diff --git a/sm/ChangeLog b/sm/ChangeLog index 862b44d08..e44044b16 100644 --- a/sm/ChangeLog +++ b/sm/ChangeLog @@ -1,5 +1,15 @@ 2002-07-02 Werner Koch + * keydb.c (keydb_store_cert): Add optional ar EXISTED and changed + all callers. + * call-agent.c (learn_cb): Print info message only for real imports. + + * import.c (gpgsm_import): Moved duplicated code to ... + (check_and_store): new function. Added magic to import the entire + chain. Print status only for real imports and moved printing code + to .. + (print_imported_status): New. + * call-dirmngr.c (gpgsm_dirmngr_isvalid): print status of dirmngr call in very verbose mode. diff --git a/sm/call-agent.c b/sm/call-agent.c index 9462deb40..3a0d0763e 100644 --- a/sm/call-agent.c +++ b/sm/call-agent.c @@ -702,8 +702,15 @@ learn_cb (void *opaque, const void *buffer, size_t length) log_error ("invalid certificate: %s\n", gnupg_strerror (rc)); else { - if (!keydb_store_cert (cert, 0)) - log_info ("certificate imported\n"); + int existed; + + if (!keydb_store_cert (cert, 0, &existed)) + { + if (opt.verbose > 1 && existed) + log_info ("certificate already in DB\n"); + else if (opt.verbose && !existed) + log_info ("certificate imported\n"); + } } ksba_cert_release (cert); diff --git a/sm/certchain.c b/sm/certchain.c index 0457a0aa1..719f97b61 100644 --- a/sm/certchain.c +++ b/sm/certchain.c @@ -199,7 +199,7 @@ check_cert_policy (KsbaCert cert) static void find_up_store_certs_cb (void *cb_value, KsbaCert cert) { - if (keydb_store_cert (cert, 1)) + if (keydb_store_cert (cert, 1, NULL)) log_error ("error storing issuer certificate as ephemeral\n"); ++*(int*)cb_value; } diff --git a/sm/certpath.c b/sm/certpath.c index 0457a0aa1..719f97b61 100644 --- a/sm/certpath.c +++ b/sm/certpath.c @@ -199,7 +199,7 @@ check_cert_policy (KsbaCert cert) static void find_up_store_certs_cb (void *cb_value, KsbaCert cert) { - if (keydb_store_cert (cert, 1)) + if (keydb_store_cert (cert, 1, NULL)) log_error ("error storing issuer certificate as ephemeral\n"); ++*(int*)cb_value; } diff --git a/sm/import.c b/sm/import.c index 4f77b7f1f..2b7fbfecf 100644 --- a/sm/import.c +++ b/sm/import.c @@ -35,6 +35,61 @@ #include "i18n.h" +static void +print_imported_status (CTRL ctrl, KsbaCert cert) +{ + char *fpr; + + fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1); + gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, " [X.509]", NULL); + xfree (fpr); +} + +static void +check_and_store (CTRL ctrl, KsbaCert cert, int depth) +{ + if ( !gpgsm_basic_cert_check (cert) ) + { + int existed; + + if (!keydb_store_cert (cert, 0, &existed)) + { + KsbaCert next = NULL; + + if (!existed) + print_imported_status (ctrl, cert); + if (opt.verbose > 1 && existed) + { + if (depth) + log_info ("issuer certificate already in DB\n"); + else + log_info ("certificate already in DB\n"); + } + else if (opt.verbose && !existed) + { + if (depth) + log_info ("issuer certificate imported\n"); + else + log_info ("certificate imported\n"); + } + /* Now lets walk up the chain and import all certificates up + the chain.