checking if own key is expired and renew it

on demand
8 years ago · 0e4d12d226
parent 84caac4d1d
commit 0e4d12d226
7 changed files with 86 additions and 5 deletions
--- a/src/cryptotech.c
+++ b/src/cryptotech.c
@ -40,6 +40,7 @@ PEP_STATUS init_cryptotech(PEP_SESSION session, bool in_first)
        cryptotech[PEP_crypt_OpenPGP].send_key = pgp_send_key;
        cryptotech[PEP_crypt_OpenPGP].renew_key = pgp_renew_key;
        cryptotech[PEP_crypt_OpenPGP].revoke_key = pgp_revoke_key;
+        cryptotech[PEP_crypt_OpenPGP].key_expired = pgp_key_expired;
    }

    session->cryptotech = cryptotech;
--- a/src/cryptotech.h
+++ b/src/cryptotech.h
@ -54,12 +54,15 @@ typedef PEP_STATUS (*recv_key_t)(PEP_SESSION session, const char *pattern);

 typedef PEP_STATUS (*send_key_t)(PEP_SESSION session, const char *pattern);

-typedef PEP_STATUS (*renew_key_t)(PEP_SESSION session, const char *key_id,
+typedef PEP_STATUS (*renew_key_t)(PEP_SESSION session, const char *fpr,
        const timestamp *ts);

-typedef PEP_STATUS (*revoke_key_t)(PEP_SESSION session, const char *key_id,
+typedef PEP_STATUS (*revoke_key_t)(PEP_SESSION session, const char *fpr,
        const char *reason);

+typedef PEP_STATUS (*key_expired_t)(PEP_SESSION session, const char *fpr,
+        bool *expired);
+
 typedef struct _PEP_cryptotech_t {
    uint8_t id;
    // the following are default values; comm_type may vary with key length or b0rken crypto
@ -78,6 +81,7 @@ typedef struct _PEP_cryptotech_t {
    send_key_t send_key;
    renew_key_t renew_key;
    revoke_key_t revoke_key;
+    key_expired_t key_expired;
 } PEP_cryptotech_t;

 typedef uint64_t cryptotech_mask;
--- a/src/keymanagement.c
+++ b/src/keymanagement.c
@ -17,6 +17,8 @@
 #define EMPTY(STR) ((STR == NULL) || (STR)[0] == 0)
 #endif

+#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
+
 DYNAMIC_API PEP_STATUS update_identity(
        PEP_SESSION session, pEp_identity * identity
    )
@ -231,6 +233,17 @@ DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)

        assert(keylist);
    }
+    else {
+        bool expired;
+        status = key_expired(session, keylist->value, &expired);
+        assert(status == PEP_STATUS_OK);
+
+        if (status == PEP_STATUS_OK && expired) {
+            timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
+            renew_key(session, keylist->value, ts);
+            free_timestamp(ts);
+        }
+    }

    if (identity->fpr)
        free(identity->fpr);
--- a/src/pEpEngine.c
+++ b/src/pEpEngine.c
@ -925,6 +925,24 @@ DYNAMIC_API PEP_STATUS revoke_key(
    if (!(session && fpr))
        return PEP_ILLEGAL_VALUE;

-    return session->cryptotech[PEP_crypt_OpenPGP].revoke_key(session, fpr, reason);
+    return session->cryptotech[PEP_crypt_OpenPGP].revoke_key(session, fpr,
+            reason);
+}
+
+DYNAMIC_API PEP_STATUS key_expired(
+        PEP_SESSION session,
+        const char *fpr,
+        bool *expired
+    )
+{
+    assert(session);
+    assert(fpr);
+    assert(expired);
+
+    if (!(session && fpr && expired))
+        return PEP_ILLEGAL_VALUE;
+
+    return session->cryptotech[PEP_crypt_OpenPGP].key_expired(session, fpr,
+            expired);
 }

--- a/src/pEpEngine.h
+++ b/src/pEpEngine.h
@ -611,7 +611,7 @@ DYNAMIC_API PEP_STATUS get_key_rating(
 //
 //  parameters:
 //      session (in)            session handle
-//      key_id (in)             ID of key to renew as UTF-8 string
+//      fpr (in)                ID of key to renew as UTF-8 string
 //      ts (in)                 timestamp when key should expire or NULL for
 //                              default

@ -626,7 +626,7 @@ DYNAMIC_API PEP_STATUS renew_key(
 //
 //  parameters:
 //      session (in)            session handle
-//      key_id (in)             ID of key to revoke as UTF-8 string
+//      fpr (in)                ID of key to revoke as UTF-8 string
 //      reason (in)             text with reason for revoke as UTF-8 string
 //                              or NULL if reason unknown
 //
@ -640,6 +640,20 @@ DYNAMIC_API PEP_STATUS revoke_key(
    );


+// key_expired() - flags if a key is already expired
+//
+//  parameters:
+//      session (in)            session handle
+//      fpr (in)                ID of key to check as UTF-8 string
+//      expired (out)           flag if key expired
+
+DYNAMIC_API PEP_STATUS key_expired(
+        PEP_SESSION session,
+        const char *fpr,
+        bool *expired
+    );
+
+
 #ifdef __cplusplus
 }
 #endif
--- a/src/pgp_gpg.c
+++ b/src/pgp_gpg.c
@ -1673,3 +1673,28 @@ PEP_STATUS pgp_revoke_key(
    return PEP_STATUS_OK;
 }

+PEP_STATUS pgp_key_expired(
+        PEP_SESSION session,
+        const char *fpr,
+        bool *expired
+    )
+{
+    PEP_STATUS status = PEP_STATUS_OK;
+    gpgme_key_t key;
+
+    assert(session);
+    assert(fpr);
+    assert(expired);
+
+    *expired = false;
+
+    status = find_single_key(session, fpr, &key);
+    assert(status != PEP_OUT_OF_MEMORY);
+    if (status != PEP_STATUS_OK)
+        return status;
+
+    *expired = key->subkeys->expired;
+    gpg.gpgme_key_unref(key);
+    return PEP_STATUS_OK;
+}
+
--- a/src/pgp_gpg.h
+++ b/src/pgp_gpg.h
@ -58,3 +58,9 @@ PEP_STATUS pgp_revoke_key(
        const char *reason
    );

+PEP_STATUS pgp_key_expired(
+        PEP_SESSION session,
+        const char *fpr,
+        bool *expired
+    );
+