pEpEngine/src/keymanagement.c

#include "platform.h"

#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <assert.h>

#include "pEp_internal.h"
#include "keymanagement.h"

#ifndef MIN
#define MIN(A, B) ((B) > (A) ? (A) : (B))
#endif

#ifndef EMPTYSTR
#define EMPTYSTR(STR) ((STR == NULL) || (STR)[0] == 0)
#endif

#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)

DYNAMIC_API PEP_STATUS update_identity(
        PEP_SESSION session, pEp_identity * identity
    )
{
    pEp_identity *stored_identity;
    PEP_STATUS status;

    assert(session);
    assert(identity);
    assert(!EMPTYSTR(identity->address));

    if (!(session && identity && !EMPTYSTR(identity->address)))
        return PEP_ILLEGAL_VALUE;

    status = get_identity(session, identity->address, &stored_identity);
    assert(status != PEP_OUT_OF_MEMORY);
    if (status == PEP_OUT_OF_MEMORY)
        return PEP_OUT_OF_MEMORY;

    if (stored_identity) {
        PEP_comm_type _comm_type_key;
        status = get_key_rating(session, stored_identity->fpr, &_comm_type_key);
        assert(status != PEP_OUT_OF_MEMORY);
        if (status == PEP_OUT_OF_MEMORY)
            return PEP_OUT_OF_MEMORY;

        if (EMPTYSTR(identity->user_id)) {
            free(identity->user_id);
            identity->user_id = strndup(stored_identity->user_id, stored_identity->user_id_size);
            assert(identity->user_id);
            if (identity->user_id == NULL)
                return PEP_OUT_OF_MEMORY;
            identity->user_id_size = stored_identity->user_id_size;
        }

        if (EMPTYSTR(identity->username)) {
            free(identity->username);
            identity->username = strndup(stored_identity->username, stored_identity->username_size);
            assert(identity->username);
            if (identity->username == NULL)
                return PEP_OUT_OF_MEMORY;
            identity->username_size = stored_identity->username_size;
        }

        if (EMPTYSTR(identity->fpr)) {
            identity->fpr = strndup(stored_identity->fpr, stored_identity->fpr_size);
            assert(identity->fpr);
            if (identity->fpr == NULL)
                return PEP_OUT_OF_MEMORY;
            identity->fpr_size = stored_identity->fpr_size;
            if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
                identity->comm_type = _comm_type_key;
            }
            else {
                identity->comm_type = stored_identity->comm_type;
            }
        }
        else /* !EMPTYSTR(identity->fpr) */ {
            if (strncmp(identity->fpr, stored_identity->fpr, stored_identity->fpr_size) == 0) {
                if (_comm_type_key < PEP_ct_unconfirmed_encryption) {
                    identity->comm_type = _comm_type_key;
                }else{
                    identity->comm_type = stored_identity->comm_type;
                    if (identity->comm_type == PEP_ct_unknown) {
                        identity->comm_type = _comm_type_key;
                    }
                }
            } else {
                status = get_trust(session, identity);
                assert(status != PEP_OUT_OF_MEMORY);
                if (status == PEP_OUT_OF_MEMORY)
                    return PEP_OUT_OF_MEMORY;
                if (identity->comm_type < stored_identity->comm_type)
                    identity->comm_type = PEP_ct_unknown;
            }
        }

        if (identity->lang[0] == 0) {
            identity->lang[0] = stored_identity->lang[0];
            identity->lang[1] = stored_identity->lang[1];
            identity->lang[2] = 0;
        }
    }
    else /* stored_identity == NULL */ {
        if (!EMPTYSTR(identity->fpr)) {
            PEP_comm_type _comm_type_key;

            status = get_key_rating(session, identity->fpr, &_comm_type_key);
            assert(status != PEP_OUT_OF_MEMORY);
            if (status == PEP_OUT_OF_MEMORY)
                return PEP_OUT_OF_MEMORY;

            identity->comm_type = _comm_type_key;
        }
        else /* EMPTYSTR(identity->fpr) */ {
            PEP_STATUS status;
            stringlist_t *keylist;
            char *_fpr = NULL;
            identity->comm_type = PEP_ct_unknown;

            status = find_keys(session, identity->address, &keylist);
            assert(status != PEP_OUT_OF_MEMORY);
            if (status == PEP_OUT_OF_MEMORY)
                return PEP_OUT_OF_MEMORY;

