1
0
mirror of git://git.gnupg.org/gnupg.git synced 2024-11-10 21:38:50 +01:00

gpgsm: Use macro constants for cert_usage_p.

* sm/certlist.c (USE_MODE_): New.  Use them for easier reading.
This commit is contained in:
Werner Koch 2022-10-24 15:12:06 +02:00
parent 7ed523ca13
commit 1cdb67d41a
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -34,7 +34,16 @@
#include "keydb.h" #include "keydb.h"
#include "../common/i18n.h" #include "../common/i18n.h"
/* Mode values for cert_usage_p.
* Take care: the values have a semantic. */
#define USE_MODE_SIGN 0
#define USE_MODE_ENCR 1
#define USE_MODE_VRFY 2
#define USE_MODE_DECR 3
#define USE_MODE_CERT 4
#define USE_MODE_OCSP 5
/* OIDs we use here. */
static const char oid_kp_serverAuth[] = "1.3.6.1.5.5.7.3.1"; static const char oid_kp_serverAuth[] = "1.3.6.1.5.5.7.3.1";
static const char oid_kp_clientAuth[] = "1.3.6.1.5.5.7.3.2"; static const char oid_kp_clientAuth[] = "1.3.6.1.5.5.7.3.2";
static const char oid_kp_codeSigning[] = "1.3.6.1.5.5.7.3.3"; static const char oid_kp_codeSigning[] = "1.3.6.1.5.5.7.3.3";
@ -42,6 +51,7 @@ static const char oid_kp_emailProtection[]= "1.3.6.1.5.5.7.3.4";
static const char oid_kp_timeStamping[] = "1.3.6.1.5.5.7.3.8"; static const char oid_kp_timeStamping[] = "1.3.6.1.5.5.7.3.8";
static const char oid_kp_ocspSigning[] = "1.3.6.1.5.5.7.3.9"; static const char oid_kp_ocspSigning[] = "1.3.6.1.5.5.7.3.9";
/* Return 0 if the cert is usable for encryption. A MODE of 0 checks /* Return 0 if the cert is usable for encryption. A MODE of 0 checks
for signing a MODE of 1 checks for encryption, a MODE of 2 checks for signing a MODE of 1 checks for encryption, a MODE of 2 checks
for verification and a MODE of 3 for decryption (just for for verification and a MODE of 3 for decryption (just for
@ -120,7 +130,7 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
if (gpg_err_code (err) == GPG_ERR_NO_DATA) if (gpg_err_code (err) == GPG_ERR_NO_DATA)
{ {
err = 0; err = 0;
if (opt.verbose && mode < 2 && !silent) if (opt.verbose && mode < USE_MODE_VRFY && !silent)
log_info (_("no key usage specified - assuming all usages\n")); log_info (_("no key usage specified - assuming all usages\n"));
use = ~0; use = ~0;
} }
@ -137,7 +147,7 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
return err; return err;
} }
if (mode == 4) if (mode == USE_MODE_CERT)
{ {
if ((use & (KSBA_KEYUSAGE_KEY_CERT_SIGN))) if ((use & (KSBA_KEYUSAGE_KEY_CERT_SIGN)))
return 0; return 0;
@ -147,7 +157,7 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
return gpg_error (GPG_ERR_WRONG_KEY_USAGE); return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
} }
if (mode == 5) if (mode == USE_MODE_OCSP)
{ {
if (use != ~0 if (use != ~0
&& (have_ocsp_signing && (have_ocsp_signing
@ -170,11 +180,13 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
return 0; return 0;
if (!silent) if (!silent)
log_info log_info (mode == USE_MODE_DECR?
(mode==3? _("certificate should not have been used for encryption\n"): _("certificate should not have been used for encryption\n") :
mode==2? _("certificate should not have been used for signing\n"): mode == USE_MODE_VRFY?
mode==1? _("certificate is not usable for encryption\n"): _("certificate should not have been used for signing\n") :
/**/ _("certificate is not usable for signing\n")); mode == USE_MODE_ENCR?
_("certificate is not usable for encryption\n") :
_("certificate is not usable for signing\n"));
return gpg_error (GPG_ERR_WRONG_KEY_USAGE); return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
} }
@ -184,7 +196,7 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
int int
gpgsm_cert_use_sign_p (ksba_cert_t cert, int silent) gpgsm_cert_use_sign_p (ksba_cert_t cert, int silent)
{ {
return cert_usage_p (cert, 0, silent); return cert_usage_p (cert, USE_MODE_SIGN, silent);
} }
@ -192,31 +204,31 @@ gpgsm_cert_use_sign_p (ksba_cert_t cert, int silent)
int int
gpgsm_cert_use_encrypt_p (ksba_cert_t cert) gpgsm_cert_use_encrypt_p (ksba_cert_t cert)
{ {
return cert_usage_p (cert, 1, 0); return cert_usage_p (cert, USE_MODE_ENCR, 0);
} }
int int
gpgsm_cert_use_verify_p (ksba_cert_t cert) gpgsm_cert_use_verify_p (ksba_cert_t cert)
{ {
return cert_usage_p (cert, 2, 0); return cert_usage_p (cert, USE_MODE_VRFY, 0);
} }
int int
gpgsm_cert_use_decrypt_p (ksba_cert_t cert) gpgsm_cert_use_decrypt_p (ksba_cert_t cert)
{ {
return cert_usage_p (cert, 3, 0); return cert_usage_p (cert, USE_MODE_DECR, 0);
} }
int int
gpgsm_cert_use_cert_p (ksba_cert_t cert) gpgsm_cert_use_cert_p (ksba_cert_t cert)
{ {
return cert_usage_p (cert, 4, 0); return cert_usage_p (cert, USE_MODE_CERT, 0);
} }
int int
gpgsm_cert_use_ocsp_p (ksba_cert_t cert) gpgsm_cert_use_ocsp_p (ksba_cert_t cert)
{ {
return cert_usage_p (cert, 5, 0); return cert_usage_p (cert, USE_MODE_OCSP, 0);
} }