+
+/**
+ * cached_getkeysigs - Gets the signatures on a key.
+ * @keyid: The key we want the signatures for.
+ *
+ * This function gets the signatures on a key. It's the same as the
+ * getkeysigs function above except we use the hash module to cache the
+ * data so if we need it again it's already loaded.
+ */
+struct ll *generic_cached_getkeysigs(struct onak_dbctx *dbctx, uint64_t keyid)
+{
+ struct stats_key *key = NULL;
+ struct stats_key *signedkey = NULL;
+ struct ll *cursig = NULL;
+ struct ll *sigs = NULL;
+ bool revoked = false;
+
+ if (keyid == 0) {
+ return NULL;
+ }
+
+ key = findinhash(keyid);
+
+ if (key == NULL || key->gotsigs == false) {
+ sigs = dbctx->getkeysigs(dbctx, keyid, &revoked);
+ if (sigs == NULL) {
+ return NULL;
+ }
+ if (key == NULL) {
+ key = createandaddtohash(keyid);
+ }
+ key->sigs = sigs;
+ key->revoked = revoked;
+ for (cursig = key->sigs; cursig != NULL;
+ cursig = cursig->next) {
+ signedkey = (struct stats_key *) cursig->object;
+ signedkey->signs = lladd(signedkey->signs, key);
+ }
+ key->gotsigs = true;
+ }
+
+ return key->sigs;
+}
+
+#ifdef NEED_UPDATEKEYS
+/**
+ * update_keys - Takes a list of public keys and updates them in the DB.
+ * @keys: The keys to update in the DB.
+ * @blacklist: A keyarray of key fingerprints not to accept.
+ * @updateonly: Only update existing keys, don't add new ones.
+ * @sendsync: Should we send a sync mail to our peers.
+ *
+ * Takes a list of keys and adds them to the database, merging them with
+ * the key in the database if it's already present there. The key list is
+ * update to contain the minimum set of updates required to get from what
+ * we had before to what we have now (ie the set of data that was added to
+ * the DB). Returns the number of entirely new keys added.
+ */
+int generic_update_keys(struct onak_dbctx *dbctx,
+ struct openpgp_publickey **keys,
+ struct keyarray *blacklist,
+ bool updateonly,
+ bool sendsync)
+{
+ struct openpgp_publickey **curkey, *tmp = NULL;
+ struct openpgp_publickey *oldkey = NULL;
+ struct openpgp_fingerprint fp;
+ int newkeys = 0, ret;
+ bool intrans;
+
+ curkey = keys;
+ while (*curkey != NULL) {
+ get_fingerprint((*curkey)->publickey, &fp);
+ if (blacklist && array_find(blacklist, &fp)) {
+ logthing(LOGTHING_INFO, "Ignoring blacklisted key.");
+ tmp = *curkey;
+ *curkey = (*curkey)->next;
+ tmp->next = NULL;
+ free_publickey(tmp);
+ continue;
+ }
+
+ intrans = dbctx->starttrans(dbctx);
+
+ ret = dbctx->fetch_key_fp(dbctx, &fp, &oldkey, intrans);
+ if (ret == 0 && updateonly) {
+ logthing(LOGTHING_INFO,
+ "Skipping new key as update only set.");
+ curkey = &(*curkey)->next;
+ goto next;
+ }
+
+ /*
+ * If we already have the key stored in the DB then merge it
+ * with the new one that's been supplied. Otherwise the key
+ * we've just got is the one that goes in the DB and also the
+ * one that we send out.
+ */
+ if (oldkey != NULL) {
+ merge_keys(oldkey, *curkey);
+ if ((*curkey)->sigs == NULL &&
+ (*curkey)->uids == NULL &&
+ (*curkey)->subkeys == NULL) {
+ tmp = *curkey;
+ *curkey = (*curkey)->next;
+ tmp->next = NULL;
+ free_publickey(tmp);
+ } else {
+ logthing(LOGTHING_INFO,
+ "Merged key; storing updated key.");
+ dbctx->store_key(dbctx, oldkey, intrans,
+ true);
+ curkey = &(*curkey)->next;
+ }
+ free_publickey(oldkey);
+ oldkey = NULL;
+ } else {
+ logthing(LOGTHING_INFO,
+ "Storing completely new key.");
+ dbctx->store_key(dbctx, *curkey, intrans, false);
+ newkeys++;
+ curkey = &(*curkey)->next;
+ }
+next:
+ dbctx->endtrans(dbctx);
+ }
+
+ if (sendsync && keys != NULL && *keys != NULL) {
+ sendkeysync(*keys);
+ }
+
+ return newkeys;
+}
+#endif /* NEED_UPDATEKEYS */
+
+#ifdef NEED_GET_FP
+static int generic_fetch_key_fp(struct onak_dbctx *dbctx,
+ struct openpgp_fingerprint *fingerprint,
+ struct openpgp_publickey **publickey, bool intrans)
+{
+ uint64_t keyid;
+ int i;
+
+ if (fingerprint->length > MAX_FINGERPRINT_LEN) {
+ return 0;
+ }
+
+ /*
+ * We assume if the backend is using this function it's not storing
+ * anything bigger than the 64 bit key ID and just truncate the
+ * fingerprint to get that value. v4 keys want the lowest 64 bits, v5
+ * keys need the top 64 bits. This doesn't work for v3 keys,
+ * but there's no way to map from v3 fingerprint to v3 key ID so
+ * if the backend can't do it we're going to fail anyway.
+ */
+ keyid = 0;
+ if (fingerprint->length == 20) {
+ /* v4 */
+ for (i = (fingerprint->length - 8); i < fingerprint->length;
+ i++) {
+ keyid = (keyid << 8) + fingerprint->fp[i];
+ }
+ } else {
+ /* v5 */
+ for (i = 0; i < 8; i++) {
+ keyid = (keyid << 8) + fingerprint->fp[i];
+ }
+ }
+
+ return dbctx->fetch_key_id(dbctx, keyid, publickey, intrans);
+}
+#endif