diff options
author | Heiko <heiko@schaefer.name> | 2021-05-03 19:38:11 +0200 |
---|---|---|
committer | Heiko <heiko@schaefer.name> | 2021-05-03 19:38:11 +0200 |
commit | 241a89bbecf9bfb558094807e6e63cf2af43d8dc (patch) | |
tree | 582521c9624cdfc18381421ba9ef3ab3c307c4cb | |
parent | 9a7bfa69124276cf60eb11eb5b753f9d02994da9 (diff) | |
download | openpgp-ca-241a89bbecf9bfb558094807e6e63cf2af43d8dc.tar.gz |
Don't handle tsigs for the CA in OcaDb::user_add().
Use CaSec::ca_import_tsig() for these tsigs instead (this currently leads to nested transactions in cert.rs user_new()).
-rw-r--r-- | src/cert.rs | 14 | ||||
-rw-r--r-- | src/db/mod.rs | 20 |
2 files changed, 8 insertions, 26 deletions
diff --git a/src/cert.rs b/src/cert.rs index 1dee1d8..b45f7e5 100644 --- a/src/cert.rs +++ b/src/cert.rs @@ -43,7 +43,10 @@ pub fn user_new( let tsigned_ca = Pgp::cert_to_armored_private_key(&tsigned_ca)?; - // Store new user cert (and tsig for CA key) in DB + // Store tsig for the CA cert + oca.secret().ca_import_tsig(&tsigned_ca)?; + + // Store new user cert in DB let user_cert = Pgp::cert_to_armored(&user_certified)?; let user_revoc = Pgp::revoc_to_armored(&user_revoc, None)?; @@ -53,7 +56,6 @@ pub fn user_new( (&user_cert, &user_key.fingerprint().to_hex()), emails, &[user_revoc], - Some(&tsigned_ca), ) .context("Failed to insert new user into DB")?; @@ -126,13 +128,7 @@ pub fn cert_import_new( .context("cert_import_new: Couldn't re-armor key")?; oca.db() - .user_add( - name.as_deref(), - (&pub_cert, &fp), - &emails, - &revoc_certs, - None, - ) + .user_add(name.as_deref(), (&pub_cert, &fp), &emails, &revoc_certs) .context("Couldn't insert user")?; Ok(()) diff --git a/src/db/mod.rs b/src/db/mod.rs index 17d27e3..dee370f 100644 --- a/src/db/mod.rs +++ b/src/db/mod.rs @@ -276,25 +276,11 @@ impl OcaDb { (pub_cert, fingerprint): (&str, &str), emails: &[&str], revocation_certs: &[String], - ca_cert_tsigned: Option<&str>, ) -> Result<User> { - let (ca, mut cacert_db) = self.get_ca().context("Couldn't find CA")?; - - // merge new trust signature into local CA cert (if applicable) - if let Some(ca_cert_tsigned) = ca_cert_tsigned { - let tsigned = Pgp::armored_to_cert(&ca_cert_tsigned)?; - - let merged = Pgp::armored_to_cert(&cacert_db.priv_cert)? - .merge_public(tsigned)?; - cacert_db.priv_cert = Pgp::cert_to_armored_private_key(&merged)?; - - // update new version of CA cert in database - self.cacert_update(&cacert_db)?; - } - // User - let newuser = NewUser { name, ca_id: ca.id }; - let user = self.user_insert(newuser)?; + let (ca, _) = self.get_ca().context("Couldn't find CA")?; + + let user = self.user_insert(NewUser { name, ca_id: ca.id })?; let cert = self.cert_add(pub_cert, fingerprint, Some(user.id))?; |