ENGINE-473: all's well that ends well. We now keep track of trust bits when expiring and restore them when the key is renewed.

src/keymanagement.c

@@ -744,9 +744,36 @@ DYNAMIC_API PEP_STATUS update_identity(
                 status = elect_pubkey(session, identity, false);
                              
                 //    * call set_identity() to store
-                if (identity->fpr)
+                if (identity->fpr) {
+                    // it is still possible we have DB information on this key. Better check.
+                    status = get_trust(session, identity);
+                    PEP_comm_type db_ct = identity->comm_type;
                     status = get_key_rating(session, identity->fpr, &identity->comm_type);
-            
+                    PEP_comm_type key_ct = identity->comm_type;
+                                        
+                    if (status == PEP_STATUS_OK) {
+                        switch (key_ct) {
+                            case PEP_ct_key_expired:
+                                if (db_ct == PEP_ct_key_expired_but_confirmed)
+                                    identity->comm_type = db_ct;
+                                break;    
+                            default:
+                                switch(db_ct) {
+                                    case PEP_ct_key_expired_but_confirmed:
+                                        if (key_ct >= PEP_ct_strong_but_unconfirmed)
+                                            identity->comm_type |= PEP_ct_confirmed;
+                                        break;
+                                    case PEP_ct_mistrusted:
+                                    case PEP_ct_compromised:
+                                    case PEP_ct_key_b0rken:
+                                        identity->comm_type = db_ct;
+                                    default:
+                                        break;
+                                }    
+                                break;
+                        }
+                    }
+                }
                 //    * call set_identity() to store
                 adjust_pep_trust_status(session, identity);            
                 status = set_identity(session, identity);

test/src/engine_tests/CheckRenewedExpiredKeyTrustStatusTests.cc

@@ -94,12 +94,14 @@ void CheckRenewedExpiredKeyTrustStatusTests::check_renewed_expired_key_trust_sta
     TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
 
     const char* inquisitor_fpr = "8E8D2381AE066ABE1FEE509821BA977CA4728718";
-    pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "Skyhold", "Lady Claire Trevelyan");
+    pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "TOFU_inquisitor@darthmama.org", "Lady Claire Trevelyan");
     status = set_identity(session, expired_inquisitor);
     TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
     expired_inquisitor->comm_type = PEP_ct_OpenPGP; // confirmed 
     status = set_trust(session, expired_inquisitor);
     TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
+    status = get_trust(session, expired_inquisitor);
+    TEST_ASSERT_MSG(expired_inquisitor->comm_type == PEP_ct_OpenPGP, tl_ct_string(expired_inquisitor->comm_type));
     
     // Ok, now update_identity - we'll discover it's expired
     status = update_identity(session, expired_inquisitor);
@@ -164,7 +166,7 @@ void CheckRenewedExpiredKeyTrustStatusTests::check_renewed_expired_key_trust_sta
     TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
 
     const char* inquisitor_fpr = "8E8D2381AE066ABE1FEE509821BA977CA4728718";
-    pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "Skyhold", "Lady Claire Trevelyan");
+    pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "TOFU_inquisitor@darthmama.org", "Lady Claire Trevelyan");
     status = set_identity(session, expired_inquisitor);
     TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
     expired_inquisitor->comm_type = PEP_ct_pEp_unconfirmed;  
@@ -229,12 +231,14 @@ void CheckRenewedExpiredKeyTrustStatusTests::check_renewed_expired_key_trust_sta
     TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
 
     const char* inquisitor_fpr = "8E8D2381AE066ABE1FEE509821BA977CA4728718";
-    pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "Skyhold", "Lady Claire Trevelyan");
+    pEp_identity* expired_inquisitor = new_identity("inquisitor@darthmama.org", "8E8D2381AE066ABE1FEE509821BA977CA4728718", "TOFU_inquisitor@darthmama.org", "Lady Claire Trevelyan");
     status = set_identity(session, expired_inquisitor);
     TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
     expired_inquisitor->comm_type = PEP_ct_pEp; // confirmed 
     status = set_trust(session, expired_inquisitor);
     TEST_ASSERT_MSG((status == PEP_STATUS_OK), tl_status_string(status));
+    status = get_trust(session, expired_inquisitor);
+    TEST_ASSERT_MSG(expired_inquisitor->comm_type == PEP_ct_pEp, tl_ct_string(expired_inquisitor->comm_type));
 
     bool pEp_user = false;
     status = is_pep_user(session, expired_inquisitor, &pEp_user);