blacklist - - int_result = sqlite3_prepare_v2(session->db, sql_blacklist_add, - (int)strlen(sql_blacklist_add), &session->blacklist_add, NULL); - assert(int_result == SQLITE_OK); - - if (int_result != SQLITE_OK) - return PEP_UNKNOWN_DB_ERROR; - - - int_result = sqlite3_prepare_v2(session->db, sql_blacklist_delete, - (int)strlen(sql_blacklist_delete), &session->blacklist_delete, - NULL); - assert(int_result == SQLITE_OK); - - if (int_result != SQLITE_OK) - return PEP_UNKNOWN_DB_ERROR; - - - int_result = sqlite3_prepare_v2(session->db, sql_blacklist_is_listed, - (int)strlen(sql_blacklist_is_listed), - &session->blacklist_is_listed, NULL); - assert(int_result == SQLITE_OK); - - if (int_result != SQLITE_OK) - return PEP_UNKNOWN_DB_ERROR; - - - int_result = sqlite3_prepare_v2(session->db, sql_blacklist_retrieve, - (int)strlen(sql_blacklist_retrieve), &session->blacklist_retrieve, - NULL); - assert(int_result == SQLITE_OK); - - if (int_result != SQLITE_OK) - return PEP_UNKNOWN_DB_ERROR; - - // Own keys int_result = sqlite3_prepare_v2(session->db, sql_own_key_is_listed, @@ -2693,14 +2651,6 @@ PEP_STATUS pEp_finalize_sql_stmts(PEP_SESSION session) { sqlite3_finalize(session->get_main_user_fpr); if (session->refresh_userid_default_key) sqlite3_finalize(session->refresh_userid_default_key); - if (session->blacklist_add) - sqlite3_finalize(session->blacklist_add); - if (session->blacklist_delete) - sqlite3_finalize(session->blacklist_delete); - if (session->blacklist_is_listed) - sqlite3_finalize(session->blacklist_is_listed); - if (session->blacklist_retrieve) - sqlite3_finalize(session->blacklist_retrieve); if (session->own_key_is_listed) sqlite3_finalize(session->own_key_is_listed); if (session->is_own_address) diff --git a/src/engine_sql.h b/src/engine_sql.h index 10bb00e1c..2051938e1 100644 --- a/src/engine_sql.h +++ b/src/engine_sql.h @@ -407,22 +407,6 @@ static const char *sql_languagelist = static const char *sql_i18n_token = "select phrase from i18n_token where lang = lower(?1) and id = ?2 ;"; -// blacklist -static const char *sql_blacklist_add = - "insert or ignore into blacklist_keys (fpr) values (upper(replace(?1,' ',''))) ;" - "delete from identity where main_key_id = upper(replace(?1,' ','')) ;" - "delete from pgp_keypair where fpr = upper(replace(?1,' ','')) ;"; - -static const char *sql_blacklist_delete = - "delete from blacklist_keys where fpr = upper(replace(?1,' ','')) ;"; - -static const char *sql_blacklist_is_listed = - "select count(*) from blacklist_keys where fpr = upper(replace(?1,' ','')) ;"; - -static const char *sql_blacklist_retrieve = - "select * from blacklist_keys ;"; - - // Own keys // We only care if it's 0 or non-zero static const char *sql_own_key_is_listed = diff --git a/src/keymanagement.c b/src/keymanagement.c index 6758e92ad..afaf1659e 100644 --- a/src/keymanagement.c +++ b/src/keymanagement.c @@ -18,8 +18,6 @@ #include "keymanagement_internal.h" #include "KeySync_fsm.h" -#include "blacklist.h" - static bool key_matches_address(PEP_SESSION session, const char* address, const char* fpr) { if (!session || !address || !fpr) @@ -45,114 +43,13 @@ static bool key_matches_address(PEP_SESSION session, const char* address, return retval; } -// Does not return PASSPHRASE errors -/** - * @internal - * - * - * - * @brief TODO - * - * @param[in] session session handle - * @param[in] *identity pEp_identity - * @param[in] check_blacklist bool - * - * @retval PEP_STATUS_OK - * @retval PEP_OUT_OF_MEMORY out of memory - */ -PEP_STATUS elect_pubkey( - PEP_SESSION session, pEp_identity * identity, bool check_blacklist - ) -{ - PEP_STATUS status; - stringlist_t *keylist = NULL; - char *_fpr = ""; - identity->comm_type = PEP_ct_unknown; - - status = find_keys(session, identity->address, &keylist); - assert(status != PEP_OUT_OF_MEMORY); - if (status == PEP_OUT_OF_MEMORY) - return PEP_OUT_OF_MEMORY; - - if (!keylist || !keylist->value) - identity->comm_type = PEP_ct_key_not_found; - else { - stringlist_t *_keylist; - for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) { - PEP_comm_type _comm_type_key; - - status = get_key_rating(session, _keylist->value, &_comm_type_key); - if (status == PEP_OUT_OF_MEMORY) { - free_stringlist(keylist); - return PEP_OUT_OF_MEMORY; - } - - if (_comm_type_key != PEP_ct_compromised && - _comm_type_key != PEP_ct_unknown) - { - if (identity->comm_type == PEP_ct_unknown || - _comm_type_key > identity->comm_type) - { - bool blacklisted = false; - bool mistrusted = false; - status = is_mistrusted_key(session, _keylist->value, &mistrusted); - if (status == PEP_STATUS_OK && check_blacklist) - status = blacklist_is_listed(session, _keylist->value, &blacklisted); - if (status == PEP_STATUS_OK && !mistrusted && !blacklisted) { - identity->comm_type = _comm_type_key; - _fpr = _keylist->value; - } - } - } - } - } - free(identity->fpr); - - if (!_fpr || _fpr[0] == '\0') - identity->fpr = NULL; - else { - identity->fpr = strdup(_fpr); - if (identity->fpr == NULL) { - free_stringlist(keylist); - return PEP_OUT_OF_MEMORY; - } - } - - free_stringlist(keylist); - return PEP_STATUS_OK; -} - - // own_must_contain_private is usually true when calling; // we only set it to false when we have the idea of // possibly having an own pubkey that we need to check on its own // N.B. Checked for PASSPHRASE errors - will now return them always // False value of "renew_private" prevents their possibility, though. -/** - * @internal - * - * - * - * @brief TODO - * - * @param[in] session session handle - * @param[in] *ident pEp_identity - * @param[in] check_blacklist bool - * @param[in] own_must_contain_private bool - * @param[in] renew_private bool - * - * @retval PEP_STATUS_OK - * @retval PEP_ILLEGAL_VALUE illegal parameter values - * @retval PEP_OUT_OF_MEMORY out of memory - * @retval PEP_KEY_UNSUITABLE - * @retval PEP_PASSPHRASE_REQUIRED - * @retval PEP_WRONG_PASSPHRASE - * @retval any other value on error - * - */ PEP_STATUS validate_fpr(PEP_SESSION session, pEp_identity* ident, - bool check_blacklist, bool own_must_contain_private, bool renew_private) { @@ -228,8 +125,7 @@ PEP_STATUS validate_fpr(PEP_SESSION session, } bool revoked, expired; - bool blacklisted = false; - + // Should not need to decrypt key material status = key_revoked(session, fpr, &revoked); @@ -250,15 +146,6 @@ PEP_STATUS validate_fpr(PEP_SESSION session, if (status != PEP_STATUS_OK) return status; - if (check_blacklist && IS_PGP_CT(ct) && - !ident->me) { - status = blacklist_is_listed(session, - fpr, - &blacklisted); - - if (status != PEP_STATUS_OK) - return status; - } } // Renew key if it's expired, our own, has a private part, @@ -300,13 +187,7 @@ PEP_STATUS validate_fpr(PEP_SESSION session, else ct = PEP_ct_key_expired; } - else if (blacklisted) { // never true for .me - ident->comm_type = ct = PEP_ct_key_not_found; - free(ident->fpr); - ident->fpr = strdup(""); - status = PEP_KEY_BLACKLISTED; - } - + switch (ct) { case PEP_ct_key_revoked: case PEP_ct_key_b0rken: @@ -416,8 +297,7 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session, pEp_identity* stored_identity, bool* is_identity_default, bool* is_user_default, - bool* is_address_default, - bool check_blacklist) { + bool* is_address_default) { if (!session) return PEP_ILLEGAL_VALUE; @@ -441,7 +321,7 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session, // Won't ask for passphrase, won't return PASSPHRASE status // Because of non-renewal - status = validate_fpr(session, stored_identity, check_blacklist, true, false); + status = validate_fpr(session, stored_identity, true, false); switch (status) { case PEP_STATUS_OK: if (!EMPTYSTR(stored_identity->fpr)) { @@ -469,7 +349,7 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session, // Won't ask for passphrase, won't return PASSPHRASE status // Because of non-renewal - status = validate_fpr(session, stored_identity, check_blacklist, true, false); + status = validate_fpr(session, stored_identity, true, false); switch (status) { case PEP_STATUS_OK: @@ -492,20 +372,7 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session, } // If we got here, there's no usable default. - - // status = elect_pubkey(session, stored_identity, check_blacklist); - // if (status == PEP_STATUS_OK) { - // if (!EMPTYSTR(stored_identity->fpr)) { - // // Won't ask for passphrase, won't return PASSPHRASE status - // // Because of non-renewal - // status = validate_fpr(session, stored_identity, false, true, false); // blacklist already filtered of needed - // } - // } - // else if (status != PEP_KEY_NOT_FOUND && first_reject_status != PEP_KEY_NOT_FOUND) { - // first_reject_status = status; - // first_reject_comm_type = stored_identity->comm_type; - // } - + switch (first_reject_comm_type) { case PEP_ct_key_revoked: case PEP_ct_key_b0rken: @@ -520,11 +387,6 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session, stored_identity->comm_type = first_reject_comm_type; break; default: - if (check_blacklist && status == PEP_KEY_BLACKLISTED) { - free(stored_identity->fpr); - stored_identity->fpr = NULL; - stored_identity->comm_type = PEP_ct_key_not_found; - } break; } @@ -634,8 +496,7 @@ static PEP_STATUS prepare_updated_identity(PEP_SESSION session, status = get_valid_pubkey(session, stored_ident, &is_identity_default, &is_user_default, - &is_address_default, - false); + &is_address_default); bool is_pEp = false; @@ -1272,7 +1133,7 @@ PEP_STATUS _myself(PEP_SESSION session, if (stored_identity) { if (!EMPTYSTR(stored_identity->fpr)) { // Fall back / retrieve - status = validate_fpr(session, stored_identity, false, true, do_renew); + status = validate_fpr(session, stored_identity, true, do_renew); switch (status) { // Only possible if we called this with do_renew = true @@ -1675,7 +1536,7 @@ DYNAMIC_API PEP_STATUS trust_personal_key( // Set up a temp trusted identity for the input fpr without a comm type; tmp_id = new_identity(ident->address, ident->fpr, ident->user_id, NULL); - status = validate_fpr(session, tmp_id, false, true, false); + status = validate_fpr(session, tmp_id, true, false); if (status == PEP_STATUS_OK) { // Validate fpr gets trust DB or, when that fails, key comm type. we checked @@ -1735,7 +1596,7 @@ DYNAMIC_API PEP_STATUS trust_personal_key( if (!tmp_user_ident) status = PEP_OUT_OF_MEMORY; else { - status = validate_fpr(session, tmp_user_ident, false, true, false); + status = validate_fpr(session, tmp_user_ident, true, false); if (status != PEP_STATUS_OK || tmp_user_ident->comm_type < PEP_ct_strong_but_unconfirmed || @@ -1776,8 +1637,8 @@ DYNAMIC_API PEP_STATUS trust_own_key( if (!is_me(session, ident)) return PEP_ILLEGAL_VALUE; - // don't check blacklist or require a private key - PEP_STATUS status = validate_fpr(session, ident, false, false, true); + // don't require a private key + PEP_STATUS status = validate_fpr(session, ident, false, true); if (status != PEP_STATUS_OK) return status; @@ -2144,7 +2005,7 @@ DYNAMIC_API PEP_STATUS set_own_key( if (!me->fpr) return PEP_OUT_OF_MEMORY; - status = validate_fpr(session, me, false, true, true); + status = validate_fpr(session, me, true, true); if (status) return status; @@ -2314,7 +2175,7 @@ static PEP_STATUS _wipe_own_default_key_if_invalid(PEP_SESSION session, if (!ident->fpr) return PEP_OUT_OF_MEMORY; - PEP_STATUS keystatus = validate_fpr(session, ident, true, false, true); + PEP_STATUS keystatus = validate_fpr(session, ident, false, true); if (PASS_ERROR(status)) return status; @@ -2327,8 +2188,7 @@ static PEP_STATUS _wipe_own_default_key_if_invalid(PEP_SESSION session, break; } case PEP_KEY_UNSUITABLE: - case PEP_KEY_BLACKLISTED: - // Remove key as default for all identities and users + // Remove key as default for all identities and users status = remove_fpr_as_default(session, cached_fpr); break; default: diff --git a/src/keymanagement_internal.h b/src/keymanagement_internal.h index 3c3031ca5..9ab601947 100644 --- a/src/keymanagement_internal.h +++ b/src/keymanagement_internal.h @@ -152,8 +152,7 @@ PEP_STATUS get_user_default_key(PEP_SESSION session, const char* user_id, * @param[in] is_identity_default bool* * @param[in] is_user_default bool* * @param[in] is_address_default bool* - * @param[in] check_blacklist bool - * + * * @retval PEP_STATUS_OK * @retval PEP_ILLEGAL_VALUE illegal parameter values * @retval any other value on error @@ -162,8 +161,7 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session, pEp_identity* stored_identity, bool* is_identity_default, bool* is_user_default, - bool* is_address_default, - bool check_blacklist); + bool* is_address_default); /** * @@ -192,7 +190,6 @@ PEP_STATUS get_key_sticky_bit_for_user(PEP_SESSION session, * * @param[in] session session handle * @param[in] *ident pEp_identity - * @param[in] check_blacklist bool * @param[in] own_must_contain_private bool * @param[in] renew_private bool * @@ -207,7 +204,6 @@ PEP_STATUS get_key_sticky_bit_for_user(PEP_SESSION session, */ PEP_STATUS validate_fpr(PEP_SESSION session, pEp_identity* ident, - bool check_blacklist, bool own_must_contain_private, bool renew_private); diff --git a/src/message_api.c b/src/message_api.c index 97cf10490..76daeb614 100644 --- a/src/message_api.c +++ b/src/message_api.c @@ -10,7 +10,6 @@ #include "platform.h" #include "mime.h" -#include "blacklist.h" #include "baseprotocol.h" #include "KeySync_fsm.h" #include "base64.h" @@ -2583,27 +2582,6 @@ static PEP_STATUS _update_state_for_ident_list( max_version_major, max_version_minor); } - bool is_blacklisted = false; - if (_il->ident->fpr && IS_PGP_CT(_il->ident->comm_type)) { - status = blacklist_is_listed(session, _il->ident->fpr, &is_blacklisted); - if (status != PEP_STATUS_OK) { - // DB error - status = PEP_UNENCRYPTED; - goto pEp_done; - } - if (is_blacklisted) { - bool user_default, ident_default, address_default; - status = get_valid_pubkey(session, _il->ident, - &ident_default, &user_default, - &address_default, - true); - - if (status != PEP_STATUS_OK || _il->ident->fpr == NULL) { - _il->ident->comm_type = PEP_ct_key_not_found; - status = PEP_STATUS_OK; - } - } - } if (!(*has_pEp_user) && !EMPTYSTR(_il->ident->user_id)) is_pEp_user(session, _il->ident, has_pEp_user); @@ -4905,7 +4883,7 @@ static PEP_STATUS set_default_key_fpr_if_valid( return PEP_OUT_OF_MEMORY; // this will check to see that the key is usable as well as get its comm_type - PEP_STATUS status = validate_fpr(session, ident, true, true, true); + PEP_STATUS status = validate_fpr(session, ident, true, true); if (status == PEP_STATUS_OK) status = set_identity(session, ident); else { @@ -4935,11 +4913,7 @@ static PEP_STATUS _check_and_set_default_key( // Right now, we just want to know if there's a DB default, NOT // if it matches what update_identity gives us (there are good reasons it might not) status = get_default_identity_fpr(session, src_ident->address, src_ident->user_id, &default_from_fpr); - bool on_blacklist = false; - if (!EMPTYSTR(default_from_fpr)) { - blacklist_is_listed(session, default_from_fpr, &on_blacklist); - } - if (on_blacklist || status == PEP_KEY_NOT_FOUND || status == PEP_CANNOT_FIND_IDENTITY) { + if (status == PEP_KEY_NOT_FOUND || status == PEP_CANNOT_FIND_IDENTITY) { if (!EMPTYSTR(sender_key)) status = set_default_key_fpr_if_valid(session, src_ident, sender_key); } @@ -6451,25 +6425,7 @@ static void _max_comm_type_from_identity_list( *max_comm_type = _get_comm_type(session, *max_comm_type, il->ident); *comm_type_determined = true; - - bool is_blacklisted = false; - if (il->ident->fpr && IS_PGP_CT(il->ident->comm_type)) { - status = blacklist_is_listed(session, il->ident->fpr, &is_blacklisted); - if (is_blacklisted) { - bool user_default, ident_default, address_default; - status = get_valid_pubkey(session, il->ident, - &ident_default, &user_default, - &address_default, - true); - - if (status != PEP_STATUS_OK || il->ident->fpr == NULL) { - il->ident->comm_type = PEP_ct_key_not_found; - if (*max_comm_type > PEP_ct_no_encryption) - *max_comm_type = PEP_ct_no_encryption; - } - } - } - + // check for the return statuses which might not a representative // value in the comm_type if (status == PEP_ILLEGAL_VALUE || status == PEP_CANNOT_SET_PERSON || @@ -6616,30 +6572,9 @@ DYNAMIC_API PEP_STATUS identity_rating( if (ident->me) status = _myself(session, ident, false, true, true, true); - else { // Since we don't blacklist own keys, we only check it in here + else status = update_identity(session, ident); - bool is_blacklisted = false; - - if (ident->fpr && IS_PGP_CT(ident->comm_type)) { - status = blacklist_is_listed(session, ident->fpr, &is_blacklisted); - if (status != PEP_STATUS_OK) { - return status; // DB ERROR - } - if (is_blacklisted) { - bool user_default, ident_default, address_default; - status = get_valid_pubkey(session, ident, - &ident_default, &user_default, - &address_default, - true); - if (status != PEP_STATUS_OK || ident->fpr == NULL) { - ident->comm_type = PEP_ct_key_not_found; - status = PEP_STATUS_OK; - } - } - } - } - if (status == PEP_STATUS_OK) *rating = _rating(ident->comm_type); @@ -7293,7 +7228,6 @@ got_keylist: switch (status) { case