            stringlist_t *_keylist;
            for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {
                PEP_comm_type _comm_type_key;

                status = get_key_rating(session, _keylist->value, &_comm_type_key);
                assert(status != PEP_OUT_OF_MEMORY);
                if (status == PEP_OUT_OF_MEMORY) {
                    free_stringlist(keylist);
                    return PEP_OUT_OF_MEMORY;
                }

                if (identity->comm_type == PEP_ct_unknown) {
                    if (_comm_type_key != PEP_ct_compromized && _comm_type_key != PEP_ct_unknown) {
                        identity->comm_type = _comm_type_key;
                        _fpr = _keylist->value;
                    }
                }
                else {
                    if (_comm_type_key != PEP_ct_compromized && _comm_type_key != PEP_ct_unknown) {
                        if (_comm_type_key > identity->comm_type) {
                            identity->comm_type = _comm_type_key;
                            _fpr = _keylist->value;
                        }
                    }
                }
            }

            if (_fpr) {
                free(identity->fpr);

                identity->fpr = strdup(_fpr);
                if (identity->fpr == NULL) {
                    free_stringlist(keylist);
                    return PEP_OUT_OF_MEMORY;
                }
                identity->fpr_size = strlen(identity->fpr);
            }
            free_stringlist(keylist);
        }
    }

    status = PEP_STATUS_OK;

    if (identity->comm_type != PEP_ct_unknown && !EMPTYSTR(identity->user_id)) {
        assert(!EMPTYSTR(identity->username)); // this should not happen

        if (EMPTYSTR(identity->username)) { // mitigate
            free(identity->username);
            identity->username = strdup("anonymous");
            if (identity->username == NULL)
                return PEP_OUT_OF_MEMORY;
            identity->username_size = 9;
        }

        status = set_identity(session, identity);
        assert(status == PEP_STATUS_OK);
        if (status != PEP_STATUS_OK) {
            return status;
        }
    }

    if (identity->comm_type != PEP_ct_compromized &&
            identity->comm_type < PEP_ct_strong_but_unconfirmed)
        if (session->examine_identity)
            session->examine_identity(identity, session->examine_management);

    return status;
}

DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
{
    PEP_STATUS status;
    stringlist_t *keylist = NULL;

    assert(session);
    assert(identity);
    assert(identity->address);
    assert(identity->username);
    assert(identity->user_id);

    if (!(session && identity && identity->address && identity->username &&
                identity->user_id))
        return PEP_ILLEGAL_VALUE;

    identity->comm_type = PEP_ct_pEp;
    identity->me = true;

    DEBUG_LOG("myself", "debug", identity->address);

    status = find_keys(session, identity->address, &keylist);
    assert(status != PEP_OUT_OF_MEMORY);
    if (status == PEP_OUT_OF_MEMORY)
        return PEP_OUT_OF_MEMORY;

    if (keylist == NULL || keylist->value == NULL) {
        DEBUG_LOG("generating key pair", "debug", identity->address);
        status = generate_keypair(session, identity);
        assert(status != PEP_OUT_OF_MEMORY);
        if (status != PEP_STATUS_OK) {
            char buf[11];
            snprintf(buf, 11, "%d", status);
            DEBUG_LOG("generating key pair failed", "debug", buf);
            return status;
        }

        status = find_keys(session, identity->address, &keylist);
        assert(status != PEP_OUT_OF_MEMORY);
        if (status == PEP_OUT_OF_MEMORY)
            return PEP_OUT_OF_MEMORY;

        assert(keylist && keylist->value);
        if (keylist == NULL || keylist->value == NULL) {
            return PEP_UNKNOWN_ERROR;
        }
    }
    else {
        bool expired;
        status = key_expired(session, keylist->value, &expired);
        assert(status == PEP_STATUS_OK);
        if (status != PEP_STATUS_OK) {
            goto free_keylist;
        }

        if (status == PEP_STATUS_OK && expired) {
            timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
            renew_key(session, keylist->value, ts);
            free_timestamp(ts);
        }
    }

    if (identity->fpr)
        free(identity->fpr);
    identity->fpr = strdup(keylist->value);
    assert(identity->fpr);
    if (identity->fpr == NULL){
        status = PEP_OUT_OF_MEMORY;
        goto free_keylist;
    }
    identity->fpr_size = strlen(identity->fpr);

    status = set_identity(session, identity);
    assert(status == PEP_STATUS_OK);
    if (status != PEP_STATUS_OK) {
        goto free_keylist;
    }

