Browse Source

Fixed hole in update_identity spec for extant identities without saved fprs.

ENGINE-641 archive/ENGINE-581
parent
commit
237b74dc09
6 changed files with 57 additions and 9 deletions
  1. +17
    -1
      src/keymanagement.c
  2. +2
    -2
      src/pEpEngine.c
  3. +14
    -0
      test/src/engine_tests/CheckRenewedExpiredKeyTrustStatusTests.cc
  4. +6
    -4
      test/src/engine_tests/ExternalRevokeTests.cc
  5. +2
    -2
      test/src/engine_tests/NewUpdateIdAndMyselfTests.cc
  6. +16
    -0
      test/src/engine_tests/RevocationTests.cc

+ 17
- 1
src/keymanagement.c View File

@ -470,6 +470,8 @@ static PEP_STATUS prepare_updated_identity(PEP_SESSION session,
PEP_STATUS status;
bool is_identity_default, is_user_default, is_address_default;
bool no_stored_default = EMPTYSTR(stored_ident->fpr);
status = get_valid_pubkey(session, stored_ident,
&is_identity_default,
&is_user_default,
@ -488,6 +490,11 @@ static PEP_STATUS prepare_updated_identity(PEP_SESSION session,
stored_ident->comm_type = ct;
}
}
else if (status != PEP_STATUS_OK) {
free(stored_ident->fpr);
stored_ident->fpr = NULL;
stored_ident->comm_type = PEP_ct_key_not_found;
}
else {
if (stored_ident->comm_type == PEP_ct_unknown)
stored_ident->comm_type = PEP_ct_key_not_found;
@ -536,8 +543,17 @@ static PEP_STATUS prepare_updated_identity(PEP_SESSION session,
// or identity AND is valid for this address, set in DB
// as default
status = set_identity(session, return_id);
}
else if (no_stored_default && !EMPTYSTR(return_id->fpr)
&& return_id->comm_type != PEP_ct_key_revoked
&& return_id->comm_type != PEP_ct_key_expired
&& return_id->comm_type != PEP_ct_key_expired_but_confirmed
&& return_id->comm_type != PEP_ct_mistrusted
&& return_id->comm_type != PEP_ct_key_b0rken) {
// We would have stored this anyway for a first-time elected key. We just have an ident w/ no default already.
status = set_identity(session, return_id);
}
else {
else { // this is a key other than the default, but there IS a default (FIXME: fdik, do we really want behaviour below?)
// Store without default fpr/ct, but return the fpr and ct
// for current use
char* save_fpr = return_id->fpr;


+ 2
- 2
src/pEpEngine.c View File

@ -4267,8 +4267,8 @@ DYNAMIC_API PEP_STATUS generate_keypair(
identity->username))
return PEP_ILLEGAL_VALUE;
const char* saved_username = NULL;
const char* at = NULL;
char* saved_username = NULL;
char* at = NULL;
size_t uname_len = strlen(identity->username);
if (uname_len > 0)


+ 14
- 0
test/src/engine_tests/CheckRenewedExpiredKeyTrustStatusTests.cc View File

@ -108,6 +108,13 @@ void CheckRenewedExpiredKeyTrustStatusTests::check_renewed_expired_key_trust_sta
status = update_identity(session, expired_inquisitor);
TEST_ASSERT_MSG((status == PEP_KEY_UNSUITABLE), tl_status_string(status));
PEP_comm_type ct = expired_inquisitor->comm_type;
TEST_ASSERT_MSG(ct == PEP_ct_key_not_found, tl_ct_string(ct));
TEST_ASSERT(!expired_inquisitor->fpr);
expired_inquisitor->fpr = strdup(inquisitor_fpr);
status = get_trust(session, expired_inquisitor);
ct = expired_inquisitor->comm_type;
TEST_ASSERT(status == PEP_STATUS_OK);
TEST_ASSERT_MSG(ct == PEP_ct_key_expired_but_confirmed, tl_ct_string(ct));
// Ok, so I want to make sure we make an entry, so I'll try to decrypt the message WITH
@ -250,6 +257,13 @@ void CheckRenewedExpiredKeyTrustStatusTests::check_renewed_expired_key_trust_sta
status = update_identity(session, expired_inquisitor);
TEST_ASSERT_MSG((status == PEP_KEY_UNSUITABLE), tl_status_string(status));
PEP_comm_type ct = expired_inquisitor->comm_type;
TEST_ASSERT_MSG(ct == PEP_ct_key_not_found, tl_ct_string(ct));
TEST_ASSERT(!expired_inquisitor->fpr);
expired_inquisitor->fpr = strdup(inquisitor_fpr);
status = get_trust(session, expired_inquisitor);
ct = expired_inquisitor->comm_type;
TEST_ASSERT(status == PEP_STATUS_OK);
TEST_ASSERT_MSG(ct == PEP_ct_key_expired_but_confirmed, tl_ct_string(ct));
// Ok, so I want to make sure we make an entry, so I'll try to decrypt the message WITH


