security-and-privacy/gnupg
security-and-privacy/gnupg
1
0
Fork 0
mirror of git://git.gnupg.org/gnupg.git synced 2025-06-18 20:37:01 +02:00
Code Activity

* keydb.c (keydb_store_cert): Add optional ar EXISTED and changed

Browse Source 
all callers.
* call-agent.c (learn_cb): Print info message only for real imports.

* import.c (gpgsm_import): Moved duplicated code to ...
(check_and_store): new function.  Added magic to import the entire
chain. Print status only for real imports and moved printing code
to ..
(print_imported_status): New.
This commit is contained in:
Werner Koch 2002-07-02 10:40:12 +00:00
parent 5faca753cb
commit 5795c02b09
9 changed files with 96 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sm/ChangeLog
View File

@ -1,5 +1,15 @@
2002-07-02 Werner Koch <wk@gnupg.org> 2002-07-02 Werner Koch <wk@gnupg.org>
* keydb.c (keydb_store_cert): Add optional ar EXISTED and changed
all callers.
* call-agent.c (learn_cb): Print info message only for real imports.
* import.c (gpgsm_import): Moved duplicated code to ...
(check_and_store): new function. Added magic to import the entire
chain. Print status only for real imports and moved printing code
to ..
(print_imported_status): New.
* call-dirmngr.c (gpgsm_dirmngr_isvalid): print status of dirmngr * call-dirmngr.c (gpgsm_dirmngr_isvalid): print status of dirmngr
call in very verbose mode. call in very verbose mode.

11
sm/call-agent.c
View File

@ -702,8 +702,15 @@ learn_cb (void *opaque, const void *buffer, size_t length)
log_error ("invalid certificate: %s\n", gnupg_strerror (rc)); log_error ("invalid certificate: %s\n", gnupg_strerror (rc));
else else
{ {
if (!keydb_store_cert (cert, 0)) int existed;
log_info ("certificate imported\n");
if (!keydb_store_cert (cert, 0, &existed))
{
if (opt.verbose > 1 && existed)
log_info ("certificate already in DB\n");
else if (opt.verbose && !existed)
log_info ("certificate imported\n");
}
} }
ksba_cert_release (cert); ksba_cert_release (cert);

2
sm/certchain.c
View File

@ -199,7 +199,7 @@ check_cert_policy (KsbaCert cert)
static void static void
find_up_store_certs_cb (void *cb_value, KsbaCert cert) find_up_store_certs_cb (void *cb_value, KsbaCert cert)
{ {
if (keydb_store_cert (cert, 1)) if (keydb_store_cert (cert, 1, NULL))
log_error ("error storing issuer certificate as ephemeral\n"); log_error ("error storing issuer certificate as ephemeral\n");
++*(int*)cb_value; ++*(int*)cb_value;
} }

2
sm/certpath.c
View File

@ -199,7 +199,7 @@ check_cert_policy (KsbaCert cert)
static void static void
find_up_store_certs_cb (void *cb_value, KsbaCert cert) find_up_store_certs_cb (void *cb_value, KsbaCert cert)
{ {
if (keydb_store_cert (cert, 1)) if (keydb_store_cert (cert, 1, NULL))
log_error ("error storing issuer certificate as ephemeral\n"); log_error ("error storing issuer certificate as ephemeral\n");
++*(int*)cb_value; ++*(int*)cb_value;
} }

91
sm/import.c
View File

@ -35,6 +35,61 @@
#include "i18n.h" #include "i18n.h"
static void
print_imported_status (CTRL ctrl, KsbaCert cert)
{
char *fpr;
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, " [X.509]", NULL);
xfree (fpr);
}
static void
check_and_store (CTRL ctrl, KsbaCert cert, int depth)
{
if ( !gpgsm_basic_cert_check (cert) )
{
int existed;
if (!keydb_store_cert (cert, 0, &existed))
{
KsbaCert next = NULL;
if (!existed)
print_imported_status (ctrl, cert);
if (opt.verbose > 1 && existed)
{
if (depth)
log_info ("issuer certificate already in DB\n");
else
log_info ("certificate already in DB\n");
}
else if (opt.verbose && !existed)
{
if (depth)
log_info ("issuer certificate imported\n");
else
log_info ("certificate imported\n");
}
/* Now lets walk up the chain and import all certificates up
the chain.*/
if ( depth >= 50 )
log_error (_("certificate path too long\n"));
else if (!gpgsm_walk_cert_chain (cert, &next))
{
check_and_store (ctrl, next, depth+1);
ksba_cert_release (next);
}
}
else
log_error (_("error storing certificate\n"));
}
else
log_error (_("basic certificate checks failed - not imported\n"));
}
int int
gpgsm_import (CTRL ctrl, int in_fd) gpgsm_import (CTRL ctrl, int in_fd)
@ -102,22 +157,7 @@ gpgsm_import (CTRL ctrl, int in_fd)
for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++) for (i=0; (cert=ksba_cms_get_cert (cms, i)); i++)
{ {
if ( !gpgsm_basic_cert_check (cert) ) check_and_store (ctrl, cert, 0);
{
if (!keydb_store_cert (cert, 0))
{
char *fpr;
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, " [X.509]", NULL);
xfree (fpr);
if (opt.verbose)
log_info ("certificate imported\n");
}
else
log_error (_("error storing certificate\n"));
}
else
log_error (_("basic certificate checks failed - not imported\n"));
ksba_cert_release (cert); ksba_cert_release (cert);
cert = NULL; cert = NULL;
} }
@ -140,23 +180,8 @@ gpgsm_import (CTRL ctrl, int in_fd)
rc = map_ksba_err (rc); rc = map_ksba_err (rc);
goto leave; goto leave;
} }
if ( !gpgsm_basic_cert_check (cert) ) check_and_store (ctrl, cert, 0);
{
if (!keydb_store_cert (cert, 0))
{
char *fpr;
fpr = gpgsm_get_fingerprint_hexstring (cert, GCRY_MD_SHA1);
gpgsm_status2 (ctrl, STATUS_IMPORTED, fpr, " [X.509]", NULL);
xfree (fpr);
if (opt.verbose)
log_info ("certificate imported\n");
}
else
log_error (_("error storing certificate\n"));
}
else
log_error (_("basic certificate checks failed - not imported\n"));
} }
else else
{ {

18
sm/keydb.c
View File

@ -1196,15 +1196,20 @@ keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc)
} }
/* Store the certificate in the key Db but make sure that it does not /* Store the certificate in the key DB but make sure that it does not
already exists. We do this simply by comparing the fingerprint */ already exists. We do this simply by comparing the fingerprint.
If EXISTED is not NULL it will be set to true if the certificate
was already in the DB. */
int int
keydb_store_cert (KsbaCert cert, int ephemeral) keydb_store_cert (KsbaCert cert, int ephemeral, int *existed)
{ {
KEYDB_HANDLE kh; KEYDB_HANDLE kh;
int rc; int rc;
unsigned char fpr[20]; unsigned char fpr[20];
if (existed)
*existed = 0;
if (!gpgsm_get_fingerprint (cert, 0, fpr, NULL)) if (!gpgsm_get_fingerprint (cert, 0, fpr, NULL))
{ {
log_error (_("failed to get the fingerprint\n")); log_error (_("failed to get the fingerprint\n"));
@ -1226,7 +1231,11 @@ keydb_store_cert (KsbaCert cert, int ephemeral)
{ {
keydb_release (kh); keydb_release (kh);
if (!rc) if (!rc)
return 0; /* okay */ {
if (existed)
*existed = 1;
return 0; /* okay */
}
log_error (_("problem looking for existing certificate: %s\n"), log_error (_("problem looking for existing certificate: %s\n"),
gnupg_strerror (rc)); gnupg_strerror (rc));
return rc; return rc;
@ -1252,3 +1261,4 @@ keydb_store_cert (KsbaCert cert, int ephemeral)
} }

2
sm/keydb.h
View File

@ -63,7 +63,7 @@ int keydb_search_subject (KEYDB_HANDLE hd, const char *issuer);
int keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc); int keydb_classify_name (const char *name, KEYDB_SEARCH_DESC *desc);
int keydb_store_cert (KsbaCert cert, int ephemeral); int keydb_store_cert (KsbaCert cert, int ephemeral, int *existed);
#endif /*GNUPG_KEYDB_H*/ #endif /*GNUPG_KEYDB_H*/

2
sm/keylist.c
View File

@ -548,7 +548,7 @@ list_external_cb (void *cb_value, KsbaCert cert)
{ {
struct list_external_parm_s *parm = cb_value; struct list_external_parm_s *parm = cb_value;
if (keydb_store_cert (cert, 1)) if (keydb_store_cert (cert, 1, NULL))
log_error ("error storing certificate as ephemeral\n"); log_error ("error storing certificate as ephemeral\n");
if (parm->print_header) if (parm->print_header)

2
sm/verify.c
View File

@ -242,7 +242,7 @@ gpgsm_verify (CTRL ctrl, int in_fd, int data_fd, FILE *out_fp)
certificate first before entering it into the DB. This way certificate first before entering it into the DB. This way
we would avoid cluttering the DB with invalid we would avoid cluttering the DB with invalid
certificates. */ certificates. */
keydb_store_cert (cert, 0); keydb_store_cert (cert, 0, NULL);
ksba_cert_release (cert); ksba_cert_release (cert);
} }