PEP_KEY_NOT_FOUND: case PEP_KEY_UNSUITABLE: - case PEP_KEY_BLACKLISTED: case PEP_CANNOT_FIND_IDENTITY: case PEP_CANNOT_FIND_ALIAS: status = PEP_STATUS_OK; diff --git a/src/pEpEngine.c b/src/pEpEngine.c index ff994fb9d..ca14e1d6a 100644 --- a/src/pEpEngine.c +++ b/src/pEpEngine.c @@ -7,7 +7,6 @@ #include "dynamic_api.h" #include "cryptotech.h" #include "transport.h" -#include "blacklist.h" #include "KeySync_fsm.h" #include "engine_sql.h" diff --git a/src/pEpEngine.h b/src/pEpEngine.h index 466f4cf15..0eb289fed 100644 --- a/src/pEpEngine.h +++ b/src/pEpEngine.h @@ -87,7 +87,7 @@ typedef enum { PEP_CANNOT_SET_PGP_KEYPAIR = 0x0382, PEP_CANNOT_SET_IDENTITY = 0x0383, PEP_CANNOT_SET_TRUST = 0x0384, - PEP_KEY_BLACKLISTED = 0x0385, + PEP_KEY_BLACKLISTED = 0x0385, /// @deprecated PEP_CANNOT_FIND_PERSON = 0x0386, PEP_CANNOT_SET_PEP_VERSION = 0X0387, diff --git a/src/pEp_internal.h b/src/pEp_internal.h index 4ab3e76be..23391b032 100644 --- a/src/pEp_internal.h +++ b/src/pEp_internal.h @@ -243,12 +243,6 @@ struct _pEpSession { sqlite3_stmt *i18n_token; sqlite3_stmt *replace_userid; - // blacklist - sqlite3_stmt *blacklist_add; - sqlite3_stmt *blacklist_delete; - sqlite3_stmt *blacklist_is_listed; - sqlite3_stmt *blacklist_retrieve; - // Keys sqlite3_stmt *own_key_is_listed; sqlite3_stmt *is_own_address; diff --git a/test/src/BlacklistAcceptNewKeyTest.cc b/test/src/BlacklistAcceptNewKeyTest.cc deleted file mode 100644 index 1175214d0..000000000 --- a/test/src/BlacklistAcceptNewKeyTest.cc +++ /dev/null @@ -1,180 +0,0 @@ -// This file is under GNU General Public License 3.0 -// see LICENSE.txt - -#include -#include -#include // for strcmp() - -#include "TestUtilities.h" -#include "TestConstants.h" - -#include "pEpEngine.h" -#include "pEp_internal.h" -#include "blacklist.h" -#include "keymanagement.h" -#include "message_api.h" -#include "mime.h" - - - -#include "Engine.h" - -#include - - -namespace { - - //The fixture for BlacklistAcceptNewKeyTest - class BlacklistAcceptNewKeyTest : public ::testing::Test { - public: - Engine* engine; - PEP_SESSION session; - - protected: - // You can remove any or all of the following functions if its body - // is empty. - BlacklistAcceptNewKeyTest() { - // You can do set-up work for each test here. - test_suite_name = ::testing::UnitTest::GetInstance()->current_test_info()->GTEST_SUITE_SYM(); - test_name = ::testing::UnitTest::GetInstance()->current_test_info()->name(); - test_path = get_main_test_home_dir() + "/" + test_suite_name + "/" + test_name; - } - - ~BlacklistAcceptNewKeyTest() override { - // You can do clean-up work that doesn't throw exceptions here. - } - - // If the constructor and destructor are not enough for setting up - // and cleaning up each test, you can define the following methods: - - void SetUp() override { - // Code here will be called immediately after the constructor (right - // before each test). - - // Leave this empty if there are no files to copy to the home directory path - std::vector> init_files = std::vector>(); - - // Get a new test Engine. - engine = new Engine(test_path); - ASSERT_NOTNULL(engine); - - // Ok, let's initialize test directories etc. - engine->prep(NULL, NULL, NULL, init_files); - - // Ok, try to start this bugger. - engine->start(); - ASSERT_NOTNULL(engine->session); - session = engine->session; - - // Engine is up. Keep on truckin' - } - - void TearDown() override { - // Code here will be called immediately after each test (right - // before the destructor). - engine->shut_down(); - delete engine; - engine = NULL; - session = NULL; - } - - private: - const char* test_suite_name; - const char* test_name; - string test_path; - // Objects declared here can be used by all tests in the BlacklistAcceptNewKeyTest suite. - - }; - -} // namespace - - -TEST_F(BlacklistAcceptNewKeyTest, check_blacklist_accept_new_key) { - PEP_STATUS status = PEP_STATUS_OK; - - // blacklist test code - - output_stream << "blacklist only key for identity / add key / check which key is used" << endl; - - // 2797 65A2 FEB5 B7C7 31B8 61D9 3E4C EFD9 F7AF 4684 - this is the blacklisted key in blacklisted_pub.asc - - /* read the key into memory */ - const string keytext = slurp("test_keys/pub/blacklisted_pub.asc"); - - /* import it into pep */ - status = import_key(session, keytext.c_str(), keytext.length(), NULL); - ASSERT_EQ(status, PEP_KEY_IMPORTED); - - const char* bl_fpr_1 = "279765A2FEB5B7C731B861D93E4CEFD9F7AF4684"; - bool is_blacklisted = false; - - pEp_identity* blacklisted_identity = new_identity("blacklistedkeys@kgrothoff.org", - bl_fpr_1, - "TOFU_blacklistedkeys@kgrothoff.org", - "Blacklist Keypair"); - - // Explicitly set identity, since we need the key in there - status = set_identity(session, blacklisted_identity); - ASSERT_OK; - - status = update_identity(session, blacklisted_identity); - ASSERT_OK; - status = blacklist_add(session, bl_fpr_1); - ASSERT_OK; - status = blacklist_is_listed(session, bl_fpr_1, &is_blacklisted); - ASSERT_OK; - ASSERT_TRUE(is_blacklisted); - - // We should NOT return a blacklisted key here. - // FIXME: for EB - what to do when unblacklisting? - status = update_identity(session, blacklisted_identity); - ASSERT_OK; - ASSERT_STREQ(bl_fpr_1, blacklisted_identity->fpr); - - // post key election this should be obvious. - bool id_def, us_def, addr_def; - status = get_valid_pubkey(session, blacklisted_identity, - &id_def, &us_def, &addr_def, true); - ASSERT_EQ(status, PEP_KEY_BLACKLISTED); - ASSERT_EQ(blacklisted_identity->comm_type , PEP_ct_key_not_found); - - - if (!(blacklisted_identity->fpr)) - output_stream << "OK! blacklisted_identity->fpr is empty. Yay!" << endl; - else - output_stream << "Not OK. blacklisted_identity->fpr is " << blacklisted_identity->fpr << "." << endl - << "Expected it to be empty." << endl; - ASSERT_TRUE(EMPTYSTR(blacklisted_identity->fpr)); - - /* identity is blacklisted. Now let's read in a message which contains a new key for that ID. */ - // This SHOULD work with key election removal! - const char* new_key = "634FAC4417E9B2A5DC2BD4AAC4AEEBBE7E62701B"; - const string mailtext = slurp("test_mails/blacklist_new_key_attached.eml"); - pEp_identity * me1 = new_identity("blacklistedkeys@kgrothoff.org", new_key, "TOFU_blacklistedkeys@kgrothoff.org", "Blacklisted Key Message Recipient"); - - status = update_identity(session, me1); - message* msg_ptr = nullptr; - message* dest_msg = nullptr; - stringlist_t* keylist = nullptr; - PEP_rating rating; - PEP_decrypt_flags_t flags = 0; - - status = mime_decode_message(mailtext.c_str(), mailtext.length(), &msg_ptr, NULL); - ASSERT_OK; - status = decrypt_message(session, msg_ptr, &dest_msg, &keylist, &rating, &flags); - - // Key election is gone, but getting it via mail should set a default! - status = update_identity(session, me1); - ASSERT_STRCASEEQ(me1->fpr, new_key); - - status = blacklist_delete(session, bl_fpr_1); - ASSERT_OK; - // Key election removal note: THIS WILL NOT SET IT BACK TO THE OLD KEY AS A DEFAULT. YOU WOULD NEED TO RESET OR BLACKLIST THE NEW KEY AND - // RESET/REIMPORT THE OLD KEY AS A DEFAULT. - status = update_identity(session, blacklisted_identity); - ASSERT_OK; - - free_message(msg_ptr); - free_message(dest_msg); - free_stringlist(keylist); -} diff --git a/test/src/BlacklistTest.cc b/test/src/BlacklistTest.cc deleted file mode 100644 index f9e7357f4..000000000 --- a/test/src/BlacklistTest.cc +++ /dev/null @@ -1,265 +0,0 @@ -// This file is under GNU General Public License 3.0 -// see LICENSE.txt - -// #include -// #include -// #include -// #include -// #include // for strcmp() -// #include -// #include "blacklist.h" -// #include "keymanagement.h" -// #include "test_util.h" -// -// // This file is under GNU General Public License 3.0 -// // see LICENSE.txt - -#include -#include -#include // for strcmp() - - -#include - -#include "pEpEngine.h" -#include "pEp_internal.h" - -#include "blacklist.h" -#include "keymanagement.h" -#include "TestUtilities.h" -#include "TestConstants.h" - - - -#include "Engine.h" - -#include - - -namespace { - - //The fixture for BlacklistTest - class BlacklistTest : public ::testing::Test { - public: - Engine* engine; - PEP_SESSION session; - - protected: - // You can remove any or all of the following functions if its body - // is empty. - BlacklistTest() { - // You can do set-up work for each test here. - test_suite_name = ::testing::UnitTest::GetInstance()->current_test_info()->GTEST_SUITE_SYM(); - test_name = ::testing::UnitTest::GetInstance()->current_test_info()->name(); - test_path = get_main_test_home_dir() + "/" + test_suite_name + "/" + test_name; - } - - ~BlacklistTest() override { - // You can do clean-up work that doesn't throw exceptions here. - } - - // If the constructor and destructor are not enough for setting up - // and cleaning up each test, you can define the following methods: - - void SetUp() override { - // Code here will be called immediately after the constructor (right - // before each test). - - // Leave this empty if there are no files to copy to the home directory path - std::vector> init_files = std::vector>(); - - // Get a new test Engine. - engine = new Engine(test_path); - ASSERT_NOTNULL(engine); - - // Ok, let's initialize test directories etc. - engine->prep(NULL, NULL, NULL, init_files); - - // Ok, try to start this bugger. - engine->start(); - ASSERT_NOTNULL(engine->session); - session = engine->session; - - // Engine is up. Keep on truckin' - } - - void TearDown() override { - // Code here will be called immediately after each test (right - // before the destructor). - engine->shut_down(); - delete engine; - engine = NULL; - session = NULL; - } - - private: - const char* test_suite_name; - const char* test_name; - string test_path; - // Objects declared here can be used by all tests in the BlacklistTest suite. - - }; - -} // namespace - - -TEST_F(BlacklistTest, check_blacklist) { - // blacklist test code - - output_stream << "adding 23 to blacklist\n"; - PEP_STATUS status2 = blacklist_add(session, "23"); - ASSERT_EQ(status2 , PEP_STATUS_OK); - output_stream << "added.\n"; - - bool listed; - PEP_STATUS status3 = blacklist_is_listed(session, "23", &listed); - ASSERT_EQ(status3 , PEP_STATUS_OK); - ASSERT_TRUE(listed); - output_stream << "23 is listed.\n"; - - stringlist_t *blacklist; - PEP_STATUS status6 = blacklist_retrieve(session, &blacklist); - ASSERT_EQ(status6 , PEP_STATUS_OK); - ASSERT_NOTNULL(blacklist); - - bool in23 = false; - output_stream << "the blacklist contains now: "; - for (stringlist_t *bl = blacklist; bl && bl->value; bl = bl->next) { - output_stream << bl->value << ", "; - if (std::strcmp(bl->value, "23") == 0) - in23 = true; - } - output_stream << "END\n"; - ASSERT_TRUE(in23); - free_stringlist(blacklist); - - output_stream << "deleting 23 from blacklist\n"; - PEP_STATUS status4 = blacklist_delete(session, "23"); - ASSERT_EQ(status4 , PEP_STATUS_OK); - output_stream << "deleted.\n"; - - PEP_STATUS status5 = blacklist_is_listed(session, "23", &listed); - ASSERT_EQ(status5 , PEP_STATUS_OK); - ASSERT_TRUE(!listed); - output_stream << "23 is not listed any more.\n"; - - output_stream << "blacklist only key for identity / unblacklist key / add key" << endl; - - - // 2797 65A2 FEB5 B7C7 31B8 61D9 3E4C EFD9 F7AF 4684 - this is the blacklisted key in blacklisted_pub.asc - - const string keytext = slurp("test_keys/pub/blacklisted_pub.asc"); - - /* FIXME: put in automated test stuff (N.B. only gdb mem examination to this point to get - * fix in */ - /* import it into pep */ - PEP_STATUS status7 = import_key(session, keytext.c_str(), keytext.length(), NULL); - - const char* bl_fpr_1 = "279765A2FEB5B7C731B861D93E4CEFD9F7AF4684"; - const char* bl_fpr_2 = "634FAC4417E9B2A5DC2BD4AAC4AEEBBE7E62701B"; - bool is_blacklisted = false; - - // Clean up from previous runs - PEP_STATUS status10 = blacklist_is_listed(session, bl_fpr_1, &is_blacklisted); - if (is_blacklisted) { - is_blacklisted = false; - blacklist_delete(session, bl_fpr_1); - } - - pEp_identity* blacklisted_identity = new_identity("blacklistedkeys@kgrothoff.org", - bl_fpr_1, - "TOFU_blacklistedkeys@kgrothoff.org", - "Blacklist Keypair"); - - PEP_STATUS status = set_fpr_preserve_ident(session, blacklisted_identity, bl_fpr_1, false); - ASSERT_OK; - - PEP_STATUS status8 = update_identity(session, blacklisted_identity); - - // THERE IS NO BLACKLISTING OF PEP KEYS - //blacklisted_identity->comm_type = PEP_ct_pEp; - blacklisted_identity->comm_type = PEP_ct_OpenPGP_unconfirmed; - - PEP_STATUS status99 = set_identity(session, blacklisted_identity); - - trust_personal_key(session, blacklisted_identity); - - PEP_STATUS status999 = update_identity(session, blacklisted_identity); - - ASSERT_EQ(blacklisted_identity->comm_type , PEP_ct_OpenPGP); - - PEP_STATUS status9 = blacklist_add(session, bl_fpr_1); - status10 = blacklist_is_listed(session, bl_fpr_1, &is_blacklisted); - PEP_STATUS status11 = update_identity(session, blacklisted_identity); - /* new!!! */ - ASSERT_TRUE(is_blacklisted); - ASSERT_EQ(status11 , PEP_STATUS_OK); - ASSERT_STREQ(bl_fpr_1, blacklisted_identity->fpr); // I don't think this should be true, but... - - bool id_def, us_def, addr_def; - status11 = get_valid_pubkey(session, blacklisted_identity, - &id_def, &us_def, &addr_def, true); - - if (!