    return PEP_STATUS_OK;

free_keylist:
    free_stringlist(keylist);
    return status;
}

DYNAMIC_API PEP_STATUS register_examine_function(
        PEP_SESSION session, 
        examine_identity_t examine_identity,
        void *management
    )
{
    assert(session);
    if (!session)
        return PEP_ILLEGAL_VALUE;

    session->examine_management = management;
    session->examine_identity = examine_identity;

    return PEP_STATUS_OK;
}

DYNAMIC_API PEP_STATUS do_keymanagement(
        retrieve_next_identity_t retrieve_next_identity,
        void *management
    )
{
    PEP_SESSION session;
    pEp_identity *identity;
    PEP_STATUS status;

    assert(retrieve_next_identity);
    assert(management);

    if (!retrieve_next_identity || !management)
        return PEP_ILLEGAL_VALUE;

    status = init(&session);
    assert(status == PEP_STATUS_OK);
    if (status != PEP_STATUS_OK)
        return status;

    log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);

    while ((identity = retrieve_next_identity(management))) 
    {
        assert(identity->address);
        if(identity->address)
        {
            DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);

            if (identity->me) {
                status = myself(session, identity);
            } else {
                status = recv_key(session, identity->address);
            }

            assert(status != PEP_OUT_OF_MEMORY);
            if(status == PEP_OUT_OF_MEMORY)
                return PEP_OUT_OF_MEMORY;
        }
        free_identity(identity);
    }

    log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);

    release(session);
    return PEP_STATUS_OK;
}

DYNAMIC_API PEP_STATUS key_compromized(
        PEP_SESSION session,
        pEp_identity *ident
    )
{
    PEP_STATUS status = PEP_STATUS_OK;

    assert(session);
    assert(ident);
    assert(!EMPTYSTR(ident->fpr));

    if (!(session && ident && ident->fpr))
        return PEP_ILLEGAL_VALUE;

    if (ident->me)
        revoke_key(session, ident->fpr, NULL);
    status = mark_as_compromized(session, ident->fpr);

    return status;
}

DYNAMIC_API PEP_STATUS key_reset_trust(
        PEP_SESSION session,
        pEp_identity *ident
    )
{
    PEP_STATUS status = PEP_STATUS_OK;

    assert(session);
    assert(ident);
    assert(!ident->me);
    assert(!EMPTYSTR(ident->fpr));
    assert(!EMPTYSTR(ident->address));
    assert(!EMPTYSTR(ident->user_id));

    if (!(session && ident && !ident->me && ident->fpr && ident->address &&
            ident->user_id))
        return PEP_ILLEGAL_VALUE;

    status = update_identity(session, ident);
    if (status != PEP_STATUS_OK)
        return status;

    if (ident->comm_type == PEP_ct_mistrusted)
        ident->comm_type = PEP_ct_unknown;
    else
        ident->comm_type &= ~PEP_ct_confirmed;

    status = set_identity(session, ident);
    if (status != PEP_STATUS_OK)
        return status;

    if (ident->comm_type == PEP_ct_unknown)
        status = update_identity(session, ident);
    return status;
}

DYNAMIC_API PEP_STATUS trust_personal_key(
        PEP_SESSION session,
        pEp_identity *ident
    )
{
    PEP_STATUS status = PEP_STATUS_OK;

    assert(session);
    assert(ident);
    assert(!EMPTYSTR(ident->address));
    assert(!EMPTYSTR(ident->user_id));
    assert(!EMPTYSTR(ident->fpr));
    assert(!ident->me);

    if (!ident || EMPTYSTR(ident->address) || EMPTYSTR(ident->user_id) ||
            EMPTYSTR(ident->fpr) || ident->me)
        return PEP_ILLEGAL_VALUE;

    status = update_identity(session, ident);
    if (status != PEP_STATUS_OK)
        return status;

    if (ident->comm_type > PEP_ct_strong_but_unconfirmed) {
        ident->comm_type |= PEP_ct_confirmed;
        status = set_identity(session, ident);
    }
    else {
        // MISSING: S/MIME has to be handled depending on trusted CAs
        status = PEP_CANNOT_SET_TRUST;
    }

    return status;
}
modifications for Windoze 8 years ago			`#include "platform.h"`
initial commit 9 years ago
			`#include <string.h>`
			`#include <stdio.h>`
			`#include <stdlib.h>`
			`#include <assert.h>`