+ 6
- 4
test/src/engine_tests/ExternalRevokeTests.cc View File

@ -255,8 +255,9 @@ void ExternalRevokeTests::check_external_revoke() {
status = get_trust(session, recip1);
cout << "Recip's trust DB comm_type (should be unknown, as we're using a keyring-only key, not in DB) = " << tl_ct_string(recip1->comm_type) << endl;
TEST_ASSERT_MSG((recip1->comm_type != PEP_ct_OpenPGP_unconfirmed), "recip1->comm_type != PEP_ct_OpenPGP_unconfirmed");
// cout << "Recip's trust DB comm_type (should be unknown, as we're using a keyring-only key, not in DB) = " << tl_ct_string(recip1->comm_type) << endl;
cout << "Recip's trust DB comm_type (should PEP_ct_OpenPGP_unconfirmed), as we now record this when using update_identity on no-default idents = " << tl_ct_string(recip1->comm_type) << endl;
TEST_ASSERT_MSG((recip1->comm_type == PEP_ct_OpenPGP_unconfirmed), tl_ct_string(recip1->comm_type));
// decrypt message
// free_message(outgoing_msg);
@ -285,8 +286,9 @@ void ExternalRevokeTests::check_external_revoke() {
status = get_trust(session, recip1);
cout << "Recip's trust DB comm_type (should be unknown - there's nothing in the DB) = " << tl_ct_string(recip1->comm_type) << endl;
TEST_ASSERT_MSG((recip1->comm_type == PEP_ct_unknown), "recip1->comm_type == PEP_ct_unknown");
// cout << "Recip's trust DB comm_type (should be unknown - there's nothing in the DB) = " << tl_ct_string(recip1->comm_type) << endl;
cout << "Recip's trust DB comm_type (should be PEP_ct_OpenPGP_unconfirmed, as we now store it.) = " << tl_ct_string(recip1->comm_type) << endl;
TEST_ASSERT_MSG((recip1->comm_type == PEP_ct_OpenPGP_unconfirmed), tl_ct_string(recip1->comm_type));
free_message(encrypted_outgoing_msg);
free_message(decrypted_msg);


+ 2
- 2
test/src/engine_tests/NewUpdateIdAndMyselfTests.cc View File

@ -500,10 +500,10 @@ void NewUpdateIdAndMyselfTests::key_elect_expired_key() {
TEST_ASSERT_MSG((bernd->user_id), "bernd->user_id");
TEST_ASSERT_MSG((strcmp(bernd->user_id, bernd_userid) == 0), "strcmp(bernd->user_id, bernd_userid) == 0"); // ???
TEST_ASSERT_MSG((!bernd->me), "!bernd->me");
TEST_ASSERT_MSG((bernd->comm_type == PEP_ct_key_expired), "bernd->comm_type == PEP_ct_key_expired");
TEST_ASSERT_MSG((bernd->comm_type == PEP_ct_key_not_found), tl_ct_string(bernd->comm_type));
TEST_ASSERT_MSG((strcmp(bernd->address, bernd_address) == 0), "strcmp(bernd->address, bernd_address) == 0");
cout << "PASS: update_identity() correctly rejected expired key with PEP_KEY_UNSUITABLE and PEP_ct_key_expired" << endl << endl;
cout << "PASS: update_identity() correctly rejected expired key with PEP_KEY_UNSUITABLE and PEP_ct_key_not_found" << endl << endl;
free_identity(bernd);
}


+ 16
- 0
test/src/engine_tests/RevocationTests.cc View File

@ -52,8 +52,24 @@ void RevocationTests::revocation() {
TEST_ASSERT_MSG((status == PEP_TEST_KEY_IMPORT_SUCCESS), "status == PEP_STATUS_OK");
pEp_identity* post = new_identity("linda@example.org", NULL, NULL, NULL);
// string save_fpr = post->fpr;
stringlist_t* keylist = NULL;
status = find_keys(session, "linda@example.org", &keylist);
TEST_ASSERT(status == PEP_STATUS_OK);
status = update_identity(session, post);
// PEP_KEY_UNSUITABLE => revoked (or something similar).
TEST_ASSERT_MSG((status == PEP_KEY_UNSUITABLE), tl_status_string(status));
TEST_ASSERT_MSG((post->comm_type == PEP_ct_key_not_found), tl_ct_string(post->comm_type));
free(post->fpr);
post->fpr = strdup(keylist->value);
status = get_trust(session, post);
TEST_ASSERT(status == PEP_STATUS_OK);
TEST_ASSERT_MSG((post->comm_type == PEP_ct_key_revoked), tl_ct_string(post->comm_type));
free_identity(pre);
free_identity(post);
free_stringlist(keylist);
}

Loading…
Cancel
Save