gpgsm: Use macro constants for cert_usage_p.

* sm/certlist.c (USE_MODE_): New. Use them for easier reading.
2022-10-24 15:12:06 +02:00 · 2022-10-24 15:12:06 +02:00 · 50efcf2eb0
parent b9d05774f5
commit 50efcf2eb0
1 changed files with 26 additions and 14 deletions
--- a/sm/certlist.c
+++ b/sm/certlist.c
@ -33,7 +33,16 @@
 #include "keydb.h"
 #include "../common/i18n.h"

+/* Mode values for cert_usage_p.
+ * Take care: the values have a  semantic.  */
+#define USE_MODE_SIGN 0
+#define USE_MODE_ENCR 1
+#define USE_MODE_VRFY 2
+#define USE_MODE_DECR 3
+#define USE_MODE_CERT 4
+#define USE_MODE_OCSP 5

+/* OIDs we use here.  */
 static const char oid_kp_serverAuth[]     = "1.3.6.1.5.5.7.3.1";
 static const char oid_kp_clientAuth[]     = "1.3.6.1.5.5.7.3.2";
 static const char oid_kp_codeSigning[]    = "1.3.6.1.5.5.7.3.3";
@ -41,6 +50,7 @@ static const char oid_kp_emailProtection[]= "1.3.6.1.5.5.7.3.4";
 static const char oid_kp_timeStamping[]   = "1.3.6.1.5.5.7.3.8";
 static const char oid_kp_ocspSigning[]    = "1.3.6.1.5.5.7.3.9";

+
 /* Return 0 if the cert is usable for encryption.  A MODE of 0 checks
   for signing a MODE of 1 checks for encryption, a MODE of 2 checks
   for verification and a MODE of 3 for decryption (just for
@ -119,7 +129,7 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
      if (gpg_err_code (err) == GPG_ERR_NO_DATA)
        {
          err = 0;
-          if (opt.verbose && mode < 2 && !silent)
+          if (opt.verbose && mode < USE_MODE_VRFY && !silent)
            log_info (_("no key usage specified - assuming all usages\n"));
          use = ~0;
        }
@ -136,7 +146,7 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
      return err;
    }

-  if (mode == 4)
+  if (mode == USE_MODE_CERT)
    {
      if ((use & (KSBA_KEYUSAGE_KEY_CERT_SIGN)))
        return 0;
@ -146,7 +156,7 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
      return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
    }

-  if (mode == 5)
+  if (mode == USE_MODE_OCSP)
    {
      if (use != ~0
          && (have_ocsp_signing
@ -169,11 +179,13 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
    return 0;

  if (!silent)
-    log_info
-      (mode==3? _("certificate should not have been used for encryption\n"):
-       mode==2? _("certificate should not have been used for signing\n"):
-       mode==1? _("certificate is not usable for encryption\n"):
-       /**/     _("certificate is not usable for signing\n"));
+    log_info (mode == USE_MODE_DECR?
+              _("certificate should not have been used for encryption\n") :
+              mode == USE_MODE_VRFY?
+              _("certificate should not have been used for signing\n") :
+              mode == USE_MODE_ENCR?
+              _("certificate is not usable for encryption\n") :
+              _("certificate is not usable for signing\n"));

  return gpg_error (GPG_ERR_WRONG_KEY_USAGE);
 }
@ -183,7 +195,7 @@ cert_usage_p (ksba_cert_t cert, int mode, int silent)
 int
 gpgsm_cert_use_sign_p (ksba_cert_t cert, int silent)
 {
-  return cert_usage_p (cert, 0, silent);
+  return cert_usage_p (cert, USE_MODE_SIGN, silent);
 }


@ -191,31 +203,31 @@ gpgsm_cert_use_sign_p (ksba_cert_t cert, int silent)
 int
 gpgsm_cert_use_encrypt_p (ksba_cert_t cert)
 {
-  return cert_usage_p (cert, 1, 0);
+  return cert_usage_p (cert, USE_MODE_ENCR, 0);
 }

 int
 gpgsm_cert_use_verify_p (ksba_cert_t cert)
 {
-  return cert_usage_p (cert, 2, 0);
+  return cert_usage_p (cert, USE_MODE_VRFY, 0);
 }

 int
 gpgsm_cert_use_decrypt_p (ksba_cert_t cert)
 {
-  return cert_usage_p (cert, 3, 0);
+  return cert_usage_p (cert, USE_MODE_DECR, 0);
 }

 int
 gpgsm_cert_use_cert_p (ksba_cert_t cert)
 {
-  return cert_usage_p (cert, 4, 0);
+  return cert_usage_p (cert, USE_MODE_CERT, 0);
 }

 int
 gpgsm_cert_use_ocsp_p (ksba_cert_t cert)
 {
-  return cert_usage_p (cert, 5, 0);
+  return cert_usage_p (cert, USE_MODE_OCSP, 0);
 }