... 8 years ago			`#include "pEp_internal.h"`
initial commit 9 years ago			`#include "keymanagement.h"`

			`#ifndef MIN`
			`#define MIN(A, B) ((B) > (A) ? (A) : (B))`
			`#endif`

Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`#ifndef EMPTYSTR`
			`#define EMPTYSTR(STR) ((STR == NULL) \|\| (STR)[0] == 0)`
moving functionality into pEpEngine 9 years ago			`#endif`

checking if own key is expired and renew it on demand 8 years ago			`#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)`

initial commit 9 years ago			`DYNAMIC_API PEP_STATUS update_identity(`
			`PEP_SESSION session, pEp_identity * identity`
			`)`
			`{`
			`pEp_identity *stored_identity;`
			`PEP_STATUS status;`

			`assert(session);`
			`assert(identity);`
Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`assert(!EMPTYSTR(identity->address));`
initial commit 9 years ago
Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`if (!(session && identity && !EMPTYSTR(identity->address)))`
safety 8 years ago			`return PEP_ILLEGAL_VALUE;`

initial commit 9 years ago			`status = get_identity(session, identity->address, &stored_identity);`
			`assert(status != PEP_OUT_OF_MEMORY);`
			`if (status == PEP_OUT_OF_MEMORY)`
			`return PEP_OUT_OF_MEMORY;`

			`if (stored_identity) {`
... 9 years ago			`PEP_comm_type _comm_type_key;`
			`status = get_key_rating(session, stored_identity->fpr, &_comm_type_key);`
			`assert(status != PEP_OUT_OF_MEMORY);`
			`if (status == PEP_OUT_OF_MEMORY)`
			`return PEP_OUT_OF_MEMORY;`

Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`if (EMPTYSTR(identity->user_id)) {`
bugfix: update_identity 9 years ago			`free(identity->user_id);`
Ticket #28 : improvement: keymanagement.c: update_identity(): strndup instead of strdup (size is known) 7 years ago			`identity->user_id = strndup(stored_identity->user_id, stored_identity->user_id_size);`
			`assert(identity->user_id);`
bugfix: update_identity 9 years ago			`if (identity->user_id == NULL)`
			`return PEP_OUT_OF_MEMORY;`
			`identity->user_id_size = stored_identity->user_id_size;`
			`}`

Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`if (EMPTYSTR(identity->username)) {`
bugfix: update_identity 9 years ago			`free(identity->username);`
Ticket #28 : improvement: keymanagement.c: update_identity(): strndup instead of strdup (size is known) 7 years ago			`identity->username = strndup(stored_identity->username, stored_identity->username_size);`
			`assert(identity->username);`
bugfix: update_identity 9 years ago			`if (identity->username == NULL)`
			`return PEP_OUT_OF_MEMORY;`
			`identity->username_size = stored_identity->username_size;`
			`}`

Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`if (EMPTYSTR(identity->fpr)) {`
Ticket #28 : improvement: keymanagement.c: update_identity(): strndup instead of strdup (size is known) 7 years ago			`identity->fpr = strndup(stored_identity->fpr, stored_identity->fpr_size);`
moving functionality into pEpEngine 9 years ago			`assert(identity->fpr);`
			`if (identity->fpr == NULL)`
			`return PEP_OUT_OF_MEMORY;`
Fixed typo. Are all *_size members of identity struct really used ? 8 years ago			`identity->fpr_size = stored_identity->fpr_size;`
... 9 years ago			`if (_comm_type_key < PEP_ct_unconfirmed_encryption) {`
			`identity->comm_type = _comm_type_key;`
			`}`
			`else {`
			`identity->comm_type = stored_identity->comm_type;`
			`}`
moving functionality into pEpEngine 9 years ago			`}`
Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`else /* !EMPTYSTR(identity->fpr) */ {`
Ticket #28 : improvement: keymanagement.c: update_identity(): strndup instead of strdup (size is known) 7 years ago			`if (strncmp(identity->fpr, stored_identity->fpr, stored_identity->fpr_size) == 0) {`
... 9 years ago			`if (_comm_type_key < PEP_ct_unconfirmed_encryption) {`
			`identity->comm_type = _comm_type_key;`
Reworked logic in update_identity, when identity->fpr is provided 7 years ago			`}else{`
			`identity->comm_type = stored_identity->comm_type;`
			`if (identity->comm_type == PEP_ct_unknown) {`
			`identity->comm_type = _comm_type_key;`
moving functionality into pEpEngine 9 years ago			`}`
			`}`
SNAFU 7 years ago			`} else {`
Reworked logic in update_identity, when identity->fpr is provided 7 years ago			`status = get_trust(session, identity);`
			`assert(status != PEP_OUT_OF_MEMORY);`
			`if (status == PEP_OUT_OF_MEMORY)`
			`return PEP_OUT_OF_MEMORY;`
SNAFU 7 years ago			`if (identity->comm_type < stored_identity->comm_type)`
			`identity->comm_type = PEP_ct_unknown;`
moving functionality into pEpEngine 9 years ago			`}`
			`}`

