3 files changed, 56 insertions, 1 deletions

diff --git a/kbx/backend-kbx.c b/kbx/backend-kbx.c
index 0b36c5b78..d8dafe0e5 100644
--- a/kbx/backend-kbx.c
+++ b/kbx/backend-kbx.c
@@ -386,3 +386,54 @@ be_kbx_insert (ctrl_t ctrl, backend_handle_t backend_hd,
   ksba_cert_release (cert);
   return err;
 }
+
+
+/* Update (BLOB,BLOBLEN) in the keybox.  BACKEND_HD is the handle for
+ * this backend and REQUEST is the current database request object.  */
+gpg_error_t
+be_kbx_update (ctrl_t ctrl, backend_handle_t backend_hd,
+               db_request_t request, enum pubkey_types pktype,
+               const void *blob, size_t bloblen)
+{
+  gpg_error_t err;
+  db_request_part_t part;
+  ksba_cert_t cert = NULL;
+
+  (void)ctrl;
+
+  log_assert (backend_hd && backend_hd->db_type == DB_TYPE_KBX);
+  log_assert (request);
+
+  /* Find the specific request part or allocate it.  */
+  err = be_find_request_part (backend_hd, request, &part);
+  if (err)
+    goto leave;
+
+  /* FIXME: We make use of the fact that we know that the caller
+   * already did a keybox search.  This needs to be made more
+   * explicit.  */
+  if (pktype == PUBKEY_TYPE_OPGP)
+    {
+      err = keybox_update_keyblock (part->kbx_hd, blob, bloblen);
+    }
+  else if (pktype == PUBKEY_TYPE_X509)
+    {
+      unsigned char sha1[20];
+
+      err = ksba_cert_new (&cert);
+      if (err)
+        goto leave;
+      err = ksba_cert_init_from_mem (cert, blob, bloblen);
+      if (err)
+        goto leave;
+      gcry_md_hash_buffer (GCRY_MD_SHA1, sha1, blob, bloblen);
+
+      err = keybox_update_cert (part->kbx_hd, cert, sha1);
+    }
+  else
+    err = gpg_error (GPG_ERR_WRONG_BLOB_TYPE);
+
+ leave:
+  ksba_cert_release (cert);
+  return err;
+}
diff --git a/kbx/backend.h b/kbx/backend.h
index 1581ae582..e97855246 100644
--- a/kbx/backend.h
+++ b/kbx/backend.h
@@ -142,6 +142,9 @@ gpg_error_t be_kbx_seek (ctrl_t ctrl, backend_handle_t backend_hd,
 gpg_error_t be_kbx_insert (ctrl_t ctrl, backend_handle_t backend_hd,
                            db_request_t request, enum pubkey_types pktype,
                            const void *blob, size_t bloblen);
+gpg_error_t be_kbx_update (ctrl_t ctrl, backend_handle_t backend_hd,
+                           db_request_t request, enum pubkey_types pktype,
+                           const void *blob, size_t bloblen);
 
 
 #endif /*KBX_BACKEND_H*/
diff --git a/kbx/frontend.c b/kbx/frontend.c
index 8ad4fed3c..5bf18809e 100644
--- a/kbx/frontend.c
+++ b/kbx/frontend.c
@@ -454,7 +454,8 @@ kbxd_store (ctrl_t ctrl, const void *blob, size_t bloblen, int only_update)
     err = gpg_error (GPG_ERR_DUP_KEY);
   else /* Update.  */
     {
-      err = gpg_error (GPG_ERR_NOT_IMPLEMENTED);
+      err = be_kbx_update (ctrl, db->backend_handle, request,
+                           pktype, blob, bloblen);
     }
 
  leave: