* call-dirmngr.c (inq_certificate): Changed for new interface semantic.

* certlist.c (gpgsm_find_cert): New.

DirMngr should now work.  Remember that there is a --disable-crl-check
option in gpgsm to be used when there is a problem with the dirmngr
communication or you want to do faster tests.

sm/ChangeLog

@@ -1,3 +1,8 @@
+2002-01-14  Werner Koch  <wk@gnupg.org>
+
+	* call-dirmngr.c (inq_certificate): Changed for new interface semantic.
+	* certlist.c (gpgsm_find_cert): New.
+
 2002-01-13  Werner Koch  <wk@gnupg.org>
 
 	* fingerprint.c (gpgsm_get_certid): Print the serial and not the

sm/call-dirmngr.c

@@ -35,16 +35,9 @@
 
 static ASSUAN_CONTEXT dirmngr_ctx = NULL;
 
-struct cipher_parm_s {
+struct inq_certificate_parm_s {
   ASSUAN_CONTEXT ctx;
-  const char *ciphertext;
+  KsbaCert cert;
-  size_t ciphertextlen;
-};
-
-struct genkey_parm_s {
-  ASSUAN_CONTEXT ctx;
-  const char *sexp;
-  size_t sexplen;
 };
 
 
@@ -130,16 +123,48 @@ start_dirmngr (void)
 static AssuanError
 inq_certificate (void *opaque, const char *line)
 {
+  struct inq_certificate_parm_s *parm = opaque;
   AssuanError rc;
+  const unsigned char *der;
+  size_t derlen;
 
-  if (strncmp (line, "SENDCERT ", 9) || !line[9])
+  if (!(!strncmp (line, "SENDCERT", 8) && (line[8] == ' ' || !line[8])))
     {
       log_error ("unsupported inquiry `%s'\n", line);
       return ASSUAN_Inquire_Unknown;
     }
+  line += 8;
+
+  if (!*line)
+    { /* send the current certificate */
+      der = ksba_cert_get_image (parm->cert, &derlen);
+      if (!der)
+        rc = ASSUAN_Inquire_Error;
+      else
+        rc = assuan_send_data (parm->ctx, der, derlen);
+    }
+  else 
+    { /* send the given certificate */
+      int err;
+      KsbaCert cert;
+
+      err = gpgsm_find_cert (line, &cert);
+      if (err)
+        {
+          log_error ("certificate not found: %s\n", gnupg_strerror (err));
+          rc = ASSUAN_Inquire_Error;
+        }
+      else
+        {
+          der = ksba_cert_get_image (cert, &derlen);
+          if (!der)
+            rc = ASSUAN_Inquire_Error;
+          else
+            rc = assuan_send_data (parm->ctx, der, derlen);
+          ksba_cert_release (cert);
+        }
+    }
 
-  /*  rc = assuan_send_data (parm->ctx, parm->sexp, parm->sexplen);*/
-  rc = 0;
   return rc; 
 }
 
@@ -158,6 +183,7 @@ gpgsm_dirmngr_isvalid (KsbaCert cert)
   int rc;
   char *certid;
   char line[ASSUAN_LINELENGTH];
+  struct inq_certificate_parm_s parm;
 
   rc = start_dirmngr ();
   if (rc)
@@ -170,13 +196,13 @@ gpgsm_dirmngr_isvalid (KsbaCert cert)
       return seterr (General_Error);
     }
 
+  parm.ctx = dirmngr_ctx;
+  parm.cert = cert;
+
   snprintf (line, DIM(line)-1, "ISVALID %s", certid);
   line[DIM(line)-1] = 0;
   xfree (certid);
 
-  rc = assuan_transact (dirmngr_ctx, line, NULL, NULL, inq_certificate, NULL);
+  rc = assuan_transact (dirmngr_ctx, line, NULL, NULL, inq_certificate, &parm);
   return map_assuan_err (rc);
 }
-
-
-

sm/certlist.c

@@ -86,3 +86,31 @@ gpgsm_release_certlist (CERTLIST list)
     }
 }
 
+
+/* Like gpgsm_add_to_certlist, but lookonly for one certificate */
+int
+gpgsm_find_cert (const char *name, KsbaCert *r_cert)
+{
+  int rc;
+  KEYDB_SEARCH_DESC desc;
+  KEYDB_HANDLE kh = NULL;
+
+  *r_cert = NULL;
+  /* fixme: check that we identify excactly one cert with the name */
+  rc = keydb_classify_name (name, &desc);
+  if (!rc)
+    {
+      kh = keydb_new (0);
+      if (!kh)
+        rc = GNUPG_Out_Of_Core;
+      else
+        {
+          rc = keydb_search (kh, &desc, 1);
+          if (!rc)
+            rc = keydb_get_cert (kh, r_cert);
+        }
+    }
+  
+  keydb_release (kh);
+  return rc == -1? GNUPG_No_Public_Key: rc;
+}

sm/gpgsm.h

@@ -162,6 +162,7 @@ int gpgsm_validate_path (KsbaCert cert);
 /*-- cetlist.c --*/
 int gpgsm_add_to_certlist (const char *name, CERTLIST *listaddr);
 void gpgsm_release_certlist (CERTLIST list);
+int gpgsm_find_cert (const char *name, KsbaCert *r_cert);
 
 /*-- keylist.c --*/
 void gpgsm_list_keys (CTRL ctrl, STRLIST names, FILE *fp);