			`if (identity->lang[0] == 0) {`
			`identity->lang[0] = stored_identity->lang[0];`
			`identity->lang[1] = stored_identity->lang[1];`
			`identity->lang[2] = 0;`
			`}`
			`}`
			`else /* stored_identity == NULL */ {`
Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`if (!EMPTYSTR(identity->fpr)) {`
bugfix: when identity is not stored yet, update_identity failes 9 years ago			`PEP_comm_type _comm_type_key;`

			`status = get_key_rating(session, identity->fpr, &_comm_type_key);`
			`assert(status != PEP_OUT_OF_MEMORY);`
			`if (status == PEP_OUT_OF_MEMORY)`
			`return PEP_OUT_OF_MEMORY;`

			`identity->comm_type = _comm_type_key;`
			`}`
Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`else /* EMPTYSTR(identity->fpr) */ {`
bugfix: when identity is not stored yet, update_identity failes 9 years ago			`PEP_STATUS status;`
			`stringlist_t *keylist;`
			`char *_fpr = NULL;`
			`identity->comm_type = PEP_ct_unknown;`

			`status = find_keys(session, identity->address, &keylist);`
			`assert(status != PEP_OUT_OF_MEMORY);`
			`if (status == PEP_OUT_OF_MEMORY)`
			`return PEP_OUT_OF_MEMORY;`

			`stringlist_t *_keylist;`
			`for (_keylist = keylist; _keylist && _keylist->value; _keylist = _keylist->next) {`
			`PEP_comm_type _comm_type_key;`

			`status = get_key_rating(session, _keylist->value, &_comm_type_key);`
			`assert(status != PEP_OUT_OF_MEMORY);`
			`if (status == PEP_OUT_OF_MEMORY) {`
			`free_stringlist(keylist);`
			`return PEP_OUT_OF_MEMORY;`
			`}`

			`if (identity->comm_type == PEP_ct_unknown) {`
			`if (_comm_type_key != PEP_ct_compromized && _comm_type_key != PEP_ct_unknown) {`
			`identity->comm_type = _comm_type_key;`
			`_fpr = _keylist->value;`
			`}`
			`}`
			`else {`
			`if (_comm_type_key != PEP_ct_compromized && _comm_type_key != PEP_ct_unknown) {`
			`if (_comm_type_key > identity->comm_type) {`
			`identity->comm_type = _comm_type_key;`
			`_fpr = _keylist->value;`
			`}`
			`}`
			`}`
			`}`

			`if (_fpr) {`
			`free(identity->fpr);`

			`identity->fpr = strdup(_fpr);`
			`if (identity->fpr == NULL) {`
			`free_stringlist(keylist);`
			`return PEP_OUT_OF_MEMORY;`
			`}`
			`identity->fpr_size = strlen(identity->fpr);`
			`}`
			`free_stringlist(keylist);`
			`}`
initial commit 9 years ago			`}`

moving functionality into pEpEngine 9 years ago			`status = PEP_STATUS_OK;`
initial commit 9 years ago
Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`if (identity->comm_type != PEP_ct_unknown && !EMPTYSTR(identity->user_id)) {`
			`assert(!EMPTYSTR(identity->username)); // this should not happen`
bugfix: update_identity 9 years ago
Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`if (EMPTYSTR(identity->username)) { // mitigate`
bugfix: when identity is not stored yet, update_identity failes 9 years ago			`free(identity->username);`
bugfix: update_identity 9 years ago			`identity->username = strdup("anonymous");`
bugfix: when identity is not stored yet, update_identity failes 9 years ago			`if (identity->username == NULL)`
			`return PEP_OUT_OF_MEMORY;`
bugfix: update_identity 9 years ago			`identity->username_size = 9;`
bugfix: when identity is not stored yet, update_identity failes 9 years ago			`}`

