@ -103,9 +103,14 @@ PEP_STATUS elect_pubkey(
return PEP_STATUS_OK ;
}
// own_must_contain_private is usually true when calling;
// we only set it to false when we have the idea of
// possibly having an own pubkey that we need to check on its own
static PEP_STATUS validate_fpr ( PEP_SESSION session ,
pEp_identity * ident ,
bool check_blacklist ) {
bool check_blacklist ,
bool own_must_contain_private ) {
PEP_STATUS status = PEP_STATUS_OK ;
@ -115,12 +120,14 @@ static PEP_STATUS validate_fpr(PEP_SESSION session,
char * fpr = ident - > fpr ;
bool has_private = false ;
status = contains_priv_key ( session , fpr , & has_private ) ;
if ( ident - > me ) {
status = contains_priv_key ( session , fpr , & has_private ) ;
if ( ident - > me & & own_must_contain_private ) {
if ( status ! = PEP_STATUS_OK | | ! has_private )
return PEP_KEY_UNSUITABLE ;
}
else if ( status ! = PEP_STATUS_OK & & has_private ) // should never happen
has_private = false ;
status = get_trust ( session , ident ) ;
if ( status ! = PEP_STATUS_OK )
@ -196,7 +203,9 @@ static PEP_STATUS validate_fpr(PEP_SESSION session,
}
}
if ( ident - > me & & ( ct > = PEP_ct_strong_but_unconfirmed ) & & ! revoked & & expired ) {
if ( ident - > me & & has_private & &
( ct > = PEP_ct_strong_but_unconfirmed ) & &
! revoked & & expired ) {
// extend key
timestamp * ts = new_timestamp ( time ( NULL ) + KEY_EXPIRE_DELTA ) ;
status = renew_key ( session , fpr , ts ) ;
@ -315,7 +324,7 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session,
// Input: stored identity retrieved from database
// if stored identity contains a default key
if ( ! EMPTYSTR ( stored_fpr ) ) {
status = validate_fpr ( session , stored_identity , check_blacklist ;
status = validate_fpr ( session , stored_identity , check_blacklist , true );
if ( status = = PEP_STATUS_OK & & ! EMPTYSTR ( stored_identity - > fpr ) ) {
* is_identity_default = * is_address_default = true ;
return status ;
@ -335,7 +344,7 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session,
if ( ! EMPTYSTR ( user_fpr ) ) {
// There exists a default key for user, so validate
stored_identity - > fpr = user_fpr ;
status = validate_fpr ( session , stored_identity , check_blacklist ;
status = validate_fpr ( session , stored_identity , check_blacklist , true );
if ( status = = PEP_STATUS_OK & & stored_identity - > fpr ) {
* is_user_default = true ;
* is_address_default = key_matches_address ( session ,
@ -352,7 +361,7 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session,
status = elect_pubkey ( session , stored_identity , check_blacklist ) ;
if ( status = = PEP_STATUS_OK ) {
if ( ! EMPTYSTR ( stored_identity - > fpr ) )
validate_fpr ( session , stored_identity , false ; // blacklist already filtered of needed
validate_fpr ( session , stored_identity , false , true ); // blacklist already filtered of needed
}
else if ( status ! = PEP_KEY_NOT_FOUND & & first_reject_status ! = PEP_KEY_NOT_FOUND ) {
first_reject_status = status ;
@ -1036,7 +1045,7 @@ PEP_STATUS _myself(PEP_SESSION session, pEp_identity * identity, bool do_keygen,
// check stored identity
if ( stored_identity & & ! EMPTYSTR ( stored_identity - > fpr ) ) {
// Fall back / retrieve
status = validate_fpr ( session , stored_identity , false ;
status = validate_fpr ( session , stored_identity , false , true );
if ( status = = PEP_OUT_OF_MEMORY )
goto pep_free ;
if ( status = = PEP_STATUS_OK ) {
@ -1445,8 +1454,7 @@ DYNAMIC_API PEP_STATUS trust_personal_key(
// Set up a temp trusted identity for the input fpr without a comm type;
tmp_id = new_identity ( ident - > address , ident - > fpr , ident - > user_id , NULL ) ;
// ->me isn't set, even if this is an own identity, so this will work.
status = validate_fpr ( session , tmp_id , false ) ;
status = validate_fpr ( session , tmp_id , false , true ) ;
if ( status = = PEP_STATUS_OK ) {
// Validate fpr gets trust DB or, when that fails, key comm type. we checked
@ -1506,7 +1514,7 @@ DYNAMIC_API PEP_STATUS trust_personal_key(
if ( ! tmp_user_ident )
status = PEP_OUT_OF_MEMORY ;
else {
status = validate_fpr ( session , tmp_user_ident , false ;
status = validate_fpr ( session , tmp_user_ident , false , true );
if ( status ! = PEP_STATUS_OK | |
tmp_user_ident - > comm_type < PEP_ct_strong_but_unconfirmed | |
@ -1530,6 +1538,45 @@ pep_free:
return status ;
}
DYNAMIC_API PEP_STATUS trust_own_key (
PEP_SESSION session ,
pEp_identity * ident
)
{
assert ( session ) ;
assert ( ident ) ;
assert ( ! EMPTYSTR ( ident - > address ) ) ;
assert ( ! EMPTYSTR ( ident - > user_id ) ) ;
assert ( ! EMPTYSTR ( ident - > fpr ) ) ;
if ( ! ident | | EMPTYSTR ( ident - > address ) | | EMPTYSTR ( ident - > user_id ) | |
EMPTYSTR ( ident - > fpr ) )
return PEP_ILLEGAL_VALUE ;
if ( ! is_me ( session , ident ) )
return PEP_ILLEGAL_VALUE ;
// don't check blacklist or require a private key
PEP_STATUS status = validate_fpr ( session , ident , false , false ) ;
if ( status ! = PEP_STATUS_OK )
return status ;
status = set_pgp_keypair ( session , ident - > fpr ) ;
if ( status ! = PEP_STATUS_OK )
return status ;
if ( ident - > comm_type < PEP_ct_strong_but_unconfirmed )
return PEP_KEY_UNSUITABLE ;
ident - > comm_type | = PEP_ct_confirmed ;
status = set_trust ( session , ident ) ;
return status ;
}
DYNAMIC_API PEP_STATUS own_key_is_listed (
PEP_SESSION session ,
const char * fpr ,
@ -1779,7 +1826,7 @@ DYNAMIC_API PEP_STATUS set_own_key(
if ( ! me - > fpr )
return PEP_OUT_OF_MEMORY ;
status = validate_fpr ( session , me , false ;
status = validate_fpr ( session , me , false , true );
if ( status )
return status ;
