return key->sigs;
}
-#ifdef NEED_GETFULLKEYID
-/**
- * getfullkeyid - Maps a 32bit key id to a 64bit one.
- * @keyid: The 32bit keyid.
- *
- * This function maps a 32bit key id to the full 64bit one. It returns the
- * full keyid. If the key isn't found a keyid of 0 is returned.
- */
-uint64_t generic_getfullkeyid(struct onak_dbctx *dbctx, uint64_t keyid)
-{
- struct openpgp_publickey *publickey = NULL;
-
- if (keyid < 0x100000000LL) {
- dbctx->fetch_key_id(dbctx, keyid, &publickey, false);
- if (publickey != NULL) {
- get_keyid(publickey, &keyid);
- free_publickey(publickey);
- publickey = NULL;
- } else {
- keyid = 0;
- }
- }
-
- return keyid;
-}
-#endif
-
#ifdef NEED_UPDATEKEYS
/**
* update_keys - Takes a list of public keys and updates them in the DB.
* the DB). Returns the number of entirely new keys added.
*/
int generic_update_keys(struct onak_dbctx *dbctx,
- struct openpgp_publickey **keys, bool sendsync)
+ struct openpgp_publickey **keys,
+ struct keyarray *blacklist,
+ bool sendsync)
{
- struct openpgp_publickey *curkey = NULL;
+ struct openpgp_publickey **curkey, *tmp = NULL;
struct openpgp_publickey *oldkey = NULL;
- struct openpgp_publickey *prev = NULL;
+ struct openpgp_fingerprint fp;
int newkeys = 0;
bool intrans;
- uint64_t keyid;
- for (curkey = *keys; curkey != NULL; curkey = curkey->next) {
+ curkey = keys;
+ while (*curkey != NULL) {
+ get_fingerprint((*curkey)->publickey, &fp);
+ if (blacklist && array_find(blacklist, &fp)) {
+ logthing(LOGTHING_INFO, "Ignoring blacklisted key.");
+ tmp = *curkey;
+ *curkey = (*curkey)->next;
+ tmp->next = NULL;
+ free_publickey(tmp);
+ continue;
+ }
+
intrans = dbctx->starttrans(dbctx);
- get_keyid(curkey, &keyid);
+
logthing(LOGTHING_INFO,
- "Fetching key 0x%" PRIX64 ", result: %d",
- keyid,
- dbctx->fetch_key_id(dbctx, keyid, &oldkey,
+ "Fetching key, result: %d",
+ dbctx->fetch_key_fp(dbctx, &fp, &oldkey,
intrans));
/*
* one that we send out.
*/
if (oldkey != NULL) {
- merge_keys(oldkey, curkey);
- if (curkey->sigs == NULL &&
- curkey->uids == NULL &&
- curkey->subkeys == NULL) {
- if (prev == NULL) {
- *keys = curkey->next;
- } else {
- prev->next = curkey->next;
- curkey->next = NULL;
- free_publickey(curkey);
- curkey = prev;
- }
+ merge_keys(oldkey, *curkey);
+ if ((*curkey)->sigs == NULL &&
+ (*curkey)->uids == NULL &&
+ (*curkey)->subkeys == NULL) {
+ tmp = *curkey;
+ *curkey = (*curkey)->next;
+ tmp->next = NULL;
+ free_publickey(tmp);
} else {
- prev = curkey;
logthing(LOGTHING_INFO,
"Merged key; storing updated key.");
dbctx->store_key(dbctx, oldkey, intrans,
true);
+ curkey = &(*curkey)->next;
}
free_publickey(oldkey);
oldkey = NULL;
} else {
logthing(LOGTHING_INFO,
"Storing completely new key.");
- dbctx->store_key(dbctx, curkey, intrans, false);
+ dbctx->store_key(dbctx, *curkey, intrans, false);
newkeys++;
+ curkey = &(*curkey)->next;
}
dbctx->endtrans(dbctx);
}
- if (sendsync && keys != NULL) {
+ if (sendsync && keys != NULL && *keys != NULL) {
sendkeysync(*keys);
}
/*
* We assume if the backend is using this function it's not storing
* anything bigger than the 64 bit key ID and just truncate the
- * fingerprint to get that value. This doesn't work for v3 keys,
+ * fingerprint to get that value. v4 keys want the lowest 64 bits, v5
+ * keys need the top 64 bits. This doesn't work for v3 keys,
* but there's no way to map from v3 fingerprint to v3 key ID so
* if the backend can't do it we're going to fail anyway.
*/
keyid = 0;
- for (i = (fingerprint->length - 8); i < fingerprint->length; i++) {
- keyid = (keyid << 8) + fingerprint->fp[i];
+ if (fingerprint->length == 20) {
+ /* v4 */
+ for (i = (fingerprint->length - 8); i < fingerprint->length;
+ i++) {
+ keyid = (keyid << 8) + fingerprint->fp[i];
+ }
+ } else {
+ /* v5 */
+ for (i = 0; i < 8; i++) {
+ keyid = (keyid << 8) + fingerprint->fp[i];
+ }
}
return dbctx->fetch_key_id(dbctx, keyid, publickey, intrans);