moving functionality into pEpEngine 9 years ago			`status = set_identity(session, identity);`
			`assert(status == PEP_STATUS_OK);`
Fixed #32 : assert(keylist) without if in keymanagement.c:238 7 years ago			`if (status != PEP_STATUS_OK) {`
			`return status;`
			`}`
moving functionality into pEpEngine 9 years ago			`}`

better policy 8 years ago			`if (identity->comm_type != PEP_ct_compromized &&`
			`identity->comm_type < PEP_ct_strong_but_unconfirmed)`
			`if (session->examine_identity)`
			`session->examine_identity(identity, session->examine_management);`

moving functionality into pEpEngine 9 years ago			`return status;`
initial commit 9 years ago			`}`

			`DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)`
			`{`
			`PEP_STATUS status;`
BUGFIX: init of transports wrong 8 years ago			`stringlist_t *keylist = NULL;`
initial commit 9 years ago
			`assert(session);`
			`assert(identity);`
			`assert(identity->address);`
			`assert(identity->username);`
			`assert(identity->user_id);`

safety 8 years ago			`if (!(session && identity && identity->address && identity->username &&`
			`identity->user_id))`
			`return PEP_ILLEGAL_VALUE;`

initial commit 9 years ago			`identity->comm_type = PEP_ct_pEp;`
			`identity->me = true;`

DEBUG_LOG() for keymanagement 8 years ago			`DEBUG_LOG("myself", "debug", identity->address);`
initial commit 9 years ago
			`status = find_keys(session, identity->address, &keylist);`
			`assert(status != PEP_OUT_OF_MEMORY);`
			`if (status == PEP_OUT_OF_MEMORY)`
			`return PEP_OUT_OF_MEMORY;`

			`if (keylist == NULL \|\| keylist->value == NULL) {`
DEBUG_LOG() for keymanagement 8 years ago			`DEBUG_LOG("generating key pair", "debug", identity->address);`
initial commit 9 years ago			`status = generate_keypair(session, identity);`
			`assert(status != PEP_OUT_OF_MEMORY);`
			`if (status != PEP_STATUS_OK) {`
			`char buf[11];`
			`snprintf(buf, 11, "%d", status);`
DEBUG_LOG() for keymanagement 8 years ago			`DEBUG_LOG("generating key pair failed", "debug", buf);`
initial commit 9 years ago			`return status;`
			`}`

			`status = find_keys(session, identity->address, &keylist);`
			`assert(status != PEP_OUT_OF_MEMORY);`
			`if (status == PEP_OUT_OF_MEMORY)`
			`return PEP_OUT_OF_MEMORY;`

very small type error, nothing to blame important people for, or even friends 8 years ago			`assert(keylist && keylist->value);`
Fixed double free and unprotected NULL dereferencing. 8 years ago			`if (keylist == NULL \|\| keylist->value == NULL) {`
			`return PEP_UNKNOWN_ERROR;`
			`}`
initial commit 9 years ago			`}`
checking if own key is expired and renew it on demand 8 years ago			`else {`
			`bool expired;`
			`status = key_expired(session, keylist->value, &expired);`
			`assert(status == PEP_STATUS_OK);`
Fixed #32 : assert(keylist) without if in keymanagement.c:238 7 years ago			`if (status != PEP_STATUS_OK) {`
			`goto free_keylist;`
			`}`
checking if own key is expired and renew it on demand 8 years ago
			`if (status == PEP_STATUS_OK && expired) {`
			`timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);`
			`renew_key(session, keylist->value, ts);`
			`free_timestamp(ts);`
			`}`
			`}`
initial commit 9 years ago
			`if (identity->fpr)`
			`free(identity->fpr);`
			`identity->fpr = strdup(keylist->value);`
			`assert(identity->fpr);`
Fixed #32 : assert(keylist) without if in keymanagement.c:238 7 years ago			`if (identity->fpr == NULL){`
			`status = PEP_OUT_OF_MEMORY;`
			`goto free_keylist;`
			`}`
moving functionality into pEpEngine 9 years ago			`identity->fpr_size = strlen(identity->fpr);`
initial commit 9 years ago
			`status = set_identity(session, identity);`
			`assert(status == PEP_STATUS_OK);`
Fixed #32 : assert(keylist) without if in keymanagement.c:238 7 years ago			`if (status != PEP_STATUS_OK) {`
			`goto free_keylist;`
			`}`
initial commit 9 years ago
			`return PEP_STATUS_OK;`
Fixed #32 : assert(keylist) without if in keymanagement.c:238 7 years ago
			`free_keylist:`
			`free_stringlist(keylist);`
			`return status;`
initial commit 9 years ago			`}`

