ENGINE-750: Untested as yet.

src/keymanagement.c

@@ -2023,6 +2023,88 @@ PEP_STATUS is_mistrusted_key(PEP_SESSION session, const char* fpr,
     return status;
 }
 
+static PEP_STATUS _wipe_default_key_if_invalid(PEP_SESSION session,
+                                         pEp_identity* ident) {
+    
+    PEP_STATUS status = PEP_STATUS_OK;
+    
+    if (!ident->user_id)
+        return PEP_ILLEGAL_VALUE;
+        
+    PEP_STATUS keystatus = validate_fpr(session, ident, true, false);
+    switch (keystatus) {
+        case PEP_STATUS_OK:
+            // Check for non-renewable expiry and 
+            // if so, fallthrough
+            if (ident->comm_type != PEP_ct_key_expired_but_confirmed &&
+                    ident->comm_type != PEP_ct_key_expired) {
+                break;
+            }        
+        case PEP_KEY_UNSUITABLE:
+        case PEP_KEY_BLACKLISTED:
+            // Remove key as default for all identities and users 
+            status = remove_fpr_as_default(session, ident->fpr);
+            break;   
+        default:
+            break;
+    }     
+    return status;                                        
+}
+
+PEP_STATUS clean_own_key_defaults(PEP_SESSION session) {
+    identity_list* idents = NULL;
+    PEP_STATUS status = own_identities_retrieve(session, &idents);
+    if (status != PEP_STATUS_OK)
+        return status;
+        
+    if (!idents)
+        return PEP_STATUS_OK;
+
+    if (!idents->ident && !idents->next) {
+        free_identity_list(idents);
+        return PEP_STATUS_OK;
+    } // Kludge: FIX own_identities_retrieve. Should return NULL, not empty list    
+        
+    identity_list* curr = idents;
+    
+    for ( ; curr ; curr = curr->next) {
+        pEp_identity* ident = curr->ident;
+        if (!ident)
+            continue;
+        
+        _wipe_default_key_if_invalid(session, ident);    
+    }   
+    
+    free_identity_list(idents);
+    
+    // Also remove invalid default user key
+    char* own_id = NULL;
+
+    status = get_default_own_userid(session, &own_id);
+
+    if (status != PEP_STATUS_OK)
+        return status;
+
+    if (own_id) {
+        char* user_default_key = NULL;
+        status = get_user_default_key(session, own_id, &user_default_key);
+        if (status != PEP_STATUS_OK) {
+            free(own_id);
+            if (status == PEP_KEY_NOT_FOUND)
+                status = PEP_STATUS_OK;
+            else
+                return status;
+        }
+        else if (user_default_key) {
+            pEp_identity* empty_user = new_identity(NULL, user_default_key, NULL, own_id);
+            _wipe_default_key_if_invalid(session, empty_user);       
+            free(user_default_key);
+        }
+        free(own_id);    
+    }
+    return status;
+}
+
 #ifdef USE_GPG
 PEP_STATUS pgp_find_trusted_private_keys(
         PEP_SESSION session, stringlist_t **keylist

src/keymanagement.h

@@ -408,6 +408,8 @@ PEP_STATUS get_valid_pubkey(PEP_SESSION session,
                             bool* is_address_default,
                             bool check_blacklist);
 
+PEP_STATUS clean_own_key_defaults(PEP_SESSION session);
+
 #ifdef __cplusplus
 }
 #endif

src/pEpEngine.c

@@ -454,7 +454,7 @@ static const char* sql_get_default_own_userid =
     "select id from person"
     "   join identity on id = identity.user_id"
     "   where identity.is_own = 1";
-
+    
 // Sequence
 static const char *sql_sequence_value1 = 
     "insert or replace into sequences (name, value) "
@@ -2080,6 +2080,11 @@ DYNAMIC_API PEP_STATUS init(
         status = pgp_import_ultimately_trusted_keypairs(_session);        
 #endif // USE_GPG
     }
+    
+    // clean up invalid keys 
+    status = clean_own_key_defaults(_session);
+    if (status != PEP_STATUS_OK)
+        goto pEp_error;
 
     *session = _session;