*/ + if ( depth >= 50 ) + log_error (_("certificate path too long\n")); + else if (!gpgsm_walk_cert_chain (cert, &next)) + { + check_and_store (ctrl, next, depth+1); + ksba_cert_release (next); + } + } + else + log_error (_("error storing certificate\n")); + } + else + log_error (_("basic certificate checks failed - not imported\n")); +} + + int gpgsm_import (CTRL ctrl, int in_fd) @@ -102,22 +157,7 @@ gpgsm_import (CTRL ctrl, int in_fd) for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++) { - if ( !gpgsm_basic_cert_check (cert) ) - { - if (!keydb_store_cert (cert, 0)) - { - char *fpr; - fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1); - gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, " [X.509]", NULL); - xfree (fpr); - if (opt.verbose) - log_info ("certificate imported\n"); - } - else - log_error (_("error storing certificate\n")); - } - else - log_error (_("basic certificate checks failed - not imported\n")); + check_and_store (ctrl, cert, 0); ksba_cert_release (cert); cert = NULL; } @@ -140,23 +180,8 @@ gpgsm_import (CTRL ctrl, int in_fd) rc = map_ksba_err (rc); goto leave; } - - if ( !gpgsm_basic_cert_check (cert) ) - { - if (!keydb_store_cert (cert, 0)) - { - char *fpr; - fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1); - gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, " [X.509]", NULL); - xfree (fpr); - if (opt.verbose) - log_info ("certificate imported\n"); - } - else - log_error (_("error storing certificate\n")); - } - else - log_error (_("basic certificate checks failed - not imported\n")); + + check_and_store (ctrl, cert, 0); } else { diff --git a/sm/keydb.c b/sm/keydb.c index 52f40f1ad..fec44153c 100644 --- a/sm/keydb.c +++ b/sm/keydb.c @@ -1196,15 +1196,20 @@ keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc) } -/* Store the certificate in the key Db but make sure that it does not - already exists. We do this simply by comparing the fingerprint */ +/* Store the certificate in the key DB but make sure that it does not + already exists. We do this simply by comparing the fingerprint. + If EXISTED is not NULL it will be set to true if the certificate + was already in the DB. */ int -keydb_store_cert (KsbaCert cert, int ephemeral) +keydb_store_cert (KsbaCert cert, int ephemeral, int *existed) { KEYDB_HANDLE kh; int rc; unsigned char fpr[20]; + if (existed) + *existed = 0; + if (!gpgsm_get_fingerprint (cert, 0, fpr, NULL)) { log_error (_("failed to get the fingerprint\n")); @@ -1226,7 +1231,11 @@ keydb_store_cert (KsbaCert cert, int ephemeral) { keydb_release (kh); if (!rc) - return 0; /* okay */ + { + if (existed) + *existed = 1; + return 0; /* okay */ + } log_error (_("problem looking for existing certificate: %s\n"), gnupg_strerror (rc)); return rc; @@ -1252,3 +1261,4 @@ keydb_store_cert (KsbaCert cert, int ephemeral) } + diff --git a/sm/keydb.h b/sm/keydb.h index 0721f431a..ad7eaf51d 100644 --- a/sm/keydb.h +++ b/sm/keydb.h @@ -63,7 +63,7 @@ int keydb_search_subject (KEYDB_HANDLE hd, const char *issuer); int keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc); -int keydb_store_cert (KsbaCert cert, int ephemeral); +int keydb_store_cert (KsbaCert cert, int ephemeral, int *existed); #endif /*GNUPG_KEYDB_H*/ diff --git a/sm/keylist.c b/sm/keylist.c index c17fb7052..5431e1b00 100644 --- a/sm/keylist.c +++ b/sm/keylist.c @@ -548,7 +548,7 @@ list_external_cb (void *cb_value, KsbaCert cert) { struct list_external_parm_s *parm = cb_value; - if (keydb_store_cert (cert, 1)) + if (keydb_store_cert (cert, 1, NULL)) log_error ("error storing certificate as ephemeral\n"); if (parm->print_header) diff --git a/sm/verify.c b/sm/verify.c index d5f8629b7..8e54da285 100644 --- a/sm/verify.c +++ b/sm/verify.c @@ -242,7 +242,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp) certificate first before entering it into the DB. This way we would avoid cluttering the DB with invalid certificates. */ - keydb_store_cert (cert, 0); + keydb_store_cert (cert, 0, NULL); ksba_cert_release (cert); }