bugfix 8 years ago			`DYNAMIC_API PEP_STATUS register_examine_function(`
examine callback 8 years ago			`PEP_SESSION session,`
			`examine_identity_t examine_identity,`
			`void *management`
			`)`
			`{`
			`assert(session);`
			`if (!session)`
			`return PEP_ILLEGAL_VALUE;`

			`session->examine_management = management;`
			`session->examine_identity = examine_identity;`

			`return PEP_STATUS_OK;`
			`}`

initial commit 9 years ago			`DYNAMIC_API PEP_STATUS do_keymanagement(`
			`retrieve_next_identity_t retrieve_next_identity,`
			`void *management`
			`)`
			`{`
			`PEP_SESSION session;`
			`pEp_identity *identity;`
Fixed #32 : assert(keylist) without if in keymanagement.c:238 7 years ago			`PEP_STATUS status;`
initial commit 9 years ago
Fixed #32 : assert(keylist) without if in keymanagement.c:238 7 years ago			`assert(retrieve_next_identity);`
			`assert(management);`

			`if (!retrieve_next_identity \|\| !management)`
			`return PEP_ILLEGAL_VALUE;`

			`status = init(&session);`
initial commit 9 years ago			`assert(status == PEP_STATUS_OK);`
			`if (status != PEP_STATUS_OK)`
			`return status;`

			`log_event(session, "keymanagement thread started", "pEp engine", NULL, NULL);`

Fixed #32 : assert(keylist) without if in keymanagement.c:238 7 years ago			`while ((identity = retrieve_next_identity(management)))`
			`{`
initial commit 9 years ago			`assert(identity->address);`
Fixed #32 : assert(keylist) without if in keymanagement.c:238 7 years ago			`if(identity->address)`
			`{`
			`DEBUG_LOG("do_keymanagement", "retrieve_next_identity", identity->address);`

			`if (identity->me) {`
			`status = myself(session, identity);`
			`} else {`
			`status = recv_key(session, identity->address);`
			`}`

initial commit 9 years ago			`assert(status != PEP_OUT_OF_MEMORY);`
Fixed #32 : assert(keylist) without if in keymanagement.c:238 7 years ago			`if(status == PEP_OUT_OF_MEMORY)`
			`return PEP_OUT_OF_MEMORY;`
initial commit 9 years ago			`}`
			`free_identity(identity);`
			`}`

			`log_event(session, "keymanagement thread shutdown", "pEp engine", NULL, NULL);`

			`release(session);`
			`return PEP_STATUS_OK;`
			`}`

key_compromized() added 8 years ago			`DYNAMIC_API PEP_STATUS key_compromized(`
			`PEP_SESSION session,`
			`pEp_identity *ident`
			`)`
DEBUG_LOG() for keymanagement 8 years ago			`{`
... 8 years ago			`PEP_STATUS status = PEP_STATUS_OK;`

DEBUG_LOG() for keymanagement 8 years ago			`assert(session);`
key_compromized() added 8 years ago			`assert(ident);`
Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`assert(!EMPTYSTR(ident->fpr));`
DEBUG_LOG() for keymanagement 8 years ago
key_compromized() added 8 years ago			`if (!(session && ident && ident->fpr))`
DEBUG_LOG() for keymanagement 8 years ago			`return PEP_ILLEGAL_VALUE;`

key_compromized() added 8 years ago			`if (ident->me)`
			`revoke_key(session, ident->fpr, NULL);`
			`status = mark_as_compromized(session, ident->fpr);`
... 8 years ago
			`return status;`
DEBUG_LOG() for keymanagement 8 years ago			`}`

Added key_reset_trust, accepting identity instead of fpr 7 years ago			`DYNAMIC_API PEP_STATUS key_reset_trust(`
			`PEP_SESSION session,`
			`pEp_identity *ident`
			`)`
			`{`
			`PEP_STATUS status = PEP_STATUS_OK;`

