Browse Source

ENGINE-398: removal of key from db after reset

generate_api
Krista Bennett 4 years ago
parent
commit
da985ff3a3
5 changed files with 71 additions and 46 deletions
  1. +9
    -4
      src/key_reset.c
  2. +27
    -42
      src/key_reset.h
  3. +32
    -0
      src/pEpEngine.c
  4. +2
    -0
      src/pEpEngine.h
  5. +1
    -0
      src/pEp_internal.h

+ 9
- 4
src/key_reset.c View File

@ -456,15 +456,20 @@ DYNAMIC_API PEP_STATUS key_reset(
}
else { // not is_me
// TODO: Decide what this means. We have a non-own identity, we don't
// have an fpr. Do we reset all keys for that identity?
if (EMPTYSTR(fpr_copy)) {
NOT_IMPLEMENTED
}
// remove fpr from all identities
// remove fpr from all users
if (status == PEP_STATUS_OK)
status = remove_fpr_as_default(session, fpr_copy);
// delete key from DB
if (status == PEP_STATUS_OK) {};
// status = delete_keypair(session, fpr_copy);
// N.B. If this key is being replaced by something else, it
// is done outside of this function.
if (status == PEP_STATUS_OK) {
status = remove_key(session, fpr_copy);
};
}
}


+ 27
- 42
src/key_reset.h View File

@ -15,48 +15,33 @@
extern "C" {
#endif
// FIXME: Proper docs!
// Algorithm:
//
// Key Reset trigger; either manually or in another protocol, parameter key (optional)
//
// if identity given:
//
// key reset for one identity
//
// else
//
// For identity in own identities
//
// key reset for one identitiy
//
// Key Reset for identity:
//
// if own identity:
//
// Create revocation
//
// add to revocation list
//
// mistrust fpr from trust
//
// Remove fpr from ALL identities
//
// Remove fpr from ALL users
//
// generate new key
//
// for all active communication partners:
//
// active_send revocation
//
// else
//
// remove fpr from all identities
//
// remove fpr from all users
//
// delete key from key ring
// key_reset() - reset the database status for a key, removing all trust information
// and default database connections. For own keys, also revoke the key
// and communicate the revocation and new key to partners we have sent
// mail to recently from the specific identity (i.e. address/user_id)
// that contacted them. We also in this case set up information so that
// if someone we mail uses the wrong key and wasn't yet contacted,
// we can send them the reset information from the right address.
//
// Can be called manually or through another protocol.
//
// parameters:
// session (in) session handle
// fpr (in) fingerprint of key to reset. If NULL and ident is NULL,
// we reset all keys for the own user. If NULL and ident is
// an own identity, we reset the default key for that
// identity. If that own identity has no default key, we
// reset the user default.
// if it is NULL and there is a non-own identity, this is
// currently undefined and will return an error. Later, we
// may decide on semantics for it (e.g. remove all keys
// in the DB for that identity)
// ident (in) identity for which the key reset should occur.
// if NULL and fpr is non-NULL, we'll reset the key for all
// associated identities. If both ident and fpr are NULL, see
// the fpr arg documentation.
//
//
DYNAMIC_API PEP_STATUS key_reset(
PEP_SESSION session,
const char* fpr,


+ 32
- 0
src/pEpEngine.c View File

@ -199,6 +199,11 @@ static const char* sql_replace_userid =
"update person set id = ?1 "
" where id = ?2;";
// Hopefully this cascades and removes trust entries...
static const char *sql_delete_key =
"delete from pgp_keypair "
" where fpr = ?1 ; ";
static const char *sql_replace_main_user_fpr =
"update person "
" set main_key_id = ?1 "
@ -1205,6 +1210,10 @@ DYNAMIC_API PEP_STATUS init(PEP_SESSION *session)
(int)strlen(sql_replace_userid), &_session->replace_userid, NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_delete_key,
(int)strlen(sql_delete_key), &_session->delete_key, NULL);
assert(int_result == SQLITE_OK);
int_result = sqlite3_prepare_v2(_session->db, sql_replace_main_user_fpr,
(int)strlen(sql_replace_main_user_fpr), &_session->replace_main_user_fpr, NULL);
assert(int_result == SQLITE_OK);
@ -1615,6 +1624,8 @@ DYNAMIC_API void release(PEP_SESSION session)
sqlite3_finalize(session->i18n_token);
if (session->replace_userid)
sqlite3_finalize(session->replace_userid);
if (session->delete_key)
sqlite3_finalize(session->delete_key);
if (session->replace_main_user_fpr)
sqlite3_finalize(session->replace_main_user_fpr);
if (session->get_main_user_fpr)
@ -3228,6 +3239,27 @@ PEP_STATUS replace_userid(PEP_SESSION session, const char* old_uid,
return PEP_STATUS_OK;
}
PEP_STATUS remove_key(PEP_SESSION session, const char* fpr) {
assert(session);
assert(fpr);
if (!session || EMPTYSTR(fpr))
return PEP_ILLEGAL_VALUE;
int result;
sqlite3_reset(session->delete_key);
sqlite3_bind_text(session->delete_key, 1, fpr, -1,
SQLITE_STATIC);
result = sqlite3_step(session->delete_key);
sqlite3_reset(session->delete_key);
if (result != SQLITE_DONE)
return PEP_CANNOT_SET_PGP_KEYPAIR;
return PEP_STATUS_OK;
}
PEP_STATUS refresh_userid_default_key(PEP_SESSION session, const char* user_id) {
assert(session);
assert(user_id);


+ 2
- 0
src/pEpEngine.h View File

@ -1263,6 +1263,8 @@ PEP_STATUS get_identities_by_userid(
PEP_STATUS replace_userid(PEP_SESSION session, const char* old_uid,
const char* new_uid);
PEP_STATUS remove_key(PEP_SESSION session, const char* fpr);
PEP_STATUS remove_fpr_as_default(PEP_SESSION session,
const char* fpr);


+ 1
- 0
src/pEp_internal.h View File

@ -139,6 +139,7 @@ struct _pEpSession {
sqlite3_stmt *replace_main_user_fpr;
sqlite3_stmt *get_main_user_fpr;
sqlite3_stmt *refresh_userid_default_key;
sqlite3_stmt *delete_key;
sqlite3_stmt *remove_fpr_as_default;
sqlite3_stmt *set_person;
sqlite3_stmt *update_person;


Loading…
Cancel
Save