mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-03 12:11:33 +01:00
sm: New option --issuer-der for the listkey commands.
* sm/server.c (do_listkeys): Implement new option. -- This option can be used by clients who can only provide a DER encoded form of the issuer. For example in PKCS#11 providers. Testing: Put the DER encoded issuer DN into a file, say issuer.der. The run gpg-connect-agent -E -- gpgsm --server > /definqfile ISSUER_DER issuer.der > list-keys --issuer-der 01020304 and if the local keyring has a certifictate with that issuer and a s/n of 0x01020304 that certificate will be listed. Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch
parent
8bbc4f0d2c
commit
2e5ab34496
80
sm/server.c
80
sm/server.c
@ -1,6 +1,6 @@
|
|||||||
/* server.c - Server mode and main entry point
|
/* server.c - Server mode and main entry point
|
||||||
* Copyright (C) 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009,
|
* Copyright (C) 2001-2010 Free Software Foundation, Inc.
|
||||||
* 2010 Free Software Foundation, Inc.
|
* Copyright (C) 2001-2011, 2013-2020 g10 Code GmbH
|
||||||
*
|
*
|
||||||
* This file is part of GnuPG.
|
* This file is part of GnuPG.
|
||||||
*
|
*
|
||||||
@ -883,10 +883,10 @@ cmd_message (assuan_context_t ctx, char *line)
|
|||||||
|
|
||||||
|
|
||||||
static const char hlp_listkeys[] =
|
static const char hlp_listkeys[] =
|
||||||
"LISTKEYS [<patterns>]\n"
|
"LISTKEYS [<options>] [<patterns>]\n"
|
||||||
"LISTSECRETKEYS [<patterns>]\n"
|
"LISTSECRETKEYS [<options>] [<patterns>]\n"
|
||||||
"DUMPKEYS [<patterns>]\n"
|
"DUMPKEYS [<options>] [<patterns>]\n"
|
||||||
"DUMPSECRETKEYS [<patterns>]\n"
|
"DUMPSECRETKEYS [<options>] [<patterns>]\n"
|
||||||
"\n"
|
"\n"
|
||||||
"List all certificates or only those specified by PATTERNS. Each\n"
|
"List all certificates or only those specified by PATTERNS. Each\n"
|
||||||
"pattern shall be a percent-plus escaped certificate specification.\n"
|
"pattern shall be a percent-plus escaped certificate specification.\n"
|
||||||
@ -895,8 +895,12 @@ static const char hlp_listkeys[] =
|
|||||||
"smartcard has been registered. The \"DUMP\" versions of the command\n"
|
"smartcard has been registered. The \"DUMP\" versions of the command\n"
|
||||||
"are only useful for debugging. The output format is a percent escaped\n"
|
"are only useful for debugging. The output format is a percent escaped\n"
|
||||||
"colon delimited listing as described in the manual.\n"
|
"colon delimited listing as described in the manual.\n"
|
||||||
|
"Supported values for OPTIONS are:\n"
|
||||||
|
" -- Stop option processing\n"
|
||||||
|
" --issuer-der PATTERN is a DER of the serialnumber as hexstring;\n"
|
||||||
|
" the issuer is then inquired with \"ISSUER_DER\".\n"
|
||||||
"\n"
|
"\n"
|
||||||
"These \"OPTION\" command keys effect the output::\n"
|
"These Assuan \"OPTION\" command keys effect the output::\n"
|
||||||
"\n"
|
"\n"
|
||||||
" \"list-mode\" set to 0: List only local certificates (default).\n"
|
" \"list-mode\" set to 0: List only local certificates (default).\n"
|
||||||
" 1: Ditto.\n"
|
" 1: Ditto.\n"
|
||||||
@ -916,9 +920,14 @@ do_listkeys (assuan_context_t ctx, char *line, int mode)
|
|||||||
ctrl_t ctrl = assuan_get_pointer (ctx);
|
ctrl_t ctrl = assuan_get_pointer (ctx);
|
||||||
estream_t fp;
|
estream_t fp;
|
||||||
char *p;
|
char *p;
|
||||||
|
size_t n;
|
||||||
strlist_t list, sl;
|
strlist_t list, sl;
|
||||||
unsigned int listmode;
|
unsigned int listmode;
|
||||||
gpg_error_t err;
|
gpg_error_t err;
|
||||||
|
int opt_issuer_der;
|
||||||
|
|
||||||
|
opt_issuer_der = has_option (line, "--issuer-der");
|
||||||
|
line = skip_options (line);
|
||||||
|
|
||||||
/* Break the line down into an strlist. */
|
/* Break the line down into an strlist. */
|
||||||
list = NULL;
|
list = NULL;
|
||||||
@ -942,6 +951,63 @@ do_listkeys (assuan_context_t ctx, char *line, int mode)
|
|||||||
list = sl;
|
list = sl;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
if (opt_issuer_der && (!list || list->next))
|
||||||
|
{
|
||||||
|
free_strlist (list);
|
||||||
|
return set_error (GPG_ERR_INV_ARG,
|
||||||
|
"only one arg for --issuer-der please");
|
||||||
|
}
|
||||||
|
|
||||||
|
if (opt_issuer_der)
|
||||||
|
{
|
||||||
|
unsigned char *value = NULL;
|
||||||
|
size_t valuelen;
|
||||||
|
char *issuer;
|
||||||
|
|
||||||
|
err = assuan_inquire (ctx, "ISSUER_DER", &value, &valuelen, 0);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
free_strlist (list);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
if (!valuelen)
|
||||||
|
{
|
||||||
|
xfree (value);
|
||||||
|
free_strlist (list);
|
||||||
|
return gpg_error (GPG_ERR_MISSING_VALUE);
|
||||||
|
}
|
||||||
|
err = ksba_dn_der2str (value, valuelen, &issuer);
|
||||||
|
xfree (value);
|
||||||
|
if (err)
|
||||||
|
{
|
||||||
|
free_strlist (list);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
/* ksba_dn_der2str seems to always append "\\0A". Trim that. */
|
||||||
|
n = strlen (issuer);
|
||||||
|
if (n > 3 && !strcmp (issuer + n - 3, "\\0A"))
|
||||||
|
issuer[n-3] = 0;
|
||||||
|
|
||||||
|
p = strconcat ("#", list->d, "/", issuer, NULL);
|
||||||
|
if (!p)
|
||||||
|
{
|
||||||
|
err = gpg_error_from_syserror ();
|
||||||
|
ksba_free (issuer);
|
||||||
|
free_strlist (list);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
ksba_free (issuer);
|
||||||
|
free_strlist (list);
|
||||||
|
list = NULL;
|
||||||
|
if (!add_to_strlist_try (&list, p))
|
||||||
|
{
|
||||||
|
err = gpg_error_from_syserror ();
|
||||||
|
xfree (p);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
xfree (p);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
if (ctrl->server_local->list_to_output)
|
if (ctrl->server_local->list_to_output)
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user