			`assert(session);`
			`assert(ident);`
key_reset_trust() can reset trust_personal_key() only. key_compromized() cannot be reset now, because this would require to undo key revocation The "delete from" implementation in pEpEngine.c was not a good idea. It was deleting too much: trust with p≡p is between a key and a key owner (user_id). 7 years ago			`assert(!ident->me);`
Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`assert(!EMPTYSTR(ident->fpr));`
			`assert(!EMPTYSTR(ident->address));`
			`assert(!EMPTYSTR(ident->user_id));`
Added key_reset_trust, accepting identity instead of fpr 7 years ago
key_reset_trust() can reset trust_personal_key() only. key_compromized() cannot be reset now, because this would require to undo key revocation The "delete from" implementation in pEpEngine.c was not a good idea. It was deleting too much: trust with p≡p is between a key and a key owner (user_id). 7 years ago			`if (!(session && ident && !ident->me && ident->fpr && ident->address &&`
			`ident->user_id))`
Added key_reset_trust, accepting identity instead of fpr 7 years ago			`return PEP_ILLEGAL_VALUE;`

key_reset_trust() can reset trust_personal_key() only. key_compromized() cannot be reset now, because this would require to undo key revocation The "delete from" implementation in pEpEngine.c was not a good idea. It was deleting too much: trust with p≡p is between a key and a key owner (user_id). 7 years ago			`status = update_identity(session, ident);`
			`if (status != PEP_STATUS_OK)`
			`return status;`
Added key_reset_trust, accepting identity instead of fpr 7 years ago
intermediate state, implementing mistrust 7 years ago			`if (ident->comm_type == PEP_ct_mistrusted)`
An undo is possible for keys we don't own, and therefore have not revoked. 7 years ago			`ident->comm_type = PEP_ct_unknown;`
			`else`
			`ident->comm_type &= ~PEP_ct_confirmed;`

key_reset_trust() can reset trust_personal_key() only. key_compromized() cannot be reset now, because this would require to undo key revocation The "delete from" implementation in pEpEngine.c was not a good idea. It was deleting too much: trust with p≡p is between a key and a key owner (user_id). 7 years ago			`status = set_identity(session, ident);`
An undo is possible for keys we don't own, and therefore have not revoked. 7 years ago			`if (status != PEP_STATUS_OK)`
			`return status;`

sparing a call 7 years ago			`if (ident->comm_type == PEP_ct_unknown)`
			`status = update_identity(session, ident);`
Added key_reset_trust, accepting identity instead of fpr 7 years ago			`return status;`
			`}`

adding trust_personal_key() 8 years ago			`DYNAMIC_API PEP_STATUS trust_personal_key(`
			`PEP_SESSION session,`
			`pEp_identity *ident`
			`)`
			`{`
			`PEP_STATUS status = PEP_STATUS_OK;`

			`assert(session);`
			`assert(ident);`
Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`assert(!EMPTYSTR(ident->address));`
			`assert(!EMPTYSTR(ident->user_id));`
			`assert(!EMPTYSTR(ident->fpr));`
adding trust_personal_key() 8 years ago			`assert(!ident->me);`

Renamed EMPTY macro to EMPTYSTR, conflicting with some apple includes, and then being always 0 7 years ago			`if (!ident \|\| EMPTYSTR(ident->address) \|\| EMPTYSTR(ident->user_id) \|\|`
			`EMPTYSTR(ident->fpr) \|\| ident->me)`
adding trust_personal_key() 8 years ago			`return PEP_ILLEGAL_VALUE;`

			`status = update_identity(session, ident);`
			`if (status != PEP_STATUS_OK)`
			`return status;`

only what is yellow can be green MISSING FEATURE: S/MIME has to be handled depending on trusted CAs 8 years ago			`if (ident->comm_type > PEP_ct_strong_but_unconfirmed) {`
			`ident->comm_type \|= PEP_ct_confirmed;`
Reworked logic in update_identity, when identity->fpr is provided 7 years ago			`status = set_identity(session, ident);`
only what is yellow can be green MISSING FEATURE: S/MIME has to be handled depending on trusted CAs 8 years ago			`}`
			`else {`
			`// MISSING: S/MIME has to be handled depending on trusted CAs`
PEP_CANNOT_SET_TRUST added 8 years ago			`status = PEP_CANNOT_SET_TRUST;`
only what is yellow can be green MISSING FEATURE: S/MIME has to be handled depending on trusted CAs 8 years ago			`}`
adding trust_personal_key() 8 years ago
			`return status;`
			`}`