(blacklisted_identity->fpr)) - output_stream << "OK! blacklisted_identity->fpr is empty. Yay!" << endl; - else if (strcmp(blacklisted_identity->fpr, bl_fpr_2) == 0) - output_stream << "OK! While this should be empty, you are probably running " << - "this in your home directory instead of the test environment " << - "and have leftover keys. This is an acceptable result here then. But you " << - "should probably clean up after yourself :)" << endl; - else - output_stream << "Not OK. blacklisted_identity->fpr is " << blacklisted_identity->fpr << "." << endl - << "Expected it to be empty or (possibly) " << bl_fpr_2 << endl; - - ASSERT_TRUE(blacklisted_identity->fpr == NULL || blacklisted_identity->fpr[0] == '\0' || strcmp(blacklisted_identity->fpr, bl_fpr_2) == 0); - - pEp_identity *me = new_identity("alice@peptest.ch", NULL, "423", "Alice Miller"); - ASSERT_NOTNULL(me); - PEP_STATUS status24 = myself(session, me); - ASSERT_EQ(status24 , PEP_STATUS_OK); - - message *msg23 = new_message(PEP_dir_outgoing); - ASSERT_NOTNULL(msg23); - msg23->from = me; - msg23->to = new_identity_list(identity_dup(blacklisted_identity)); - ASSERT_TRUE(msg23->to != NULL && msg23->to->ident != NULL); - PEP_rating rating23; - - output_stream << "testing outgoing_message_rating() with blacklisted key in to\n"; - PEP_STATUS status23 = outgoing_message_rating(session, msg23, &rating23); - ASSERT_EQ(status23 , PEP_STATUS_OK); - ASSERT_EQ(rating23 , PEP_rating_unencrypted); - - free_message(msg23); - - const string keytext2 = slurp("test_keys/pub/blacklisted_pub2.asc"); - PEP_STATUS status14 = import_key(session, keytext2.c_str(), keytext2.length(), NULL); - - pEp_identity* blacklisted_identity2 = new_identity("blacklistedkeys@kgrothoff.org", - bl_fpr_2, - NULL, - "Blacklist Keypair"); - PEP_STATUS status15 = update_identity(session, blacklisted_identity2); - // - // ASSERT_EQ((blacklisted_identity2->fpr && strcmp(blacklisted_identity2->fpr, bl_fpr_2) , 0), "blacklisted_identity2->fpr && strcmp(blacklisted_identity2->fpr); - // if (blacklisted_identity2->fpr && strcmp(blacklisted_identity2->fpr, bl_fpr_2) == 0) - // output_stream << "blacklisted identity's fpr successfully replaced by the unblacklisted one" << endl; - // // else - // // output_stream << "blacklisted_identity->fpr should be " << bl_fpr_2 << " but is " << blacklisted_identity->fpr << endl; - // - // PEP_STATUS status12 = blacklist_delete(session, bl_fpr_1); - // PEP_STATUS status13 = update_identity(session, blacklisted_identity); - // - // pEp_identity* stored_identity = new_identity("blacklistedkeys@kgrothoff.org", - // NULL, - // blacklisted_identity->user_id, - // "Blacklist Keypair"); - // - // PEP_STATUS status00 = update_identity(session, stored_identity); - // - // // FIXME - // // ASSERT_EQ(stored_identity->comm_type , PEP_ct_pEp); - - free_identity(blacklisted_identity); - free_identity(blacklisted_identity2); -} diff --git a/test/src/EncryptMissingPrivateKeyTest.cc b/test/src/EncryptMissingPrivateKeyTest.cc index a56edf94e..add5cc77d 100644 --- a/test/src/EncryptMissingPrivateKeyTest.cc +++ b/test/src/EncryptMissingPrivateKeyTest.cc @@ -9,7 +9,6 @@ #include // for strcmp() #include -#include "blacklist.h" #include "keymanagement.h" #include "message_api.h" #include "mime.h" diff --git a/test/src/TestUtilities.cc b/test/src/TestUtilities.cc index 829e999e0..26ab59b84 100644 --- a/test/src/TestUtilities.cc +++ b/test/src/TestUtilities.cc @@ -888,7 +888,7 @@ PEP_STATUS set_default_fpr_for_test(PEP_SESSION session, pEp_identity* ident, b return PEP_UNKNOWN_ERROR; } if (!unconditional) - status = validate_fpr(session, ident, true, true, true); + status = validate_fpr(session, ident, true, true); if (status == PEP_STATUS_OK) status = set_identity(session, ident); return status;