Browse Source

checking if own key is expired and renew it

on demand
doc_update_sequoia
Volker Birk 7 years ago
parent
commit
0e4d12d226
7 changed files with 86 additions and 5 deletions
  1. +1
    -0
      src/cryptotech.c
  2. +6
    -2
      src/cryptotech.h
  3. +13
    -0
      src/keymanagement.c
  4. +19
    -1
      src/pEpEngine.c
  5. +16
    -2
      src/pEpEngine.h
  6. +25
    -0
      src/pgp_gpg.c
  7. +6
    -0
      src/pgp_gpg.h

+ 1
- 0
src/cryptotech.c View File

@ -40,6 +40,7 @@ PEP_STATUS init_cryptotech(PEP_SESSION session, bool in_first)
cryptotech[PEP_crypt_OpenPGP].send_key = pgp_send_key;
cryptotech[PEP_crypt_OpenPGP].renew_key = pgp_renew_key;
cryptotech[PEP_crypt_OpenPGP].revoke_key = pgp_revoke_key;
cryptotech[PEP_crypt_OpenPGP].key_expired = pgp_key_expired;
}
session->cryptotech = cryptotech;


+ 6
- 2
src/cryptotech.h View File

@ -54,12 +54,15 @@ typedef PEP_STATUS (*recv_key_t)(PEP_SESSION session, const char *pattern);
typedef PEP_STATUS (*send_key_t)(PEP_SESSION session, const char *pattern);
typedef PEP_STATUS (*renew_key_t)(PEP_SESSION session, const char *key_id,
typedef PEP_STATUS (*renew_key_t)(PEP_SESSION session, const char *fpr,
const timestamp *ts);
typedef PEP_STATUS (*revoke_key_t)(PEP_SESSION session, const char *key_id,
typedef PEP_STATUS (*revoke_key_t)(PEP_SESSION session, const char *fpr,
const char *reason);
typedef PEP_STATUS (*key_expired_t)(PEP_SESSION session, const char *fpr,
bool *expired);
typedef struct _PEP_cryptotech_t {
uint8_t id;
// the following are default values; comm_type may vary with key length or b0rken crypto
@ -78,6 +81,7 @@ typedef struct _PEP_cryptotech_t {
send_key_t send_key;
renew_key_t renew_key;
revoke_key_t revoke_key;
key_expired_t key_expired;
} PEP_cryptotech_t;
typedef uint64_t cryptotech_mask;


+ 13
- 0
src/keymanagement.c View File

@ -17,6 +17,8 @@
#define EMPTY(STR) ((STR == NULL) || (STR)[0] == 0)
#endif
#define KEY_EXPIRE_DELTA (60 * 60 * 24 * 365)
DYNAMIC_API PEP_STATUS update_identity(
PEP_SESSION session, pEp_identity * identity
)
@ -231,6 +233,17 @@ DYNAMIC_API PEP_STATUS myself(PEP_SESSION session, pEp_identity * identity)
assert(keylist);
}
else {
bool expired;
status = key_expired(session, keylist->value, &expired);
assert(status == PEP_STATUS_OK);
if (status == PEP_STATUS_OK && expired) {
timestamp *ts = new_timestamp(time(NULL) + KEY_EXPIRE_DELTA);
renew_key(session, keylist->value, ts);
free_timestamp(ts);
}
}
if (identity->fpr)
free(identity->fpr);


+ 19
- 1
src/pEpEngine.c View File

@ -925,6 +925,24 @@ DYNAMIC_API PEP_STATUS revoke_key(
if (!(session && fpr))
return PEP_ILLEGAL_VALUE;
return session->cryptotech[PEP_crypt_OpenPGP].revoke_key(session, fpr, reason);
return session->cryptotech[PEP_crypt_OpenPGP].revoke_key(session, fpr,
reason);
}
DYNAMIC_API PEP_STATUS key_expired(
PEP_SESSION session,
const char *fpr,
bool *expired
)
{
assert(session);
assert(fpr);
assert(expired);
if (!(session && fpr && expired))
return PEP_ILLEGAL_VALUE;
return session->cryptotech[PEP_crypt_OpenPGP].key_expired(session, fpr,
expired);
}

+ 16
- 2
src/pEpEngine.h View File

@ -611,7 +611,7 @@ DYNAMIC_API PEP_STATUS get_key_rating(
//
// parameters:
// session (in) session handle
// key_id (in) ID of key to renew as UTF-8 string
// fpr (in) ID of key to renew as UTF-8 string
// ts (in) timestamp when key should expire or NULL for
// default
@ -626,7 +626,7 @@ DYNAMIC_API PEP_STATUS renew_key(
//
// parameters:
// session (in) session handle
// key_id (in) ID of key to revoke as UTF-8 string
// fpr (in) ID of key to revoke as UTF-8 string
// reason (in) text with reason for revoke as UTF-8 string
// or NULL if reason unknown
//
@ -640,6 +640,20 @@ DYNAMIC_API PEP_STATUS revoke_key(
);
// key_expired() - flags if a key is already expired
//
// parameters:
// session (in) session handle
// fpr (in) ID of key to check as UTF-8 string
// expired (out) flag if key expired
DYNAMIC_API PEP_STATUS key_expired(
PEP_SESSION session,
const char *fpr,
bool *expired
);
#ifdef __cplusplus
}
#endif

+ 25
- 0
src/pgp_gpg.c View File

@ -1673,3 +1673,28 @@ PEP_STATUS pgp_revoke_key(
return PEP_STATUS_OK;
}
PEP_STATUS pgp_key_expired(
PEP_SESSION session,
const char *fpr,
bool *expired
)
{
PEP_STATUS status = PEP_STATUS_OK;
gpgme_key_t key;
assert(session);
assert(fpr);
assert(expired);
*expired = false;
status = find_single_key(session, fpr, &key);
assert(status != PEP_OUT_OF_MEMORY);
if (status != PEP_STATUS_OK)
return status;
*expired = key->subkeys->expired;
gpg.gpgme_key_unref(key);
return PEP_STATUS_OK;
}

+ 6
- 0
src/pgp_gpg.h View File

@ -58,3 +58,9 @@ PEP_STATUS pgp_revoke_key(
const char *reason
);
PEP_STATUS pgp_key_expired(
PEP_SESSION session,
const char *fpr,
bool *expired
);

Loading…
Cancel
Save