Browse Source

ENGINE-473: all's well that ends well. We now keep track of trust bits when expiring and restore them when the key is renewed.

doc_update_sequoia
Krista Bennett 4 years ago
parent
commit
32ed0e2f4a
2 changed files with 36 additions and 5 deletions
  1. +29
    -2
      src/keymanagement.c
  2. +7
    -3
      test/src/engine_tests/CheckRenewedExpiredKeyTrustStatusTests.cc

+ 29
- 2
src/keymanagement.c View File

@ -744,9 +744,36 @@ DYNAMIC_API PEP_STATUS update_identity(
status = elect_pubkey(session, identity, false);
// * call set_identity() to store
if (identity->fpr)
if (identity->fpr) {
// it is still possible we have DB information on this key. Better check.
status = get_trust(session, identity);
PEP_comm_type db_ct = identity->comm_type;
status = get_key_rating(session, identity->fpr, &identity->comm_type);
PEP_comm_type key_ct = identity->comm_type;
if (status == PEP_STATUS_OK) {
switch (key_ct) {
case PEP_ct_key_expired:
if (db_ct == PEP_ct_key_expired_but_confirmed)
identity->comm_type = db_ct;
break;
default:
switch(db_ct) {
case PEP_ct_key_expired_but_confirmed:
if (key_ct >= PEP_ct_strong_but_unconfirmed)
identity->comm_type |= PEP_ct_confirmed;
break;
case PEP_ct_mistrusted:
case PEP_ct_compromised:
case PEP_ct_key_b0rken:
identity->comm_type = db_ct;
default:
break;
}
break;
}
}
}
// * call set_identity() to store
adjust_pep_trust_status(session, identity);
status = set_identity(session, identity);


+ 7
- 3
test/src/engine_tests/CheckRenewedExpiredKeyTrustStatusTests.cc View File

@ -94,12 +94,14 @@ void CheckRenewedExpiredKeyTrustStatusTests::check_renewed_expired_key_trust_sta
TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
const char* inquisitor_fpr = "8E8D2381AE066ABE1FEE509821BA977CA4728718";
pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "Skyhold", "Lady Claire Trevelyan");
pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "TOFU_inquisitor@darthmama.org", "Lady Claire Trevelyan");
status = set_identity(session, expired_inquisitor);
TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
expired_inquisitor->comm_type = PEP_ct_OpenPGP; // confirmed
status = set_trust(session, expired_inquisitor);
TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
status = get_trust(session, expired_inquisitor);
TEST_ASSERT_MSG(expired_inquisitor->comm_type == PEP_ct_OpenPGP, tl_ct_string(expired_inquisitor->comm_type));
// Ok, now update_identity - we'll discover it's expired
status = update_identity(session, expired_inquisitor);
@ -164,7 +166,7 @@ void CheckRenewedExpiredKeyTrustStatusTests::check_renewed_expired_key_trust_sta
TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
const char* inquisitor_fpr = "8E8D2381AE066ABE1FEE509821BA977CA4728718";
pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "Skyhold", "Lady Claire Trevelyan");
pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "TOFU_inquisitor@darthmama.org", "Lady Claire Trevelyan");
status = set_identity(session, expired_inquisitor);
TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
expired_inquisitor->comm_type = PEP_ct_pEp_unconfirmed;
@ -229,12 +231,14 @@ void CheckRenewedExpiredKeyTrustStatusTests::check_renewed_expired_key_trust_sta
TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
const char* inquisitor_fpr = "8E8D2381AE066ABE1FEE509821BA977CA4728718";
pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "Skyhold", "Lady Claire Trevelyan");
pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "TOFU_inquisitor@darthmama.org", "Lady Claire Trevelyan");
status = set_identity(session, expired_inquisitor);
TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
expired_inquisitor->comm_type = PEP_ct_pEp; // confirmed
status = set_trust(session, expired_inquisitor);
TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
status = get_trust(session, expired_inquisitor);
TEST_ASSERT_MSG(expired_inquisitor->comm_type == PEP_ct_pEp, tl_ct_string(expired_inquisitor->comm_type));
bool pEp_user = false;
status = is_pep_user(session, expired_inquisitor, &pEp_user);


Loading…
Cancel
Save